Friend or Foe? | Scaleway | ASN AS12876

Dear Community,

Scaleway formerly known as Online SAS (ASN AS12876, Locations: France, Netherlands and Poland) is a host for a multitude of bad actors who are constantly scraping our website and web-based clients for vulnerabilities. It is also a host, however, for good actors.

Supporting Data: (sample)

Based on the above, our question is:

What criteria, tools, or data would you recommend that would help us decide whether we should block noted ASN?

Note: Blocking affected IPs instead – individually or by range – is not an option for us (too many bad ones).

If you would like to see first hand how bad the phishing and scraping is, block Scaleway (ASN12876) for a month. Babbar, for example, is one of several nasty bots hosted by Scaleway.

Your advice is appreciated. Thank you!

Why not make a firewall rule to issue managed challenges from that ASN? This way bots are likely to blocked but gives legitimate users to still connect to your site.


Scaleway, Hetzner, OVH, Digitalocean… pretty much any cheap hosting is a major hassle when it comes to spam, attacks and other shapes of annoying traffic.

Block them? Sure; however, you might be blocking legitimate visitors that use those providers as VPN.

Usually those IPs have a higher threat score. You could build a firewall rule that does:
if threat score > 0 AND bad_asn → Challenge.
if threat score > 5 AND bad_asn → Block.

Why 0 and 5? No specific reason; from my experience CF is very permissive when it comes to assigning a threat score… many “malicious” IPs have as threat score 0. You could deploy the rules with LOG action and see the behavior with different threat score values.


Hey @Cyb3r-Jak3,

Great suggestion. Implemented.

If it doesn’t work for us over the next month or so, we’ll give @jnperamo’s suggestion at try.

Thank you!

Hey @jnperamo,

Great suggestion. If the suggestion provided by @Cyb3r-Jak3 does not work well for us, we’ll definitely switch over to yours.

Mighty impressed with the firewall rule you suggested. Will keep it mind for other bad actors as well.

No decision yet on a final solution. We would like to entertain other “creative” solutions – like yours – and report back later with test results and best solution.

Thank you!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.