4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
26 # Please keep this file sorted.
30 descr: Robat Blue Diamond Network Co., Ltd.
31 remarks: Bulletproof ISP tampering with RIR data
37 remarks: IP hijacker operating out of AP area (HK or TW?)
42 descr: 1337TEAM LIMITED / eliteteam[.]to
43 remarks: Bulletproof ISP tampering with RIR data
48 descr: Orion Network Limited
49 remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
54 remarks: all cybercrime hosting, all the time
59 descr: OOO SibirInvest
60 remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
65 descr: STARK INDUSTRIES SOLUTIONS LTD
66 remarks: Rogue ISP in multiple locations, some RIR data contain garbage
70 descr: HUSAM A. H. HIJAZI
71 remarks: Rogue ISP located in NL
76 descr: PPTECHNOLOGY LIMITED
77 remarks: bulletproof ISP (related to AS204655) located in NL
82 descr: GLOBAL COLOCATION LIMITED
83 remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
88 descr: Nice IT Services Group Inc.
94 remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
100 remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
105 descr: IT Resheniya LLC
111 descr: 1337TEAM LIMITED / eliteteam[.]to
112 remarks: Bulletproof ISP
117 descr: Netsys Global Telecom Limited (?)
118 remarks: Hijacked AS announced out of some location in AP, possibly HK
124 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
130 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
135 descr: Eagle Sky Co., Lt[d ?]
136 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
141 descr: Cloudie Limited
142 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
147 descr: L&L Investment Ltd.
148 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
153 descr: REBA Communications BV
154 remarks: bulletproof ISP (related to AS202425) located in NL
159 descr: 1337TEAM LIMITED / eliteteam[.]to
160 remarks: Bulletproof ISP
165 descr: Chang Way Technologies Co. Limited
166 remarks: Bulletproof ISP
171 descr: FiberXpress BV
172 remarks: bulletproof ISP (related to AS202425) located in NL
177 descr: Inter Connects Inc.
178 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
183 descr: Inter Connects Inc.
184 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
189 descr: Tyatkova Oksana Valerievna
190 remarks: bulletproof ISP operating from a war zone in eastern UA
196 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
201 descr: 24.hk global BGP
202 remarks: Part of the "ASLINE" IP hijacking operation
213 descr: Inter Connects Inc. / Jing Yun
214 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
220 remarks: Bulletproof ISP
224 descr: TOV VAIZ PARTNER
229 descr: SpectraIP B.V.
230 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
235 descr: SKB Enterprise B.V.
236 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
241 descr: ABCDE GROUP COMPANY LIMITED
242 remarks: ISP and/or IP hijacker located in HK
247 descr: LUOGELANG (FRANCE) LIMITED
248 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
253 descr: Blue Data Center
254 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
260 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
265 descr: Anchnet Asia Limited
266 remarks: IP hijacker located in HK, tampers with RIR data
271 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
272 remarks: ISP and IP hijacker located in HK, tampers with RIR data
277 descr: Clayer Limited
278 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
283 descr: ASLINE Global Exchange
284 remarks: IP hijacker located in HK
289 descr: SANREN DATA LIMITED
290 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
295 descr: CITIS CLOUD GROUP LIMITED
296 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
301 descr: Hong Kong Communications International Co., Limited
302 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
307 descr: Incomparable(HK)Network Co., Limited
308 remarks: ISP and IP hijacker located in HK, tampers with RIR data
314 remarks: IP hijacker located somewhere in AP area (JP?)
319 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
320 remarks: Dirty ISP located in NL
326 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
331 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
337 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
342 descr: IP Volume Inc.
343 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
348 descr: NETSTYLE A. LTD
349 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
354 descr: Global Offshore Limited
355 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
361 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
366 descr: Partner LLC / LetHost LLC
367 remarks: Bulletproof ISP
371 descr: Media Land LLC
372 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
377 descr: Chang Way Technologies Co. Limited
383 descr: Miti 2000 EOOD
384 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
389 descr: Alviva Holding Limited
390 remarks: bulletproof ISP operating from a war zone in eastern UA
395 descr: XHOST INTERNET SOLUTIONS LP
396 remarks: Rogue ISP (linked to AS202425) located in NL
402 remarks: All cybercrime hosting, all the time
407 descr: AEZA GROUP Ltd
408 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
413 descr: Telkom Internet LTD
414 remarks: Rogue ISP (linked to AS202425) located in NL
419 descr: Tribeka Web Advisors S.A.
420 remarks: Dirty ISP, see individual network entries below
424 descr: ABDILAZIZ UULU ZHUSUP
425 remarks: bulletproof ISP and IP hijacker, traces to RU
431 remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
436 descr: Private-Hosting di Cipriano Oscar
437 remarks: Bulletproof combahton GmbH customer in DE
442 descr: Media Land LLC
443 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
448 descr: Kakharov Orinbassar Maratuly
449 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
454 descr: ROZA HOLIDAYS EOOD
455 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
460 descr: BitCommand LLC
461 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
466 descr: Private Internet Hosting LTD
467 remarks: bulletproof ISP located in RU
472 descr: Alfa Web Solutions Ltd
473 remarks: Rogue ISP (linked to AS57717) located in NL
478 descr: OOO RAIT TELECOM
479 remarks: Bulletproof connectivity procurer for AS51381
484 descr: Sun Network Company Limited
485 remarks: IP hijacker, traces back to AP region
490 descr: EightJoy Network LLC
491 remarks: Most likely hijacked or criminal AS
497 remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
503 remarks: ISP located in JP, tampers with RIR data
509 remarks: ISP located in KR, tampers with RIR data
514 descr: Academy of Internet Research Limited Liability Company
515 remarks: Mass-scanning, apparently without legitimate intention
520 remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
525 descr: TOV VAIZ PARTNER
526 remarks: Attack network tracing back to NL
531 descr: Sanlam Life Insurance Limited
532 remarks: Stolen AfriNIC IPv4 space announced from NL?
536 net: 2a0e:b107:17fe::/47
537 descr: Amarai-Network - Location Test @ Antarctic
538 remarks: Tampers with RIR data, not a safe place to route traffic to
541 net: 2a0e:b107:d10::/44
542 descr: NZB.si Enterprises
543 remarks: Tampers with RIR data, not a safe place to route traffic to
547 descr: ASLINE Limited
548 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE