# Please keep this file sorted.
#
-aut-num: AS7586
-descr: Cloudfort IT
-remarks: part of the "Asline" IP hijacking gang
-drop: yes
-
aut-num: AS15828
-descr: Blue Diamond Network Co., Ltd.
-remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
+descr: Robat Blue Diamond Network Co., Ltd.
+remarks: Bulletproof ISP tampering with RIR data
country: LT
drop: yes
-aut-num: AS18013
-descr: ASLINE LIMITED
-remarks: IP hijacker, traces back to HK
-country: HK
-drop: yes
-
aut-num: AS24567
descr: QT Inc.
remarks: IP hijacker operating out of AP area (HK or TW?)
country: AP
drop: yes
-aut-num: AS35029
-descr: WebLine LTD
-remarks: Rogue ISP
-country: RU
-drop: yes
-
aut-num: AS39770
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Bulletproof ISP
-drop: yes
-
-aut-num: AS40193
-descr: Trit Networks, LLC
-remarks: all cybercrime hosting, all the time
-country: US
+remarks: Bulletproof ISP tampering with RIR data
+country: RU
drop: yes
aut-num: AS41564
country: RU
drop: yes
-aut-num: AS43092
-descr: Kirin Communication Limited
-remarks: Hijacks IP space and tampers with RIR data, traces back to JP
-country: JP
-drop: yes
-
-aut-num: AS44446
-descr: OOO SibirInvest
-remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
-country: NL
-drop: yes
-
aut-num: AS44477
descr: STARK INDUSTRIES SOLUTIONS LTD
remarks: Rogue ISP in multiple locations, some RIR data contain garbage
drop: yes
-aut-num: AS47154
-descr: HUSAM A. H. HIJAZI
-remarks: Rogue ISP located in NL
-country: NL
-drop: yes
-
aut-num: AS48090
descr: PPTECHNOLOGY LIMITED
remarks: bulletproof ISP (related to AS204655) located in NL
country: EU
drop: yes
-aut-num: AS49447
-descr: Nice IT Services Group Inc.
-remarks: Rogue ISP
-drop: yes
-
aut-num: AS49870
descr: Alsycon BV
remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
country: CR
drop: yes
-aut-num: AS49943
-descr: IT Resheniya LLC
-remarks: Rogue ISP
-drop: yes
-
aut-num: AS51381
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Bulletproof ISP
country: RU
drop: yes
-aut-num: AS53727
-descr: Netsys Global Telecom Limited (?)
-remarks: Hijacked AS announced out of some location in AP, possibly HK
-country: AP
-drop: yes
-
aut-num: AS54600
descr: PEG TECH INC
remarks: ISP and IP hijacker located in US this time, tampers with RIR data
drop: yes
aut-num: AS55933
-descr: Cloudie Limited
+descr: Cloudie Limited / Worria
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
country: HK
drop: yes
aut-num: AS56873
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Bulletproof ISP
-drop: yes
-
-aut-num: AS57416
-descr: LLC South Internet
-remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57523
drop: yes
aut-num: AS58271
-descr: FOP Gubina Lubov Petrivna
+descr: Tyatkova Oksana Valerievna
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
aut-num: AS59425
descr: HORIZON LLC
remarks: Rogue ISP
-drop: yes
-
-aut-num: AS59753
-descr: Vault Dweller OU
-remarks: bulletproof ISP (related to AS57717) located in NL
-country: NL
-drop: yes
-
-aut-num: AS59940
-descr: Kanzas LLC
-remarks: Rogue ISP
-drop: yes
-
-aut-num: AS60424
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+country: RU
drop: yes
aut-num: AS60485
country: SE
drop: yes
-aut-num: AS60930
-descr: Intem LLC
-remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
-country: RU
+aut-num: AS61302
+descr: HUIZE LTD
+remarks: Bulletproof ISP
drop: yes
aut-num: AS61432
remarks: Bulletproof ISP
drop: yes
-aut-num: AS204655
-descr: Novogara Ltd.
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
-drop: yes
-
aut-num: AS206728
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country: EU
drop: yes
-aut-num: AS213010
-descr: GigaHostingServices OU
-remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
-country: PL
-drop: yes
-
aut-num: AS213058
descr: Private Internet Hosting LTD
remarks: bulletproof ISP located in RU
country: AP
drop: yes
-aut-num: AS328671
-descr: Datapacket Maroc SARL
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
-drop: yes
-
aut-num: AS393889
descr: EightJoy Network LLC
remarks: Most likely hijacked or criminal AS
country: KR
drop: yes
-aut-num: AS399674
-descr: INTERNET HOSTSPACE GLOBAL INC
-remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
-country: US
-drop: yes
-
aut-num: AS400161
descr: Academy of Internet Research Limited Liability Company
remarks: Mass-scanning, apparently without legitimate intention
country: NL
drop: yes
-net: 61.177.172.0/23
-descr: CHINANET jiangsu province network
-remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore
-drop: yes
-
-net: 89.23.103.0/24
-descr: Media Land LLC / abuse-server[.]su
-remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
-drop: yes
-
-net: 91.240.243.0/24
-descr: Media Land LLC
-remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
-drop: yes
-
-net: 92.63.196.0/24
-descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
-remarks: Attack network tracing back to NL
-country: NL
-drop: yes
-
-net: 103.176.21.0/24
-descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
-remarks: Brute-force attack network
-drop: yes
-
-net: 109.206.241.0/24
-descr: Serverion B.V.
-remarks: Leased to Neterra, all cybercrime, all the time
-drop: yes
-
-net: 111.7.96.0/24
-descr: China Mobile Communications Corporation
-remarks: Brute-force attack network
-drop: yes
-
-net: 114.246.10.0/24
-descr: China Unicom Beijing province network
-remarks: Brute-force attack network
-drop: yes
-
-net: 116.7.245.0/24
-descr: CHINANET Guangdong province network
-remarks: Brute-force attack network
-drop: yes
-
-net: 116.57.185.0/24
-descr: China Education and Research Network
-remarks: Brute-force attack network
-drop: yes
-
-net: 123.160.220.0/22
-descr: CHINANET henan province network
-remarks: Brute-force attack network
-drop: yes
-
-net: 154.89.5.0/24
-descr: Agotoz HK Limited
-remarks: Brute-force attack network
-drop: yes
-
-net: 185.156.72.0/24
-descr: TOV VAIZ PARTNER / InterHost
-remarks: Attack network tracing back to UA
-country: UA
-drop: yes
-
-net: 185.196.220.0/24
-descr: Makut Investments
-remarks: Brute-force attack network
-drop: yes
-
-net: 193.201.9.0/24
-descr: Infolink LLC
-remarks: Based on domains ending up there, this network is entirely malicious
-drop: yes
-
-net: 195.133.20.0/24
-descr: Tribeka Web Advisors S.A.
-remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
-country: NL
-drop: yes
-
-net: 194.135.24.0/24
-descr: Tribeka Web Advisors S.A.
-remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
-country: US
-drop: yes
-
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
remarks: Stolen AfriNIC IPv4 space announced from NL?
remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
country: HK
drop: yes
-
-net: 2a10:9700::/29
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-country: RU
-drop: yes