overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS18254
  30 descr:          KLAYER LLC
  31 remarks:        part of the "Asline" IP hijacking gang, traces back to AP region
  32 country:        AP
  33 drop:           yes
  34
  35 aut-num:        AS18013
  36 descr:          ASLINE LIMITED
  37 remarks:        IP hijacker, traces back to HK
  38 country:        HK
  39 drop:           yes
  40
  41 aut-num:        AS22769
  42 descr:          DDOSING NETWORK
  43 remarks:        IP hijacker located in US, massively tampers with RIR data
  44 country:        US
  45 drop:           yes
  46
  47 aut-num:        AS24567
  48 descr:          QT Inc.
  49 remarks:        IP hijacker operating out of AP area (HK or TW?)
  50 country:        AP
  51 drop:           yes
  52
  53 aut-num:        AS39770
  54 descr:          1337TEAM LIMITED / eliteteam[.]to
  55 remarks:        Bulletproof ISP
  56 drop:           yes
  57
  58 aut-num:        AS41564
  59 descr:          Orion Network Limited
  60 remarks:        shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
  61 country:        EU
  62 drop:           yes
  63
  64 aut-num:        AS43092
  65 descr:          Kirin Communication Limited
  66 remarks:        Hijacks IP space and tampers with RIR data, traces back to JP
  67 country:        JP
  68 drop:           yes
  69
  70 aut-num:        AS44015
  71 descr:          Landgard Management Inc.
  72 remarks:        bulletproof ISP with strong links to RU
  73 country:        RU
  74 drop:           yes
  75
  76 aut-num:        AS44446
  77 descr:          OOO SibirInvest
  78 remarks:        bulletproof ISP (related to AS202425 and AS57717) located in NL
  79 country:        NL
  80 drop:           yes
  81
  82 aut-num:        AS47154
  83 descr:          HUSAM A. H. HIJAZI
  84 remarks:        Rogue ISP located in NL
  85 country:        NL
  86 drop:           yes
  87
  88 aut-num:        AS48090
  89 descr:          PPTECHNOLOGY LIMITED
  90 remarks:        bulletproof ISP (related to AS204655) located in NL
  91 country:        NL
  92 drop:           yes
  93
  94 aut-num:        AS49447
  95 descr:          Nice IT Services Group Inc.
  96 remarks:        Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
  97 country:        CH
  98 drop:           yes
  99
 100 aut-num:        AS51381
 101 descr:          1337TEAM LIMITED / eliteteam[.]to
 102 remarks:        Bulletproof ISP
 103 country:        RU
 104 drop:           yes
 105
 106 aut-num:        AS54600
 107 descr:          PEG TECH INC
 108 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
 109 country:        US
 110 drop:           yes
 111
 112 aut-num:        AS55020
 113 descr:          Aodao Inc
 114 remarks:        part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
 115 country:        HK
 116 drop:           yes
 117
 118 aut-num:        AS55303
 119 descr:          Eagle Sky Co., Lt[d ?]
 120 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 121 country:        AP
 122 drop:           yes
 123
 124 aut-num:        AS55933
 125 descr:          Cloudie Limited
 126 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 127 country:        HK
 128 drop:           yes
 129
 130 aut-num:        AS56447
 131 descr:          511 Far East Limited
 132 remarks:        IP hijacker, tampers with RIR data
 133 country:        RU
 134 drop:           yes
 135
 136 aut-num:        AS56611
 137 descr:          REBA Communications BV
 138 remarks:        bulletproof ISP (related to AS202425) located in NL
 139 country:        NL
 140 drop:           yes
 141
 142 aut-num:        AS56873
 143 descr:          1337TEAM LIMITED / eliteteam[.]to
 144 remarks:        Bulletproof ISP
 145 drop:           yes
 146
 147 aut-num:        AS57523
 148 descr:          Chang Way Technologies Co. Limited
 149 remarks:        bulletproof ISP, C&C server hosting galore
 150 drop:           yes
 151
 152 aut-num:        AS57717
 153 descr:          FiberXpress BV
 154 remarks:        bulletproof ISP (related to AS202425) located in NL
 155 country:        NL
 156 drop:           yes
 157
 158 aut-num:        AS57858
 159 descr:          Inter Connects Inc.
 160 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 161 country:        SE
 162 drop:           yes
 163
 164 aut-num:        AS57972
 165 descr:          Inter Connects Inc.
 166 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 167 country:        SE
 168 drop:           yes
 169
 170 aut-num:        AS58271
 171 descr:          FOP Gubina Lubov Petrivna
 172 remarks:        bulletproof ISP operating from a war zone in eastern UA
 173 country:        UA
 174 drop:           yes
 175
 176 aut-num:        AS58810
 177 descr:          iZus Co., Ltd
 178 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 179 country:        AP
 180 drop:           yes
 181
 182 aut-num:        AS59753
 183 descr:          Vault Dweller OU
 184 remarks:        bulletproof ISP (related to AS57717) located in NL
 185 country:        NL
 186 drop:           yes
 187
 188 aut-num:        AS60424
 189 descr:          1337TEAM LIMITED / eliteteam[.]to
 190 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 191 drop:           yes
 192
 193 aut-num:        AS60485
 194 descr:          Inter Connects Inc. / Jing Yun
 195 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 196 country:        SE
 197 drop:           yes
 198
 199 aut-num:        AS60930
 200 descr:          Intem LLC
 201 remarks:        leaf AS with upstream to other dirty hosters, brute-force attacks galore
 202 drop:           yes
 203
 204 aut-num:        AS61414
 205 descr:          EDGENAP LTD
 206 remarks:        IP hijacking? Rogue ISP?
 207 drop:           yes
 208
 209 aut-num:        AS61432
 210 descr:          TOV VAIZ PARTNER
 211 remarks:        Rogue ISP
 212 drop:           yes
 213
 214 aut-num:        AS62068
 215 descr:          SpectraIP B.V.
 216 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 217 country:        NL
 218 drop:           yes
 219
 220 aut-num:        AS64425
 221 descr:          SKB Enterprise B.V.
 222 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 223 country:        NL
 224 drop:           yes
 225
 226 aut-num:        AS133201
 227 descr:          ABCDE GROUP COMPANY LIMITED
 228 remarks:        ISP and/or IP hijacker located in HK
 229 country:        HK
 230 drop:           yes
 231
 232 aut-num:        AS135097
 233 descr:          LUOGELANG (FRANCE) LIMITED
 234 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 235 country:        HK
 236 drop:           yes
 237
 238 aut-num:        AS136545
 239 descr:          Blue Data Center
 240 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 241 country:        AP
 242 drop:           yes
 243
 244 aut-num:        AS136800
 245 descr:          ICIDC NETWORK
 246 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 247 country:        HK
 248 drop:           yes
 249
 250 aut-num:        AS137523
 251 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 252 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 253 country:        HK
 254 drop:           yes
 255
 256 aut-num:        AS137951
 257 descr:          Clayer Limited
 258 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 259 country:        HK
 260 drop:           yes
 261
 262 aut-num:        AS138648
 263 descr:          ASLINE Global Exchange
 264 remarks:        IP hijacker located somewhere in AP area
 265 country:        AP
 266 drop:           yes
 267
 268 aut-num:        AS139330
 269 descr:          SANREN DATA LIMITED
 270 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 271 country:        AP
 272 drop:           yes
 273
 274 aut-num:        AS140107
 275 descr:          CITIS CLOUD GROUP LIMITED
 276 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data
 277 country:        AP
 278 drop:           yes
 279
 280 aut-num:        AS140227
 281 descr:          Hong Kong Communications International Co., Limited
 282 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 283 country:        AP
 284 drop:           yes
 285
 286 aut-num:        AS141159
 287 descr:          Incomparable(HK)Network Co., Limited
 288 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 289 country:        HK
 290 drop:           yes
 291
 292 aut-num:        AS141746
 293 descr:          Orenji Server
 294 remarks:        IP hijacker located somewhere in AP area (JP?)
 295 country:        AP
 296 drop:           yes
 297
 298 aut-num:        AS141759
 299 descr:          HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
 300 remarks:        Dirty ISP located in NL
 301 country:        NL
 302 drop:           yes
 303
 304 aut-num:        AS196691
 305 descr:          Get-Net LLC
 306 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 307 country:        RU
 308 drop:           yes
 309
 310 aut-num:        AS200313
 311 descr:          WEB_GroupInternet INC
 312 remarks:        All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
 313 drop:           yes
 314
 315 aut-num:        AS200391
 316 descr:          KREZ 999 EOOD
 317 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 318 country:        BG
 319 drop:           yes
 320
 321 aut-num:        AS202325
 322 descr:          4Media Ltd.
 323 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 324 country:        BG
 325 drop:           yes
 326
 327 aut-num:        AS202425
 328 descr:          IP Volume Inc.
 329 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 330 country:        NL
 331 drop:           yes
 332
 333 aut-num:        AS202476
 334 descr:          Nevermind Inc.
 335 remarks:        Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
 336 country:        RU
 337 drop:           yes
 338
 339 aut-num:        AS202769
 340 descr:          Cooperative Investments LLC
 341 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 342 country:        NL
 343 drop:           yes
 344
 345 aut-num:        AS204341
 346 descr:          Purple Raccoon Ltd.
 347 remarks:        Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
 348 country:        RU
 349 drop:           yes
 350
 351 aut-num:        AS204353
 352 descr:          Global Offshore Limited
 353 remarks:        part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
 354 country:        EU
 355 drop:           yes
 356
 357 aut-num:        AS204428
 358 descr:          SS-Net
 359 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 360 country:        BG
 361 drop:           yes
 362
 363 aut-num:        AS204655
 364 descr:          Novogara Ltd.
 365 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 366 country:        NL
 367 drop:           yes
 368
 369 aut-num:        AS205702
 370 descr:          Get-Net LLC
 371 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 372 country:        RU
 373 drop:           yes
 374
 375 aut-num:        AS206728
 376 descr:          Media Land LLC
 377 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 378 country:        RU
 379 drop:           yes
 380
 381 aut-num:        AS209160
 382 descr:          Miti 2000 EOOD
 383 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 384 country:        BG
 385 drop:           yes
 386
 387 aut-num:        AS209272
 388 descr:          Alviva Holding Limited
 389 remarks:        bulletproof ISP operating from a war zone in eastern UA
 390 country:        UA
 391 drop:           yes
 392
 393 aut-num:        AS209559
 394 descr:          XHOST INTERNET SOLUTIONS LP
 395 remarks:        Rogue ISP (linked to AS202425) located in NL
 396 country:        NL
 397 drop:           yes
 398
 399 aut-num:        AS209654
 400 descr:          Delis LLC
 401 remarks:        Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
 402 country:        NL
 403 drop:           yes
 404
 405 aut-num:        AS210644
 406 descr:          AEZA GROUP Ltd
 407 remarks:        In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
 408 country:        RU
 409 drop:           yes
 410
 411 aut-num:        AS210848
 412 descr:          Telkom Internet LTD
 413 remarks:        Rogue ISP (linked to AS202425) located in NL
 414 country:        NL
 415 drop:           yes
 416
 417 aut-num:        AS211193
 418 descr:          ABDILAZIZ UULU ZHUSUP
 419 remarks:        bulletproof ISP and IP hijacker, traces to RU
 420 country:        RU
 421 drop:           yes
 422
 423 aut-num:        AS211805
 424 descr:          Media Land LLC
 425 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 426 country:        RU
 427 drop:           yes
 428
 429 aut-num:        AS211849
 430 descr:          Kakharov Orinbassar Maratuly
 431 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 432 country:        KZ
 433 drop:           yes
 434
 435 aut-num:        AS212552
 436 descr:          BitCommand LLC
 437 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 438 country:        EU
 439 drop:           yes
 440
 441 aut-num:        AS213058
 442 descr:          Private Internet Hosting LTD
 443 remarks:        bulletproof ISP located in RU
 444 country:        RU
 445 drop:           yes
 446
 447 aut-num:        AS213194
 448 descr:          Alfa Web Solutions Ltd
 449 remarks:        Rogue ISP (linked to AS57717) located in NL
 450 country:        NL
 451 drop:           yes
 452
 453 aut-num:        AS213254
 454 descr:          OOO RAIT TELECOM
 455 remarks:        Bulletproof connectivity procurer for AS51381
 456 country:        RU
 457 drop:           yes
 458
 459 aut-num:        AS328543
 460 descr:          Sun Network Company Limited
 461 remarks:        IP hijacker, traces back to AP region
 462 country:        AP
 463 drop:           yes
 464
 465 aut-num:        AS328671
 466 descr:          Datapacket Maroc SARL
 467 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 468 country:        NL
 469 drop:           yes
 470
 471 aut-num:        AS393889
 472 descr:          EightJoy Network LLC
 473 remarks:        Most likely hijacked AS
 474 drop:           yes
 475
 476 aut-num:        AS398478
 477 descr:          PEG TECH INC
 478 remarks:        ISP located in HK, tampers with RIR data
 479 country:        HK
 480 drop:           yes
 481
 482 aut-num:        AS398993
 483 descr:          PEG TECH INC
 484 remarks:        ISP located in JP, tampers with RIR data
 485 country:        JP
 486 drop:           yes
 487
 488 aut-num:        AS399195
 489 descr:          PEG TECH INC
 490 remarks:        ISP located in KR, tampers with RIR data
 491 country:        KR
 492 drop:           yes
 493
 494 aut-num:        AS399674
 495 descr:          INTERNET HOSTSPACE GLOBAL INC
 496 remarks:        Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 497 country:        US
 498 drop:           yes
 499
 500 net:            185.196.220.0/24
 501 descr:          Makut Investments
 502 remarks:        Long-running brute-force attack network
 503 drop:           yes
 504
 505 net:            195.133.20.0/24
 506 descr:          Tribeka Web Advisors S.A.
 507 remarks:        Tampers with RIR data, traces back to NL, not a safe place to route traffic to
 508 country:        NL
 509 drop:           yes
 510
 511 net:            196.11.32.0/20
 512 descr:          Sanlam Life Insurance Limited
 513 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 514 country:        NL
 515 drop:           yes
 516
 517 net:            2a0e:b107:17fe::/47
 518 descr:          Amarai-Network - Location Test @ Antarctic
 519 remarks:        Tampers with RIR data, not a safe place to route traffic to
 520 drop:           yes
 521
 522 net:            2a0e:b107:d10::/44
 523 descr:          NZB.si Enterprises
 524 remarks:        Tampers with RIR data, not a safe place to route traffic to
 525 drop:           yes
 526
 527 net:            2a0f:7a80::/29
 528 descr:          ASLINE Limited
 529 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 530 country:        HK
 531 drop:           yes
 532
 533 net:            2a10:9700::/29
 534 descr:          1337TEAM LIMITED / eliteteam[.]to
 535 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 536 country:        RU
 537 drop:           yes