overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS18254
  30 descr:          KLAYER LLC
  31 remarks:        part of the "Asline" IP hijacking gang, traces back to AP region
  32 country:        AP
  33 drop:           yes
  34
  35 aut-num:        AS18013
  36 descr:          ASLINE LIMITED
  37 remarks:        IP hijacker, traces back to HK
  38 country:        HK
  39 drop:           yes
  40
  41 aut-num:        AS22769
  42 descr:          DDOSING NETWORK
  43 remarks:        IP hijacker located in US, massively tampers with RIR data
  44 country:        US
  45 drop:           yes
  46
  47 aut-num:        AS24567
  48 descr:          QT Inc.
  49 remarks:        IP hijacker operating out of AP area (HK or TW?)
  50 country:        AP
  51 drop:           yes
  52
  53 aut-num:        AS39770
  54 descr:          1337TEAM LIMITED / eliteteam[.]to
  55 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  56 drop:           yes
  57
  58 aut-num:        AS41564
  59 descr:          Orion Network Limited
  60 remarks:        shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
  61 country:        EU
  62 drop:           yes
  63
  64 aut-num:        AS43092
  65 descr:          Kirin Communication Limited
  66 remarks:        Hijacks IP space and tampers with RIR data, traces back to JP
  67 country:        JP
  68 drop:           yes
  69
  70 aut-num:        AS44015
  71 descr:          Landgard Management Inc.
  72 remarks:        bulletproof ISP with strong links to RU
  73 country:        RU
  74 drop:           yes
  75
  76 aut-num:        AS44446
  77 descr:          OOO SibirInvest
  78 remarks:        bulletproof ISP (related to AS202425 and AS57717) located in NL
  79 country:        NL
  80 drop:           yes
  81
  82 aut-num:        AS48090
  83 descr:          PPTECHNOLOGY LIMITED
  84 remarks:        bulletproof ISP (related to AS204655) located in NL
  85 country:        NL
  86 drop:           yes
  87
  88 aut-num:        AS49447
  89 descr:          Nice IT Services Group Inc.
  90 remarks:        Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
  91 country:        CH
  92 drop:           yes
  93
  94 aut-num:        AS51381
  95 descr:          1337TEAM LIMITED / eliteteam[.]to
  96 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  97 country:        RU
  98 drop:           yes
  99
 100 aut-num:        AS54600
 101 descr:          PEG TECH INC
 102 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
 103 country:        US
 104 drop:           yes
 105
 106 aut-num:        AS55020
 107 descr:          Aodao Inc
 108 remarks:        part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
 109 country:        HK
 110 drop:           yes
 111
 112 aut-num:        AS55303
 113 descr:          Eagle Sky Co., Lt[d ?]
 114 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 115 country:        AP
 116 drop:           yes
 117
 118 aut-num:        AS55933
 119 descr:          Cloudie Limited
 120 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 121 country:        HK
 122 drop:           yes
 123
 124 aut-num:        AS56447
 125 descr:          511 Far East Limited
 126 remarks:        IP hijacker, tampers with RIR data
 127 country:        RU
 128 drop:           yes
 129
 130 aut-num:        AS56611
 131 descr:          REBA Communications BV
 132 remarks:        bulletproof ISP (related to AS202425) located in NL
 133 country:        NL
 134 drop:           yes
 135
 136 aut-num:        AS56873
 137 descr:          1337TEAM LIMITED / eliteteam[.]to
 138 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 139 drop:           yes
 140
 141 aut-num:        AS57523
 142 descr:          Chang Way Technologies Co. Limited
 143 remarks:        bulletproof ISP, C&C server hosting galore
 144 drop:           yes
 145
 146 aut-num:        AS57717
 147 descr:          FiberXpress BV
 148 remarks:        bulletproof ISP (related to AS202425) located in NL
 149 country:        NL
 150 drop:           yes
 151
 152 aut-num:        AS57858
 153 descr:          Inter Connects Inc.
 154 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 155 country:        SE
 156 drop:           yes
 157
 158 aut-num:        AS57972
 159 descr:          Inter Connects Inc.
 160 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 161 country:        SE
 162 drop:           yes
 163
 164 aut-num:        AS58271
 165 descr:          FOP Gubina Lubov Petrivna
 166 remarks:        bulletproof ISP operating from a war zone in eastern UA
 167 country:        UA
 168 drop:           yes
 169
 170 aut-num:        AS58810
 171 descr:          iZus Co., Ltd
 172 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 173 country:        AP
 174 drop:           yes
 175
 176 aut-num:        AS60424
 177 descr:          1337TEAM LIMITED / eliteteam[.]to
 178 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 179 drop:           yes
 180
 181 aut-num:        AS60485
 182 descr:          Inter Connects Inc. / Jing Yun
 183 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 184 country:        SE
 185 drop:           yes
 186
 187 aut-num:        AS60930
 188 descr:          Intem LLC
 189 remarks:        leaf AS with upstream to other dirty hosters, brute-force attacks galore
 190 drop:           yes
 191
 192 aut-num:        AS61414
 193 descr:          EDGENAP LTD
 194 remarks:        IP hijacking? Rogue ISP?
 195 drop:           yes
 196
 197 aut-num:        AS62068
 198 descr:          SpectraIP B.V.
 199 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 200 country:        NL
 201 drop:           yes
 202
 203 aut-num:        AS64425
 204 descr:          SKB Enterprise B.V.
 205 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 206 country:        NL
 207 drop:           yes
 208
 209 aut-num:        AS133201
 210 descr:          ABCDE GROUP COMPANY LIMITED
 211 remarks:        ISP and/or IP hijacker located in HK
 212 country:        HK
 213 drop:           yes
 214
 215 aut-num:        AS135097
 216 descr:          LUOGELANG (FRANCE) LIMITED
 217 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 218 country:        HK
 219 drop:           yes
 220
 221 aut-num:        AS136545
 222 descr:          Blue Data Center
 223 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 224 country:        AP
 225 drop:           yes
 226
 227 aut-num:        AS136800
 228 descr:          ICIDC NETWORK
 229 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 230 country:        HK
 231 drop:           yes
 232
 233 aut-num:        AS137523
 234 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 235 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 236 country:        HK
 237 drop:           yes
 238
 239 aut-num:        AS137951
 240 descr:          Clayer Limited
 241 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 242 country:        HK
 243 drop:           yes
 244
 245 aut-num:        AS138648
 246 descr:          ASLINE Global Exchange
 247 remarks:        IP hijacker located somewhere in AP area
 248 country:        AP
 249 drop:           yes
 250
 251 aut-num:        AS139330
 252 descr:          SANREN DATA LIMITED
 253 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 254 country:        AP
 255 drop:           yes
 256
 257 aut-num:        AS140107
 258 descr:          CITIS CLOUD GROUP LIMITED
 259 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
 260 drop:           yes
 261
 262 aut-num:        AS141159
 263 descr:          Incomparable(HK)Network Co., Limited
 264 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 265 country:        HK
 266 drop:           yes
 267
 268 aut-num:        AS141746
 269 descr:          Orenji Server
 270 remarks:        IP hijacker located somewhere in AP area (JP?)
 271 country:        AP
 272 drop:           yes
 273
 274 aut-num:        AS196691
 275 descr:          Get-Net LLC
 276 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 277 country:        RU
 278 drop:           yes
 279
 280 aut-num:        AS200391
 281 descr:          KREZ 999 EOOD
 282 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 283 country:        BG
 284 drop:           yes
 285
 286 aut-num:        AS202325
 287 descr:          4Media Ltd.
 288 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 289 country:        BG
 290 drop:           yes
 291
 292 aut-num:        AS202425
 293 descr:          IP Volume Inc.
 294 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 295 country:        NL
 296 drop:           yes
 297
 298 aut-num:        AS202476
 299 descr:          Nevermind Inc.
 300 remarks:        Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
 301 country:        RU
 302 drop:           yes
 303
 304 aut-num:        AS202769
 305 descr:          Cooperative Investments LLC
 306 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 307 country:        NL
 308 drop:           yes
 309
 310 aut-num:        AS204341
 311 descr:          Purple Raccoon Ltd.
 312 remarks:        Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
 313 country:        RU
 314 drop:           yes
 315
 316 aut-num:        AS204428
 317 descr:          SS-Net
 318 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 319 country:        BG
 320 drop:           yes
 321
 322 aut-num:        AS204655
 323 descr:          Novogara Ltd.
 324 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 325 country:        NL
 326 drop:           yes
 327
 328 aut-num:        AS205702
 329 descr:          Get-Net LLC
 330 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 331 country:        RU
 332 drop:           yes
 333
 334 aut-num:        AS206728
 335 descr:          Media Land LLC
 336 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 337 country:        RU
 338 drop:           yes
 339
 340 aut-num:        AS209272
 341 descr:          Alviva Holding Limited
 342 remarks:        bulletproof ISP operating from a war zone in eastern UA
 343 country:        UA
 344 drop:           yes
 345
 346 aut-num:        AS209654
 347 descr:          Delis LLC
 348 remarks:        Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
 349 country:        NL
 350 drop:           yes
 351
 352 aut-num:        AS210848
 353 descr:          Telkom Internet LTD
 354 remarks:        Rogue ISP (linked to AS202425) located in NL
 355 country:        NL
 356 drop:           yes
 357
 358 aut-num:        AS211193
 359 descr:          ABDILAZIZ UULU ZHUSUP
 360 remarks:        bulletproof ISP and IP hijacker, traces to RU
 361 country:        RU
 362 drop:           yes
 363
 364 aut-num:        AS211805
 365 descr:          Media Land LLC
 366 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 367 country:        RU
 368 drop:           yes
 369
 370 aut-num:        AS211849
 371 descr:          Kakharov Orinbassar Maratuly
 372 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 373 country:        KZ
 374 drop:           yes
 375
 376 aut-num:        AS212552
 377 descr:          BitCommand LLC
 378 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 379 country:        EU
 380 drop:           yes
 381
 382 aut-num:        AS212738
 383 descr:          LUSOVPS UNIPESSOAL LDA
 384 remarks:        IP hijacker located in PT
 385 country:        PT
 386 drop:           yes
 387
 388 aut-num:        AS213058
 389 descr:          Private Internet Hosting LTD
 390 remarks:        bulletproof ISP located in RU
 391 country:        RU
 392 drop:           yes
 393
 394 aut-num:        AS267712
 395 descr:          EL ALAMO S.R.L
 396 remarks:        Hijacked AS being announced out of RU
 397 country:        RU
 398 drop:           yes
 399
 400 aut-num:        AS327790
 401 descr:          Wirels Connect (PTY) Ltd
 402 remarks:        Hijacked AS being announced out of PT
 403 country:        PT
 404 drop:           yes
 405
 406 aut-num:        AS328543
 407 descr:          Sun Network Company Limited
 408 remarks:        IP hijacker, traces back to AP region
 409 country:        AP
 410 drop:           yes
 411
 412 aut-num:        AS328671
 413 descr:          Datapacket Maroc SARL
 414 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 415 country:        NL
 416 drop:           yes
 417
 418 aut-num:        AS393889
 419 descr:          EightJoy Network LLC
 420 remarks:        Most likely hijacked AS
 421 drop:           yes
 422
 423 aut-num:        AS398478
 424 descr:          PEG TECH INC
 425 remarks:        ISP located in HK, tampers with RIR data
 426 country:        HK
 427 drop:           yes
 428
 429 aut-num:        AS398993
 430 descr:          PEG TECH INC
 431 remarks:        ISP located in JP, tampers with RIR data
 432 country:        JP
 433 drop:           yes
 434
 435 aut-num:        AS399195
 436 descr:          PEG TECH INC
 437 remarks:        ISP located in KR, tampers with RIR data
 438 country:        KR
 439 drop:           yes
 440
 441 net:            154.73.248.0/22
 442 descr:          Wirels Connect (PTY) Ltd
 443 remarks:        Most likely stolen AfriNIC IPv4 space
 444 drop:           yes
 445
 446 net:            161.123.0.0/16
 447 descr:          Wirels Connect (PTY) Ltd
 448 remarks:        Most likely stolen AfriNIC IPv4 space, already SBL'ed (SBL547511), not a safe area to accept traffic from
 449 drop:           yes
 450
 451 net:            195.133.20.0/24
 452 descr:          Tribeka Web Advisors S.A.
 453 remarks:        Tampers with RIR data, traces back to NL, not a safe place to route traffic to
 454 country:        NL
 455 drop:           yes
 456
 457 net:            196.11.32.0/20
 458 descr:          Sanlam Life Insurance Limited
 459 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 460 country:        NL
 461 drop:           yes
 462
 463 net:            2a0e:b107:d10::/44
 464 descr:          NZB.si Enterprises
 465 remarks:        Tampers with RIR data, not a safe place to route traffic to
 466 drop:           yes
 467
 468 net:            2a0f:7a80::/29
 469 descr:          ASLINE Limited
 470 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 471 country:        HK
 472 drop:           yes
 473
 474 net:            2a10:9700::/29
 475 descr:          1337TEAM LIMITED / eliteteam[.]to
 476 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 477 country:        RU
 478 drop:           yes