I have been doing log audits every week for the last 3 years on the websites I manage. I noticed that there are a lot of repeat offenders that try stuff on servers I manage.
Major problem with reporting IP’s is the amount of time it takes to do a report and the 0% response from the server hosts. They either ask for 1000s of questions to submit 1 IP address, don’t react to the reports because most of their “customers” are hackers or just plain send no response back.
Blocking IPs was not making a dent in the malicious traffic, so I decided to block whole ASN to stop bad traffic from hosts who don’t care what kind of traffic their “clients” create.
I decided to share my top 20 ASN that sent malicious or unwanted traffic in those last 3 years. This list contains just plain bad traffic, scrapers, bad bots, hackers, bad vpn providers and so on.
*** If you do add these, please make sure you are not blocking services that connect to your website for a legitimate reason. The list is provided AS IS. I take no responsibility for any damages.
AS14061 - DIGITALOCEAN-ASN
AS39572 - ADVANCEDHOSTERS-AS
AS24940 - HETZNER-AS
AS4837 - CHINA169-BACKBONE CHINA UNICOM China169 Backbone
AS37963 - CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd.
AS58453 - CMI-INT-HK Level 30, Tower 1
AS17964 - DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd., CN
AS45090 - CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN
AS45899 - VNPT-AS-VN VNPT Corp
AS9299 - IPG-AS-AP Philippine Long Distance Telephone Company
AS10439 - CARINET - CariNet, Inc.
AS38814 - MEGA-VANTAGE-AS-AP MEGA VANTAGE INFORMATION TECHNOLOGY (HONG KONG) LIMITED
AS16276 - OVH
AS15895 - KSNET-AS
AS29182 - THEFIRST-AS
AS50113 - SUPERSERVERSDATACENTER
AS9009 - M247
AS46606 - UNIFIEDLAYER-AS-1 - Unified Layer
AS38814 - MEGA-VANTAGE-AS-AP MEGA VANTAGE INFORMATION TECHNOLOGY (HONG KONG) LIMITED, HK
AS15149 - EZZI-101-BGP - Access Integrated Technologies, Inc., US
There is also a list of maybe’s. It has Amazon’s ASN and Godaddy’s. I would be careful blocking these, as half of Internet’s services run on those servers.
A “maybe” blocklist:
AS14618 - AMAZON-AES
AS26496 - AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC
You can generate an .htaccess ASN block list by using this tool: https://www.enjen.net/asn-blocklist/index.php?asn=AS16276&type=htaccess