@@ -729,21 +729,6 @@ descr: GZ Systems Limited / PureVPN
remarks: VPN provider
is-anonymous-proxy: yes
-net: 62.73.7.0/24
-descr: Privax LTD / AVAST s.r.o.
-remarks: VPN provider
-is-anonymous-proxy: yes
-
-net: 62.73.8.0/23
-descr: Privax LTD / AVAST s.r.o.
-remarks: VPN provider
-is-anonymous-proxy: yes
-
-net: 62.73.10.0/24
-descr: Privax LTD / AVAST s.r.o.
-remarks: VPN provider
-is-anonymous-proxy: yes
-
net: 62.149.160.0/20
descr: Aruba VPN
remarks: VPN provider
@@ -835,7 +820,7 @@ is-anonymous-proxy: yes
net: 80.254.74.0/20
descr: Monzoon / SwissVPN
-remarks: VPN provider [high confidence, but not proofed]
+remarks: VPN provider
is-anonymous-proxy: yes
net: 82.199.130.0/24
@@ -1135,11 +1120,6 @@ remarks: VPN provider [high confidence, but not proofed]
is-anonymous-proxy: yes
country: FR
-net: 156.0.200.0/22
-descr: xTom Limited
-remarks: ... network operator thinks messing with countries and having an offshore company for it is funny :-/
-is-anonymous-proxy: yes
-
net: 159.197.128.0/17
descr: Nationwide Computer Systems, Inc. trading as IPTrading.com
remarks: Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
@@ -1236,16 +1216,6 @@ descr: Private Internet Access
remarks: VPN provider
is-anonymous-proxy: yes
-net: 173.239.252.0/24
-descr: OculusProxies
-remarks: VPN provider [high confidence, but not proofed]
-is-anonymous-proxy: yes
-
-net: 173.239.252.0/24
-descr: BGRVPN
-remarks: VPN provider
-is-anonymous-proxy: yes
-
net: 173.244.32.0/19
descr: LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / CookieProxy / etc. pp.
remarks: large IP chunk mostly used by VPN providers
@@ -1505,11 +1475,6 @@ descr: GZ Systems Limited / PureVPN
remarks: VPN provider
is-anonymous-proxy: yes
-net: 190.115.16.0/20
-descr: DDOS-GUARD CORP.
-remarks: IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize"
-is-anonymous-proxy: yes
-
net: 191.96.1.0/23
descr: GZ Systems Limited / PureVPN
remarks: VPN provider
@@ -92,8 +92,8 @@ country: GR
aut-num: AS6134
descr: XNNET LLC
-remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data
-country: AP
+remarks: traces back to HK, seems to tamper with RIR data
+country: HK
aut-num: AS6412
name: Zajil International Telecom Company
@@ -144,6 +144,11 @@ descr: Nexril
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
country: US
+aut-num: AS15611
+descr: Iranian Research Organization for Science & Technology
+remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage
+country: IR
+
aut-num: AS15828
descr: Blue Diamond Network Co., Ltd.
remarks: Shady ISP located somewhere in AP
@@ -268,6 +273,11 @@ descr: ASLINE LIMITED
remarks: ... located in HK
country: HK
+aut-num: AS34837
+descr: Institute for Research in Fundamental Sciences
+remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage
+country: IR
+
aut-num: AS34985
descr: Kirin Communication Limited
remarks: ISP located in JP, but some RIR data for announced prefixes contain garbage
@@ -468,6 +478,11 @@ descr: KeonWoo PARK
remarks: claims US for its prefixes announced, but traces back to KR
country: KR
+aut-num: AS45250
+descr: Vocom International Telecommunications AP Area
+remarks: ISP located in AP area, some RIR data for announced prefixes contain garbage
+country: AP
+
aut-num: AS45671
descr: Servers Australia Pty. Ltd.
remarks: ISP located in AU, but some RIR data for announced prefixes contain garbage
@@ -578,11 +593,6 @@ descr: WhiteHat Inc.
remarks: tampers with RIR data
country: EU
-aut-num: AS54600
-descr: PEG TECH INC
-remarks: ISP and/or IP hijacker located in US this time, tampers with RIR data
-country: US
-
aut-num: AS55330
descr: AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK
remarks: For some reason, some "Airbus Defence and Space AS" prefixes are announced by this one...
@@ -658,6 +668,21 @@ descr: INNETRA PC
remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
country: EU
+aut-num: AS58879
+descr: Shanghai Anchang Network Security Technology Co.,Ltd.
+remarks: ... network infrastructure is believed to be located in HK, has some links to ASLINE hijacking gang
+country: HK
+
+aut-num: AS59043
+descr: Guangzhou LanDong Information technology co., LTD
+remarks: ... network infrastructure is believed to be located in HK
+country: HK
+
+aut-num: AS59117
+descr: DREAM CLOUD INNOVATION PTE. LTD.
+remarks: Claims to be located in JP or SG, but is likely located in HK
+country: HK
+
aut-num: AS59253
descr: Leaseweb Asia Pacific pte. ltd.
remarks: ISP located in SG, but some RIR data for announced prefixes contain garbage
@@ -773,6 +798,11 @@ descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
remarks: ISP located in HK, tampers with RIR data
country: HK
+aut-num: AS132813
+descr: HK AISI CLOUD COMPUTING LIMITED
+remarks: ISP and/or IP hijacker located in HK, tampers with RIR data
+country: HK
+
aut-num: AS132839
descr: POWER LINE DATACENTER
remarks: ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -799,7 +829,7 @@ remarks: IP hijacker located somewhere in AP area, suspected to be part of the "
country: AP
aut-num: AS134196
-descr: Cloudie Limited
+descr: ANYUN INTERNET TECHNOLOGY (HK) CO.,LIMITED
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region (HK? CN?)
country: AP
@@ -818,6 +848,11 @@ descr: Sky Digital Co., Ltd.
remarks: IP hijacker located in TW, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
country: TW
+aut-num: AS135097
+descr: LUOGELANG (FRANCE) LIMITED
+remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage
+country: HK
+
aut-num: AS136274
descr: Cloud Servers Pvt Ltd
remarks: ISP located in NL, all RIR data for announced prefixes contain garbage
@@ -828,11 +863,26 @@ descr: Optix Pakistan (Pvt.) Limited
remarks: ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage
country: PK
+aut-num: AS136744
+descr: DREAM POWER TECHNOLOGY LIMITED
+remarks: Located somewhere in AP (HK? KR?), tampers with RIR data a lot
+country: AP
+
+aut-num: AS136746
+descr: XRCLOUD.NET INC.
+remarks: ... located in HK
+country: HK
+
aut-num: AS136933
descr: Gigabitbank Global / Anchnet Asia Limited (?)
remarks: IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
country: AP
+aut-num: AS136950
+descr: Hong Kong FireLine Network LTD
+remarks: ... located in HK (surprise!), but thinks allocating things to random countries worldwide is funny
+country: HK
+
aut-num: AS136988
descr: Leaseweb Australia Pty. Ltd.
remarks: ISP located in AU, some RIR data for announced prefixes contain garbage
@@ -843,11 +893,6 @@ descr: Anchnet Asia Limited
remarks: IP hijacker located in HK, tampers with RIR data
country: HK
-aut-num: AS137523
-descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
-remarks: ISP and IP hijacker located in HK, tampers with RIR data
-country: HK
-
aut-num: AS138195
descr: MOACK.Co.LTD
remarks: ISP located in KR, some RIR data for announced prefixes contain garbage
@@ -878,6 +923,11 @@ descr: SANREN DATA LIMITED
remarks: IP hijacker located somewhere in AP region, tampers with RIR data
country: AP
+aut-num: AS139471
+descr: HWA CENT TELECOMMUNICATIONS LIMITED
+remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data
+country: AP
+
aut-num: AS139640
descr: HK NEW CLOUD TECHNOLOGY LIMITED
remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -908,6 +958,11 @@ descr: Galaxy Broadband
remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
country: PK
+aut-num: AS140214
+descr: Create Prominent Information Limited
+remarks: Shady ISP located in HK
+country: HK
+
aut-num: AS140224
descr: White-Sand Cloud Computing(HK) Co., LIMITED
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -938,6 +993,11 @@ descr: FLP Kochenov Aleksej Vladislavovich
remarks: ISP located in UA, but RIR data for announced prefixes all say EU
country: UA
+aut-num: AS197540
+descr: netcup GmbH
+remarks: ISP located in DE, some RIR data for announced prefixes contain garbage
+country: DE
+
aut-num: AS200019
descr: ALEXHOST SRL
remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
@@ -1260,8 +1320,8 @@ country: ZA
aut-num: AS328608
descr: Africa on Cloud
-remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
-country: AP
+remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes - anyway, traces back to ZA :-/
+country: ZA
aut-num: AS328703
descr: Seven Network Inc.
@@ -1678,11 +1738,6 @@ descr: 4b42 UG (haftungsbeschränkt)
remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/
country: DE
-net: 2a0f:7a80::/29
-descr: ASLINE Limited
-remarks: APNIC chunk owned by a HK-based company, but assigned to DE
-country: AP
-
net: 2a0f:e400:3000::/40
descr: Kevin Buehl
remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/
@@ -40,8 +40,8 @@ drop: yes
aut-num: AS211849
descr: Kakharov Orinbassar Maratuly
-remarks: ISP and IP hijacker located in RU, many RIR data for announced prefixes contain garbage
-country: RU
+remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
+country: KZ
drop: yes
aut-num: AS24009
@@ -97,6 +97,12 @@ remarks: Owned by an offshore letterbox company, suspected rogue ISP
country: RU
drop: yes
+aut-num: AS54600
+descr: PEG TECH INC
+remarks: ISP and IP hijacker located in US this time, tampers with RIR data
+country: US
+drop: yes
+
aut-num: AS55303
descr: Eagle Sky Co., Lt[d ?]
remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
@@ -166,6 +172,12 @@ remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hija
country: HK
drop: yes
+aut-num: AS137523
+descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
+remarks: ISP and IP hijacker located in HK, tampers with RIR data
+country: HK
+drop: yes
+
aut-num: AS137951
descr: Clayer Limited
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
@@ -261,6 +273,18 @@ remarks: ISP located in HK, tampers with RIR data
country: HK
drop: yes
+aut-num: AS398993
+descr: PEG TECH INC
+remarks: ISP located in JP, tampers with RIR data
+country: JP
+drop: yes
+
+aut-num: AS399195
+descr: PEG TECH INC
+remarks: ISP located in KR, tampers with RIR data
+country: KR
+drop: yes
+
net: 196.11.32.0/20
descr: Sanlam Life Insurance Limited
remarks: Stolen AfriNIC IPv4 space announced from NL
@@ -272,6 +296,12 @@ descr: NZB.si Enterprises
remarks: Tampers with RIR data, not a safe place to route traffic to
drop: yes
+net: 2a0f:7a80::/29
+descr: ASLINE Limited
+remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
+country: HK
+drop: yes
+
net: 2a10:9700::/29
descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Owned by an offshore letterbox company, suspected rogue ISP