overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS15828
  30 descr:          Robat Blue Diamond Network Co., Ltd.
  31 remarks:        Bulletproof ISP tampering with RIR data
  32 country:        LT
  33 drop:           yes
  34
  35 aut-num:        AS24567
  36 descr:          QT Inc.
  37 remarks:        IP hijacker operating out of AP area (HK or TW?)
  38 country:        AP
  39 drop:           yes
  40
  41 aut-num:        AS39770
  42 descr:          1337TEAM LIMITED / eliteteam[.]to
  43 remarks:        Bulletproof ISP tampering with RIR data
  44 country:        RU
  45 drop:           yes
  46
  47 aut-num:        AS41564
  48 descr:          Orion Network Limited
  49 remarks:        shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
  50 drop:           yes
  51
  52 aut-num:        AS41909
  53 descr:          PINVDS OU
  54 remarks:        all cybercrime hosting, all the time
  55 country:        RU
  56 drop:           yes
  57
  58 aut-num:        AS44446
  59 descr:          OOO SibirInvest
  60 remarks:        bulletproof ISP (related to AS202425 and AS57717) located in NL
  61 country:        NL
  62 drop:           yes
  63
  64 aut-num:        AS44477
  65 descr:          STARK INDUSTRIES SOLUTIONS LTD
  66 remarks:        Rogue ISP in multiple locations, some RIR data contain garbage
  67 drop:           yes
  68
  69 aut-num:        AS47154
  70 descr:          HUSAM A. H. HIJAZI
  71 remarks:        Rogue ISP located in NL
  72 country:        NL
  73 drop:           yes
  74
  75 aut-num:        AS48090
  76 descr:          PPTECHNOLOGY LIMITED
  77 remarks:        bulletproof ISP (related to AS204655) located in NL
  78 country:        NL
  79 drop:           yes
  80
  81 aut-num:        AS48950
  82 descr:          GLOBAL COLOCATION LIMITED
  83 remarks:        Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
  84 country:        EU
  85 drop:           yes
  86
  87 aut-num:        AS49447
  88 descr:          Nice IT Services Group Inc.
  89 remarks:        Rogue ISP
  90 drop:           yes
  91
  92 aut-num:        AS49870
  93 descr:          Alsycon BV
  94 remarks:        Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
  95 country:        NL
  96 drop:           yes
  97
  98 aut-num:        AS49466
  99 descr:          KLAYER LLC
 100 remarks:        part of the "Asline" IP hijacking gang, traces back to San Jose, CR
 101 country:        CR
 102 drop:           yes
 103
 104 aut-num:        AS49943
 105 descr:          IT Resheniya LLC
 106 remarks:        Rogue ISP
 107 country:        RU
 108 drop:           yes
 109
 110 aut-num:        AS51381
 111 descr:          1337TEAM LIMITED / eliteteam[.]to
 112 remarks:        Bulletproof ISP
 113 country:        RU
 114 drop:           yes
 115
 116 aut-num:        AS53727
 117 descr:          Netsys Global Telecom Limited (?)
 118 remarks:        Hijacked AS announced out of some location in AP, possibly HK
 119 country:        AP
 120 drop:           yes
 121
 122 aut-num:        AS54600
 123 descr:          PEG TECH INC
 124 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
 125 country:        US
 126 drop:           yes
 127
 128 aut-num:        AS55020
 129 descr:          Aodao Inc
 130 remarks:        part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
 131 country:        HK
 132 drop:           yes
 133
 134 aut-num:        AS55303
 135 descr:          Eagle Sky Co., Lt[d ?]
 136 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 137 country:        AP
 138 drop:           yes
 139
 140 aut-num:        AS55933
 141 descr:          Cloudie Limited
 142 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 143 country:        HK
 144 drop:           yes
 145
 146 aut-num:        AS57509
 147 descr:          L&L Investment Ltd.
 148 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta"
 149 country:        BG
 150 drop:           yes
 151
 152 aut-num:        AS56611
 153 descr:          REBA Communications BV
 154 remarks:        bulletproof ISP (related to AS202425) located in NL
 155 country:        NL
 156 drop:           yes
 157
 158 aut-num:        AS56873
 159 descr:          1337TEAM LIMITED / eliteteam[.]to
 160 remarks:        Bulletproof ISP
 161 country:        RU
 162 drop:           yes
 163
 164 aut-num:        AS57523
 165 descr:          Chang Way Technologies Co. Limited
 166 remarks:        Bulletproof ISP
 167 country:        RU
 168 drop:           yes
 169
 170 aut-num:        AS57717
 171 descr:          FiberXpress BV
 172 remarks:        bulletproof ISP (related to AS202425) located in NL
 173 country:        NL
 174 drop:           yes
 175
 176 aut-num:        AS57858
 177 descr:          Inter Connects Inc.
 178 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 179 country:        SE
 180 drop:           yes
 181
 182 aut-num:        AS57972
 183 descr:          Inter Connects Inc.
 184 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 185 country:        SE
 186 drop:           yes
 187
 188 aut-num:        AS58271
 189 descr:          Tyatkova Oksana Valerievna
 190 remarks:        bulletproof ISP operating from a war zone in eastern UA
 191 country:        UA
 192 drop:           yes
 193
 194 aut-num:        AS58810
 195 descr:          iZus Co., Ltd
 196 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 197 country:        AP
 198 drop:           yes
 199
 200 aut-num:        AS58931
 201 descr:          24.hk global BGP
 202 remarks:        Part of the "ASLINE" IP hijacking operation
 203 country:        HK
 204 drop:           yes
 205
 206 aut-num:        AS59425
 207 descr:          HORIZON LLC
 208 remarks:        Rogue ISP
 209 country:        RU
 210 drop:           yes
 211
 212 aut-num:        AS60485
 213 descr:          Inter Connects Inc. / Jing Yun
 214 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 215 country:        SE
 216 drop:           yes
 217
 218 aut-num:        AS61302
 219 descr:          HUIZE LTD
 220 remarks:        Bulletproof ISP
 221 drop:           yes
 222
 223 aut-num:        AS61432
 224 descr:          TOV VAIZ PARTNER
 225 remarks:        Rogue ISP
 226 drop:           yes
 227
 228 aut-num:        AS62068
 229 descr:          SpectraIP B.V.
 230 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 231 country:        NL
 232 drop:           yes
 233
 234 aut-num:        AS64425
 235 descr:          SKB Enterprise B.V.
 236 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 237 country:        NL
 238 drop:           yes
 239
 240 aut-num:        AS133201
 241 descr:          ABCDE GROUP COMPANY LIMITED
 242 remarks:        ISP and/or IP hijacker located in HK
 243 country:        HK
 244 drop:           yes
 245
 246 aut-num:        AS135097
 247 descr:          LUOGELANG (FRANCE) LIMITED
 248 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 249 country:        HK
 250 drop:           yes
 251
 252 aut-num:        AS136545
 253 descr:          Blue Data Center
 254 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 255 country:        AP
 256 drop:           yes
 257
 258 aut-num:        AS136800
 259 descr:          ICIDC NETWORK
 260 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 261 country:        HK
 262 drop:           yes
 263
 264 aut-num:        AS137443
 265 descr:          Anchnet Asia Limited
 266 remarks:        IP hijacker located in HK, tampers with RIR data
 267 country:        HK
 268 drop:           yes
 269
 270 aut-num:        AS137523
 271 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 272 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 273 country:        HK
 274 drop:           yes
 275
 276 aut-num:        AS137951
 277 descr:          Clayer Limited
 278 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 279 country:        HK
 280 drop:           yes
 281
 282 aut-num:        AS138648
 283 descr:          ASLINE Global Exchange
 284 remarks:        IP hijacker located in HK
 285 country:        HK
 286 drop:           yes
 287
 288 aut-num:        AS139330
 289 descr:          SANREN DATA LIMITED
 290 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 291 country:        AP
 292 drop:           yes
 293
 294 aut-num:        AS140107
 295 descr:          CITIS CLOUD GROUP LIMITED
 296 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data
 297 country:        AP
 298 drop:           yes
 299
 300 aut-num:        AS140227
 301 descr:          Hong Kong Communications International Co., Limited
 302 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 303 country:        AP
 304 drop:           yes
 305
 306 aut-num:        AS141159
 307 descr:          Incomparable(HK)Network Co., Limited
 308 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 309 country:        HK
 310 drop:           yes
 311
 312 aut-num:        AS141746
 313 descr:          Orenji Server
 314 remarks:        IP hijacker located somewhere in AP area (JP?)
 315 country:        AP
 316 drop:           yes
 317
 318 aut-num:        AS141759
 319 descr:          HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
 320 remarks:        Dirty ISP located in NL
 321 country:        NL
 322 drop:           yes
 323
 324 aut-num:        AS200313
 325 descr:          IT WEB LTD
 326 remarks:        All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
 327 drop:           yes
 328
 329 aut-num:        AS200391
 330 descr:          KREZ 999 EOOD
 331 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 332 country:        BG
 333 drop:           yes
 334
 335 aut-num:        AS202325
 336 descr:          4Media Ltd.
 337 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 338 country:        BG
 339 drop:           yes
 340
 341 aut-num:        AS202425
 342 descr:          IP Volume Inc.
 343 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 344 country:        NL
 345 drop:           yes
 346
 347 aut-num:        AS202769
 348 descr:          NETSTYLE A. LTD
 349 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 350 country:        NL
 351 drop:           yes
 352
 353 aut-num:        AS204353
 354 descr:          Global Offshore Limited
 355 remarks:        part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
 356 country:        EU
 357 drop:           yes
 358
 359 aut-num:        AS204428
 360 descr:          SS-Net
 361 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 362 country:        BG
 363 drop:           yes
 364
 365 aut-num:        AS204603
 366 descr:          Partner LLC / LetHost LLC
 367 remarks:        Bulletproof ISP
 368 drop:           yes
 369
 370 aut-num:        AS206728
 371 descr:          Media Land LLC
 372 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 373 country:        RU
 374 drop:           yes
 375
 376 aut-num:        AS207566
 377 descr:          Chang Way Technologies Co. Limited
 378 remarks:        Rogue ISP
 379 country:        RU
 380 drop:           yes
 381
 382 aut-num:        AS209160
 383 descr:          Miti 2000 EOOD
 384 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 385 country:        BG
 386 drop:           yes
 387
 388 aut-num:        AS209272
 389 descr:          Alviva Holding Limited
 390 remarks:        bulletproof ISP operating from a war zone in eastern UA
 391 country:        UA
 392 drop:           yes
 393
 394 aut-num:        AS209559
 395 descr:          XHOST INTERNET SOLUTIONS LP
 396 remarks:        Rogue ISP (linked to AS202425) located in NL
 397 country:        NL
 398 drop:           yes
 399
 400 aut-num:        AS210352
 401 descr:          Partner LLC
 402 remarks:        All cybercrime hosting, all the time
 403 country:        RU
 404 drop:           yes
 405
 406 aut-num:        AS210644
 407 descr:          AEZA GROUP Ltd
 408 remarks:        In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
 409 country:        RU
 410 drop:           yes
 411
 412 aut-num:        AS210848
 413 descr:          Telkom Internet LTD
 414 remarks:        Rogue ISP (linked to AS202425) located in NL
 415 country:        NL
 416 drop:           yes
 417
 418 aut-num:        AS211059
 419 descr:          Tribeka Web Advisors S.A.
 420 remarks:        Dirty ISP, see individual network entries below
 421 drop:           yes
 422
 423 aut-num:        AS211193
 424 descr:          ABDILAZIZ UULU ZHUSUP
 425 remarks:        bulletproof ISP and IP hijacker, traces to RU
 426 country:        RU
 427 drop:           yes
 428
 429 aut-num:        AS211252
 430 descr:          Delis LLC
 431 remarks:        Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
 432 country:        NL
 433 drop:           yes
 434
 435 aut-num:        AS211138
 436 descr:          Private-Hosting di Cipriano Oscar
 437 remarks:        Bulletproof combahton GmbH customer in DE
 438 country:        DE
 439 drop:           yes
 440
 441 aut-num:        AS211805
 442 descr:          Media Land LLC
 443 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 444 country:        RU
 445 drop:           yes
 446
 447 aut-num:        AS211849
 448 descr:          Kakharov Orinbassar Maratuly
 449 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 450 country:        KZ
 451 drop:           yes
 452
 453 aut-num:        AS212283
 454 descr:          ROZA HOLIDAYS EOOD
 455 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
 456 country:        BG
 457 drop:           yes
 458
 459 aut-num:        AS212552
 460 descr:          BitCommand LLC
 461 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 462 country:        EU
 463 drop:           yes
 464
 465 aut-num:        AS213058
 466 descr:          Private Internet Hosting LTD
 467 remarks:        bulletproof ISP located in RU
 468 country:        RU
 469 drop:           yes
 470
 471 aut-num:        AS213194
 472 descr:          Alfa Web Solutions Ltd
 473 remarks:        Rogue ISP (linked to AS57717) located in NL
 474 country:        NL
 475 drop:           yes
 476
 477 aut-num:        AS213254
 478 descr:          OOO RAIT TELECOM
 479 remarks:        Bulletproof connectivity procurer for AS51381
 480 country:        RU
 481 drop:           yes
 482
 483 aut-num:        AS328543
 484 descr:          Sun Network Company Limited
 485 remarks:        IP hijacker, traces back to AP region
 486 country:        AP
 487 drop:           yes
 488
 489 aut-num:        AS393889
 490 descr:          EightJoy Network LLC
 491 remarks:        Most likely hijacked or criminal AS
 492 country:        HK
 493 drop:           yes
 494
 495 aut-num:        AS398478
 496 descr:          PEG TECH INC
 497 remarks:        ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
 498 country:        HK
 499 drop:           yes
 500
 501 aut-num:        AS398993
 502 descr:          PEG TECH INC
 503 remarks:        ISP located in JP, tampers with RIR data
 504 country:        JP
 505 drop:           yes
 506
 507 aut-num:        AS399195
 508 descr:          PEG TECH INC
 509 remarks:        ISP located in KR, tampers with RIR data
 510 country:        KR
 511 drop:           yes
 512
 513 aut-num:        AS400161
 514 descr:          Academy of Internet Research Limited Liability Company
 515 remarks:        Mass-scanning, apparently without legitimate intention
 516 drop:           yes
 517
 518 aut-num:        AS400506
 519 descr:          Black Apple
 520 remarks:        Solely announces hijacked prefixes out of JP, no legitimate infrastructure
 521 country:        JP
 522 drop:           yes
 523
 524 net:            45.143.203.0/24
 525 descr:          TOV VAIZ PARTNER
 526 remarks:        Attack network tracing back to NL
 527 country:        NL
 528 drop:           yes
 529
 530 net:            196.11.32.0/20
 531 descr:          Sanlam Life Insurance Limited
 532 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 533 country:        NL
 534 drop:           yes
 535
 536 net:            2a0e:b107:17fe::/47
 537 descr:          Amarai-Network - Location Test @ Antarctic
 538 remarks:        Tampers with RIR data, not a safe place to route traffic to
 539 drop:           yes
 540
 541 net:            2a0e:b107:d10::/44
 542 descr:          NZB.si Enterprises
 543 remarks:        Tampers with RIR data, not a safe place to route traffic to
 544 drop:           yes
 545
 546 net:            2a0f:7a80::/29
 547 descr:          ASLINE Limited
 548 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 549 country:        HK
 550 drop:           yes