If you are running ANY torrent software, you should blocklist:
AWS + GOOGLE + AZURE as these don't allow P2P under T&C's and disk space is derisory so SeedBoxes are extremely unlikely here.
Nobody knows for sure but this is likely to be: MA-VE-RI-CK-EYE
FASTHOSTS UK - Especially port 51500 (open ports their side)
NFORCE NL - Especially port 51500 (open ports their side)
These ISP's run AntiP2P by ?P-?ch?l?n (replaced vowels: I, E, e, o)
We observed this ISP to use stealth tactics such as moving IP blocks around periodically presumably to avoid detection.
We still see mass DHT traffic whatever they attempt.
We see them read users bitfield then disappear - there is never any traffic
We see them show fake pieces like 27/987 to try and evade detection but we see it all
We see them show fake clients favourite is Deluge (ancient obsolete version) plus other rare clients (torch, etc) which is a giveaway
But we managed to set up mass DHT spoofing client which awakens this spy network,
very notable in a symmetrical formation which does not happen with genuine clients.
TIXATI FORUM REFERENCES