# Please keep this file sorted.
#
-aut-num: AS7586
-descr: Cloudfort IT
-remarks: part of the "Asline" IP hijacking gang
-drop: yes
-
aut-num: AS15828
-descr: Blue Diamond Network Co., Ltd.
-remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
+descr: Robat Blue Diamond Network Co., Ltd.
+remarks: Bulletproof ISP tampering with RIR data
country: LT
drop: yes
-aut-num: AS18254
-descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang
-drop: yes
-
-aut-num: AS18013
-descr: ASLINE LIMITED
-remarks: IP hijacker, traces back to HK
-country: HK
-drop: yes
-
aut-num: AS24567
descr: QT Inc.
remarks: IP hijacker operating out of AP area (HK or TW?)
aut-num: AS39770
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Bulletproof ISP
-drop: yes
-
-aut-num: AS40193
-descr: Trit Networks, LLC
-remarks: all cybercrime hosting, all the time
-country: US
+remarks: Bulletproof ISP tampering with RIR data
+country: RU
drop: yes
aut-num: AS41564
country: RU
drop: yes
-aut-num: AS43092
-descr: Kirin Communication Limited
-remarks: Hijacks IP space and tampers with RIR data, traces back to JP
-country: JP
-drop: yes
-
-aut-num: AS44446
-descr: OOO SibirInvest
-remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
-country: NL
-drop: yes
-
-aut-num: AS47154
-descr: HUSAM A. H. HIJAZI
-remarks: Rogue ISP located in NL
-country: NL
+aut-num: AS44477
+descr: STARK INDUSTRIES SOLUTIONS LTD
+remarks: Rogue ISP in multiple locations, some RIR data contain garbage
drop: yes
aut-num: AS48090
country: EU
drop: yes
-aut-num: AS49447
-descr: Nice IT Services Group Inc.
-remarks: Rogue ISP
-drop: yes
-
aut-num: AS49870
descr: Alsycon BV
remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
country: CR
drop: yes
-aut-num: AS49943
-descr: IT Resheniya LLC
-remarks: Rogue ISP
-drop: yes
-
aut-num: AS51381
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Bulletproof ISP
drop: yes
aut-num: AS55933
-descr: Cloudie Limited
+descr: Cloudie Limited / Worria
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
country: HK
drop: yes
country: BG
drop: yes
-aut-num: AS56447
-descr: 511 Far East Limited
-remarks: IP hijacker, tampers with RIR data
-country: RU
-drop: yes
-
aut-num: AS56611
descr: REBA Communications BV
remarks: bulletproof ISP (related to AS202425) located in NL
aut-num: AS56873
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Bulletproof ISP
-drop: yes
-
-aut-num: AS57416
-descr: LLC South Internet
-remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57523
descr: Chang Way Technologies Co. Limited
-remarks: bulletproof ISP, C&C server hosting galore
+remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57717
drop: yes
aut-num: AS58271
-descr: FOP Gubina Lubov Petrivna
+descr: Tyatkova Oksana Valerievna
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
aut-num: AS59425
descr: HORIZON LLC
remarks: Rogue ISP
-drop: yes
-
-aut-num: AS59753
-descr: Vault Dweller OU
-remarks: bulletproof ISP (related to AS57717) located in NL
-country: NL
-drop: yes
-
-aut-num: AS59940
-descr: Kanzas LLC
-remarks: Rogue ISP
-drop: yes
-
-aut-num: AS60424
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+country: RU
drop: yes
aut-num: AS60485
country: SE
drop: yes
-aut-num: AS60930
-descr: Intem LLC
-remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
-country: RU
+aut-num: AS61302
+descr: HUIZE LTD
+remarks: Bulletproof ISP
drop: yes
aut-num: AS61432
country: NL
drop: yes
-aut-num: AS196691
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
-drop: yes
-
aut-num: AS200313
descr: IT WEB LTD
remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
country: NL
drop: yes
-aut-num: AS202476
-descr: Nevermind Inc.
-remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
-country: RU
-drop: yes
-
aut-num: AS202769
-descr: Cooperative Investments LLC
+descr: NETSTYLE A. LTD
remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
country: NL
drop: yes
-aut-num: AS204341
-descr: Purple Raccoon Ltd.
-remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
-country: RU
-drop: yes
-
aut-num: AS204353
descr: Global Offshore Limited
remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
country: BG
drop: yes
-aut-num: AS204655
-descr: Novogara Ltd.
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
-drop: yes
-
-aut-num: AS205702
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
+aut-num: AS204603
+descr: Partner LLC / LetHost LLC
+remarks: Bulletproof ISP
drop: yes
aut-num: AS206728
country: NL
drop: yes
-aut-num: AS209654
-descr: Delis LLC
-remarks: Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
-country: NL
-drop: yes
-
aut-num: AS210352
descr: Partner LLC
remarks: All cybercrime hosting, all the time
country: RU
drop: yes
+aut-num: AS211252
+descr: Delis LLC
+remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS211138
+descr: Private-Hosting di Cipriano Oscar
+remarks: Bulletproof combahton GmbH customer in DE
+country: DE
+drop: yes
+
aut-num: AS211805
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country: EU
drop: yes
-aut-num: AS213010
-descr: GigaHostingServices OU
-remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
-country: PL
-drop: yes
-
aut-num: AS213058
descr: Private Internet Hosting LTD
remarks: bulletproof ISP located in RU
country: AP
drop: yes
-aut-num: AS328671
-descr: Datapacket Maroc SARL
-remarks: bulletproof ISP (strongly linked to AS202425) located in NL
-country: NL
-drop: yes
-
aut-num: AS393889
descr: EightJoy Network LLC
remarks: Most likely hijacked or criminal AS
aut-num: AS398478
descr: PEG TECH INC
-remarks: ISP located in HK, tampers with RIR data
+remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
country: HK
drop: yes
country: KR
drop: yes
-aut-num: AS399674
-descr: INTERNET HOSTSPACE GLOBAL INC
-remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
-country: US
+aut-num: AS400161
+descr: Academy of Internet Research Limited Liability Company
+remarks: Mass-scanning, apparently without legitimate intention
drop: yes
aut-num: AS400506
descr: Black Apple
-remarks: Solely announces hijacked prefixes, no legitimate infrastructure
+remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
+country: JP
drop: yes
net: 45.143.203.0/24
country: NL
drop: yes
-net: 46.161.27.0/24
-descr: MEGA HOLDINGS LIMITED
-remarks: Based on domains ending up there, this network is entirely malicious
-drop: yes
-
-net: 61.177.172.0/23
-descr: CHINANET jiangsu province network
-remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore
-drop: yes
-
-net: 89.23.103.0/24
-descr: Media Land LLC / abuse-server[.]su
-remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
-drop: yes
-
-net: 91.240.243.0/24
-descr: Media Land LLC
-remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
-drop: yes
-
-net: 92.63.196.0/24
-descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
-remarks: Attack network tracing back to NL
-country: NL
-drop: yes
-
-net: 103.176.21.0/24
-descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
-remarks: Brute-force attack network
-drop: yes
-
-net: 109.206.241.0/24
-descr: Serverion B.V.
-remarks: Leased to Neterra, all cybercrime, all the time
-drop: yes
-
-net: 114.246.10.0/24
-descr: China Unicom Beijing province network
-remarks: Brute-force attack network
-drop: yes
-
-net: 116.7.245.0/24
-descr: CHINANET Guangdong province network
-remarks: Brute-force attack network
-drop: yes
-
-net: 116.57.185.0/24
-descr: China Education and Research Network
-remarks: Brute-force attack network
-drop: yes
-
-net: 154.89.5.0/24
-descr: Agotoz HK Limited
-remarks: Brute-force attack network
-drop: yes
-
-net: 185.156.72.0/24
-descr: TOV VAIZ PARTNER / InterHost
-remarks: Attack network tracing back to UA
-country: UA
-drop: yes
-
-net: 185.196.220.0/24
-descr: Makut Investments
-remarks: Brute-force attack network
-drop: yes
-
-net: 193.201.9.0/24
-descr: Infolink LLC
-remarks: Based on domains ending up there, this network is entirely malicious
-drop: yes
-
-net: 195.133.20.0/24
-descr: Tribeka Web Advisors S.A.
-remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
-country: NL
-drop: yes
-
-net: 194.135.24.0/24
-descr: Tribeka Web Advisors S.A.
-remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
-country: US
-drop: yes
-
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
remarks: Stolen AfriNIC IPv4 space announced from NL?
remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
country: HK
drop: yes
-
-net: 2a10:9700::/29
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-country: RU
-drop: yes