remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
is-anonymous-proxy: yes
-aut-num: AS208294
-descr: CIA TRIAD SECURITY LLC
-remarks: Tor relay provider located in or near Berlin, DE
-is-anonymous-proxy: yes
-country: DE
-
aut-num: AS208323
descr: Foundation for Applied Privacy
remarks: Tor relay provider
is-anonymous-proxy: yes
aut-num: AS208476
-descr: Danilenko, Artyom
+descr: Danilenko, Artyom / The PRIVACYFIRST Project / ...
remarks: (Rogue) VPN provider
is-anonymous-proxy: yes
country: EU
is-anonymous-proxy: yes
aut-num: AS396507
-descr: Emerald Onion
+name: Emerald Onion
remarks: Tor relay provider
is-anonymous-proxy: yes
remarks: VPN provider
is-anonymous-proxy: yes
-net: 37.230.170.0/23
-descr: GZ Systems Limited / PureVPN
-remarks: VPN provider
-is-anonymous-proxy: yes
-
-net: 37.230.176.0/20
-descr: GZ Systems Limited / PureVPN
-remarks: VPN provider
-is-anonymous-proxy: yes
-
net: 37.230.183.0/20
descr: GZ Systems Limited / PureVPN
remarks: VPN provider
remarks: Tor relay provider
is-anonymous-proxy: yes
+net: 79.134.225.0/24
+descr: The PRIVACYFIRST Project
+remarks: (Rogue) VPN provider hosting C&Cs en masse
+is-anonymous-proxy: yes
+
net: 80.254.74.0/20
descr: Monzoon / SwissVPN
remarks: VPN provider
remarks: (Rogue) VPN provider hosting C&Cs en masse
is-anonymous-proxy: yes
-net: 91.193.75.0/24
-descr: KGB Hosting d.o.o. / David Craig
-remarks: (Rogue) VPN provider
-is-anonymous-proxy: yes
-
net: 91.238.214.0/23
descr: Privax LTD
remarks: VPN provider
remarks: VPN provider (or something similar)
is-anonymous-proxy: yes
-net: 92.118.39.0/24
-descr: CloudMine NET
-remarks: VPN provider [high confidence, but not proofed]
-is-anonymous-proxy: yes
-
net: 92.118.204.0/22
descr: Mo's Operations GmbH
remarks: VPN provider [high confidence, but not proofed]
net: 179.60.147.0/24
descr: Cloud Solutions S.A.
remarks: Attack network, rogue VPN operator?
+country: NL
is-anonymous-proxy: yes
drop: yes
remarks: VPN provider [high confidence, but not proofed]
is-anonymous-proxy: yes
+net: 185.195.71.0/24
+descr: Datasource AG
+remarks: VPN / Tor exit network [high confidence, but not proofed]
+is-anonymous-proxy: yes
+
net: 185.99.135.0/24
descr: VpnHt Limited
remarks: VPN provider
remarks: VPN provider
is-anonymous-proxy: yes
-net: 185.162.88.0/24
-descr: Freedom of Speech VPN / nVPN / David Craig / ...
-remarks: (Rogue) VPN provider
-is-anonymous-proxy: yes
-country: EU
-
net: 185.164.59.0/24
descr: Buyproxies / Yuli Azarch
remarks: VPN provider [high confidence, but not proofed]
remarks: Satellite Internet provider [high confidence, but not proofed]
is-satellite-provider: yes
+aut-num: AS135409
+descr: Kacific Broadband Satellites Pte Ltd
+remarks: Satellite Internet provider
+is-satellite-provider: yes
+
aut-num: AS136796
descr: CoreLink Japan
remarks: Satellite Internet provider [high confidence, but not proofed] located in JP
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
country: US
+aut-num: AS18678
+descr: INTERNEXA S.A. E.S.P
+remarks: ISP located in CO, but some RIR data for announced prefixes contain garbage
+country: CO
+
aut-num: AS18779
descr: EGIHosting
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
remarks: ISP located in CA, but some RIR data for announced prefixes contain garbage
country: CA
+aut-num: AS33387
+descr: Nocix, LLC
+remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
+country: US
+
aut-num: AS34224
descr: Neterra Ltd.
remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
country: RU
+aut-num: AS50149
+descr: Servercore B.V.
+remarks: Selectel branch in NL
+country: NL
+
aut-num: AS50360
descr: Tamatiya EOOD / 4Vendeta
remarks: Questionable ISP located in BG, clients massively tamper with RIR data
remarks: ... located in HK
country: HK
+aut-num: AS136923
+descr: WitLayer Technologies Inc
+remarks: ISP located in NL, some RIR data for announced prefixes contain garbage
+country: NL
+
aut-num: AS136933
descr: Gigabitbank Global / Anchnet Asia Limited (?)
remarks: IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage
country: IN
+aut-num: AS141167
+descr: AgotoZ HK Limited
+remarks: ISP located in HK, but some RIR data for announced prefixes contain garbage
+country: HK
+
aut-num: AS141677
descr: Nathosts Limited
remarks: ... located in HK?
remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
country: NL
+aut-num: AS204997
+descr: Network Management Ltd.
+remarks: traceroutes dead-end somewhere in or near RU
+country: RU
+
aut-num: AS205026
descr: Hauer Hosting Services Limited
remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage
country: ES
+aut-num: AS205090
+descr: Network Management Ltd.
+remarks: traceroutes dead-end somewhere in or near RU
+country: RU
+
aut-num: AS205544
descr: LEASEWEB UK LIMITED
remarks: ISP located in London, GB, but many RIR data for announced prefixes contain garbage
remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage
country: TR
+aut-num: AS207459
+descr: Taner Temel
+remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage
+country: TR
+
aut-num: AS207461
descr: Liquid IO
remarks: ISP located in US, but many RIR data for announced prefixes contain garbage
remarks: fake location (BA), traces back to RO
country: RO
-net: 179.60.147.0/24
-descr: Flyservers S.A.
-remarks: traces back to NL
-country: NL
-
net: 179.60.151.0/24
descr: DATAHOME S.A.
remarks: traces back to BR
# Please keep this file sorted.
#
+aut-num: AS7586
+descr: Cloudfort IT
+remarks: part of the "Asline" IP hijacking gang
+drop: yes
+
aut-num: AS15828
descr: Blue Diamond Network Co., Ltd.
remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
country: JP
drop: yes
-aut-num: AS44015
-descr: Landgard Management Inc.
-remarks: bulletproof ISP with strong links to RU
-country: RU
-drop: yes
-
aut-num: AS44446
descr: OOO SibirInvest
remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
country: NL
drop: yes
+aut-num: AS48950
+descr: GLOBAL COLOCATION LIMITED
+remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
+country: EU
+drop: yes
+
aut-num: AS49447
descr: Nice IT Services Group Inc.
remarks: Rogue ISP
remarks: Bulletproof ISP
drop: yes
+aut-num: AS57416
+descr: LLC South Internet
+remarks: Bulletproof ISP
+drop: yes
+
aut-num: AS57523
descr: Chang Way Technologies Co. Limited
remarks: bulletproof ISP, C&C server hosting galore
country: AP
drop: yes
+aut-num: AS58931
+descr: 24.hk global BGP
+remarks: Part of the "ASLINE" IP hijacking operation
+country: HK
+drop: yes
+
aut-num: AS59425
descr: HORIZON LLC
remarks: Rogue ISP
country: RU
drop: yes
-aut-num: AS61414
-descr: EDGENAP LTD
-remarks: part of the "Asline" IP hijacking gang, the majority of announced prefixes trace back to JP
-country: JP
-drop: yes
-
aut-num: AS61432
descr: TOV VAIZ PARTNER
remarks: Rogue ISP
aut-num: AS138648
descr: ASLINE Global Exchange
-remarks: IP hijacker located somewhere in AP area
-country: AP
+remarks: IP hijacker located in HK
+country: HK
drop: yes
aut-num: AS139330
drop: yes
aut-num: AS200313
-descr: WEB_GroupInternet INC
+descr: IT WEB LTD
remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
drop: yes
country: NL
drop: yes
-aut-num: AS203680
-descr: Southern Production and Technical Enterprise Ltd.
-remarks: Hijacked?
-drop: yes
-
aut-num: AS204341
descr: Purple Raccoon Ltd.
remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
aut-num: AS210352
descr: Partner LLC
remarks: All cybercrime hosting, all the time
+country: RU
drop: yes
aut-num: AS210644
country: NL
drop: yes
+aut-num: AS211059
+descr: Tribeka Web Advisors S.A.
+remarks: Dirty ISP, see individual network entries below
+drop: yes
+
aut-num: AS211193
descr: ABDILAZIZ UULU ZHUSUP
remarks: bulletproof ISP and IP hijacker, traces to RU
country: KZ
drop: yes
+aut-num: AS212283
+descr: ROZA HOLIDAYS EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
+country: BG
+drop: yes
+
aut-num: AS212552
descr: BitCommand LLC
remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
remarks: Based on domains ending up there, this network is entirely malicious
drop: yes
+net: 61.177.172.0/23
+descr: CHINANET jiangsu province network
+remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore
+drop: yes
+
+net: 89.23.103.0/24
+descr: Media Land LLC / abuse-server[.]su
+remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
+drop: yes
+
net: 91.240.243.0/24
descr: Media Land LLC
remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country: NL
drop: yes
+net: 103.176.21.0/24
+descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
+remarks: Brute-force attack network
+drop: yes
+
+net: 109.206.241.0/24
+descr: Serverion B.V.
+remarks: Leased to Neterra, all cybercrime, all the time
+drop: yes
+
+net: 114.246.10.0/24
+descr: China Unicom Beijing province network
+remarks: Brute-force attack network
+drop: yes
+
+net: 116.7.245.0/24
+descr: CHINANET Guangdong province network
+remarks: Brute-force attack network
+drop: yes
+
+net: 116.57.185.0/24
+descr: China Education and Research Network
+remarks: Brute-force attack network
+drop: yes
+
+net: 154.89.5.0/24
+descr: Agotoz HK Limited
+remarks: Brute-force attack network
+drop: yes
+
net: 185.156.72.0/24
descr: TOV VAIZ PARTNER / InterHost
remarks: Attack network tracing back to UA
net: 185.196.220.0/24
descr: Makut Investments
-remarks: Long-running brute-force attack network
+remarks: Brute-force attack network
+drop: yes
+
+net: 193.201.9.0/24
+descr: Infolink LLC
+remarks: Based on domains ending up there, this network is entirely malicious
drop: yes
net: 195.133.20.0/24
country: NL
drop: yes
+net: 194.135.24.0/24
+descr: Tribeka Web Advisors S.A.
+remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
+country: US
+drop: yes
+
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
remarks: Stolen AfriNIC IPv4 space announced from NL?