Bad ASN List to Block in Your Web Firewall to Harden Against Malicious Attacks

Most of the malware bot attacts coming from these ASNs and you should block these unwanted automated malicious traffic from your web firewall:

Bad ASNs you can easily block without causing any problems

• AS4134 Chinanet (most spam botnet IPs in the world + phishing emails)
• AS4837 CHINA UNICOM China169 Backbone (Chinese DDoS)
• AS9808 AS56048 China Mobile (Phishing Emails)
• AS36352 AS-COLOCROSSING (100% FULL OF HACK BOTS!!! – Cheapest VPS for hackers)
• AS24940 Hetzner Online GmbH (100% FULL OF HACK BOTS!!! – VPS Provider)
• AS-26496-GO-DADDY-COM-LLC (Cheap VPS for hack bots)
• AS55286 SERVER-MANIA (Cheap VPS Seller to hackers, immediatelly block it)
• AS16276 OVH SAS (VPS provider)
• AS14061 DIGITALOCEAN-ASN (VPS provider)
• AS9009 M247 Ltd (VPN, proxy provider and mostly used for attacks)
• AS8048 CANTV Servicios, Venezuela
• AS28573 Claro NXT (Brasil botnet)
• AS12389 Rostelecom (Russian botnet)
• AS9737 TOT (Thailand bad bots)
• AS7713 AS17974 PT Telekomunikasi Indonesia (DDoS)
• AS8100 ASN-QUADRANET-GLOBAL (Cheap VPS Servers for Hacking + Spam)
• AS37518 FIBERGRID (Seychelles spam)
• AS203020 HostRoyale (Cheap VPS for hackers)
• AS46261 QUICKPACKET (VPS provider)
• AS17557 Pakistan Telecommunication (Paki bots)
• AS396190 AS60781 AS15003 AS395954 AS396362 AS30633 AS205544 AS394380 AS19148 AS7203 AS27411 AS28753  AS133752 AS393886 AS59253 LEASEWEB (VPS Provider)
• AS60068 Datacamp Limited (VPN)
• AS199524 G-Core Labs S.A. (VPS+VPN)
• AS57858 Inter Connects Inc (Estonia hackers)
• AS18403 FPT Telecom (Vietnam DDoS)
• AS132203 AS45090 Shenzhen Tencent Computer Systems Company Limited (Chinese bots of Tencent Cloud)
• AS37963 AS45102 AS134963 Hangzhou Alibaba Advertising Alibaba US Technology Co., Ltd. Alibaba.com Singapore
• AS48095 Xt Global Networks Ltd. (Romanian hackers)
• AS19531 NODESDIRECT
• AS45899 VNPT Corp (Vietnam DDoS Botnet)
• AS31549 RASANA Aria Shatel Company Ltd (Iran Botnet)
• AS8560 1&1 IONOS SE (Cheapest host for sending phishing emails + Known for scams)
• AS6724 Strato AG (Cheapest domain host seller for scams+bots)
• AS206092 Ipxo Limited SECFIREWALLAS (70% spam IP seller)
• AS30823 combahton GmbH (Phishing Emails)

Optional (Also i shared how to block GoogleCloud and Microsoft Azure ASNs without blocking search engine crawling bots in Cloudflare):

• AS14618 AMAZON-AES (Includes botnets but Careful with Amazon)
• AS16509 AMAZON-02 (Mostly used by hackers for vulnerability check & botnet activities by India)
• AS396982 AS15169 GOOGLE-CLOUD-PLATFORM (Exclude Googlebot)
• AS8075 MICROSOFT-CORP-MSN-AS-BLOCK (Exclude Bingbot, FULL OF ATTACK BOTS)
• AS136907 HWCLOUDS-AS-AP HUAWEI CLOUDS (Chinese/Singaporean Huawei Cloud used by malicious bot activities, may exclude PetalSearch Bot, that no one uses)

TOP 25 Bad ASN List Sorted By Spam Active IP Addresses

Full ASN Block List (includes 2000+ records)

CSV Format: https://github.com/tosunkaya/badasnlist/blob/main/badasnlist.csv

Data source: https://cleantalk.org/blacklists/asn edited by myself.