overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS18254
  30 descr:          KLAYER LLC
  31 remarks:        part of the "Asline" IP hijacking gang, traces back to AP region
  32 country:        AP
  33 drop:           yes
  34
  35 aut-num:        AS18013
  36 descr:          ASLINE LIMITED
  37 remarks:        IP hijacker, traces back to HK
  38 country:        HK
  39 drop:           yes
  40
  41 aut-num:        AS22769
  42 descr:          DDOSING NETWORK
  43 remarks:        IP hijacker located in US, massively tampers with RIR data
  44 country:        US
  45 drop:           yes
  46
  47 aut-num:        AS24567
  48 descr:          QT Inc.
  49 remarks:        IP hijacker operating out of AP area (HK or TW?)
  50 country:        AP
  51 drop:           yes
  52
  53 aut-num:        AS39770
  54 descr:          1337TEAM LIMITED / eliteteam[.]to
  55 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  56 drop:           yes
  57
  58 aut-num:        AS41564
  59 descr:          Orion Network Limited
  60 remarks:        shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
  61 country:        EU
  62 drop:           yes
  63
  64 aut-num:        AS43092
  65 descr:          Kirin Communication Limited
  66 remarks:        Hijacks IP space and tampers with RIR data, traces back to JP
  67 country:        JP
  68 drop:           yes
  69
  70 aut-num:        AS44015
  71 descr:          Landgard Management Inc.
  72 remarks:        bulletproof ISP with strong links to RU
  73 country:        RU
  74 drop:           yes
  75
  76 aut-num:        AS44446
  77 descr:          OOO SibirInvest
  78 remarks:        bulletproof ISP (related to AS202425 and AS57717) located in NL
  79 country:        NL
  80 drop:           yes
  81
  82 aut-num:        AS48090
  83 descr:          PPTECHNOLOGY LIMITED
  84 remarks:        bulletproof ISP (related to AS204655) located in NL
  85 country:        NL
  86 drop:           yes
  87
  88 aut-num:        AS49447
  89 descr:          Nice IT Services Group Inc.
  90 remarks:        Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
  91 country:        CH
  92 drop:           yes
  93
  94 aut-num:        AS51381
  95 descr:          1337TEAM LIMITED / eliteteam[.]to
  96 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  97 country:        RU
  98 drop:           yes
  99
 100 aut-num:        AS54600
 101 descr:          PEG TECH INC
 102 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
 103 country:        US
 104 drop:           yes
 105
 106 aut-num:        AS55020
 107 descr:          Aodao Inc
 108 remarks:        part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
 109 country:        HK
 110 drop:           yes
 111
 112 aut-num:        AS55303
 113 descr:          Eagle Sky Co., Lt[d ?]
 114 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 115 country:        AP
 116 drop:           yes
 117
 118 aut-num:        AS55933
 119 descr:          Cloudie Limited
 120 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 121 country:        HK
 122 drop:           yes
 123
 124 aut-num:        AS56447
 125 descr:          511 Far East Limited
 126 remarks:        IP hijacker, tampers with RIR data
 127 country:        RU
 128 drop:           yes
 129
 130 aut-num:        AS56611
 131 descr:          REBA Communications BV
 132 remarks:        bulletproof ISP (related to AS202425) located in NL
 133 country:        NL
 134 drop:           yes
 135
 136 aut-num:        AS56873
 137 descr:          1337TEAM LIMITED / eliteteam[.]to
 138 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 139 drop:           yes
 140
 141 aut-num:        AS57523
 142 descr:          Chang Way Technologies Co. Limited
 143 remarks:        bulletproof ISP, C&C server hosting galore
 144 drop:           yes
 145
 146 aut-num:        AS57717
 147 descr:          FiberXpress BV
 148 remarks:        bulletproof ISP (related to AS202425) located in NL
 149 country:        NL
 150 drop:           yes
 151
 152 aut-num:        AS57858
 153 descr:          Inter Connects Inc.
 154 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 155 country:        SE
 156 drop:           yes
 157
 158 aut-num:        AS57972
 159 descr:          Inter Connects Inc.
 160 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 161 country:        SE
 162 drop:           yes
 163
 164 aut-num:        AS58271
 165 descr:          FOP Gubina Lubov Petrivna
 166 remarks:        bulletproof ISP operating from a war zone in eastern UA
 167 country:        UA
 168 drop:           yes
 169
 170 aut-num:        AS58810
 171 descr:          iZus Co., Ltd
 172 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 173 country:        AP
 174 drop:           yes
 175
 176 aut-num:        AS60424
 177 descr:          1337TEAM LIMITED / eliteteam[.]to
 178 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 179 drop:           yes
 180
 181 aut-num:        AS60485
 182 descr:          Inter Connects Inc. / Jing Yun
 183 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 184 country:        SE
 185 drop:           yes
 186
 187 aut-num:        AS60930
 188 descr:          Intem LLC
 189 remarks:        leaf AS with upstream to other dirty hosters, brute-force attacks galore
 190 drop:           yes
 191
 192 aut-num:        AS61414
 193 descr:          EDGENAP LTD
 194 remarks:        IP hijacking? Rogue ISP?
 195 drop:           yes
 196
 197 aut-num:        AS62068
 198 descr:          SpectraIP B.V.
 199 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 200 country:        NL
 201 drop:           yes
 202
 203 aut-num:        AS64425
 204 descr:          SKB Enterprise B.V.
 205 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 206 country:        NL
 207 drop:           yes
 208
 209 aut-num:        AS133201
 210 descr:          ABCDE GROUP COMPANY LIMITED
 211 remarks:        ISP and/or IP hijacker located in HK
 212 country:        HK
 213 drop:           yes
 214
 215 aut-num:        AS135097
 216 descr:          LUOGELANG (FRANCE) LIMITED
 217 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 218 country:        HK
 219 drop:           yes
 220
 221 aut-num:        AS136545
 222 descr:          Blue Data Center
 223 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 224 country:        AP
 225 drop:           yes
 226
 227 aut-num:        AS136800
 228 descr:          ICIDC NETWORK
 229 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 230 country:        HK
 231 drop:           yes
 232
 233 aut-num:        AS137523
 234 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 235 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 236 country:        HK
 237 drop:           yes
 238
 239 aut-num:        AS137951
 240 descr:          Clayer Limited
 241 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 242 country:        HK
 243 drop:           yes
 244
 245 aut-num:        AS138648
 246 descr:          ASLINE Global Exchange
 247 remarks:        IP hijacker located somewhere in AP area
 248 country:        AP
 249 drop:           yes
 250
 251 aut-num:        AS139330
 252 descr:          SANREN DATA LIMITED
 253 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 254 country:        AP
 255 drop:           yes
 256
 257 aut-num:        AS140107
 258 descr:          CITIS CLOUD GROUP LIMITED
 259 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data
 260 country:        AP
 261 drop:           yes
 262
 263 aut-num:        AS141159
 264 descr:          Incomparable(HK)Network Co., Limited
 265 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 266 country:        HK
 267 drop:           yes
 268
 269 aut-num:        AS141746
 270 descr:          Orenji Server
 271 remarks:        IP hijacker located somewhere in AP area (JP?)
 272 country:        AP
 273 drop:           yes
 274
 275 aut-num:        AS196691
 276 descr:          Get-Net LLC
 277 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 278 country:        RU
 279 drop:           yes
 280
 281 aut-num:        AS200391
 282 descr:          KREZ 999 EOOD
 283 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 284 country:        BG
 285 drop:           yes
 286
 287 aut-num:        AS202325
 288 descr:          4Media Ltd.
 289 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 290 country:        BG
 291 drop:           yes
 292
 293 aut-num:        AS202425
 294 descr:          IP Volume Inc.
 295 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 296 country:        NL
 297 drop:           yes
 298
 299 aut-num:        AS202476
 300 descr:          Nevermind Inc.
 301 remarks:        Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
 302 country:        RU
 303 drop:           yes
 304
 305 aut-num:        AS202769
 306 descr:          Cooperative Investments LLC
 307 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 308 country:        NL
 309 drop:           yes
 310
 311 aut-num:        AS204341
 312 descr:          Purple Raccoon Ltd.
 313 remarks:        Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
 314 country:        RU
 315 drop:           yes
 316
 317 aut-num:        AS204428
 318 descr:          SS-Net
 319 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 320 country:        BG
 321 drop:           yes
 322
 323 aut-num:        AS204655
 324 descr:          Novogara Ltd.
 325 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 326 country:        NL
 327 drop:           yes
 328
 329 aut-num:        AS205702
 330 descr:          Get-Net LLC
 331 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 332 country:        RU
 333 drop:           yes
 334
 335 aut-num:        AS206728
 336 descr:          Media Land LLC
 337 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 338 country:        RU
 339 drop:           yes
 340
 341 aut-num:        AS209272
 342 descr:          Alviva Holding Limited
 343 remarks:        bulletproof ISP operating from a war zone in eastern UA
 344 country:        UA
 345 drop:           yes
 346
 347 aut-num:        AS209654
 348 descr:          Delis LLC
 349 remarks:        Shary Serverion customer and IP hijacker in NL, many RIR data for announced prefixes contain garbage
 350 country:        NL
 351 drop:           yes
 352
 353 aut-num:        AS210848
 354 descr:          Telkom Internet LTD
 355 remarks:        Rogue ISP (linked to AS202425) located in NL
 356 country:        NL
 357 drop:           yes
 358
 359 aut-num:        AS211193
 360 descr:          ABDILAZIZ UULU ZHUSUP
 361 remarks:        bulletproof ISP and IP hijacker, traces to RU
 362 country:        RU
 363 drop:           yes
 364
 365 aut-num:        AS211805
 366 descr:          Media Land LLC
 367 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 368 country:        RU
 369 drop:           yes
 370
 371 aut-num:        AS211849
 372 descr:          Kakharov Orinbassar Maratuly
 373 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 374 country:        KZ
 375 drop:           yes
 376
 377 aut-num:        AS212552
 378 descr:          BitCommand LLC
 379 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 380 country:        EU
 381 drop:           yes
 382
 383 aut-num:        AS213058
 384 descr:          Private Internet Hosting LTD
 385 remarks:        bulletproof ISP located in RU
 386 country:        RU
 387 drop:           yes
 388
 389 aut-num:        AS267712
 390 descr:          EL ALAMO S.R.L
 391 remarks:        Hijacked AS being announced out of RU
 392 country:        RU
 393 drop:           yes
 394
 395 aut-num:        AS328543
 396 descr:          Sun Network Company Limited
 397 remarks:        IP hijacker, traces back to AP region
 398 country:        AP
 399 drop:           yes
 400
 401 aut-num:        AS328671
 402 descr:          Datapacket Maroc SARL
 403 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 404 country:        NL
 405 drop:           yes
 406
 407 aut-num:        AS393889
 408 descr:          EightJoy Network LLC
 409 remarks:        Most likely hijacked AS
 410 drop:           yes
 411
 412 aut-num:        AS398478
 413 descr:          PEG TECH INC
 414 remarks:        ISP located in HK, tampers with RIR data
 415 country:        HK
 416 drop:           yes
 417
 418 aut-num:        AS398993
 419 descr:          PEG TECH INC
 420 remarks:        ISP located in JP, tampers with RIR data
 421 country:        JP
 422 drop:           yes
 423
 424 aut-num:        AS399195
 425 descr:          PEG TECH INC
 426 remarks:        ISP located in KR, tampers with RIR data
 427 country:        KR
 428 drop:           yes
 429
 430 aut-num:        AS399674
 431 descr:          INTERNET HOSTSPACE GLOBAL INC
 432 remarks:        Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 433 country:        US
 434 drop:           yes
 435
 436 net:            195.133.20.0/24
 437 descr:          Tribeka Web Advisors S.A.
 438 remarks:        Tampers with RIR data, traces back to NL, not a safe place to route traffic to
 439 country:        NL
 440 drop:           yes
 441
 442 net:            196.11.32.0/20
 443 descr:          Sanlam Life Insurance Limited
 444 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 445 country:        NL
 446 drop:           yes
 447
 448 net:            2a0e:b107:17fe::/47
 449 descr:          Amarai-Network - Location Test @ Antarctic
 450 remarks:        Tampers with RIR data, not a safe place to route traffic to
 451 drop:           yes
 452
 453 net:            2a0e:b107:d10::/44
 454 descr:          NZB.si Enterprises
 455 remarks:        Tampers with RIR data, not a safe place to route traffic to
 456 drop:           yes
 457
 458 net:            2a0f:7a80::/29
 459 descr:          ASLINE Limited
 460 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 461 country:        HK
 462 drop:           yes
 463
 464 net:            2a10:9700::/29
 465 descr:          1337TEAM LIMITED / eliteteam[.]to
 466 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 467 country:        RU
 468 drop:           yes