# Please keep this file sorted.
#
-aut-num: AS18254
-descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang, traces back to AP region
-country: AP
+aut-num: AS7586
+descr: Cloudfort IT
+remarks: part of the "Asline" IP hijacking gang
+drop: yes
+
+aut-num: AS15828
+descr: Blue Diamond Network Co., Ltd.
+remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
+country: LT
drop: yes
aut-num: AS18013
country: HK
drop: yes
-aut-num: AS22769
-descr: DDOSING NETWORK
-remarks: IP hijacker located in US, massively tampers with RIR data
-country: US
-drop: yes
-
aut-num: AS24567
descr: QT Inc.
remarks: IP hijacker operating out of AP area (HK or TW?)
country: AP
drop: yes
+aut-num: AS35029
+descr: WebLine LTD
+remarks: Rogue ISP
+country: RU
+drop: yes
+
aut-num: AS39770
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP
+drop: yes
+
+aut-num: AS40193
+descr: Trit Networks, LLC
+remarks: all cybercrime hosting, all the time
+country: US
drop: yes
aut-num: AS41564
descr: Orion Network Limited
-remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country: EU
+remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
+drop: yes
+
+aut-num: AS41909
+descr: PINVDS OU
+remarks: all cybercrime hosting, all the time
+country: RU
drop: yes
aut-num: AS43092
country: JP
drop: yes
-aut-num: AS44015
-descr: Landgard Management Inc.
-remarks: bulletproof ISP with strong links to RU
-country: RU
-drop: yes
-
aut-num: AS44446
descr: OOO SibirInvest
remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
country: NL
drop: yes
+aut-num: AS44477
+descr: STARK INDUSTRIES SOLUTIONS LTD
+remarks: Rogue ISP in multiple locations, some RIR data contain garbage
+drop: yes
+
+aut-num: AS47154
+descr: HUSAM A. H. HIJAZI
+remarks: Rogue ISP located in NL
+country: NL
+drop: yes
+
aut-num: AS48090
descr: PPTECHNOLOGY LIMITED
remarks: bulletproof ISP (related to AS204655) located in NL
country: NL
drop: yes
+aut-num: AS48950
+descr: GLOBAL COLOCATION LIMITED
+remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
+country: EU
+drop: yes
+
aut-num: AS49447
descr: Nice IT Services Group Inc.
-remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
-country: CH
+remarks: Rogue ISP
+drop: yes
+
+aut-num: AS49870
+descr: Alsycon BV
+remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS49466
+descr: KLAYER LLC
+remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
+country: CR
+drop: yes
+
+aut-num: AS49943
+descr: IT Resheniya LLC
+remarks: Rogue ISP
drop: yes
aut-num: AS51381
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP
country: RU
drop: yes
+aut-num: AS53727
+descr: Netsys Global Telecom Limited (?)
+remarks: Hijacked AS announced out of some location in AP, possibly HK
+country: AP
+drop: yes
+
aut-num: AS54600
descr: PEG TECH INC
remarks: ISP and IP hijacker located in US this time, tampers with RIR data
country: HK
drop: yes
-aut-num: AS56447
-descr: 511 Far East Limited
-remarks: IP hijacker, tampers with RIR data
-country: RU
+aut-num: AS57509
+descr: L&L Investment Ltd.
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
+country: BG
drop: yes
aut-num: AS56611
aut-num: AS56873
descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
+remarks: Bulletproof ISP
+drop: yes
+
+aut-num: AS57416
+descr: LLC South Internet
+remarks: Bulletproof ISP
drop: yes
aut-num: AS57523
descr: Chang Way Technologies Co. Limited
-remarks: bulletproof ISP, C&C server hosting galore
+remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57717
country: AP
drop: yes
+aut-num: AS58931
+descr: 24.hk global BGP
+remarks: Part of the "ASLINE" IP hijacking operation
+country: HK
+drop: yes
+
+aut-num: AS59425
+descr: HORIZON LLC
+remarks: Rogue ISP
+drop: yes
+
+aut-num: AS59753
+descr: Vault Dweller OU
+remarks: bulletproof ISP (related to AS57717) located in NL
+country: NL
+drop: yes
+
+aut-num: AS59940
+descr: Kanzas LLC
+remarks: Rogue ISP
+drop: yes
+
aut-num: AS60424
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Owned by an offshore letterbox company, suspected rogue ISP
aut-num: AS60930
descr: Intem LLC
remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
+country: RU
+drop: yes
+
+aut-num: AS61302
+descr: HUIZE LTD
+remarks: Bulletproof ISP
drop: yes
-aut-num: AS61414
-descr: EDGENAP LTD
-remarks: IP hijacking? Rogue ISP?
+aut-num: AS61432
+descr: TOV VAIZ PARTNER
+remarks: Rogue ISP
drop: yes
aut-num: AS62068
country: HK
drop: yes
+aut-num: AS137443
+descr: Anchnet Asia Limited
+remarks: IP hijacker located in HK, tampers with RIR data
+country: HK
+drop: yes
+
aut-num: AS137523
descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
remarks: ISP and IP hijacker located in HK, tampers with RIR data
aut-num: AS138648
descr: ASLINE Global Exchange
-remarks: IP hijacker located somewhere in AP area
-country: AP
+remarks: IP hijacker located in HK
+country: HK
drop: yes
aut-num: AS139330
country: AP
drop: yes
+aut-num: AS140227
+descr: Hong Kong Communications International Co., Limited
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country: AP
+drop: yes
+
aut-num: AS141159
descr: Incomparable(HK)Network Co., Limited
remarks: ISP and IP hijacker located in HK, tampers with RIR data
country: AP
drop: yes
-aut-num: AS196691
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
+aut-num: AS141759
+descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
+remarks: Dirty ISP located in NL
+country: NL
+drop: yes
+
+aut-num: AS200313
+descr: IT WEB LTD
+remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
drop: yes
aut-num: AS200391
country: NL
drop: yes
-aut-num: AS202476
-descr: Nevermind Inc.
-remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
-country: RU
-drop: yes
-
aut-num: AS202769
-descr: Cooperative Investments LLC
+descr: NETSTYLE A. LTD
remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
country: NL
drop: yes
-aut-num: AS204341
-descr: Purple Raccoon Ltd.
-remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
-country: RU
+aut-num: AS204353
+descr: Global Offshore Limited
+remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
+country: EU
drop: yes
aut-num: AS204428
country: BG
drop: yes
+aut-num: AS204603
+descr: Partner LLC / LetHost LLC
+remarks: Bulletproof ISP
+drop: yes
+
aut-num: AS204655
descr: Novogara Ltd.
remarks: bulletproof ISP (strongly linked to AS202425) located in NL
country: NL
drop: yes
-aut-num: AS205702
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
-drop: yes
-
aut-num: AS206728
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country: RU
drop: yes
+aut-num: AS207566
+descr: Chang Way Technologies Co. Limited
+remarks: Rogue ISP
+country: RU
+drop: yes
+
+aut-num: AS209160
+descr: Miti 2000 EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country: BG
+drop: yes
+
aut-num: AS209272
descr: Alviva Holding Limited
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
-aut-num: AS209654
-descr: Delis LLC
-remarks: Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
+aut-num: AS209559
+descr: XHOST INTERNET SOLUTIONS LP
+remarks: Rogue ISP (linked to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS210352
+descr: Partner LLC
+remarks: All cybercrime hosting, all the time
+country: RU
+drop: yes
+
+aut-num: AS210644
+descr: AEZA GROUP Ltd
+remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
+country: RU
+drop: yes
+
aut-num: AS210848
descr: Telkom Internet LTD
remarks: Rogue ISP (linked to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS211059
+descr: Tribeka Web Advisors S.A.
+remarks: Dirty ISP, see individual network entries below
+drop: yes
+
aut-num: AS211193
descr: ABDILAZIZ UULU ZHUSUP
remarks: bulletproof ISP and IP hijacker, traces to RU
country: RU
drop: yes
+aut-num: AS211252
+descr: Delis LLC
+remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS211138
+descr: Private-Hosting di Cipriano Oscar
+remarks: Bulletproof combahton GmbH customer in DE
+country: DE
+drop: yes
+
aut-num: AS211805
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country: KZ
drop: yes
+aut-num: AS212283
+descr: ROZA HOLIDAYS EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
+country: BG
+drop: yes
+
aut-num: AS212552
descr: BitCommand LLC
remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
country: EU
drop: yes
-aut-num: AS212738
-descr: LUSOVPS UNIPESSOAL LDA
-remarks: IP hijacker located in PT
-country: PT
+aut-num: AS213010
+descr: GigaHostingServices OU
+remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
+country: PL
drop: yes
aut-num: AS213058
country: RU
drop: yes
-aut-num: AS267712
-descr: EL ALAMO S.R.L
-remarks: Hijacked AS being announced out of RU
-country: RU
+aut-num: AS213194
+descr: Alfa Web Solutions Ltd
+remarks: Rogue ISP (linked to AS57717) located in NL
+country: NL
drop: yes
-aut-num: AS327790
-descr: Wirels Connect (PTY) Ltd
-remarks: Hijacked AS being announced out of PT
-country: PT
+aut-num: AS213254
+descr: OOO RAIT TELECOM
+remarks: Bulletproof connectivity procurer for AS51381
+country: RU
drop: yes
aut-num: AS328543
aut-num: AS393889
descr: EightJoy Network LLC
-remarks: Most likely hijacked AS
+remarks: Most likely hijacked or criminal AS
+country: HK
drop: yes
aut-num: AS398478
descr: PEG TECH INC
-remarks: ISP located in HK, tampers with RIR data
+remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
country: HK
drop: yes
country: US
drop: yes
-net: 154.73.248.0/22
-descr: Wirels Connect (PTY) Ltd
-remarks: Most likely stolen AfriNIC IPv4 space
+aut-num: AS400161
+descr: Academy of Internet Research Limited Liability Company
+remarks: Mass-scanning, apparently without legitimate intention
+drop: yes
+
+aut-num: AS400506
+descr: Black Apple
+remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
+country: JP
+drop: yes
+
+net: 45.143.203.0/24
+descr: TOV VAIZ PARTNER
+remarks: Attack network tracing back to NL
+country: NL
+drop: yes
+
+net: 61.177.172.0/23
+descr: CHINANET jiangsu province network
+remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore
+drop: yes
+
+net: 89.23.103.0/24
+descr: Media Land LLC / abuse-server[.]su
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+drop: yes
+
+net: 91.240.243.0/24
+descr: Media Land LLC
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+drop: yes
+
+net: 92.63.196.0/24
+descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
+remarks: Attack network tracing back to NL
+country: NL
+drop: yes
+
+net: 103.176.21.0/24
+descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
+remarks: Brute-force attack network
+drop: yes
+
+net: 109.206.241.0/24
+descr: Serverion B.V.
+remarks: Leased to Neterra, all cybercrime, all the time
+drop: yes
+
+net: 111.7.96.0/24
+descr: China Mobile Communications Corporation
+remarks: Brute-force attack network
+drop: yes
+
+net: 114.246.10.0/24
+descr: China Unicom Beijing province network
+remarks: Brute-force attack network
drop: yes
-net: 161.123.0.0/16
-descr: Wirels Connect (PTY) Ltd
-remarks: Most likely stolen AfriNIC IPv4 space, already SBL'ed (SBL547511), not a safe area to accept traffic from
+net: 116.7.245.0/24
+descr: CHINANET Guangdong province network
+remarks: Brute-force attack network
+drop: yes
+
+net: 116.57.185.0/24
+descr: China Education and Research Network
+remarks: Brute-force attack network
+drop: yes
+
+net: 123.160.220.0/22
+descr: CHINANET henan province network
+remarks: Brute-force attack network
+drop: yes
+
+net: 154.89.5.0/24
+descr: Agotoz HK Limited
+remarks: Brute-force attack network
+drop: yes
+
+net: 185.156.72.0/24
+descr: TOV VAIZ PARTNER / InterHost
+remarks: Attack network tracing back to UA
+country: UA
+drop: yes
+
+net: 185.196.220.0/24
+descr: Makut Investments
+remarks: Brute-force attack network
+drop: yes
+
+net: 193.201.9.0/24
+descr: Infolink LLC
+remarks: Based on domains ending up there, this network is entirely malicious
drop: yes
net: 195.133.20.0/24
country: NL
drop: yes
+net: 194.135.24.0/24
+descr: Tribeka Web Advisors S.A.
+remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
+country: US
+drop: yes
+
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
remarks: Stolen AfriNIC IPv4 space announced from NL?
country: NL
drop: yes
+net: 2a0e:b107:17fe::/47
+descr: Amarai-Network - Location Test @ Antarctic
+remarks: Tampers with RIR data, not a safe place to route traffic to
+drop: yes
+
net: 2a0e:b107:d10::/44
descr: NZB.si Enterprises
remarks: Tampers with RIR data, not a safe place to route traffic to
projects / location / location-database.git / blobdiff