]> git.ipfire.org Git - location/location-database.git/blob - overrides/override-xd.txt
projects / location / location-database.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
override-{other,xd}: Regular batch of various overrides
[location/location-database.git] / overrides / override-xd.txt
1 #
2 # override-xd [.txt]
3 #
4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
6 #
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
10 #
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
14 #
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
18 #
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
20 # here.
21 #
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
25 #
26 # Please keep this file sorted.
27 #
28
29 aut-num: AS7586
30 descr: Cloudfort IT
31 remarks: part of the "Asline" IP hijacking gang
32 drop: yes
33
34 aut-num: AS15828
35 descr: Blue Diamond Network Co., Ltd.
36 remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
37 country: LT
38 drop: yes
39
40 aut-num: AS18013
41 descr: ASLINE LIMITED
42 remarks: IP hijacker, traces back to HK
43 country: HK
44 drop: yes
45
46 aut-num: AS24567
47 descr: QT Inc.
48 remarks: IP hijacker operating out of AP area (HK or TW?)
49 country: AP
50 drop: yes
51
52 aut-num: AS39770
53 descr: 1337TEAM LIMITED / eliteteam[.]to
54 remarks: Bulletproof ISP
55 country: RU
56 drop: yes
57
58 aut-num: AS41564
59 descr: Orion Network Limited
60 remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
61 drop: yes
62
63 aut-num: AS41909
64 descr: PINVDS OU
65 remarks: all cybercrime hosting, all the time
66 country: RU
67 drop: yes
68
69 aut-num: AS44446
70 descr: OOO SibirInvest
71 remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
72 country: NL
73 drop: yes
74
75 aut-num: AS44477
76 descr: STARK INDUSTRIES SOLUTIONS LTD
77 remarks: Rogue ISP in multiple locations, some RIR data contain garbage
78 drop: yes
79
80 aut-num: AS47154
81 descr: HUSAM A. H. HIJAZI
82 remarks: Rogue ISP located in NL
83 country: NL
84 drop: yes
85
86 aut-num: AS48090
87 descr: PPTECHNOLOGY LIMITED
88 remarks: bulletproof ISP (related to AS204655) located in NL
89 country: NL
90 drop: yes
91
92 aut-num: AS48950
93 descr: GLOBAL COLOCATION LIMITED
94 remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
95 country: EU
96 drop: yes
97
98 aut-num: AS49447
99 descr: Nice IT Services Group Inc.
100 remarks: Rogue ISP
101 drop: yes
102
103 aut-num: AS49870
104 descr: Alsycon BV
105 remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
106 country: NL
107 drop: yes
108
109 aut-num: AS49466
110 descr: KLAYER LLC
111 remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
112 country: CR
113 drop: yes
114
115 aut-num: AS49943
116 descr: IT Resheniya LLC
117 remarks: Rogue ISP
118 country: RU
119 drop: yes
120
121 aut-num: AS51381
122 descr: 1337TEAM LIMITED / eliteteam[.]to
123 remarks: Bulletproof ISP
124 country: RU
125 drop: yes
126
127 aut-num: AS53727
128 descr: Netsys Global Telecom Limited (?)
129 remarks: Hijacked AS announced out of some location in AP, possibly HK
130 country: AP
131 drop: yes
132
133 aut-num: AS54600
134 descr: PEG TECH INC
135 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
136 country: US
137 drop: yes
138
139 aut-num: AS55020
140 descr: Aodao Inc
141 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
142 country: HK
143 drop: yes
144
145 aut-num: AS55303
146 descr: Eagle Sky Co., Lt[d ?]
147 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
148 country: AP
149 drop: yes
150
151 aut-num: AS55933
152 descr: Cloudie Limited
153 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
154 country: HK
155 drop: yes
156
157 aut-num: AS57509
158 descr: L&L Investment Ltd.
159 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
160 country: BG
161 drop: yes
162
163 aut-num: AS56611
164 descr: REBA Communications BV
165 remarks: bulletproof ISP (related to AS202425) located in NL
166 country: NL
167 drop: yes
168
169 aut-num: AS56873
170 descr: 1337TEAM LIMITED / eliteteam[.]to
171 remarks: Bulletproof ISP
172 country: RU
173 drop: yes
174
175 aut-num: AS57416
176 descr: LLC South Internet
177 remarks: Bulletproof ISP
178 country: RU
179 drop: yes
180
181 aut-num: AS57523
182 descr: Chang Way Technologies Co. Limited
183 remarks: Bulletproof ISP
184 country: RU
185 drop: yes
186
187 aut-num: AS57717
188 descr: FiberXpress BV
189 remarks: bulletproof ISP (related to AS202425) located in NL
190 country: NL
191 drop: yes
192
193 aut-num: AS57858
194 descr: Inter Connects Inc.
195 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
196 country: SE
197 drop: yes
198
199 aut-num: AS57972
200 descr: Inter Connects Inc.
201 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
202 country: SE
203 drop: yes
204
205 aut-num: AS58271
206 descr: Tyatkova Oksana Valerievna
207 remarks: bulletproof ISP operating from a war zone in eastern UA
208 country: UA
209 drop: yes
210
211 aut-num: AS58810
212 descr: iZus Co., Ltd
213 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
214 country: AP
215 drop: yes
216
217 aut-num: AS58931
218 descr: 24.hk global BGP
219 remarks: Part of the "ASLINE" IP hijacking operation
220 country: HK
221 drop: yes
222
223 aut-num: AS59425
224 descr: HORIZON LLC
225 remarks: Rogue ISP
226 country: RU
227 drop: yes
228
229 aut-num: AS59753
230 descr: Vault Dweller OU
231 remarks: bulletproof ISP (related to AS57717) located in NL
232 country: NL
233 drop: yes
234
235 aut-num: AS59940
236 descr: Kanzas LLC
237 remarks: Rogue ISP
238 drop: yes
239
240 aut-num: AS60424
241 descr: 1337TEAM LIMITED / eliteteam[.]to
242 remarks: Bulletproof ISP
243 country: RU
244 drop: yes
245
246 aut-num: AS60485
247 descr: Inter Connects Inc. / Jing Yun
248 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
249 country: SE
250 drop: yes
251
252 aut-num: AS61302
253 descr: HUIZE LTD
254 remarks: Bulletproof ISP
255 drop: yes
256
257 aut-num: AS61432
258 descr: TOV VAIZ PARTNER
259 remarks: Rogue ISP
260 drop: yes
261
262 aut-num: AS62068
263 descr: SpectraIP B.V.
264 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
265 country: NL
266 drop: yes
267
268 aut-num: AS64425
269 descr: SKB Enterprise B.V.
270 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
271 country: NL
272 drop: yes
273
274 aut-num: AS133201
275 descr: ABCDE GROUP COMPANY LIMITED
276 remarks: ISP and/or IP hijacker located in HK
277 country: HK
278 drop: yes
279
280 aut-num: AS135097
281 descr: LUOGELANG (FRANCE) LIMITED
282 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
283 country: HK
284 drop: yes
285
286 aut-num: AS136545
287 descr: Blue Data Center
288 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
289 country: AP
290 drop: yes
291
292 aut-num: AS136800
293 descr: ICIDC NETWORK
294 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
295 country: HK
296 drop: yes
297
298 aut-num: AS137443
299 descr: Anchnet Asia Limited
300 remarks: IP hijacker located in HK, tampers with RIR data
301 country: HK
302 drop: yes
303
304 aut-num: AS137523
305 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
306 remarks: ISP and IP hijacker located in HK, tampers with RIR data
307 country: HK
308 drop: yes
309
310 aut-num: AS137951
311 descr: Clayer Limited
312 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
313 country: HK
314 drop: yes
315
316 aut-num: AS138648
317 descr: ASLINE Global Exchange
318 remarks: IP hijacker located in HK
319 country: HK
320 drop: yes
321
322 aut-num: AS139330
323 descr: SANREN DATA LIMITED
324 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
325 country: AP
326 drop: yes
327
328 aut-num: AS140107
329 descr: CITIS CLOUD GROUP LIMITED
330 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
331 country: AP
332 drop: yes
333
334 aut-num: AS140227
335 descr: Hong Kong Communications International Co., Limited
336 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
337 country: AP
338 drop: yes
339
340 aut-num: AS141159
341 descr: Incomparable(HK)Network Co., Limited
342 remarks: ISP and IP hijacker located in HK, tampers with RIR data
343 country: HK
344 drop: yes
345
346 aut-num: AS141746
347 descr: Orenji Server
348 remarks: IP hijacker located somewhere in AP area (JP?)
349 country: AP
350 drop: yes
351
352 aut-num: AS141759
353 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
354 remarks: Dirty ISP located in NL
355 country: NL
356 drop: yes
357
358 aut-num: AS200313
359 descr: IT WEB LTD
360 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
361 drop: yes
362
363 aut-num: AS200391
364 descr: KREZ 999 EOOD
365 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
366 country: BG
367 drop: yes
368
369 aut-num: AS202325
370 descr: 4Media Ltd.
371 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
372 country: BG
373 drop: yes
374
375 aut-num: AS202425
376 descr: IP Volume Inc.
377 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
378 country: NL
379 drop: yes
380
381 aut-num: AS202769
382 descr: NETSTYLE A. LTD
383 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
384 country: NL
385 drop: yes
386
387 aut-num: AS204353
388 descr: Global Offshore Limited
389 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
390 country: EU
391 drop: yes
392
393 aut-num: AS204428
394 descr: SS-Net
395 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
396 country: BG
397 drop: yes
398
399 aut-num: AS204603
400 descr: Partner LLC / LetHost LLC
401 remarks: Bulletproof ISP
402 drop: yes
403
404 aut-num: AS204655
405 descr: Novogara Ltd.
406 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
407 country: NL
408 drop: yes
409
410 aut-num: AS206728
411 descr: Media Land LLC
412 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
413 country: RU
414 drop: yes
415
416 aut-num: AS207566
417 descr: Chang Way Technologies Co. Limited
418 remarks: Rogue ISP
419 country: RU
420 drop: yes
421
422 aut-num: AS209160
423 descr: Miti 2000 EOOD
424 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
425 country: BG
426 drop: yes
427
428 aut-num: AS209272
429 descr: Alviva Holding Limited
430 remarks: bulletproof ISP operating from a war zone in eastern UA
431 country: UA
432 drop: yes
433
434 aut-num: AS209559
435 descr: XHOST INTERNET SOLUTIONS LP
436 remarks: Rogue ISP (linked to AS202425) located in NL
437 country: NL
438 drop: yes
439
440 aut-num: AS210352
441 descr: Partner LLC
442 remarks: All cybercrime hosting, all the time
443 country: RU
444 drop: yes
445
446 aut-num: AS210644
447 descr: AEZA GROUP Ltd
448 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
449 country: RU
450 drop: yes
451
452 aut-num: AS210848
453 descr: Telkom Internet LTD
454 remarks: Rogue ISP (linked to AS202425) located in NL
455 country: NL
456 drop: yes
457
458 aut-num: AS211059
459 descr: Tribeka Web Advisors S.A.
460 remarks: Dirty ISP, see individual network entries below
461 drop: yes
462
463 aut-num: AS211193
464 descr: ABDILAZIZ UULU ZHUSUP
465 remarks: bulletproof ISP and IP hijacker, traces to RU
466 country: RU
467 drop: yes
468
469 aut-num: AS211252
470 descr: Delis LLC
471 remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
472 country: NL
473 drop: yes
474
475 aut-num: AS211138
476 descr: Private-Hosting di Cipriano Oscar
477 remarks: Bulletproof combahton GmbH customer in DE
478 country: DE
479 drop: yes
480
481 aut-num: AS211805
482 descr: Media Land LLC
483 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
484 country: RU
485 drop: yes
486
487 aut-num: AS211849
488 descr: Kakharov Orinbassar Maratuly
489 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
490 country: KZ
491 drop: yes
492
493 aut-num: AS212283
494 descr: ROZA HOLIDAYS EOOD
495 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
496 country: BG
497 drop: yes
498
499 aut-num: AS212552
500 descr: BitCommand LLC
501 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
502 country: EU
503 drop: yes
504
505 aut-num: AS213010
506 descr: GigaHostingServices OU
507 remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
508 country: PL
509 drop: yes
510
511 aut-num: AS213058
512 descr: Private Internet Hosting LTD
513 remarks: bulletproof ISP located in RU
514 country: RU
515 drop: yes
516
517 aut-num: AS213194
518 descr: Alfa Web Solutions Ltd
519 remarks: Rogue ISP (linked to AS57717) located in NL
520 country: NL
521 drop: yes
522
523 aut-num: AS213254
524 descr: OOO RAIT TELECOM
525 remarks: Bulletproof connectivity procurer for AS51381
526 country: RU
527 drop: yes
528
529 aut-num: AS328543
530 descr: Sun Network Company Limited
531 remarks: IP hijacker, traces back to AP region
532 country: AP
533 drop: yes
534
535 aut-num: AS328671
536 descr: Datapacket Maroc SARL
537 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
538 country: NL
539 drop: yes
540
541 aut-num: AS393889
542 descr: EightJoy Network LLC
543 remarks: Most likely hijacked or criminal AS
544 country: HK
545 drop: yes
546
547 aut-num: AS398478
548 descr: PEG TECH INC
549 remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
550 country: HK
551 drop: yes
552
553 aut-num: AS398993
554 descr: PEG TECH INC
555 remarks: ISP located in JP, tampers with RIR data
556 country: JP
557 drop: yes
558
559 aut-num: AS399195
560 descr: PEG TECH INC
561 remarks: ISP located in KR, tampers with RIR data
562 country: KR
563 drop: yes
564
565 aut-num: AS399674
566 descr: INTERNET HOSTSPACE GLOBAL INC
567 remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
568 country: US
569 drop: yes
570
571 aut-num: AS400161
572 descr: Academy of Internet Research Limited Liability Company
573 remarks: Mass-scanning, apparently without legitimate intention
574 drop: yes
575
576 aut-num: AS400506
577 descr: Black Apple
578 remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
579 country: JP
580 drop: yes
581
582 net: 45.143.203.0/24
583 descr: TOV VAIZ PARTNER
584 remarks: Attack network tracing back to NL
585 country: NL
586 drop: yes
587
588 net: 89.23.103.0/24
589 descr: Media Land LLC / abuse-server[.]su
590 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
591 drop: yes
592
593 net: 91.240.243.0/24
594 descr: Media Land LLC
595 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
596 drop: yes
597
598 net: 92.63.196.0/24
599 descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
600 remarks: Attack network tracing back to NL
601 country: NL
602 drop: yes
603
604 net: 103.176.21.0/24
605 descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
606 remarks: Brute-force attack network
607 drop: yes
608
609 net: 109.206.241.0/24
610 descr: Serverion B.V.
611 remarks: Leased to Neterra, all cybercrime, all the time
612 drop: yes
613
614 net: 111.7.96.0/24
615 descr: China Mobile Communications Corporation
616 remarks: Brute-force attack network
617 drop: yes
618
619 net: 114.246.10.0/24
620 descr: China Unicom Beijing province network
621 remarks: Brute-force attack network
622 drop: yes
623
624 net: 116.7.245.0/24
625 descr: CHINANET Guangdong province network
626 remarks: Brute-force attack network
627 drop: yes
628
629 net: 116.57.185.0/24
630 descr: China Education and Research Network
631 remarks: Brute-force attack network
632 drop: yes
633
634 net: 123.160.220.0/22
635 descr: CHINANET henan province network
636 remarks: Brute-force attack network
637 drop: yes
638
639 net: 154.89.5.0/24
640 descr: Agotoz HK Limited
641 remarks: Brute-force attack network
642 drop: yes
643
644 net: 185.156.72.0/24
645 descr: TOV VAIZ PARTNER / InterHost
646 remarks: Attack network tracing back to UA
647 country: UA
648 drop: yes
649
650 net: 193.201.9.0/24
651 descr: Infolink LLC
652 remarks: Based on domains ending up there, this network is entirely malicious
653 drop: yes
654
655 net: 193.233.81.0/24
656 descr: 1337TEAM LIMITED / eliteteam[.]to
657 remarks: Bulletproof ISP
658 country: RU
659 drop: yes
660
661 net: 195.133.20.0/24
662 descr: Tribeka Web Advisors S.A.
663 remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
664 country: NL
665 drop: yes
666
667 net: 194.135.24.0/24
668 descr: Tribeka Web Advisors S.A.
669 remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
670 country: US
671 drop: yes
672
673 net: 196.11.32.0/20
674 descr: Sanlam Life Insurance Limited
675 remarks: Stolen AfriNIC IPv4 space announced from NL?
676 country: NL
677 drop: yes
678
679 net: 2a0e:b107:17fe::/47
680 descr: Amarai-Network - Location Test @ Antarctic
681 remarks: Tampers with RIR data, not a safe place to route traffic to
682 drop: yes
683
684 net: 2a0e:b107:d10::/44
685 descr: NZB.si Enterprises
686 remarks: Tampers with RIR data, not a safe place to route traffic to
687 drop: yes
688
689 net: 2a0f:7a80::/29
690 descr: ASLINE Limited
691 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
692 country: HK
693 drop: yes
694
695 net: 2a10:9700::/29
696 descr: 1337TEAM LIMITED / eliteteam[.]to
697 remarks: Bulletproof ISP
698 country: RU
699 drop: yes
A database to determine someone's location on the Internet