4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
26 # Please keep this file sorted.
31 remarks: part of the "Asline" IP hijacking gang
35 descr: Blue Diamond Network Co., Ltd.
36 remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT
42 remarks: IP hijacker, traces back to HK
48 remarks: IP hijacker operating out of AP area (HK or TW?)
59 descr: 1337TEAM LIMITED / eliteteam[.]to
60 remarks: Bulletproof ISP
64 descr: Trit Networks, LLC
65 remarks: all cybercrime hosting, all the time
70 descr: Orion Network Limited
71 remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
76 remarks: all cybercrime hosting, all the time
81 descr: Kirin Communication Limited
82 remarks: Hijacks IP space and tampers with RIR data, traces back to JP
87 descr: OOO SibirInvest
88 remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL
93 descr: STARK INDUSTRIES SOLUTIONS LTD
94 remarks: Rogue ISP in multiple locations, some RIR data contain garbage
98 descr: HUSAM A. H. HIJAZI
99 remarks: Rogue ISP located in NL
104 descr: PPTECHNOLOGY LIMITED
105 remarks: bulletproof ISP (related to AS204655) located in NL
110 descr: GLOBAL COLOCATION LIMITED
111 remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
116 descr: Nice IT Services Group Inc.
122 remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
128 remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
133 descr: IT Resheniya LLC
138 descr: 1337TEAM LIMITED / eliteteam[.]to
139 remarks: Bulletproof ISP
144 descr: Netsys Global Telecom Limited (?)
145 remarks: Hijacked AS announced out of some location in AP, possibly HK
151 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
157 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
162 descr: Eagle Sky Co., Lt[d ?]
163 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
168 descr: Cloudie Limited
169 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
174 descr: L&L Investment Ltd.
175 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
180 descr: REBA Communications BV
181 remarks: bulletproof ISP (related to AS202425) located in NL
186 descr: 1337TEAM LIMITED / eliteteam[.]to
187 remarks: Bulletproof ISP
191 descr: LLC South Internet
192 remarks: Bulletproof ISP
196 descr: Chang Way Technologies Co. Limited
197 remarks: Bulletproof ISP
202 descr: FiberXpress BV
203 remarks: bulletproof ISP (related to AS202425) located in NL
208 descr: Inter Connects Inc.
209 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
214 descr: Inter Connects Inc.
215 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
220 descr: FOP Gubina Lubov Petrivna
221 remarks: bulletproof ISP operating from a war zone in eastern UA
227 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
232 descr: 24.hk global BGP
233 remarks: Part of the "ASLINE" IP hijacking operation
243 descr: Vault Dweller OU
244 remarks: bulletproof ISP (related to AS57717) located in NL
254 descr: 1337TEAM LIMITED / eliteteam[.]to
255 remarks: Owned by an offshore letterbox company, suspected rogue ISP
259 descr: Inter Connects Inc. / Jing Yun
260 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
266 remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore
272 remarks: Bulletproof ISP
276 descr: TOV VAIZ PARTNER
281 descr: SpectraIP B.V.
282 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
287 descr: SKB Enterprise B.V.
288 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
293 descr: ABCDE GROUP COMPANY LIMITED
294 remarks: ISP and/or IP hijacker located in HK
299 descr: LUOGELANG (FRANCE) LIMITED
300 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
305 descr: Blue Data Center
306 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
312 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
317 descr: Anchnet Asia Limited
318 remarks: IP hijacker located in HK, tampers with RIR data
323 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
324 remarks: ISP and IP hijacker located in HK, tampers with RIR data
329 descr: Clayer Limited
330 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
335 descr: ASLINE Global Exchange
336 remarks: IP hijacker located in HK
341 descr: SANREN DATA LIMITED
342 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
347 descr: CITIS CLOUD GROUP LIMITED
348 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
353 descr: Hong Kong Communications International Co., Limited
354 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
359 descr: Incomparable(HK)Network Co., Limited
360 remarks: ISP and IP hijacker located in HK, tampers with RIR data
366 remarks: IP hijacker located somewhere in AP area (JP?)
371 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
372 remarks: Dirty ISP located in NL
378 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
383 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
389 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
394 descr: IP Volume Inc.
395 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
400 descr: NETSTYLE A. LTD
401 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
406 descr: Global Offshore Limited
407 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
413 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
418 descr: Partner LLC / LetHost LLC
419 remarks: Bulletproof ISP
424 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
429 descr: Media Land LLC
430 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
435 descr: Chang Way Technologies Co. Limited
441 descr: Miti 2000 EOOD
442 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
447 descr: Alviva Holding Limited
448 remarks: bulletproof ISP operating from a war zone in eastern UA
453 descr: XHOST INTERNET SOLUTIONS LP
454 remarks: Rogue ISP (linked to AS202425) located in NL
460 remarks: All cybercrime hosting, all the time
465 descr: AEZA GROUP Ltd
466 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
471 descr: Telkom Internet LTD
472 remarks: Rogue ISP (linked to AS202425) located in NL
477 descr: Tribeka Web Advisors S.A.
478 remarks: Dirty ISP, see individual network entries below
482 descr: ABDILAZIZ UULU ZHUSUP
483 remarks: bulletproof ISP and IP hijacker, traces to RU
489 remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
494 descr: Private-Hosting di Cipriano Oscar
495 remarks: Bulletproof combahton GmbH customer in DE
500 descr: Media Land LLC
501 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
506 descr: Kakharov Orinbassar Maratuly
507 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
512 descr: ROZA HOLIDAYS EOOD
513 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
518 descr: BitCommand LLC
519 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
524 descr: GigaHostingServices OU
525 remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts
530 descr: Private Internet Hosting LTD
531 remarks: bulletproof ISP located in RU
536 descr: Alfa Web Solutions Ltd
537 remarks: Rogue ISP (linked to AS57717) located in NL
542 descr: OOO RAIT TELECOM
543 remarks: Bulletproof connectivity procurer for AS51381
548 descr: Sun Network Company Limited
549 remarks: IP hijacker, traces back to AP region
554 descr: Datapacket Maroc SARL
555 remarks: bulletproof ISP (strongly linked to AS202425) located in NL
560 descr: EightJoy Network LLC
561 remarks: Most likely hijacked or criminal AS
567 remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
573 remarks: ISP located in JP, tampers with RIR data
579 remarks: ISP located in KR, tampers with RIR data
584 descr: INTERNET HOSTSPACE GLOBAL INC
585 remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it
590 descr: Academy of Internet Research Limited Liability Company
591 remarks: Mass-scanning, apparently without legitimate intention
596 remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
601 descr: TOV VAIZ PARTNER
602 remarks: Attack network tracing back to NL
607 descr: CHINANET jiangsu province network
608 remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore
612 descr: Media Land LLC / abuse-server[.]su
613 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
617 descr: Media Land LLC
618 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
622 descr: TOV VAIZ PARTNER / Perfect Hosting Solutions
623 remarks: Attack network tracing back to NL
628 descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED
629 remarks: Brute-force attack network
632 net: 109.206.241.0/24
633 descr: Serverion B.V.
634 remarks: Leased to Neterra, all cybercrime, all the time
638 descr: China Mobile Communications Corporation
639 remarks: Brute-force attack network
643 descr: China Unicom Beijing province network
644 remarks: Brute-force attack network
648 descr: CHINANET Guangdong province network
649 remarks: Brute-force attack network
653 descr: China Education and Research Network
654 remarks: Brute-force attack network
657 net: 123.160.220.0/22
658 descr: CHINANET henan province network
659 remarks: Brute-force attack network
663 descr: Agotoz HK Limited
664 remarks: Brute-force attack network
668 descr: TOV VAIZ PARTNER / InterHost
669 remarks: Attack network tracing back to UA
673 net: 185.196.220.0/24
674 descr: Makut Investments
675 remarks: Brute-force attack network
680 remarks: Based on domains ending up there, this network is entirely malicious
684 descr: Tribeka Web Advisors S.A.
685 remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to
690 descr: Tribeka Web Advisors S.A.
691 remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to
696 descr: Sanlam Life Insurance Limited
697 remarks: Stolen AfriNIC IPv4 space announced from NL?
701 net: 2a0e:b107:17fe::/47
702 descr: Amarai-Network - Location Test @ Antarctic
703 remarks: Tampers with RIR data, not a safe place to route traffic to
706 net: 2a0e:b107:d10::/44
707 descr: NZB.si Enterprises
708 remarks: Tampers with RIR data, not a safe place to route traffic to
712 descr: ASLINE Limited
713 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
718 descr: 1337TEAM LIMITED / eliteteam[.]to
719 remarks: Owned by an offshore letterbox company, suspected rogue ISP