@AS16509 - This will match queries that resolve to IPs belonging to AS16509 (Amazon.com).
!@AS13335 - This will match queries that do not resolve to AS13335 (Cloudflare Inc).
In your method for identifying potentially malicious IPs, you listed all IPs from multiple countries as potentially (controversially) malicious, such as RU, CN, etc. However, I doubt that blocking target IPs in there would provide a decent level of protection, because many of their state-sponsored vendors or cloud providers more often use overseas infrastructure that typically have overseas IPs/CDN nodes but still belongs to their ASNs.
For example, to more effectively block China's state-sponsored cloud providers, use this GitHub repository, which contains a list of ASNs for all China-based providers/ISPs. This covers IPs not only in mainland China but also in other locations.
Control-D now supports filtering by ASNs. For example:
@AS16509- This will match queries that resolve to IPs belonging to AS16509 (Amazon.com).!@AS13335- This will match queries that do not resolve to AS13335 (Cloudflare Inc).In your method for identifying potentially malicious IPs, you listed all IPs from multiple countries as potentially (controversially) malicious, such as RU, CN, etc. However, I doubt that blocking target IPs in there would provide a decent level of protection, because many of their state-sponsored vendors or cloud providers more often use overseas infrastructure that typically have overseas IPs/CDN nodes but still belongs to their ASNs.
For example, to more effectively block China's state-sponsored cloud providers, use this GitHub repository, which contains a list of ASNs for all China-based providers/ISPs. This covers IPs not only in mainland China but also in other locations.
Converted to Control-D format: