#
# override-xd [.txt]
#
# This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile,
# posing a _technical_ threat against libloc users in general and/or IPFire users in particular.
#
# libloc neither was intended to be an "opinionated" database, nor should it become that way. Please
# refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special
# flag for hostile networks.
#
# Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to
# host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof"
# hosting space for cybercrime infrastructure.
#
# This file should not contain short-lived threats being hosted within legitimate infrastructures, as
# libloc it neither intended nor suitable to protect against such threats in a timely manner - by default,
# clients download a new database once a week.
#
# Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed
# here.
#
# Improvement suggestions are appreciated, please submit them as patches to the location mailing
# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
# for further information.
#
# Please keep this file sorted.
#

aut-num:	AS15828
descr:		Robat Blue Diamond Network Co., Ltd.
remarks:	Bulletproof ISP tampering with RIR data
country:	LT
drop:		yes

aut-num:	AS24567
descr:		QT Inc.
remarks:	IP hijacker operating out of AP area (HK or TW?)
country:	AP
drop:		yes

aut-num:	AS39770
descr:		1337TEAM LIMITED / eliteteam[.]to
remarks:	Bulletproof ISP tampering with RIR data
country:	RU
drop:		yes

aut-num:	AS41564
descr:		Orion Network Limited
remarks:	shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
drop:		yes

aut-num:	AS41909
descr:		PINVDS OU
remarks:	all cybercrime hosting, all the time
country:	RU
drop:		yes

aut-num:	AS44446
descr:		OOO SibirInvest
remarks:	bulletproof ISP (related to AS202425 and AS57717) located in NL
country:	NL
drop:		yes

aut-num:	AS44477
descr:		STARK INDUSTRIES SOLUTIONS LTD
remarks:	Rogue ISP in multiple locations, some RIR data contain garbage
drop:		yes

aut-num:	AS47154
descr:		HUSAM A. H. HIJAZI
remarks:	Rogue ISP located in NL
country:	NL
drop:		yes

aut-num:	AS48090
descr:		PPTECHNOLOGY LIMITED
remarks:	bulletproof ISP (related to AS204655) located in NL
country:	NL
drop:		yes

aut-num:	AS48950
descr:		GLOBAL COLOCATION LIMITED
remarks:	Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted
country:	EU
drop:		yes

aut-num:	AS49447
descr:		Nice IT Services Group Inc.
remarks:	Rogue ISP
drop:		yes

aut-num:	AS49870
descr:		Alsycon BV
remarks:	Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage
country:	NL
drop:		yes

aut-num:	AS49466
descr:		KLAYER LLC
remarks:	part of the "Asline" IP hijacking gang, traces back to San Jose, CR
country:	CR
drop:		yes

aut-num:	AS49943
descr:		IT Resheniya LLC
remarks:	Rogue ISP
country:	RU
drop:		yes

aut-num:	AS51381
descr:		1337TEAM LIMITED / eliteteam[.]to
remarks:	Bulletproof ISP
country:	RU
drop:		yes

aut-num:	AS53727
descr:		Netsys Global Telecom Limited (?)
remarks:	Hijacked AS announced out of some location in AP, possibly HK
country:	AP
drop:		yes

aut-num:	AS54600
descr:		PEG TECH INC
remarks:	ISP and IP hijacker located in US this time, tampers with RIR data
country:	US
drop:		yes

aut-num:	AS55020
descr:		Aodao Inc
remarks:	part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK
country:	HK
drop:		yes

aut-num:	AS55303
descr:		Eagle Sky Co., Lt[d ?]
remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
country:	AP
drop:		yes

aut-num:	AS55933
descr:		Cloudie Limited
remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
country:	HK
drop:		yes

aut-num:	AS57509
descr:		L&L Investment Ltd.
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta"
country:	BG
drop:		yes

aut-num:	AS56611
descr:		REBA Communications BV
remarks:	bulletproof ISP (related to AS202425) located in NL
country:	NL
drop:		yes

aut-num:	AS56873
descr:		1337TEAM LIMITED / eliteteam[.]to
remarks:	Bulletproof ISP
country:	RU
drop:		yes

aut-num:	AS57523
descr:		Chang Way Technologies Co. Limited
remarks:	Bulletproof ISP
country:	RU
drop:		yes

aut-num:	AS57717
descr:		FiberXpress BV
remarks:	bulletproof ISP (related to AS202425) located in NL
country:	NL
drop:		yes

aut-num:	AS57858
descr:		Inter Connects Inc.
remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
country:	SE
drop:		yes

aut-num:	AS57972
descr:		Inter Connects Inc.
remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
country:	SE
drop:		yes

aut-num:	AS58271
descr:		Tyatkova Oksana Valerievna
remarks:	bulletproof ISP operating from a war zone in eastern UA
country:	UA
drop:		yes

aut-num:	AS58810
descr:		iZus Co., Ltd
remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
country:	AP
drop:		yes

aut-num:	AS58931
descr:		24.hk global BGP
remarks:	Part of the "ASLINE" IP hijacking operation
country:	HK
drop:		yes

aut-num:	AS59425
descr:		HORIZON LLC
remarks:	Rogue ISP
country:	RU
drop:		yes

aut-num:	AS60485
descr:		Inter Connects Inc. / Jing Yun
remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
country:	SE
drop:		yes

aut-num:	AS61302
descr:		HUIZE LTD
remarks:	Bulletproof ISP
drop:		yes

aut-num:	AS61432
descr:		TOV VAIZ PARTNER
remarks:	Rogue ISP
drop:		yes

aut-num:	AS62068
descr:		SpectraIP B.V.
remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
country:	NL
drop:		yes

aut-num:	AS64425
descr:		SKB Enterprise B.V.
remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
country:	NL
drop:		yes

aut-num:	AS133201
descr:		ABCDE GROUP COMPANY LIMITED
remarks:	ISP and/or IP hijacker located in HK
country:	HK
drop:		yes

aut-num:	AS135097
descr:		LUOGELANG (FRANCE) LIMITED
remarks:	Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it
country:	HK
drop:		yes

aut-num:	AS136545
descr:		Blue Data Center
remarks:	IP hijacker located somewhere in AP area, tampers with RIR data
country:	AP
drop:		yes

aut-num:	AS136800
descr:		ICIDC NETWORK
remarks:	IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
country:	HK
drop:		yes

aut-num:	AS137443
descr:		Anchnet Asia Limited
remarks:	IP hijacker located in HK, tampers with RIR data
country:	HK
drop:		yes

aut-num:	AS137523
descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
remarks:	ISP and IP hijacker located in HK, tampers with RIR data
country:	HK
drop:		yes

aut-num:	AS137951
descr:		Clayer Limited
remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
country:	HK
drop:		yes

aut-num:	AS138648
descr:		ASLINE Global Exchange
remarks:	IP hijacker located in HK
country:	HK
drop:		yes

aut-num:	AS139330
descr:		SANREN DATA LIMITED
remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
country:	AP
drop:		yes

aut-num:	AS140107
descr:		CITIS CLOUD GROUP LIMITED
remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data
country:	AP
drop:		yes

aut-num:	AS140227
descr:		Hong Kong Communications International Co., Limited
remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
country:	AP
drop:		yes

aut-num:	AS141159
descr:		Incomparable(HK)Network Co., Limited
remarks:	ISP and IP hijacker located in HK, tampers with RIR data
country:	HK
drop:		yes

aut-num:	AS141746
descr:		Orenji Server
remarks:	IP hijacker located somewhere in AP area (JP?)
country:	AP
drop:		yes

aut-num:	AS141759
descr:		HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED
remarks:	Dirty ISP located in NL
country:	NL
drop:		yes

aut-num:	AS200313
descr:		IT WEB LTD
remarks:	All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to
drop:		yes

aut-num:	AS200391
descr:		KREZ 999 EOOD
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
country:	BG
drop:		yes

aut-num:	AS202325
descr:		4Media Ltd.
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
country:	BG
drop:		yes

aut-num:	AS202425
descr:		IP Volume Inc.
remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
country:	NL
drop:		yes

aut-num:	AS202769
descr:		NETSTYLE A. LTD
remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL
country:	NL
drop:		yes

aut-num:	AS204353
descr:		Global Offshore Limited
remarks:	part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted
country:	EU
drop:		yes

aut-num:	AS204428
descr:		SS-Net
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
country:	BG
drop:		yes

aut-num:	AS204603
descr:		Partner LLC / LetHost LLC
remarks:	Bulletproof ISP
drop:		yes

aut-num:	AS206728
descr:		Media Land LLC
remarks:	bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country:	RU
drop:		yes

aut-num:	AS207566
descr:		Chang Way Technologies Co. Limited
remarks:	Rogue ISP
country:	RU
drop:		yes

aut-num:	AS209160
descr:		Miti 2000 EOOD
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
country:	BG
drop:		yes

aut-num:	AS209272
descr:		Alviva Holding Limited
remarks:	bulletproof ISP operating from a war zone in eastern UA
country:	UA
drop:		yes

aut-num:	AS209559
descr:		XHOST INTERNET SOLUTIONS LP
remarks:	Rogue ISP (linked to AS202425) located in NL
country:	NL
drop:		yes

aut-num:	AS210352
descr:		Partner LLC
remarks:	All cybercrime hosting, all the time
country:	RU
drop:		yes

aut-num:	AS210644
descr:		AEZA GROUP Ltd
remarks:	In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy
country:	RU
drop:		yes

aut-num:	AS210848
descr:		Telkom Internet LTD
remarks:	Rogue ISP (linked to AS202425) located in NL
country:	NL
drop:		yes

aut-num:	AS211059
descr:		Tribeka Web Advisors S.A.
remarks:	Dirty ISP, see individual network entries below
drop:		yes

aut-num:	AS211193
descr:		ABDILAZIZ UULU ZHUSUP
remarks:	bulletproof ISP and IP hijacker, traces to RU
country:	RU
drop:		yes

aut-num:	AS211252
descr:		Delis LLC
remarks:	Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage
country:	NL
drop:		yes

aut-num:	AS211138
descr:		Private-Hosting di Cipriano Oscar
remarks:	Bulletproof combahton GmbH customer in DE
country:	DE
drop:		yes

aut-num:	AS211805
descr:		Media Land LLC
remarks:	bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
country:	RU
drop:		yes

aut-num:	AS211849
descr:		Kakharov Orinbassar Maratuly
remarks:	ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
country:	KZ
drop:		yes

aut-num:	AS212283
descr:		ROZA HOLIDAYS EOOD
remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG
country:	BG
drop:		yes

aut-num:	AS212552
descr:		BitCommand LLC
remarks:	Dirty ISP located somewhere in EU, cannot trust RIR data of this network
country:	EU
drop:		yes

aut-num:	AS213058
descr:		Private Internet Hosting LTD
remarks:	bulletproof ISP located in RU
country:	RU
drop:		yes

aut-num:	AS213194
descr:		Alfa Web Solutions Ltd
remarks:	Rogue ISP (linked to AS57717) located in NL
country:	NL
drop:		yes

aut-num:	AS213254
descr:		OOO RAIT TELECOM
remarks:	Bulletproof connectivity procurer for AS51381
country:	RU
drop:		yes

aut-num:	AS328543
descr:		Sun Network Company Limited
remarks:	IP hijacker, traces back to AP region
country:	AP
drop:		yes

aut-num:	AS393889
descr:		EightJoy Network LLC
remarks:	Most likely hijacked or criminal AS
country:	HK
drop:		yes

aut-num:	AS398478
descr:		PEG TECH INC
remarks:	ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data
country:	HK
drop:		yes

aut-num:	AS398993
descr:		PEG TECH INC
remarks:	ISP located in JP, tampers with RIR data
country:	JP
drop:		yes

aut-num:	AS399195
descr:		PEG TECH INC
remarks:	ISP located in KR, tampers with RIR data
country:	KR
drop:		yes

aut-num:	AS400161
descr:		Academy of Internet Research Limited Liability Company
remarks:	Mass-scanning, apparently without legitimate intention
drop:		yes

aut-num:	AS400506
descr:		Black Apple
remarks:	Solely announces hijacked prefixes out of JP, no legitimate infrastructure
country:	JP
drop:		yes

net:		45.143.203.0/24
descr:		TOV VAIZ PARTNER
remarks:	Attack network tracing back to NL
country:	NL
drop:		yes

net:		196.11.32.0/20
descr:		Sanlam Life Insurance Limited
remarks:	Stolen AfriNIC IPv4 space announced from NL?
country:	NL
drop:		yes

net:		2a0e:b107:17fe::/47
descr:		Amarai-Network - Location Test @ Antarctic
remarks:	Tampers with RIR data, not a safe place to route traffic to
drop:		yes

net:		2a0e:b107:d10::/44
descr:		NZB.si Enterprises
remarks:	Tampers with RIR data, not a safe place to route traffic to
drop:		yes

net:		2a0f:7a80::/29
descr:		ASLINE Limited
remarks:	APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
country:	HK
drop:		yes