# Please keep this file sorted.
#
-aut-num: AS18254
-descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang, traces back to AP region
-country: AP
-drop: yes
-
-aut-num: AS18013
-descr: ASLINE LIMITED
-remarks: IP hijacker, traces back to HK
-country: HK
+aut-num: AS15828
+descr: Robat Blue Diamond Network Co., Ltd.
+remarks: Bulletproof ISP tampering with RIR data
+country: LT
drop: yes
-aut-num: AS22133
-descr: Octet Brasil Ltda
-remarks: Hijacked AS being announced out of RU
-country: RU
-drop: yes
-
-aut-num: AS24009
-descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED
-remarks: IP hijacker and bulletproof ISP, possibly located near Los Angeles, US
-country: US
-drop: yes
-
-aut-num: AS22769
-descr: DDOSING NETWORK
-remarks: IP hijacker located in US, massively tampers with RIR data
-country: US
-drop: yes
-
-aut-num: AS24009
-descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED
-remarks: IP hijacker located in HK, tampers with RIR data
-country: HK
-drop: yes
-
-aut-num: AS27891
-descr: Universidad PedagA³gica Experimental Libertador
-remarks: Hijacked AS being announced out of RU
-country: RU
+aut-num: AS24567
+descr: QT Inc.
+remarks: IP hijacker operating out of AP area (HK or TW?)
+country: AP
drop: yes
aut-num: AS39770
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP tampering with RIR data
+country: RU
drop: yes
aut-num: AS41564
descr: Orion Network Limited
-remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country: EU
-drop: yes
-
-aut-num: AS43092
-descr: Kirin Communication Limited
-remarks: Hijacks IP space and tampers with RIR data, traces back to JP
-country: JP
+remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
drop: yes
-aut-num: AS44015
-descr: Landgard Management Inc.
-remarks: bulletproof ISP with strong links to RU
+aut-num: AS41909
+descr: PINVDS OU
+remarks: all cybercrime hosting, all the time
country: RU
drop: yes
-aut-num: AS44446
-descr: OOO SibirInvest
-remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
-country: NL
+aut-num: AS44477
+descr: STARK INDUSTRIES SOLUTIONS LTD
+remarks: Rogue ISP in multiple locations, some RIR data contain garbage
drop: yes
aut-num: AS48090
country: NL
drop: yes
-aut-num: AS49447
-descr: Nice IT Services Group Inc.
-remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
-country: CH
+aut-num: AS48950
+descr: GLOBAL COLOCATION LIMITED
+remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
+country: EU
+drop: yes
+
+aut-num: AS49870
+descr: Alsycon BV
+remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS49466
+descr: KLAYER LLC
+remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
+country: CR
drop: yes
aut-num: AS51381
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP
country: RU
drop: yes
country: US
drop: yes
+aut-num: AS55020
+descr: Aodao Inc
+remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
+country: HK
+drop: yes
+
aut-num: AS55303
descr: Eagle Sky Co., Lt[d ?]
remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
drop: yes
aut-num: AS55933
-descr: Cloudie Limited
+descr: Cloudie Limited / Worria
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
country: HK
drop: yes
-aut-num: AS56447
-descr: 511 Far East Limited
-remarks: IP hijacker, tampers with RIR data
-country: RU
+aut-num: AS57509
+descr: L&L Investment Ltd.
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
+country: BG
drop: yes
aut-num: AS56611
aut-num: AS56873
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57523
descr: Chang Way Technologies Co. Limited
-remarks: bulletproof ISP, C&C server hosting galore
+remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57717
drop: yes
aut-num: AS58271
-descr: FOP Gubina Lubov Petrivna
+descr: Tyatkova Oksana Valerievna
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
country: AP
drop: yes
-aut-num: AS60424
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+aut-num: AS58931
+descr: 24.hk global BGP
+remarks: Part of the "ASLINE" IP hijacking operation
+country: HK
+drop: yes
+
+aut-num: AS59425
+descr: HORIZON LLC
+remarks: Rogue ISP
+country: RU
drop: yes
aut-num: AS60485
country: SE
drop: yes
-aut-num: AS61414
-descr: EDGENAP LTD
-remarks: IP hijacking? Rogue ISP?
+aut-num: AS61302
+descr: HUIZE LTD
+remarks: Bulletproof ISP
drop: yes
-aut-num: AS61879
-descr: Ami¿½rica Latina Educacional Adm. e Servii¿½os LTDA
-remarks: Hijacked AS being announced out of RU
-country: RU
+aut-num: AS61432
+descr: TOV VAIZ PARTNER
+remarks: Rogue ISP
drop: yes
aut-num: AS62068
country: NL
drop: yes
+aut-num: AS133201
+descr: ABCDE GROUP COMPANY LIMITED
+remarks: ISP and/or IP hijacker located in HK
+country: HK
+drop: yes
+
+aut-num: AS135097
+descr: LUOGELANG (FRANCE) LIMITED
+remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
+country: HK
+drop: yes
+
aut-num: AS136545
descr: Blue Data Center
remarks: IP hijacker located somewhere in AP area, tampers with RIR data
country: HK
drop: yes
+aut-num: AS137443
+descr: Anchnet Asia Limited
+remarks: IP hijacker located in HK, tampers with RIR data
+country: HK
+drop: yes
+
aut-num: AS137523
descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
remarks: ISP and IP hijacker located in HK, tampers with RIR data
aut-num: AS138648
descr: ASLINE Global Exchange
-remarks: IP hijacker located somewhere in AP area
-country: AP
+remarks: IP hijacker located in HK
+country: HK
drop: yes
aut-num: AS139330
aut-num: AS140107
descr: CITIS CLOUD GROUP LIMITED
-remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
+country: AP
+drop: yes
+
+aut-num: AS140227
+descr: Hong Kong Communications International Co., Limited
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country: AP
drop: yes
aut-num: AS141159
country: AP
drop: yes
-aut-num: AS196691
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
+aut-num: AS141759
+descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
+remarks: Dirty ISP located in NL
+country: NL
+drop: yes
+
+aut-num: AS200313
+descr: IT WEB LTD
+remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
drop: yes
aut-num: AS200391
country: BG
drop: yes
+aut-num: AS202325
+descr: 4Media Ltd.
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country: BG
+drop: yes
+
aut-num: AS202425
descr: IP Volume Inc.
remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
country: NL
drop: yes
-aut-num: AS202476
-descr: Nevermind Inc.
-remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
-country: RU
-drop: yes
-
aut-num: AS202769
-descr: Cooperative Investments LLC
+descr: NETSTYLE A. LTD
remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
country: NL
drop: yes
-aut-num: AS204341
-descr: Purple Raccoon Ltd.
-remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
-country: RU
+aut-num: AS204353
+descr: Global Offshore Limited
+remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
+country: EU
drop: yes
aut-num: AS204428
country: BG
drop: yes
-aut-num: AS204655
-descr: Novogara Ltd.
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
+aut-num: AS204603
+descr: Partner LLC / LetHost LLC
+remarks: Bulletproof ISP
+drop: yes
+
+aut-num: AS206728
+descr: Media Land LLC
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+country: RU
drop: yes
-aut-num: AS205702
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
+aut-num: AS207566
+descr: Chang Way Technologies Co. Limited
+remarks: Rogue ISP
country: RU
drop: yes
+aut-num: AS209160
+descr: Miti 2000 EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country: BG
+drop: yes
+
aut-num: AS209272
descr: Alviva Holding Limited
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
+aut-num: AS209559
+descr: XHOST INTERNET SOLUTIONS LP
+remarks: Rogue ISP (linked to AS202425) located in NL
+country: NL
+drop: yes
+
+aut-num: AS210352
+descr: Partner LLC
+remarks: All cybercrime hosting, all the time
+country: RU
+drop: yes
+
+aut-num: AS210644
+descr: AEZA GROUP Ltd
+remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
+country: RU
+drop: yes
+
aut-num: AS210848
descr: Telkom Internet LTD
remarks: Rogue ISP (linked to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS211059
+descr: Tribeka Web Advisors S.A.
+remarks: Dirty ISP, see individual network entries below
+drop: yes
+
aut-num: AS211193
descr: ABDILAZIZ UULU ZHUSUP
remarks: bulletproof ISP and IP hijacker, traces to RU
country: RU
drop: yes
+aut-num: AS211252
+descr: Delis LLC
+remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS211138
+descr: Private-Hosting di Cipriano Oscar
+remarks: Bulletproof combahton GmbH customer in DE
+country: DE
+drop: yes
+
+aut-num: AS211805
+descr: Media Land LLC
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+country: RU
+drop: yes
+
aut-num: AS211849
descr: Kakharov Orinbassar Maratuly
remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
country: KZ
drop: yes
+aut-num: AS212283
+descr: ROZA HOLIDAYS EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
+country: BG
+drop: yes
+
aut-num: AS212552
descr: BitCommand LLC
remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
country: RU
drop: yes
-aut-num: AS267712
-descr: EL ALAMO S.R.L
-remarks: Hijacked AS being announced out of RU
+aut-num: AS213194
+descr: Alfa Web Solutions Ltd
+remarks: Rogue ISP (linked to AS57717) located in NL
+country: NL
+drop: yes
+
+aut-num: AS213254
+descr: OOO RAIT TELECOM
+remarks: Bulletproof connectivity procurer for AS51381
country: RU
drop: yes
country: AP
drop: yes
-aut-num: AS328671
-descr: Datapacket Maroc SARL
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
-drop: yes
-
aut-num: AS393889
descr: EightJoy Network LLC
-remarks: All prefixes announced by this network are hijacked
+remarks: Most likely hijacked or criminal AS
+country: HK
drop: yes
aut-num: AS398478
descr: PEG TECH INC
-remarks: ISP located in HK, tampers with RIR data
+remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
country: HK
drop: yes
country: KR
drop: yes
+aut-num: AS400161
+descr: Academy of Internet Research Limited Liability Company
+remarks: Mass-scanning, apparently without legitimate intention
+drop: yes
+
+aut-num: AS400506
+descr: Black Apple
+remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
+country: JP
+drop: yes
+
+net: 45.143.203.0/24
+descr: TOV VAIZ PARTNER
+remarks: Attack network tracing back to NL
+country: NL
+drop: yes
+
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
-remarks: Stolen AfriNIC IPv4 space announced from NL
+remarks: Stolen AfriNIC IPv4 space announced from NL?
country: NL
drop: yes
+net: 2a0e:b107:17fe::/47
+descr: Amarai-Network - Location Test @ Antarctic
+remarks: Tampers with RIR data, not a safe place to route traffic to
+drop: yes
+
net: 2a0e:b107:d10::/44
descr: NZB.si Enterprises
remarks: Tampers with RIR data, not a safe place to route traffic to
remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
country: HK
drop: yes
-
-net: 2a10:9700::/29
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-country: RU
-drop: yes
projects / location / location-database.git / blobdiff