overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS18254
  30 descr:          KLAYER LLC
  31 remarks:        part of the "Asline" IP hijacking gang, traces back to AP region
  32 country:        AP
  33 drop:           yes
  34
  35 aut-num:        AS18013
  36 descr:          ASLINE LIMITED
  37 remarks:        IP hijacker, traces back to HK
  38 country:        HK
  39 drop:           yes
  40
  41 aut-num:        AS22769
  42 descr:          DDOSING NETWORK
  43 remarks:        IP hijacker located in US, massively tampers with RIR data
  44 country:        US
  45 drop:           yes
  46
  47 aut-num:        AS24567
  48 descr:          QT Inc.
  49 remarks:        IP hijacker operating out of AP area (HK or TW?)
  50 country:        AP
  51 drop:           yes
  52
  53 aut-num:        AS39770
  54 descr:          1337TEAM LIMITED / eliteteam[.]to
  55 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  56 drop:           yes
  57
  58 aut-num:        AS41564
  59 descr:          Orion Network Limited
  60 remarks:        shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
  61 country:        EU
  62 drop:           yes
  63
  64 aut-num:        AS43092
  65 descr:          Kirin Communication Limited
  66 remarks:        Hijacks IP space and tampers with RIR data, traces back to JP
  67 country:        JP
  68 drop:           yes
  69
  70 aut-num:        AS44015
  71 descr:          Landgard Management Inc.
  72 remarks:        bulletproof ISP with strong links to RU
  73 country:        RU
  74 drop:           yes
  75
  76 aut-num:        AS44446
  77 descr:          OOO SibirInvest
  78 remarks:        bulletproof ISP (related to AS202425 and AS57717) located in NL
  79 country:        NL
  80 drop:           yes
  81
  82 aut-num:        AS48090
  83 descr:          PPTECHNOLOGY LIMITED
  84 remarks:        bulletproof ISP (related to AS204655) located in NL
  85 country:        NL
  86 drop:           yes
  87
  88 aut-num:        AS49447
  89 descr:          Nice IT Services Group Inc.
  90 remarks:        Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
  91 country:        CH
  92 drop:           yes
  93
  94 aut-num:        AS51381
  95 descr:          1337TEAM LIMITED / eliteteam[.]to
  96 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
  97 country:        RU
  98 drop:           yes
  99
 100 aut-num:        AS54600
 101 descr:          PEG TECH INC
 102 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
 103 country:        US
 104 drop:           yes
 105
 106 aut-num:        AS55303
 107 descr:          Eagle Sky Co., Lt[d ?]
 108 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 109 country:        AP
 110 drop:           yes
 111
 112 aut-num:        AS55933
 113 descr:          Cloudie Limited
 114 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 115 country:        HK
 116 drop:           yes
 117
 118 aut-num:        AS56447
 119 descr:          511 Far East Limited
 120 remarks:        IP hijacker, tampers with RIR data
 121 country:        RU
 122 drop:           yes
 123
 124 aut-num:        AS56611
 125 descr:          REBA Communications BV
 126 remarks:        bulletproof ISP (related to AS202425) located in NL
 127 country:        NL
 128 drop:           yes
 129
 130 aut-num:        AS56873
 131 descr:          1337TEAM LIMITED / eliteteam[.]to
 132 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 133 drop:           yes
 134
 135 aut-num:        AS57523
 136 descr:          Chang Way Technologies Co. Limited
 137 remarks:        bulletproof ISP, C&C server hosting galore
 138 drop:           yes
 139
 140 aut-num:        AS57717
 141 descr:          FiberXpress BV
 142 remarks:        bulletproof ISP (related to AS202425) located in NL
 143 country:        NL
 144 drop:           yes
 145
 146 aut-num:        AS57858
 147 descr:          Inter Connects Inc.
 148 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 149 country:        SE
 150 drop:           yes
 151
 152 aut-num:        AS57972
 153 descr:          Inter Connects Inc.
 154 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 155 country:        SE
 156 drop:           yes
 157
 158 aut-num:        AS58271
 159 descr:          FOP Gubina Lubov Petrivna
 160 remarks:        bulletproof ISP operating from a war zone in eastern UA
 161 country:        UA
 162 drop:           yes
 163
 164 aut-num:        AS58810
 165 descr:          iZus Co., Ltd
 166 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 167 country:        AP
 168 drop:           yes
 169
 170 aut-num:        AS60424
 171 descr:          1337TEAM LIMITED / eliteteam[.]to
 172 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 173 drop:           yes
 174
 175 aut-num:        AS60485
 176 descr:          Inter Connects Inc. / Jing Yun
 177 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 178 country:        SE
 179 drop:           yes
 180
 181 aut-num:        AS60930
 182 descr:          Intem LLC
 183 remarks:        leaf AS with upstream to other dirty hosters, brute-force attacks galore
 184 drop:           yes
 185
 186 aut-num:        AS61414
 187 descr:          EDGENAP LTD
 188 remarks:        IP hijacking? Rogue ISP?
 189 drop:           yes
 190
 191 aut-num:        AS62068
 192 descr:          SpectraIP B.V.
 193 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 194 country:        NL
 195 drop:           yes
 196
 197 aut-num:        AS64425
 198 descr:          SKB Enterprise B.V.
 199 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 200 country:        NL
 201 drop:           yes
 202
 203 aut-num:        AS133201
 204 descr:          ABCDE GROUP COMPANY LIMITED
 205 remarks:        ISP and/or IP hijacker located in HK
 206 country:        HK
 207 drop:           yes
 208
 209 aut-num:        AS135097
 210 descr:          LUOGELANG (FRANCE) LIMITED
 211 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 212 country:        HK
 213 drop:           yes
 214
 215 aut-num:        AS136545
 216 descr:          Blue Data Center
 217 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 218 country:        AP
 219 drop:           yes
 220
 221 aut-num:        AS136800
 222 descr:          ICIDC NETWORK
 223 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 224 country:        HK
 225 drop:           yes
 226
 227 aut-num:        AS137523
 228 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 229 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 230 country:        HK
 231 drop:           yes
 232
 233 aut-num:        AS137951
 234 descr:          Clayer Limited
 235 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 236 country:        HK
 237 drop:           yes
 238
 239 aut-num:        AS138648
 240 descr:          ASLINE Global Exchange
 241 remarks:        IP hijacker located somewhere in AP area
 242 country:        AP
 243 drop:           yes
 244
 245 aut-num:        AS139330
 246 descr:          SANREN DATA LIMITED
 247 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 248 country:        AP
 249 drop:           yes
 250
 251 aut-num:        AS140107
 252 descr:          CITIS CLOUD GROUP LIMITED
 253 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
 254 drop:           yes
 255
 256 aut-num:        AS141159
 257 descr:          Incomparable(HK)Network Co., Limited
 258 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 259 country:        HK
 260 drop:           yes
 261
 262 aut-num:        AS141746
 263 descr:          Orenji Server
 264 remarks:        IP hijacker located somewhere in AP area (JP?)
 265 country:        AP
 266 drop:           yes
 267
 268 aut-num:        AS196691
 269 descr:          Get-Net LLC
 270 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 271 country:        RU
 272 drop:           yes
 273
 274 aut-num:        AS200391
 275 descr:          KREZ 999 EOOD
 276 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 277 country:        BG
 278 drop:           yes
 279
 280 aut-num:        AS202325
 281 descr:          4Media Ltd.
 282 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 283 country:        BG
 284 drop:           yes
 285
 286 aut-num:        AS202425
 287 descr:          IP Volume Inc.
 288 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 289 country:        NL
 290 drop:           yes
 291
 292 aut-num:        AS202476
 293 descr:          Nevermind Inc.
 294 remarks:        Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU
 295 country:        RU
 296 drop:           yes
 297
 298 aut-num:        AS202769
 299 descr:          Cooperative Investments LLC
 300 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 301 country:        NL
 302 drop:           yes
 303
 304 aut-num:        AS204341
 305 descr:          Purple Raccoon Ltd.
 306 remarks:        Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers
 307 country:        RU
 308 drop:           yes
 309
 310 aut-num:        AS204428
 311 descr:          SS-Net
 312 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 313 country:        BG
 314 drop:           yes
 315
 316 aut-num:        AS204655
 317 descr:          Novogara Ltd.
 318 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 319 country:        NL
 320 drop:           yes
 321
 322 aut-num:        AS205702
 323 descr:          Get-Net LLC
 324 remarks:        IP hijacker in RU and dirty suballocations, not a safe place to go
 325 country:        RU
 326 drop:           yes
 327
 328 aut-num:        AS206728
 329 descr:          Media Land LLC
 330 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 331 country:        RU
 332 drop:           yes
 333
 334 aut-num:        AS209272
 335 descr:          Alviva Holding Limited
 336 remarks:        bulletproof ISP operating from a war zone in eastern UA
 337 country:        UA
 338 drop:           yes
 339
 340 aut-num:        AS210848
 341 descr:          Telkom Internet LTD
 342 remarks:        Rogue ISP (linked to AS202425) located in NL
 343 country:        NL
 344 drop:           yes
 345
 346 aut-num:        AS211193
 347 descr:          ABDILAZIZ UULU ZHUSUP
 348 remarks:        bulletproof ISP and IP hijacker, traces to RU
 349 country:        RU
 350 drop:           yes
 351
 352 aut-num:        AS211805
 353 descr:          Media Land LLC
 354 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 355 country:        RU
 356 drop:           yes
 357
 358 aut-num:        AS211849
 359 descr:          Kakharov Orinbassar Maratuly
 360 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 361 country:        KZ
 362 drop:           yes
 363
 364 aut-num:        AS212552
 365 descr:          BitCommand LLC
 366 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 367 country:        EU
 368 drop:           yes
 369
 370 aut-num:        AS213058
 371 descr:          Private Internet Hosting LTD
 372 remarks:        bulletproof ISP located in RU
 373 country:        RU
 374 drop:           yes
 375
 376 aut-num:        AS267712
 377 descr:          EL ALAMO S.R.L
 378 remarks:        Hijacked AS being announced out of RU
 379 country:        RU
 380 drop:           yes
 381
 382 aut-num:        AS328543
 383 descr:          Sun Network Company Limited
 384 remarks:        IP hijacker, traces back to AP region
 385 country:        AP
 386 drop:           yes
 387
 388 aut-num:        AS328671
 389 descr:          Datapacket Maroc SARL
 390 remarks:        bulletproof ISP (strongly linked to AS202425) located in NL
 391 country:        NL
 392 drop:           yes
 393
 394 aut-num:        AS393889
 395 descr:          EightJoy Network LLC
 396 remarks:        Most likely hijacked AS
 397 drop:           yes
 398
 399 aut-num:        AS398478
 400 descr:          PEG TECH INC
 401 remarks:        ISP located in HK, tampers with RIR data
 402 country:        HK
 403 drop:           yes
 404
 405 aut-num:        AS398993
 406 descr:          PEG TECH INC
 407 remarks:        ISP located in JP, tampers with RIR data
 408 country:        JP
 409 drop:           yes
 410
 411 aut-num:        AS399195
 412 descr:          PEG TECH INC
 413 remarks:        ISP located in KR, tampers with RIR data
 414 country:        KR
 415 drop:           yes
 416
 417 net:            195.133.20.0/24
 418 descr:          Tribeka Web Advisors S.A.
 419 remarks:        Tampers with RIR data, traces back to NL, not a safe place to route traffic to
 420 country:        NL
 421 drop:           yes
 422
 423 net:            196.11.32.0/20
 424 descr:          Sanlam Life Insurance Limited
 425 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 426 country:        NL
 427 drop:           yes
 428
 429 net:            2a0e:b107:d10::/44
 430 descr:          NZB.si Enterprises
 431 remarks:        Tampers with RIR data, not a safe place to route traffic to
 432 drop:           yes
 433
 434 net:            2a0f:7a80::/29
 435 descr:          ASLINE Limited
 436 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 437 country:        HK
 438 drop:           yes
 439
 440 net:            2a10:9700::/29
 441 descr:          1337TEAM LIMITED / eliteteam[.]to
 442 remarks:        Owned by an offshore letterbox company, suspected rogue ISP
 443 country:        RU
 444 drop:           yes