@@ -639,6 +639,11 @@ descr: Gabor Marton
remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
is-anonymous-proxy: yes
+net: 45.203.128.0/18
+descr: ProxyWow LLC
+remarks: CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways
+is-anonymous-proxy: yes
+
net: 45.220.72.0/22
descr: Low budget VPN service
remarks: VPN provider
@@ -63,6 +63,11 @@ aut-num: AS4134
name: Chinanet Backbone
remarks: has no sane AS name set in APNIC DB
+aut-num: AS4609
+descr: Companhia de Telecomunicacones de Macau SARL
+remarks: ISP located in MO, but some RIR data needs manual correction due to ARIN DB situation
+country: MO
+
aut-num: AS4754
name: Software Technology Park of India
remarks: has no sane AS name set in APNIC DB
@@ -90,6 +95,11 @@ descr: Greek Research and Technology Network (GRNET) S.A.
remarks: ... located in GR
country: GR
+aut-num: AS6079
+descr: RCN
+remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
+country: US
+
aut-num: AS6134
descr: XNNET LLC
remarks: traces back to HK, seems to tamper with RIR data
@@ -208,6 +218,11 @@ descr: Unicycle, LLC
remarks: traces back to NL
country: NL
+aut-num: AS26548
+descr: PureVoltage Hosting Inc.
+remarks: ISP and IP hijacker located in US, but some RIR data for announced prefixes contain garbage
+country: US
+
aut-num: AS26636
descr: GBTCloud, Inc.
remarks: ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -263,6 +278,11 @@ descr: Neterra Ltd.
remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage
country: BG
+aut-num: AS34549
+descr: meerfarbig GmbH & Co. KG
+remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage
+country: DE
+
aut-num: AS34665
descr: Petersburg Internet Network Ltd.
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -388,10 +408,10 @@ descr: MLAB Open Source Community
remarks: traces back to DE
country: DE
-aut-num: AS41564
-descr: Orion Network Limited
-remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country: SE
+aut-num: AS41378
+descr: Kirino LLC
+remarks: traces back to AP vincinity, tampers with RIR data
+country: AP
aut-num: AS41608
descr: NextGenWebs, S.L.
@@ -603,11 +623,6 @@ descr: Reliance Jio Infocomm Limited
remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage
country: IN
-aut-num: AS55933
-descr: Cloudie Limited
-remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
-country: AP
-
aut-num: AS56322
descr: ServerAstra Kft.
remarks: ISP located in HU, but some RIR data for announced prefixes contain garbage
@@ -633,16 +648,6 @@ descr: Telefonica LLC
remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage
country: RU
-aut-num: AS57858
-descr: Inter Connects Inc.
-remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country: SE
-
-aut-num: AS57972
-descr: Inter Connects Inc.
-remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country: SE
-
aut-num: AS58061
descr: Scalaxy B.V.
remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -665,8 +670,8 @@ country: BG
aut-num: AS58349
descr: INNETRA PC
-remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
-country: EU
+remarks: ... traceroutes dead-end in NL
+country: NL
aut-num: AS58879
descr: Shanghai Anchang Network Security Technology Co.,Ltd.
@@ -723,11 +728,6 @@ descr: DignusData LLC
remarks: ISP located in PL, but _all_ RIR data for announced prefixes contain garbage
country: PL
-aut-num: AS60485
-descr: Inter Connects Inc. / Jing Yun
-remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
-country: SE
-
aut-num: AS60546
descr: EU Routing Ltd
remarks: fake offshore location (CY), hosted in NL
@@ -818,6 +818,11 @@ descr: CloudITIDC Global
remarks: ISP and/or IP hijacker located somewhere in AP
country: AP
+aut-num: AS133613
+descr: MTel telecommunication company ltd.
+remarks: ISP and located in MO, but some prefixes needs manual correction due to ARIN DB situation
+country: MO
+
aut-num: AS133752
descr: Leaseweb Asia Pacific pte. ltd.
remarks: ISP located in HK, some RIR data for announced prefixes contain garbage
@@ -853,6 +858,11 @@ descr: LUOGELANG (FRANCE) LIMITED
remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage
country: HK
+aut-num: AS136167
+descr: China Telecom (Macau) Company Limited
+remarks: located in MO, yet some prefixes show CN or HK instead
+country: MO
+
aut-num: AS136274
descr: Cloud Servers Pvt Ltd
remarks: ISP located in NL, all RIR data for announced prefixes contain garbage
@@ -918,11 +928,6 @@ descr: Cloudflare Sydney, LLC
remarks: ... but CF failed to set the country for announced prefixes to AU as well :-/
country: AU
-aut-num: AS139330
-descr: SANREN DATA LIMITED
-remarks: IP hijacker located somewhere in AP region, tampers with RIR data
-country: AP
-
aut-num: AS139471
descr: HWA CENT TELECOMMUNICATIONS LIMITED
remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -955,7 +960,7 @@ country: HK
aut-num: AS139879
descr: Galaxy Broadband
-remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
+remarks: ISP located in PK, but some RIR data need manual correction due to ARIN DB situation
country: PK
aut-num: AS140214
@@ -983,10 +988,10 @@ descr: Full Time Hosting
remarks: ISP located in DE, tampers with RIR data
country: DE
-aut-num: AS141746
-descr: Orenji Server
-remarks: IP hijacker located somewhere in AP area (JP?)
-country: AP
+aut-num: AS141677
+descr: Nathosts Limited
+remarks: ... located in HK?
+country: HK
aut-num: AS196682
descr: FLP Kochenov Aleksej Vladislavovich
@@ -1198,11 +1203,6 @@ descr: Des Capital B.V.
remarks: Shady ISP located in NL, but RIR data for announced prefixes contain garbage
country: NL
-aut-num: AS210848
-descr: Telkom Internet LTD
-remarks: shady ISP currently located in NL
-country: NL
-
aut-num: AS211380
descr: PAYWISE HOLDING Sp. z.o.o.
remarks: ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1248,11 +1248,6 @@ descr: MILEGROUP LTD
remarks: traceroutes dead-end somewhere in Central Europe
country: EU
-aut-num: AS212552
-descr: BitCommand LLC
-remarks: Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe
-country: EU
-
aut-num: AS212667
descr: RECONN LLC
remarks: ISP located in RU, but RIR data for announced prefixes contain garbage
@@ -1533,6 +1528,11 @@ descr: SpaceX Canada Corp.
remarks: Accurate country code missing due to ARIN DB situation, see also: #12746
country: CA
+net: 103.126.4.0/23
+descr: Cyber Telecom ISP
+remarks: Despite being allocated to AF, traceroutes end in NL
+country: NL
+
net: 103.197.148.0/22
descr: I.C.S. Trabia-Network S.R.L.
remarks: fake offshore location (HK), traces back to MD
@@ -67,6 +67,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Owned by an offshore letterbox company, suspected rogue ISP
drop: yes
+aut-num: AS41564
+descr: Orion Network Limited
+remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
+country: EU
+drop: yes
+
aut-num: AS43092
descr: Kirin Communication Limited
remarks: Hijacks IP space and tampers with RIR data, traces back to JP
@@ -79,6 +85,12 @@ remarks: bulletproof ISP with strong links to RU
country: RU
drop: yes
+aut-num: AS44446
+descr: OOO SibirInvest
+remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
+country: NL
+drop: yes
+
aut-num: AS48090
descr: PPTECHNOLOGY LIMITED
remarks: bulletproof ISP (related to AS204655) located in NL
@@ -109,6 +121,12 @@ remarks: Autonomous System registered to offshore company, abuse contact is a fr
country: AP
drop: yes
+aut-num: AS55933
+descr: Cloudie Limited
+remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country: AP
+drop: yes
+
aut-num: AS56611
descr: REBA Communications BV
remarks: bulletproof ISP (related to AS202425) located in NL
@@ -126,6 +144,18 @@ remarks: bulletproof ISP (related to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS57858
+descr: Inter Connects Inc.
+remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country: SE
+drop: yes
+
+aut-num: AS57972
+descr: Inter Connects Inc.
+remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country: SE
+drop: yes
+
aut-num: AS58271
descr: FOP Gubina Lubov Petrivna
remarks: bulletproof ISP operating from a war zone in eastern UA
@@ -143,6 +173,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to
remarks: Owned by an offshore letterbox company, suspected rogue ISP
drop: yes
+aut-num: AS60485
+descr: Inter Connects Inc. / Jing Yun
+remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
+country: SE
+drop: yes
+
aut-num: AS61414
descr: EDGENAP LTD
remarks: IP hijacking? Rogue ISP?
@@ -190,6 +226,12 @@ remarks: IP hijacker located somewhere in AP area
country: AP
drop: yes
+aut-num: AS139330
+descr: SANREN DATA LIMITED
+remarks: IP hijacker located somewhere in AP region, tampers with RIR data
+country: AP
+drop: yes
+
aut-num: AS140107
descr: CITIS CLOUD GROUP LIMITED
remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
@@ -201,6 +243,12 @@ remarks: ISP and IP hijacker located in HK, tampers with RIR data
country: HK
drop: yes
+aut-num: AS141746
+descr: Orenji Server
+remarks: IP hijacker located somewhere in AP area (JP?)
+country: AP
+drop: yes
+
aut-num: AS200391
descr: KREZ 999 EOOD
remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
@@ -231,24 +279,30 @@ remarks: bulletproof ISP (strongly linked to AS202425) located in NL
country: NL
drop: yes
-aut-num: AS207812
-descr: DM AUTO EOOD
-remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country: BG
-drop: yes
-
aut-num: AS209272
descr: Alviva Holding Limited
remarks: bulletproof ISP operating from a war zone in eastern UA
country: UA
drop: yes
+aut-num: AS210848
+descr: Telkom Internet LTD
+remarks: Rogue ISP (linked to AS202425) located in NL
+country: NL
+drop: yes
+
aut-num: AS211193
descr: ABDILAZIZ UULU ZHUSUP
remarks: bulletproof ISP and IP hijacker, traces to RU
country: RU
drop: yes
+aut-num: AS212552
+descr: BitCommand LLC
+remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
+country: EU
+drop: yes
+
aut-num: AS213058
descr: Private Internet Hosting LTD
remarks: bulletproof ISP located in RU