overrides/override-xd.txt

   1 #
   2 # override-xd [.txt]
   3 #
   4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
   5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
   6 #
   7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
   8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
   9 # flag for hostile networks.
  10 #
  11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
  12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
  13 # hosting space for cybercrime infrastructure.
  14 #
  15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
  16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
  17 # clients download a new database once a week.
  18 #
  19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
  20 # here.
  21 #
  22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
  23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
  24 # for further information.
  25 #
  26 # Please keep this file sorted.
  27 #
  28
  29 aut-num:        AS24567
  30 descr:          QT Inc.
  31 remarks:        IP hijacker operating out of AP area (HK or TW?)
  32 country:        AP
  33 drop:           yes
  34
  35 aut-num:        AS39770
  36 descr:          1337TEAM LIMITED / eliteteam[.]to
  37 remarks:        Bulletproof ISP tampering with RIR data
  38 country:        RU
  39 drop:           yes
  40
  41 aut-num:        AS41564
  42 descr:          Orion Network Limited
  43 remarks:        shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
  44 drop:           yes
  45
  46 aut-num:        AS41909
  47 descr:          PINVDS OU
  48 remarks:        all cybercrime hosting, all the time
  49 country:        RU
  50 drop:           yes
  51
  52 aut-num:        AS44477
  53 descr:          STARK INDUSTRIES SOLUTIONS LTD
  54 remarks:        Rogue ISP in multiple locations, some RIR data contain garbage
  55 drop:           yes
  56
  57 aut-num:        AS48090
  58 descr:          PPTECHNOLOGY LIMITED
  59 remarks:        bulletproof ISP (related to AS204655) located in NL
  60 country:        NL
  61 drop:           yes
  62
  63 aut-num:        AS48950
  64 descr:          GLOBAL COLOCATION LIMITED
  65 remarks:        Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
  66 country:        EU
  67 drop:           yes
  68
  69 aut-num:        AS49870
  70 descr:          Alsycon BV
  71 remarks:        Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
  72 country:        NL
  73 drop:           yes
  74
  75 aut-num:        AS49466
  76 descr:          KLAYER LLC
  77 remarks:        part of the "Asline" IP hijacking gang, traces back to San Jose, CR
  78 country:        CR
  79 drop:           yes
  80
  81 aut-num:        AS51381
  82 descr:          1337TEAM LIMITED / eliteteam[.]to
  83 remarks:        Bulletproof ISP
  84 country:        RU
  85 drop:           yes
  86
  87 aut-num:        AS53363
  88 descr:          TANGRAM CANADA INC.
  89 remarks:        Rogue ISP related to Stark Industries / AS44477
  90 country:        CA
  91 drop:           yes
  92
  93 aut-num:        AS54600
  94 descr:          PEG TECH INC
  95 remarks:        ISP and IP hijacker located in US this time, tampers with RIR data
  96 country:        US
  97 drop:           yes
  98
  99 aut-num:        AS55020
 100 descr:          Aodao Inc
 101 remarks:        part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
 102 country:        HK
 103 drop:           yes
 104
 105 aut-num:        AS55303
 106 descr:          Eagle Sky Co., Lt[d ?]
 107 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 108 country:        AP
 109 drop:           yes
 110
 111 aut-num:        AS55933
 112 descr:          Cloudie Limited / Worria
 113 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 114 country:        HK
 115 drop:           yes
 116
 117 aut-num:        AS57509
 118 descr:          L&L Investment Ltd.
 119 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta"
 120 country:        BG
 121 drop:           yes
 122
 123 aut-num:        AS56611
 124 descr:          REBA Communications BV
 125 remarks:        bulletproof ISP (related to AS202425) located in NL
 126 country:        NL
 127 drop:           yes
 128
 129 aut-num:        AS56873
 130 descr:          1337TEAM LIMITED / eliteteam[.]to
 131 remarks:        Bulletproof ISP
 132 country:        RU
 133 drop:           yes
 134
 135 aut-num:        AS57523
 136 descr:          Chang Way Technologies Co. Limited
 137 remarks:        Bulletproof ISP
 138 country:        RU
 139 drop:           yes
 140
 141 aut-num:        AS57717
 142 descr:          FiberXpress BV
 143 remarks:        bulletproof ISP (related to AS202425) located in NL
 144 country:        NL
 145 drop:           yes
 146
 147 aut-num:        AS57858
 148 descr:          Inter Connects Inc.
 149 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 150 country:        SE
 151 drop:           yes
 152
 153 aut-num:        AS57972
 154 descr:          Inter Connects Inc.
 155 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
 156 country:        SE
 157 drop:           yes
 158
 159 aut-num:        AS58271
 160 descr:          Tyatkova Oksana Valerievna
 161 remarks:        bulletproof ISP operating from a war zone in eastern UA
 162 country:        UA
 163 drop:           yes
 164
 165 aut-num:        AS58810
 166 descr:          iZus Co., Ltd
 167 remarks:        Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
 168 country:        AP
 169 drop:           yes
 170
 171 aut-num:        AS58931
 172 descr:          24.hk global BGP
 173 remarks:        Part of the "ASLINE" IP hijacking operation
 174 country:        HK
 175 drop:           yes
 176
 177 aut-num:        AS59425
 178 descr:          HORIZON LLC
 179 remarks:        Rogue ISP
 180 country:        RU
 181 drop:           yes
 182
 183 aut-num:        AS60485
 184 descr:          Inter Connects Inc. / Jing Yun
 185 remarks:        part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
 186 country:        SE
 187 drop:           yes
 188
 189 aut-num:        AS61302
 190 descr:          HUIZE LTD
 191 remarks:        Bulletproof ISP
 192 drop:           yes
 193
 194 aut-num:        AS61432
 195 descr:          TOV VAIZ PARTNER
 196 remarks:        Rogue ISP
 197 drop:           yes
 198
 199 aut-num:        AS62068
 200 descr:          SpectraIP B.V.
 201 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 202 country:        NL
 203 drop:           yes
 204
 205 aut-num:        AS64425
 206 descr:          SKB Enterprise B.V.
 207 remarks:        bulletproof ISP (linked to AS202425 et al.) located in NL
 208 country:        NL
 209 drop:           yes
 210
 211 aut-num:        AS133201
 212 descr:          ABCDE GROUP COMPANY LIMITED
 213 remarks:        ISP and/or IP hijacker located in HK
 214 country:        HK
 215 drop:           yes
 216
 217 aut-num:        AS135097
 218 descr:          LUOGELANG (FRANCE) LIMITED
 219 remarks:        Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
 220 country:        HK
 221 drop:           yes
 222
 223 aut-num:        AS136545
 224 descr:          Blue Data Center
 225 remarks:        IP hijacker located somewhere in AP area, tampers with RIR data
 226 country:        AP
 227 drop:           yes
 228
 229 aut-num:        AS136800
 230 descr:          ICIDC NETWORK
 231 remarks:        IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 232 country:        HK
 233 drop:           yes
 234
 235 aut-num:        AS137443
 236 descr:          Anchnet Asia Limited
 237 remarks:        IP hijacker located in HK, tampers with RIR data
 238 country:        HK
 239 drop:           yes
 240
 241 aut-num:        AS137523
 242 descr:          HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
 243 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 244 country:        HK
 245 drop:           yes
 246
 247 aut-num:        AS137951
 248 descr:          Clayer Limited
 249 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
 250 country:        HK
 251 drop:           yes
 252
 253 aut-num:        AS138648
 254 descr:          ASLINE Global Exchange
 255 remarks:        IP hijacker located in HK
 256 country:        HK
 257 drop:           yes
 258
 259 aut-num:        AS139330
 260 descr:          SANREN DATA LIMITED
 261 remarks:        IP hijacker located somewhere in AP region, tampers with RIR data
 262 country:        AP
 263 drop:           yes
 264
 265 aut-num:        AS140107
 266 descr:          CITIS CLOUD GROUP LIMITED
 267 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data
 268 country:        AP
 269 drop:           yes
 270
 271 aut-num:        AS140227
 272 descr:          Hong Kong Communications International Co., Limited
 273 remarks:        part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 274 country:        AP
 275 drop:           yes
 276
 277 aut-num:        AS141159
 278 descr:          Incomparable(HK)Network Co., Limited
 279 remarks:        ISP and IP hijacker located in HK, tampers with RIR data
 280 country:        HK
 281 drop:           yes
 282
 283 aut-num:        AS141746
 284 descr:          Orenji Server
 285 remarks:        IP hijacker located somewhere in AP area (JP?)
 286 country:        AP
 287 drop:           yes
 288
 289 aut-num:        AS141759
 290 descr:          HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
 291 remarks:        Dirty ISP located in NL
 292 country:        NL
 293 drop:           yes
 294
 295 aut-num:        AS200313
 296 descr:          IT WEB LTD
 297 remarks:        All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
 298 drop:           yes
 299
 300 aut-num:        AS200391
 301 descr:          KREZ 999 EOOD
 302 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 303 country:        BG
 304 drop:           yes
 305
 306 aut-num:        AS202325
 307 descr:          4Media Ltd.
 308 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 309 country:        BG
 310 drop:           yes
 311
 312 aut-num:        AS202425
 313 descr:          IP Volume Inc.
 314 remarks:        bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
 315 country:        NL
 316 drop:           yes
 317
 318 aut-num:        AS202769
 319 descr:          NETSTYLE A. LTD
 320 remarks:        bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
 321 country:        NL
 322 drop:           yes
 323
 324 aut-num:        AS204353
 325 descr:          Global Offshore Limited
 326 remarks:        part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
 327 country:        EU
 328 drop:           yes
 329
 330 aut-num:        AS204428
 331 descr:          SS-Net
 332 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 333 country:        BG
 334 drop:           yes
 335
 336 aut-num:        AS204603
 337 descr:          Partner LLC / LetHost LLC
 338 remarks:        Bulletproof ISP
 339 drop:           yes
 340
 341 aut-num:        AS206728
 342 descr:          Media Land LLC
 343 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 344 country:        RU
 345 drop:           yes
 346
 347 aut-num:        AS207566
 348 descr:          Chang Way Technologies Co. Limited
 349 remarks:        Rogue ISP
 350 country:        RU
 351 drop:           yes
 352
 353 aut-num:        AS209160
 354 descr:          Miti 2000 EOOD
 355 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 356 country:        BG
 357 drop:           yes
 358
 359 aut-num:        AS209272
 360 descr:          Alviva Holding Limited
 361 remarks:        bulletproof ISP operating from a war zone in eastern UA
 362 country:        UA
 363 drop:           yes
 364
 365 aut-num:        AS209559
 366 descr:          XHOST INTERNET SOLUTIONS LP
 367 remarks:        Rogue ISP (linked to AS202425) located in NL
 368 country:        NL
 369 drop:           yes
 370
 371 aut-num:        AS210352
 372 descr:          Partner LLC
 373 remarks:        All cybercrime hosting, all the time
 374 country:        RU
 375 drop:           yes
 376
 377 aut-num:        AS210644
 378 descr:          AEZA GROUP Ltd
 379 remarks:        In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
 380 country:        RU
 381 drop:           yes
 382
 383 aut-num:        AS210848
 384 descr:          Telkom Internet LTD
 385 remarks:        Rogue ISP (linked to AS202425) located in NL
 386 country:        NL
 387 drop:           yes
 388
 389 aut-num:        AS211059
 390 descr:          Tribeka Web Advisors S.A.
 391 remarks:        Dirty ISP, see individual network entries below
 392 drop:           yes
 393
 394 aut-num:        AS211193
 395 descr:          ABDILAZIZ UULU ZHUSUP
 396 remarks:        bulletproof ISP and IP hijacker, traces to RU
 397 country:        RU
 398 drop:           yes
 399
 400 aut-num:        AS211252
 401 descr:          Delis LLC
 402 remarks:        Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
 403 country:        NL
 404 drop:           yes
 405
 406 aut-num:        AS211138
 407 descr:          Private-Hosting di Cipriano Oscar
 408 remarks:        Bulletproof combahton GmbH customer in DE
 409 country:        DE
 410 drop:           yes
 411
 412 aut-num:        AS211805
 413 descr:          Media Land LLC
 414 remarks:        bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
 415 country:        RU
 416 drop:           yes
 417
 418 aut-num:        AS211849
 419 descr:          Kakharov Orinbassar Maratuly
 420 remarks:        ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
 421 country:        KZ
 422 drop:           yes
 423
 424 aut-num:        AS212283
 425 descr:          ROZA HOLIDAYS EOOD
 426 remarks:        another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
 427 country:        BG
 428 drop:           yes
 429
 430 aut-num:        AS212552
 431 descr:          BitCommand LLC
 432 remarks:        Dirty ISP located somewhere in EU, cannot trust RIR data of this network
 433 country:        EU
 434 drop:           yes
 435
 436 aut-num:        AS213058
 437 descr:          Private Internet Hosting LTD
 438 remarks:        bulletproof ISP located in RU
 439 country:        RU
 440 drop:           yes
 441
 442 aut-num:        AS213194
 443 descr:          Alfa Web Solutions Ltd
 444 remarks:        Rogue ISP (linked to AS57717) located in NL
 445 country:        NL
 446 drop:           yes
 447
 448 aut-num:        AS213254
 449 descr:          OOO RAIT TELECOM
 450 remarks:        Bulletproof connectivity procurer for AS51381
 451 country:        RU
 452 drop:           yes
 453
 454 aut-num:        AS215540
 455 descr:          GLOBAL CONNECTIVITY SOLUTIONS LLP
 456 remarks:        Rogue ISP related to AS44477
 457 drop:           yes
 458
 459 aut-num:        AS328543
 460 descr:          Sun Network Company Limited
 461 remarks:        IP hijacker, traces back to AP region
 462 country:        AP
 463 drop:           yes
 464
 465 aut-num:        AS393889
 466 descr:          EightJoy Network LLC
 467 remarks:        Most likely hijacked or criminal AS
 468 country:        HK
 469 drop:           yes
 470
 471 aut-num:        AS398478
 472 descr:          PEG TECH INC
 473 remarks:        ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
 474 country:        HK
 475 drop:           yes
 476
 477 aut-num:        AS398993
 478 descr:          PEG TECH INC
 479 remarks:        ISP located in JP, tampers with RIR data
 480 country:        JP
 481 drop:           yes
 482
 483 aut-num:        AS399195
 484 descr:          PEG TECH INC
 485 remarks:        ISP located in KR, tampers with RIR data
 486 country:        KR
 487 drop:           yes
 488
 489 aut-num:        AS400161
 490 descr:          Academy of Internet Research Limited Liability Company
 491 remarks:        Mass-scanning, apparently without legitimate intention
 492 drop:           yes
 493
 494 aut-num:        AS400506
 495 descr:          Black Apple
 496 remarks:        Solely announces hijacked prefixes out of JP, no legitimate infrastructure
 497 country:        JP
 498 drop:           yes
 499
 500 net:            45.143.203.0/24
 501 descr:          TOV VAIZ PARTNER
 502 remarks:        Attack network tracing back to NL
 503 country:        NL
 504 drop:           yes
 505
 506 net:            196.11.32.0/20
 507 descr:          Sanlam Life Insurance Limited
 508 remarks:        Stolen AfriNIC IPv4 space announced from NL?
 509 country:        NL
 510 drop:           yes
 511
 512 net:            2a0e:b107:17fe::/47
 513 descr:          Amarai-Network - Location Test @ Antarctic
 514 remarks:        Tampers with RIR data, not a safe place to route traffic to
 515 drop:           yes
 516
 517 net:            2a0e:b107:d10::/44
 518 descr:          NZB.si Enterprises
 519 remarks:        Tampers with RIR data, not a safe place to route traffic to
 520 drop:           yes
 521
 522 net:            2a0f:7a80::/29
 523 descr:          ASLINE Limited
 524 remarks:        APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
 525 country:        HK
 526 drop:           yes