4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
26 # Please keep this file sorted.
31 remarks: part of the "Asline" IP hijacking gang, traces back to AP region
37 remarks: IP hijacker, traces back to HK
42 descr: DDOSING NETWORK
43 remarks: IP hijacker located in US, massively tampers with RIR data
49 remarks: IP hijacker operating out of AP area (HK or TW?)
54 descr: 1337TEAM LIMITED / eliteteam[.]to
55 remarks: Bulletproof ISP
59 descr: Orion Network Limited
60 remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
65 descr: Kirin Communication Limited
66 remarks: Hijacks IP space and tampers with RIR data, traces back to JP
71 descr: Landgard Management Inc.
72 remarks: bulletproof ISP with strong links to RU
77 descr: OOO SibirInvest
78 remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
83 descr: HUSAM A. H. HIJAZI
84 remarks: Rogue ISP located in NL
89 descr: PPTECHNOLOGY LIMITED
90 remarks: bulletproof ISP (related to AS204655) located in NL
95 descr: Nice IT Services Group Inc.
96 remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
101 descr: 1337TEAM LIMITED / eliteteam[.]to
102 remarks: Bulletproof ISP
108 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
114 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
119 descr: Eagle Sky Co., Lt[d ?]
120 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
125 descr: Cloudie Limited
126 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
131 descr: 511 Far East Limited
132 remarks: IP hijacker, tampers with RIR data
137 descr: REBA Communications BV
138 remarks: bulletproof ISP (related to AS202425) located in NL
143 descr: 1337TEAM LIMITED / eliteteam[.]to
144 remarks: Bulletproof ISP
148 descr: Chang Way Technologies Co. Limited
149 remarks: bulletproof ISP, C&C server hosting galore
153 descr: FiberXpress BV
154 remarks: bulletproof ISP (related to AS202425) located in NL
159 descr: Inter Connects Inc.
160 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
165 descr: Inter Connects Inc.
166 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
171 descr: FOP Gubina Lubov Petrivna
172 remarks: bulletproof ISP operating from a war zone in eastern UA
178 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
183 descr: Vault Dweller OU
184 remarks: bulletproof ISP (related to AS57717) located in NL
189 descr: 1337TEAM LIMITED / eliteteam[.]to
190 remarks: Owned by an offshore letterbox company, suspected rogue ISP
194 descr: Inter Connects Inc. / Jing Yun
195 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
201 remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
206 remarks: IP hijacking? Rogue ISP?
210 descr: TOV VAIZ PARTNER
215 descr: SpectraIP B.V.
216 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
221 descr: SKB Enterprise B.V.
222 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
227 descr: ABCDE GROUP COMPANY LIMITED
228 remarks: ISP and/or IP hijacker located in HK
233 descr: LUOGELANG (FRANCE) LIMITED
234 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
239 descr: Blue Data Center
240 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
246 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
251 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
252 remarks: ISP and IP hijacker located in HK, tampers with RIR data
257 descr: Clayer Limited
258 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
263 descr: ASLINE Global Exchange
264 remarks: IP hijacker located somewhere in AP area
269 descr: SANREN DATA LIMITED
270 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
275 descr: CITIS CLOUD GROUP LIMITED
276 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
281 descr: Hong Kong Communications International Co., Limited
282 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
287 descr: Incomparable(HK)Network Co., Limited
288 remarks: ISP and IP hijacker located in HK, tampers with RIR data
294 remarks: IP hijacker located somewhere in AP area (JP?)
299 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
300 remarks: Dirty ISP located in NL
306 remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
311 descr: WEB_GroupInternet INC
312 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
317 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
323 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
328 descr: IP Volume Inc.
329 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
334 descr: Nevermind Inc.
335 remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
340 descr: Cooperative Investments LLC
341 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
346 descr: Purple Raccoon Ltd.
347 remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
352 descr: Global Offshore Limited
353 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
359 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
365 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
371 remarks: IP hijacker in RU and dirty suballocations, not a safe place to go
376 descr: Media Land LLC
377 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
382 descr: Miti 2000 EOOD
383 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
388 descr: Alviva Holding Limited
389 remarks: bulletproof ISP operating from a war zone in eastern UA
394 descr: XHOST INTERNET SOLUTIONS LP
395 remarks: Rogue ISP (linked to AS202425) located in NL
401 remarks: Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
406 descr: AEZA GROUP Ltd
407 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
412 descr: Telkom Internet LTD
413 remarks: Rogue ISP (linked to AS202425) located in NL
418 descr: ABDILAZIZ UULU ZHUSUP
419 remarks: bulletproof ISP and IP hijacker, traces to RU
424 descr: Media Land LLC
425 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
430 descr: Kakharov Orinbassar Maratuly
431 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
436 descr: BitCommand LLC
437 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
442 descr: Private Internet Hosting LTD
443 remarks: bulletproof ISP located in RU
448 descr: Alfa Web Solutions Ltd
449 remarks: Rogue ISP (linked to AS57717) located in NL
454 descr: OOO RAIT TELECOM
455 remarks: Bulletproof connectivity procurer for AS51381
460 descr: Sun Network Company Limited
461 remarks: IP hijacker, traces back to AP region
466 descr: Datapacket Maroc SARL
467 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
472 descr: EightJoy Network LLC
473 remarks: Most likely hijacked AS
478 remarks: ISP located in HK, tampers with RIR data
484 remarks: ISP located in JP, tampers with RIR data
490 remarks: ISP located in KR, tampers with RIR data
495 descr: INTERNET HOSTSPACE GLOBAL INC
496 remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
500 net: 185.196.220.0/24
501 descr: Makut Investments
502 remarks: Long-running brute-force attack network
506 descr: Tribeka Web Advisors S.A.
507 remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
512 descr: Sanlam Life Insurance Limited
513 remarks: Stolen AfriNIC IPv4 space announced from NL?
517 net: 2a0e:b107:17fe::/47
518 descr: Amarai-Network - Location Test @ Antarctic
519 remarks: Tampers with RIR data, not a safe place to route traffic to
522 net: 2a0e:b107:d10::/44
523 descr: NZB.si Enterprises
524 remarks: Tampers with RIR data, not a safe place to route traffic to
528 descr: ASLINE Limited
529 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
534 descr: 1337TEAM LIMITED / eliteteam[.]to
535 remarks: Owned by an offshore letterbox company, suspected rogue ISP