remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage
country: DE
+aut-num: AS8708
+name: RCS & RDS SA
+remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage
+country: RO
+
aut-num: AS9304
descr: HGC Global Communications Limited
remarks: Jurisdiction is HK, pinning the location there
remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage
country: IR
-aut-num: AS15828
-descr: Blue Diamond Network Co., Ltd.
-remarks: Shady ISP, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
-country: LT
-
aut-num: AS16262
descr: Datacheap Ltd.
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
remarks: ISP located in UA, but some RIR data for announced prefixes contain garbage
country: UA
+aut-num: AS30938
+descr: ahbr company limited
+remarks: ... trackes back to GB
+country: GB
+
aut-num: AS30982
descr: CAFE Informatique et telecommunications (defunct)
remarks: spamming bogon located in TG - formerly allocated to CAFE Informatique et telecommunications
remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage
country: RO
+aut-num: AS42675
+descr: Obehosting AB
+remarks: ISP located in SE, but some RIR data for announced prefixes contain garbage
+country: SE
+
aut-num: AS42745
descr: Safe Value Limited
remarks: tampers with RIR data, traces back to somewhere in central Europe
remarks: ISP located in JP, but some RIR data for announced prefixes contain garbage
country: JP
+aut-num: AS43993
+descr: IronTelecom OU
+remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
+country: RU
+
aut-num: AS44066
descr: diva-e Datacenters GmbH
remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage
remarks: ISP located in UA, but some RIR data for announced prefixes contain garbage
country: UA
+aut-num: AS44676
+descr: Perviy TSOD LLC
+remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
+country: RU
+
aut-num: AS44735
descr: Nova hf
remarks: ISP located in IS, but some RIR data for announced prefixes contain garbage
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
country: US
+aut-num: AS46573
+descr: LayerHost
+remarks: According to its website, this ISP hosts in US datacenters, pinning location
+country: US
+
aut-num: AS46841
descr: Fork Networking, LLC
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage
country: IR
+aut-num: AS47890
+descr: UNMANAGED LTD
+remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage
+country: RO
+
aut-num: AS48024
descr: NEROCLOUD Ltd.
remarks: RIR data faked/incorrect, cannot trust this network
remarks: tampers with RIR data, traces back to RU
country: RU
-aut-num: AS49466
-descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang, traces back to AP region
-country: AP
-
aut-num: AS49453
descr: Global Layer BV
remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
aut-num: AS49581
descr: Ferdinand Zink trading as Tube-Hosting
-remarks: hosted at the Skylink DC in NL
+remarks: According to https://tube-hosting.com/datacenter, this ISP hosts out of the SkyLink DC in NL
country: NL
aut-num: AS49612
remarks: another shady customer or branch of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
country: EU
-aut-num: AS49870
-descr: Alsycon BV
-remarks: Shady ISP located in NL, but some RIR data for announced prefixes contain garbage
-country: NL
-
aut-num: AS49921
descr: F.I.H. FORMULA INVESTMENT HOUSE CLEARING LIMITED
remarks: claims GR for announced prefixes, but traceroutes dead-end somewhere else in EU
remarks: ISP located in GE, but many RIR data for announced prefixes contain garbage
country: GE
+aut-num: AS57818
+descr: SKTV Ltd.
+remarks: ISP located in RU, but many RIR data for announced prefixes contain garbage
+country: RU
+
aut-num: AS57844
descr: SPDNet Telekomunikasyon Hizmetleri Bilgi Teknolojileri Taahhut Sanayi Ve Ticaret A.S.
remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage
country: TR
+aut-num: AS57866
+descr: Fusix Network BV
+remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
+country: NL
+
aut-num: AS58057
descr: Securebit AG
remarks: ... who thinks messing with country codes galore is fun. We can do that, too, and pin their location to CH, since this at least is their accurate jurisdiction.
remarks: ISP located in SG, but some RIR data for announced prefixes contain garbage
country: SG
+aut-num: AS59432
+descr: GINERNET S.L.
+remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage
+country: ES
+
aut-num: AS59580
descr: Batterflyai Media Ltd.
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
remarks: ISP located in HK, some RIR data for announced prefixes contain garbage
country: HK
+aut-num: AS133948
+descr: DONGFONG INC LIMITED
+remarks: ISP located in HK, some RIR data for announced prefixes contain default APNIC data
+country: HK
+
aut-num: AS134121
descr: rainbow network limited
remarks: Shady ISP located somewhere in AP area (HK? TW? ???), RIR data contain garbage
remarks: ISP located in AU, some RIR data for announced prefixes contain garbage
country: AU
-aut-num: AS137443
-descr: Anchnet Asia Limited
-remarks: IP hijacker located in HK, tampers with RIR data
-country: HK
-
aut-num: AS138195
descr: MOACK.Co.LTD
remarks: ISP located in KR, some RIR data for announced prefixes contain garbage
country: HK
aut-num: AS140224
-descr: White-Sand Cloud Computing(HK) Co., LIMITED
-remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
-country: AP
+descr: STARCLOUD GLOBAL PTE., LTD.
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, hosted in HK according to its website
+country: HK
aut-num: AS140641
descr: YOTTA NETWORK SERVICES PRIVATE LIMITED
remarks: ... located in HK
country: HK
+aut-num: AS142430
+descr: DIGI VPS
+remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage
+country: IN
+
aut-num: AS142578
descr: E-Large (HongKong)
remarks: traceroutes dead-end in US, and measurements could not proof that this AS is being located elsewhere
remarks: serivces hosted in RU
country: RU
+aut-num: AS201814
+descr: Meverywhere sp. z o.o.
+remarks: According to its website, all datacenters of this ISP are located in PL
+country: PL
+
aut-num: AS201912
descr: FutureNow Incorporated
remarks: ISP located in BG, but RIR data for announced prefixes contain garbage
remarks: fake offshore location (SC), traces back to RU
country: RU
+aut-num: AS202914
+descr: Adeo Datacenter ApS
+remarks: According to its website, all datacenters used by this ISP are in DK
+country: DK
+
aut-num: AS202505
descr: NETBUDUR TELEKOMUNIKASYON LIMITED SIRKETI
remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage
country: TR
+aut-num: AS203020
+descr: HostRoyale Technologies Pvt Ltd
+remarks: Pin the location of this AS to its jurisdiction (IN) due to massive tampering with RIR data
+country: IN
+
aut-num: AS203038
descr: QuxLabs UG
remarks: traces back to SE
remarks: Network operator thinks messing with RIR data is funny... :-/
country: EU
+aut-num: AS204687
+descr: A2 Networks Inc.
+remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
+country: NL
+
aut-num: AS205026
descr: Hauer Hosting Services Limited
remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage
country: RU
aut-num: AS210644
-descr: Des Capital B.V.
+descr: AEZA GROUP Ltd
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
country: RU
remarks: Shady ISP located in NL, but RIR data for announced prefixes contain garbage
country: NL
+aut-num: AS210718
+descr: FIVE CYBER HOST SECURITY S.R.L.
+remarks: ISP located in RO, but RIR data for announced prefixes contain garbage
+country: RO
+
aut-num: AS211237
descr: FORTR TELEKOMUNIKASYON SANAYI VE TICARET LIMITED SIRKETI
remarks: ISP located in TR, but some RIR data for announced prefixes contain garbage
remarks: AS being announced out of PT
country: PT
+aut-num: AS328227
+descr: Xhostserver LLC
+remarks: ISP located in ZA, many RIR data for announced prefixes contain garbage
+country: ZA
+
aut-num: AS328383
descr: xTom Limited
remarks: ISP located in ZA, RIR data for announced prefixes contain garbage
country: ZA
-aut-num: AS328227
-descr: Xhostserver LLC
-remarks: ISP located in ZA, many RIR data for announced prefixes contain garbage
+aut-num: AS328703
+descr: Seven Network Inc.
+remarks: ISP located in ZA, RIR data for announced prefixes contain garbage
country: ZA
aut-num: AS328608
remarks: Part of the "ASLINE" IP hijacking gang, HK vicinity seems to be part of US too for them :-/
country: AP
+aut-num: AS399641
+descr: Wolverine Trading, LLC
+remarks: ISP located in US, many RIR data for announced prefixes contain garbage
+country: US
+
aut-num: AS400039
descr: Wolverine Trading, LLC
remarks: IP hijacker located in US, tampers with RIR data
remarks: fake offshore location (SC), traces back to RU
country: RU
+net: 185.105.0.0/22
+descr: G-Core Innovations S.a r.l.
+remarks: this network does not appear to have any relations to IN whatsoever, it is rather used out of central Europe (LU?)
+country: LU
+
net: 185.140.204.0/22
descr: Hornetsecurity GmbH
remarks: all suballocations are used in DE, but are assigned to US
# Please keep this file sorted.
#
+aut-num: AS15828
+descr: Blue Diamond Network Co., Ltd.
+remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
+country: LT
+drop: yes
+
aut-num: AS18254
descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang, traces back to AP region
-country: AP
+remarks: part of the "Asline" IP hijacking gang
drop: yes
aut-num: AS18013
country: HK
drop: yes
-aut-num: AS22769
-descr: DDOSING NETWORK
-remarks: IP hijacker located in US, massively tampers with RIR data
-country: US
-drop: yes
-
aut-num: AS24567
descr: QT Inc.
remarks: IP hijacker operating out of AP area (HK or TW?)
remarks: Bulletproof ISP
drop: yes
+aut-num: AS40193
+descr: Trit Networks, LLC
+remarks: all cybercrime hosting, all the time
+country: US
+drop: yes
+
aut-num: AS41564
descr: Orion Network Limited
-remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country: EU
+remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
drop: yes
aut-num: AS41909
aut-num: AS49447
descr: Nice IT Services Group Inc.
-remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
-country: CH
+remarks: Rogue ISP
+drop: yes
+
+aut-num: AS49870
+descr: Alsycon BV
+remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
+country: NL
+drop: yes
+
+aut-num: AS49466
+descr: KLAYER LLC
+remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
+country: CR
drop: yes
aut-num: AS49943
country: HK
drop: yes
+aut-num: AS57509
+descr: L&L Investment Ltd.
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
+country: BG
+drop: yes
+
aut-num: AS56447
descr: 511 Far East Limited
remarks: IP hijacker, tampers with RIR data
aut-num: AS60930
descr: Intem LLC
remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
+country: RU
drop: yes
aut-num: AS61414
descr: EDGENAP LTD
-remarks: IP hijacking? Rogue ISP?
+remarks: part of the "Asline" IP hijacking gang, the majority of announced prefixes trace back to JP
+country: JP
drop: yes
aut-num: AS61432
country: HK
drop: yes
+aut-num: AS137443
+descr: Anchnet Asia Limited
+remarks: IP hijacker located in HK, tampers with RIR data
+country: HK
+drop: yes
+
aut-num: AS137523
descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
remarks: ISP and IP hijacker located in HK, tampers with RIR data
country: NL
drop: yes
+aut-num: AS203680
+descr: Southern Production and Technical Enterprise Ltd.
+remarks: Hijacked?
+drop: yes
+
aut-num: AS204341
descr: Purple Raccoon Ltd.
remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
country: RU
drop: yes
+aut-num: AS207566
+descr: Chang Way Technologies Co. Limited
+remarks: Rogue ISP
+country: RU
+drop: yes
+
aut-num: AS209160
descr: Miti 2000 EOOD
remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
country: NL
drop: yes
+aut-num: AS210352
+descr: Partner LLC
+remarks: All cybercrime hosting, all the time
+drop: yes
+
aut-num: AS210644
descr: AEZA GROUP Ltd
remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
country: EU
drop: yes
+aut-num: AS213010
+descr: GigaHostingServices OU
+remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
+country: PL
+drop: yes
+
aut-num: AS213058
descr: Private Internet Hosting LTD
remarks: bulletproof ISP located in RU
remarks: Solely announces hijacked prefixes, no legitimate infrastructure
drop: yes
+net: 45.143.203.0/24
+descr: TOV VAIZ PARTNER
+remarks: Attack network tracing back to NL
+country: NL
+drop: yes
+
net: 46.161.27.0/24
descr: MEGA HOLDINGS LIMITED
remarks: Based on domains ending up there, this network is entirely malicious
drop: yes
+net: 91.240.243.0/24
+descr: Media Land LLC
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+drop: yes
+
+net: 92.63.196.0/24
+descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
+remarks: Attack network tracing back to NL
+country: NL
+drop: yes
+
+net: 185.156.72.0/24
+descr: TOV VAIZ PARTNER / InterHost
+remarks: Attack network tracing back to UA
+country: UA
+drop: yes
+
net: 185.196.220.0/24
descr: Makut Investments
remarks: Long-running brute-force attack network