]> git.ipfire.org Git - location/location-database.git/blob - overrides/override-xd.txt
projects / location / location-database.git / blob
? search:


ae87688baa808e57e87d271cfb6b48efc6f51c85
[location/location-database.git] / overrides / override-xd.txt
1 #
2 # override-xd [.txt]
3 #
4 # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
5 # posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
6 #
7 # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
8 # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
9 # flag for hostile networks.
10 #
11 # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
12 # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
13 # hosting space for cybercrime infrastructure.
14 #
15 # This file should not contain short-lived threats being hosted within legitimate infrastructures, as
16 # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
17 # clients download a new database once a week.
18 #
19 # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
20 # here.
21 #
22 # Improvement suggestions are appreciated, please submit them as patches to the location mailing
23 # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
24 # for further information.
25 #
26 # Please keep this file sorted.
27 #
28
29 aut-num: AS24567
30 descr: QT Inc.
31 remarks: IP hijacker operating out of AP area (HK or TW?)
32 country: AP
33 drop: yes
34
35 aut-num: AS39770
36 descr: 1337TEAM LIMITED / eliteteam[.]to
37 remarks: Bulletproof ISP tampering with RIR data
38 country: RU
39 drop: yes
40
41 aut-num: AS41564
42 descr: Orion Network Limited
43 remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
44 drop: yes
45
46 aut-num: AS41909
47 descr: PINVDS OU
48 remarks: all cybercrime hosting, all the time
49 country: RU
50 drop: yes
51
52 aut-num: AS42624
53 descr: Global-Data System IT Corporation (f/k/a Simple Carrier LLC)
54 remarks: Bulletproof ISP tampering with RIR data, used to trace back to NL
55 country: NL
56 drop: yes
57
58 aut-num: AS44477
59 descr: STARK INDUSTRIES SOLUTIONS LTD
60 remarks: Rogue ISP in multiple locations, some RIR data contain garbage
61 drop: yes
62
63 aut-num: AS48090
64 descr: PPTECHNOLOGY LIMITED
65 remarks: bulletproof ISP (related to AS204655) located in NL
66 country: NL
67 drop: yes
68
69 aut-num: AS48950
70 descr: GLOBAL COLOCATION LIMITED
71 remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
72 country: EU
73 drop: yes
74
75 aut-num: AS49870
76 descr: Alsycon BV
77 remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
78 country: NL
79 drop: yes
80
81 aut-num: AS49466
82 descr: KLAYER LLC
83 remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR
84 country: CR
85 drop: yes
86
87 aut-num: AS51381
88 descr: 1337TEAM LIMITED / eliteteam[.]to
89 remarks: Bulletproof ISP
90 country: RU
91 drop: yes
92
93 aut-num: AS53363
94 descr: TANGRAM CANADA INC.
95 remarks: Rogue ISP related to Stark Industries / AS44477
96 country: CA
97 drop: yes
98
99 aut-num: AS54600
100 descr: PEG TECH INC
101 remarks: ISP and IP hijacker located in US this time, tampers with RIR data
102 country: US
103 drop: yes
104
105 aut-num: AS55020
106 descr: Aodao Inc
107 remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
108 country: HK
109 drop: yes
110
111 aut-num: AS55303
112 descr: Eagle Sky Co., Lt[d ?]
113 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
114 country: AP
115 drop: yes
116
117 aut-num: AS55933
118 descr: Cloudie Limited / Worria
119 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
120 country: HK
121 drop: yes
122
123 aut-num: AS57509
124 descr: L&L Investment Ltd.
125 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta"
126 country: BG
127 drop: yes
128
129 aut-num: AS56611
130 descr: REBA Communications BV
131 remarks: bulletproof ISP (related to AS202425) located in NL
132 country: NL
133 drop: yes
134
135 aut-num: AS56873
136 descr: 1337TEAM LIMITED / eliteteam[.]to
137 remarks: Bulletproof ISP
138 country: RU
139 drop: yes
140
141 aut-num: AS57523
142 descr: Chang Way Technologies Co. Limited
143 remarks: Bulletproof ISP
144 country: RU
145 drop: yes
146
147 aut-num: AS57717
148 descr: FiberXpress BV
149 remarks: bulletproof ISP (related to AS202425) located in NL
150 country: NL
151 drop: yes
152
153 aut-num: AS57858
154 descr: Inter Connects Inc.
155 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
156 country: SE
157 drop: yes
158
159 aut-num: AS57972
160 descr: Inter Connects Inc.
161 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
162 country: SE
163 drop: yes
164
165 aut-num: AS58271
166 descr: Tyatkova Oksana Valerievna
167 remarks: bulletproof ISP operating from a war zone in eastern UA
168 country: UA
169 drop: yes
170
171 aut-num: AS58810
172 descr: iZus Co., Ltd
173 remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
174 country: AP
175 drop: yes
176
177 aut-num: AS58931
178 descr: 24.hk global BGP
179 remarks: Part of the "ASLINE" IP hijacking operation
180 country: HK
181 drop: yes
182
183 aut-num: AS59425
184 descr: HORIZON LLC
185 remarks: Rogue ISP
186 country: RU
187 drop: yes
188
189 aut-num: AS60485
190 descr: Inter Connects Inc. / Jing Yun
191 remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
192 country: SE
193 drop: yes
194
195 aut-num: AS61302
196 descr: HUIZE LTD
197 remarks: Bulletproof ISP
198 drop: yes
199
200 aut-num: AS61432
201 descr: TOV VAIZ PARTNER
202 remarks: Rogue ISP
203 drop: yes
204
205 aut-num: AS62068
206 descr: SpectraIP B.V.
207 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
208 country: NL
209 drop: yes
210
211 aut-num: AS64425
212 descr: SKB Enterprise B.V.
213 remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
214 country: NL
215 drop: yes
216
217 aut-num: AS133201
218 descr: ABCDE GROUP COMPANY LIMITED
219 remarks: ISP and/or IP hijacker located in HK
220 country: HK
221 drop: yes
222
223 aut-num: AS135097
224 descr: LUOGELANG (FRANCE) LIMITED
225 remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
226 country: HK
227 drop: yes
228
229 aut-num: AS136545
230 descr: Blue Data Center
231 remarks: IP hijacker located somewhere in AP area, tampers with RIR data
232 country: AP
233 drop: yes
234
235 aut-num: AS136800
236 descr: ICIDC NETWORK
237 remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
238 country: HK
239 drop: yes
240
241 aut-num: AS137443
242 descr: Anchnet Asia Limited
243 remarks: IP hijacker located in HK, tampers with RIR data
244 country: HK
245 drop: yes
246
247 aut-num: AS137523
248 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
249 remarks: ISP and IP hijacker located in HK, tampers with RIR data
250 country: HK
251 drop: yes
252
253 aut-num: AS137951
254 descr: Clayer Limited
255 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
256 country: HK
257 drop: yes
258
259 aut-num: AS138648
260 descr: ASLINE Global Exchange
261 remarks: IP hijacker located in HK
262 country: HK
263 drop: yes
264
265 aut-num: AS139330
266 descr: SANREN DATA LIMITED
267 remarks: IP hijacker located somewhere in AP region, tampers with RIR data
268 country: AP
269 drop: yes
270
271 aut-num: AS140107
272 descr: CITIS CLOUD GROUP LIMITED
273 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data
274 country: AP
275 drop: yes
276
277 aut-num: AS140227
278 descr: Hong Kong Communications International Co., Limited
279 remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
280 country: AP
281 drop: yes
282
283 aut-num: AS141159
284 descr: Incomparable(HK)Network Co., Limited
285 remarks: ISP and IP hijacker located in HK, tampers with RIR data
286 country: HK
287 drop: yes
288
289 aut-num: AS141746
290 descr: Orenji Server
291 remarks: IP hijacker located somewhere in AP area (JP?)
292 country: AP
293 drop: yes
294
295 aut-num: AS141759
296 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
297 remarks: Dirty ISP located in NL
298 country: NL
299 drop: yes
300
301 aut-num: AS200313
302 descr: IT WEB LTD
303 remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
304 drop: yes
305
306 aut-num: AS200391
307 descr: KREZ 999 EOOD
308 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
309 country: BG
310 drop: yes
311
312 aut-num: AS202325
313 descr: 4Media Ltd.
314 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
315 country: BG
316 drop: yes
317
318 aut-num: AS202425
319 descr: IP Volume Inc.
320 remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
321 country: NL
322 drop: yes
323
324 aut-num: AS202769
325 descr: NETSTYLE A. LTD
326 remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
327 country: NL
328 drop: yes
329
330 aut-num: AS204353
331 descr: Global Offshore Limited
332 remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
333 country: EU
334 drop: yes
335
336 aut-num: AS204428
337 descr: SS-Net
338 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
339 country: BG
340 drop: yes
341
342 aut-num: AS204603
343 descr: Partner LLC / LetHost LLC
344 remarks: Bulletproof ISP
345 drop: yes
346
347 aut-num: AS206728
348 descr: Media Land LLC
349 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
350 country: RU
351 drop: yes
352
353 aut-num: AS207566
354 descr: Chang Way Technologies Co. Limited
355 remarks: Rogue ISP
356 country: RU
357 drop: yes
358
359 aut-num: AS209160
360 descr: Miti 2000 EOOD
361 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
362 country: BG
363 drop: yes
364
365 aut-num: AS209272
366 descr: Alviva Holding Limited
367 remarks: bulletproof ISP operating from a war zone in eastern UA
368 country: UA
369 drop: yes
370
371 aut-num: AS209559
372 descr: XHOST INTERNET SOLUTIONS LP
373 remarks: Rogue ISP (linked to AS202425) located in NL
374 country: NL
375 drop: yes
376
377 aut-num: AS210352
378 descr: Partner LLC
379 remarks: All cybercrime hosting, all the time
380 country: RU
381 drop: yes
382
383 aut-num: AS210644
384 descr: AEZA GROUP Ltd
385 remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
386 country: RU
387 drop: yes
388
389 aut-num: AS210848
390 descr: Telkom Internet LTD
391 remarks: Rogue ISP (linked to AS202425) located in NL
392 country: NL
393 drop: yes
394
395 aut-num: AS211059
396 descr: Tribeka Web Advisors S.A.
397 remarks: Dirty ISP, see individual network entries below
398 drop: yes
399
400 aut-num: AS211193
401 descr: ABDILAZIZ UULU ZHUSUP
402 remarks: bulletproof ISP and IP hijacker, traces to RU
403 country: RU
404 drop: yes
405
406 aut-num: AS211252
407 descr: Delis LLC
408 remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
409 country: NL
410 drop: yes
411
412 aut-num: AS211138
413 descr: Private-Hosting di Cipriano Oscar
414 remarks: Bulletproof combahton GmbH customer in DE
415 country: DE
416 drop: yes
417
418 aut-num: AS211805
419 descr: Media Land LLC
420 remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
421 country: RU
422 drop: yes
423
424 aut-num: AS211849
425 descr: Kakharov Orinbassar Maratuly
426 remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
427 country: KZ
428 drop: yes
429
430 aut-num: AS212283
431 descr: ROZA HOLIDAYS EOOD
432 remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
433 country: BG
434 drop: yes
435
436 aut-num: AS212552
437 descr: BitCommand LLC
438 remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network
439 country: EU
440 drop: yes
441
442 aut-num: AS213058
443 descr: Private Internet Hosting LTD
444 remarks: bulletproof ISP located in RU
445 country: RU
446 drop: yes
447
448 aut-num: AS213194
449 descr: Alfa Web Solutions Ltd
450 remarks: Rogue ISP (linked to AS57717) located in NL
451 country: NL
452 drop: yes
453
454 aut-num: AS213254
455 descr: OOO RAIT TELECOM
456 remarks: Bulletproof connectivity procurer for AS51381
457 country: RU
458 drop: yes
459
460 aut-num: AS215540
461 descr: GLOBAL CONNECTIVITY SOLUTIONS LLP
462 remarks: Rogue ISP related to AS44477
463 drop: yes
464
465 aut-num: AS328543
466 descr: Sun Network Company Limited
467 remarks: IP hijacker, traces back to AP region
468 country: AP
469 drop: yes
470
471 aut-num: AS393889
472 descr: EightJoy Network LLC
473 remarks: Most likely hijacked or criminal AS
474 country: HK
475 drop: yes
476
477 aut-num: AS398478
478 descr: PEG TECH INC
479 remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
480 country: HK
481 drop: yes
482
483 aut-num: AS398993
484 descr: PEG TECH INC
485 remarks: ISP located in JP, tampers with RIR data
486 country: JP
487 drop: yes
488
489 aut-num: AS399195
490 descr: PEG TECH INC
491 remarks: ISP located in KR, tampers with RIR data
492 country: KR
493 drop: yes
494
495 aut-num: AS400161
496 descr: Academy of Internet Research Limited Liability Company
497 remarks: Mass-scanning, apparently without legitimate intention
498 drop: yes
499
500 aut-num: AS400506
501 descr: Black Apple
502 remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure
503 country: JP
504 drop: yes
505
506 net: 45.143.203.0/24
507 descr: TOV VAIZ PARTNER
508 remarks: Attack network tracing back to NL
509 country: NL
510 drop: yes
511
512 net: 196.11.32.0/20
513 descr: Sanlam Life Insurance Limited
514 remarks: Stolen AfriNIC IPv4 space announced from NL?
515 country: NL
516 drop: yes
517
518 net: 2a0e:b107:17fe::/47
519 descr: Amarai-Network - Location Test @ Antarctic
520 remarks: Tampers with RIR data, not a safe place to route traffic to
521 drop: yes
522
523 net: 2a0e:b107:d10::/44
524 descr: NZB.si Enterprises
525 remarks: Tampers with RIR data, not a safe place to route traffic to
526 drop: yes
527
528 net: 2a0f:7a80::/29
529 descr: ASLINE Limited
530 remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
531 country: HK
532 drop: yes
A database to determine someone's location on the Internet