4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
26 # Please keep this file sorted.
31 remarks: part of the "Asline" IP hijacking gang
35 descr: Blue Diamond Network Co., Ltd.
36 remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
42 remarks: IP hijacker, traces back to HK
48 remarks: IP hijacker operating out of AP area (HK or TW?)
53 descr: 1337TEAM LIMITED / eliteteam[.]to
54 remarks: Bulletproof ISP
59 descr: Orion Network Limited
60 remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
65 remarks: all cybercrime hosting, all the time
70 descr: OOO SibirInvest
71 remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
76 descr: STARK INDUSTRIES SOLUTIONS LTD
77 remarks: Rogue ISP in multiple locations, some RIR data contain garbage
81 descr: HUSAM A. H. HIJAZI
82 remarks: Rogue ISP located in NL
87 descr: PPTECHNOLOGY LIMITED
88 remarks: bulletproof ISP (related to AS204655) located in NL
93 descr: GLOBAL COLOCATION LIMITED
94 remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
99 descr: Nice IT Services Group Inc.
105 remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
111 remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
116 descr: IT Resheniya LLC
122 descr: 1337TEAM LIMITED / eliteteam[.]to
123 remarks: Bulletproof ISP
128 descr: Netsys Global Telecom Limited (?)
129 remarks: Hijacked AS announced out of some location in AP, possibly HK
135 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
141 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
146 descr: Eagle Sky Co., Lt[d ?]
147 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
152 descr: Cloudie Limited
153 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
158 descr: L&L Investment Ltd.
159 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
164 descr: REBA Communications BV
165 remarks: bulletproof ISP (related to AS202425) located in NL
170 descr: 1337TEAM LIMITED / eliteteam[.]to
171 remarks: Bulletproof ISP
176 descr: LLC South Internet
177 remarks: Bulletproof ISP
182 descr: Chang Way Technologies Co. Limited
183 remarks: Bulletproof ISP
188 descr: FiberXpress BV
189 remarks: bulletproof ISP (related to AS202425) located in NL
194 descr: Inter Connects Inc.
195 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
200 descr: Inter Connects Inc.
201 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
206 descr: Tyatkova Oksana Valerievna
207 remarks: bulletproof ISP operating from a war zone in eastern UA
213 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
218 descr: 24.hk global BGP
219 remarks: Part of the "ASLINE" IP hijacking operation
230 descr: Vault Dweller OU
231 remarks: bulletproof ISP (related to AS57717) located in NL
241 descr: 1337TEAM LIMITED / eliteteam[.]to
242 remarks: Bulletproof ISP
247 descr: Inter Connects Inc. / Jing Yun
248 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
254 remarks: Bulletproof ISP
258 descr: TOV VAIZ PARTNER
263 descr: SpectraIP B.V.
264 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
269 descr: SKB Enterprise B.V.
270 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
275 descr: ABCDE GROUP COMPANY LIMITED
276 remarks: ISP and/or IP hijacker located in HK
281 descr: LUOGELANG (FRANCE) LIMITED
282 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
287 descr: Blue Data Center
288 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
294 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
299 descr: Anchnet Asia Limited
300 remarks: IP hijacker located in HK, tampers with RIR data
305 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
306 remarks: ISP and IP hijacker located in HK, tampers with RIR data
311 descr: Clayer Limited
312 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
317 descr: ASLINE Global Exchange
318 remarks: IP hijacker located in HK
323 descr: SANREN DATA LIMITED
324 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
329 descr: CITIS CLOUD GROUP LIMITED
330 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
335 descr: Hong Kong Communications International Co., Limited
336 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
341 descr: Incomparable(HK)Network Co., Limited
342 remarks: ISP and IP hijacker located in HK, tampers with RIR data
348 remarks: IP hijacker located somewhere in AP area (JP?)
353 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
354 remarks: Dirty ISP located in NL
360 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
365 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
371 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
376 descr: IP Volume Inc.
377 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
382 descr: NETSTYLE A. LTD
383 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
388 descr: Global Offshore Limited
389 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
395 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
400 descr: Partner LLC / LetHost LLC
401 remarks: Bulletproof ISP
406 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
411 descr: Media Land LLC
412 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
417 descr: Chang Way Technologies Co. Limited
423 descr: Miti 2000 EOOD
424 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
429 descr: Alviva Holding Limited
430 remarks: bulletproof ISP operating from a war zone in eastern UA
435 descr: XHOST INTERNET SOLUTIONS LP
436 remarks: Rogue ISP (linked to AS202425) located in NL
442 remarks: All cybercrime hosting, all the time
447 descr: AEZA GROUP Ltd
448 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
453 descr: Telkom Internet LTD
454 remarks: Rogue ISP (linked to AS202425) located in NL
459 descr: Tribeka Web Advisors S.A.
460 remarks: Dirty ISP, see individual network entries below
464 descr: ABDILAZIZ UULU ZHUSUP
465 remarks: bulletproof ISP and IP hijacker, traces to RU
471 remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
476 descr: Private-Hosting di Cipriano Oscar
477 remarks: Bulletproof combahton GmbH customer in DE
482 descr: Media Land LLC
483 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
488 descr: Kakharov Orinbassar Maratuly
489 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
494 descr: ROZA HOLIDAYS EOOD
495 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
500 descr: BitCommand LLC
501 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
506 descr: GigaHostingServices OU
507 remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
512 descr: Private Internet Hosting LTD
513 remarks: bulletproof ISP located in RU
518 descr: Alfa Web Solutions Ltd
519 remarks: Rogue ISP (linked to AS57717) located in NL
524 descr: OOO RAIT TELECOM
525 remarks: Bulletproof connectivity procurer for AS51381
530 descr: Sun Network Company Limited
531 remarks: IP hijacker, traces back to AP region
536 descr: Datapacket Maroc SARL
537 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
542 descr: EightJoy Network LLC
543 remarks: Most likely hijacked or criminal AS
549 remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
555 remarks: ISP located in JP, tampers with RIR data
561 remarks: ISP located in KR, tampers with RIR data
566 descr: INTERNET HOSTSPACE GLOBAL INC
567 remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
572 descr: Academy of Internet Research Limited Liability Company
573 remarks: Mass-scanning, apparently without legitimate intention
578 remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
583 descr: TOV VAIZ PARTNER
584 remarks: Attack network tracing back to NL
589 descr: Media Land LLC / abuse-server[.]su
590 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
594 descr: Media Land LLC
595 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
599 descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
600 remarks: Attack network tracing back to NL
605 descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
606 remarks: Brute-force attack network
609 net: 109.206.241.0/24
610 descr: Serverion B.V.
611 remarks: Leased to Neterra, all cybercrime, all the time
615 descr: China Mobile Communications Corporation
616 remarks: Brute-force attack network
620 descr: China Unicom Beijing province network
621 remarks: Brute-force attack network
625 descr: CHINANET Guangdong province network
626 remarks: Brute-force attack network
630 descr: China Education and Research Network
631 remarks: Brute-force attack network
634 net: 123.160.220.0/22
635 descr: CHINANET henan province network
636 remarks: Brute-force attack network
640 descr: Agotoz HK Limited
641 remarks: Brute-force attack network
645 descr: TOV VAIZ PARTNER / InterHost
646 remarks: Attack network tracing back to UA
652 remarks: Based on domains ending up there, this network is entirely malicious
656 descr: 1337TEAM LIMITED / eliteteam[.]to
657 remarks: Bulletproof ISP
662 descr: Tribeka Web Advisors S.A.
663 remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
668 descr: Tribeka Web Advisors S.A.
669 remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
674 descr: Sanlam Life Insurance Limited
675 remarks: Stolen AfriNIC IPv4 space announced from NL?
679 net: 2a0e:b107:17fe::/47
680 descr: Amarai-Network - Location Test @ Antarctic
681 remarks: Tampers with RIR data, not a safe place to route traffic to
684 net: 2a0e:b107:d10::/44
685 descr: NZB.si Enterprises
686 remarks: Tampers with RIR data, not a safe place to route traffic to
690 descr: ASLINE Limited
691 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
696 descr: 1337TEAM LIMITED / eliteteam[.]to
697 remarks: Bulletproof ISP