remarks: VPN provider
is-anonymous-proxy: yes
-aut-num: AS32781
-descr: Defender cloud international LLC
-remarks: VPN provider [high confidence, but not proofed]
-is-anonymous-proxy: yes
-
aut-num: AS34962
descr: Epik Network
remarks: Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure
is-anonymous-proxy: yes
-aut-num: AS35029
-descr: WebLine LTD
-remarks: (Rogue) VPN provider
+aut-num: AS37287
+descr: Zain Zambia PLC
+remarks: Many prefixes announced by this ASN are marked as VPN blocks
is-anonymous-proxy: yes
-country: RU
aut-num: AS37560
descr: Cyberdyne S.A.
remarks: VPN provider
is-anonymous-proxy: yes
-aut-num: AS43233
-descr: VPS 404 Ltd.
-remarks: VPN provider [high confidence, but not proofed] located in ES
-is-anonymous-proxy: yes
-country: ES
-
aut-num: AS44571
descr: Netvillage Ltd.
remarks: VPN provider [high confidence, but not proofed] located in or near RU
is-anonymous-proxy: yes
country: RU
+aut-num: AS44724
+descr: Octopusnet LTD
+remarks: VPN provider, not all VPN prefixes seem to be marked as such, so we go for the entire AS
+is-anonymous-proxy: yes
+
aut-num: AS45792
descr: Layer 3 VPN ASN
remarks: VPN provider
is-anonymous-proxy: yes
country: ES
+aut-num: AS269726
+descr: CHAMORRO ELADIO OSCAR (PROXY-AR)
+remarks: VPN provider [high confidence, but not proofed]
+is-anonymous-proxy: yes
+
aut-num: AS394087
descr: Secure Internet LLC / PureVPN
remarks: VPN provider
remarks: VPN provider
is-anonymous-proxy: yes
-aut-num: AS397685
-descr: Business VPN LLC
-remarks: VPN provider
-is-anonymous-proxy: yes
-
aut-num: AS397881
descr: Stingers, Inc.
remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
remarks: VPN provider
is-anonymous-proxy: yes
-net: 95.154.64.0/18
-descr: Octopusnet VPN
-remarks: VPN provider
-is-anonymous-proxy: yes
-
net: 95.214.160.0/22
descr: B Consulting Ltd.
remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
remarks: VPN provider
is-anonymous-proxy: yes
+net: 104.253.42.0/24
+descr: Colorberry VPN Services
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 107.186.38.0/24
descr: Colorberry VPN services
remarks: VPN provider
is-anonymous-proxy: yes
+net: 109.68.136.0/22
+descr: Credolink ISP VPN pool
+remarks: VPN provider
+is-anonymous-proxy: yes
+
+net: 109.68.140.0/22
+descr: Credolink ISP VPN pool
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 109.70.100.0/24
descr: Foundation for Applied Privacy
remarks: Tor relay provider
is-anonymous-proxy: yes
drop: yes
+net: 179.60.149.0/24
+descr: SafeVPN S.A.
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 179.61.220.0/24
descr: GZ Systems Limited / PureVPN
remarks: VPN provider
remarks: VPN provider
is-anonymous-proxy: yes
+net: 194.34.159.0/24
+descr: Stadtwerke Rostock Netzgesellschaft mbH, marked as "VPN pool" to different entity
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 194.35.233.0/24
descr: NordVPN
remarks: VPN provider
remarks: VPN provider
is-anonymous-proxy: yes
+net: 218.203.128.0/24
+descr: China Mobile Communications Corporation-ningxia-guyuan-custom VPN
+remarks: VPN provider
+is-anonymous-proxy: yes
+
+net: 218.203.136.0/24
+descr: China Mobile Communications Corporation-ningxia-guyuan-custom VPN
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 222.255.32.0/23
descr: IP Range assigned for VPN Service of VDC
remarks: VPN provider
remarks: VPN provider
is-anonymous-proxy: yes
+net: 2604:e8c0:7::/48
+descr: Mullvad VPN AB
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 2606:1000::/32
descr: VPNtranet, LLC.
remarks: VPN provider
remarks: large IP chunk mostly used by VPN providers
is-anonymous-proxy: yes
+net: 2a0c:fe01::/32
+descr: MIN proxy
+remarks: VPN provider
+is-anonymous-proxy: yes
+
net: 2c0f:f930::/32
descr: Cyberdyne S.A.
remarks: Tor relay provider
country: LT
drop: yes
-aut-num: AS18254
-descr: KLAYER LLC
-remarks: part of the "Asline" IP hijacking gang
-drop: yes
-
aut-num: AS18013
descr: ASLINE LIMITED
remarks: IP hijacker, traces back to HK
country: AP
drop: yes
+aut-num: AS35029
+descr: WebLine LTD
+remarks: Rogue ISP
+country: RU
+drop: yes
+
aut-num: AS39770
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Bulletproof ISP
country: BG
drop: yes
-aut-num: AS56447
-descr: 511 Far East Limited
-remarks: IP hijacker, tampers with RIR data
-country: RU
-drop: yes
-
aut-num: AS56611
descr: REBA Communications BV
remarks: bulletproof ISP (related to AS202425) located in NL
aut-num: AS57523
descr: Chang Way Technologies Co. Limited
-remarks: bulletproof ISP, C&C server hosting galore
+remarks: Bulletproof ISP
+country: RU
drop: yes
aut-num: AS57717
country: NL
drop: yes
-aut-num: AS196691
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
-drop: yes
-
aut-num: AS200313
descr: IT WEB LTD
remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
country: NL
drop: yes
-aut-num: AS202476
-descr: Nevermind Inc.
-remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
-country: RU
-drop: yes
-
aut-num: AS202769
-descr: Cooperative Investments LLC
+descr: NETSTYLE A. LTD
remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
country: NL
drop: yes
-aut-num: AS204341
-descr: Purple Raccoon Ltd.
-remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
-country: RU
-drop: yes
-
aut-num: AS204353
descr: Global Offshore Limited
remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
country: NL
drop: yes
-aut-num: AS205702
-descr: Get-Net LLC
-remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
-country: RU
-drop: yes
-
aut-num: AS206728
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
aut-num: AS398478
descr: PEG TECH INC
-remarks: ISP located in HK, tampers with RIR data
+remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
country: HK
drop: yes
aut-num: AS400506
descr: Black Apple
-remarks: Solely announces hijacked prefixes, no legitimate infrastructure
+remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
+country: JP
drop: yes
net: 45.143.203.0/24
remarks: Leased to Neterra, all cybercrime, all the time
drop: yes
+net: 111.7.96.0/24
+descr: China Mobile Communications Corporation
+remarks: Brute-force attack network
+drop: yes
+
net: 114.246.10.0/24
descr: China Unicom Beijing province network
remarks: Brute-force attack network
remarks: Brute-force attack network
drop: yes
+net: 123.160.220.0/22
+descr: CHINANET henan province network
+remarks: Brute-force attack network
+drop: yes
+
net: 154.89.5.0/24
descr: Agotoz HK Limited
remarks: Brute-force attack network