# # override-xd [.txt] # # This file contains Autonomous Systems and IP networks strongly believed or proofed to be hostile, # posing a _technical_ threat against libloc users in general and/or IPFire users in particular. # # libloc neither was intended to be an "opinionated" database, nor should it become that way. Please # refer to commit 69b3d894fbee6e94afc2a79593f7f6b300b88c10 for the rationale of implementing a special # flag for hostile networks. # # Technical threats cover publicly routable network infrastructure solely dedicated or massively abused to # host phishing, malware, C&C servers, non-benign vulnerability scanners, or being used as a "bulletproof" # hosting space for cybercrime infrastructure. # # This file should not contain short-lived threats being hosted within legitimate infrastructures, as # libloc it neither intended nor suitable to protect against such threats in a timely manner - by default, # clients download a new database once a week. # # Networks posing non-technical threats - i. e. not covered by the definition above - must not be listed # here. # # Improvement suggestions are appreciated, please submit them as patches to the location mailing # list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact # for further information. # # Please keep this file sorted. # aut-num: AS7586 descr: Cloudfort IT remarks: part of the "Asline" IP hijacking gang drop: yes aut-num: AS15828 descr: Blue Diamond Network Co., Ltd. remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB or IR for it's prefixes, but they all end up near Vilnius, LT country: LT drop: yes aut-num: AS18013 descr: ASLINE LIMITED remarks: IP hijacker, traces back to HK country: HK drop: yes aut-num: AS24567 descr: QT Inc. remarks: IP hijacker operating out of AP area (HK or TW?) country: AP drop: yes aut-num: AS35029 descr: WebLine LTD remarks: Rogue ISP country: RU drop: yes aut-num: AS39770 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes aut-num: AS40193 descr: Trit Networks, LLC remarks: all cybercrime hosting, all the time country: US drop: yes aut-num: AS41564 descr: Orion Network Limited remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks drop: yes aut-num: AS41909 descr: PINVDS OU remarks: all cybercrime hosting, all the time country: RU drop: yes aut-num: AS43092 descr: Kirin Communication Limited remarks: Hijacks IP space and tampers with RIR data, traces back to JP country: JP drop: yes aut-num: AS44446 descr: OOO SibirInvest remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL country: NL drop: yes aut-num: AS44477 descr: STARK INDUSTRIES SOLUTIONS LTD remarks: Rogue ISP in multiple locations, some RIR data contain garbage drop: yes aut-num: AS47154 descr: HUSAM A. H. HIJAZI remarks: Rogue ISP located in NL country: NL drop: yes aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL drop: yes aut-num: AS48950 descr: GLOBAL COLOCATION LIMITED remarks: Part of the "Fiber Grid" IP hijacking / dirty hosting operation, RIR data cannot be trusted country: EU drop: yes aut-num: AS49447 descr: Nice IT Services Group Inc. remarks: Rogue ISP drop: yes aut-num: AS49870 descr: Alsycon BV remarks: Shady ISP (related to AS204655 et al., same postal address) located in NL, but some RIR data for announced prefixes contain garbage country: NL drop: yes aut-num: AS49466 descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to San Jose, CR country: CR drop: yes aut-num: AS49943 descr: IT Resheniya LLC remarks: Rogue ISP drop: yes aut-num: AS51381 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes aut-num: AS53727 descr: Netsys Global Telecom Limited (?) remarks: Hijacked AS announced out of some location in AP, possibly HK country: AP drop: yes aut-num: AS54600 descr: PEG TECH INC remarks: ISP and IP hijacker located in US this time, tampers with RIR data country: US drop: yes aut-num: AS55020 descr: Aodao Inc remarks: part of the "Asline" IP hijacking gang (?), tampers with RIR data, traces back to HK country: HK drop: yes aut-num: AS55303 descr: Eagle Sky Co., Lt[d ?] remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity country: AP drop: yes aut-num: AS55933 descr: Cloudie Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK country: HK drop: yes aut-num: AS57509 descr: L&L Investment Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta" country: BG drop: yes aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes aut-num: AS56873 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes aut-num: AS57416 descr: LLC South Internet remarks: Bulletproof ISP drop: yes aut-num: AS57523 descr: Chang Way Technologies Co. Limited remarks: Bulletproof ISP country: RU drop: yes aut-num: AS57717 descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes aut-num: AS57858 descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data country: SE drop: yes aut-num: AS57972 descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data country: SE drop: yes aut-num: AS58271 descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes aut-num: AS58810 descr: iZus Co., Ltd remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity country: AP drop: yes aut-num: AS58931 descr: 24.hk global BGP remarks: Part of the "ASLINE" IP hijacking operation country: HK drop: yes aut-num: AS59425 descr: HORIZON LLC remarks: Rogue ISP drop: yes aut-num: AS59753 descr: Vault Dweller OU remarks: bulletproof ISP (related to AS57717) located in NL country: NL drop: yes aut-num: AS59940 descr: Kanzas LLC remarks: Rogue ISP drop: yes aut-num: AS60424 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes aut-num: AS60485 descr: Inter Connects Inc. / Jing Yun remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks country: SE drop: yes aut-num: AS60930 descr: Intem LLC remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore country: RU drop: yes aut-num: AS61302 descr: HUIZE LTD remarks: Bulletproof ISP drop: yes aut-num: AS61432 descr: TOV VAIZ PARTNER remarks: Rogue ISP drop: yes aut-num: AS62068 descr: SpectraIP B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL country: NL drop: yes aut-num: AS64425 descr: SKB Enterprise B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL country: NL drop: yes aut-num: AS133201 descr: ABCDE GROUP COMPANY LIMITED remarks: ISP and/or IP hijacker located in HK country: HK drop: yes aut-num: AS135097 descr: LUOGELANG (FRANCE) LIMITED remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage, solely announcing "Cloud Innovation Ltd." space - no one will miss it country: HK drop: yes aut-num: AS136545 descr: Blue Data Center remarks: IP hijacker located somewhere in AP area, tampers with RIR data country: AP drop: yes aut-num: AS136800 descr: ICIDC NETWORK remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data country: HK drop: yes aut-num: AS137443 descr: Anchnet Asia Limited remarks: IP hijacker located in HK, tampers with RIR data country: HK drop: yes aut-num: AS137523 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED remarks: ISP and IP hijacker located in HK, tampers with RIR data country: HK drop: yes aut-num: AS137951 descr: Clayer Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK country: HK drop: yes aut-num: AS138648 descr: ASLINE Global Exchange remarks: IP hijacker located in HK country: HK drop: yes aut-num: AS139330 descr: SANREN DATA LIMITED remarks: IP hijacker located somewhere in AP region, tampers with RIR data country: AP drop: yes aut-num: AS140107 descr: CITIS CLOUD GROUP LIMITED remarks: part of the "Asline" IP hijacking gang, tampers with RIR data country: AP drop: yes aut-num: AS140227 descr: Hong Kong Communications International Co., Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP drop: yes aut-num: AS141159 descr: Incomparable(HK)Network Co., Limited remarks: ISP and IP hijacker located in HK, tampers with RIR data country: HK drop: yes aut-num: AS141746 descr: Orenji Server remarks: IP hijacker located somewhere in AP area (JP?) country: AP drop: yes aut-num: AS141759 descr: HONGKONG XING TONG HUI TECHNOLOGY CO.,LIMITED remarks: Dirty ISP located in NL country: NL drop: yes aut-num: AS200313 descr: IT WEB LTD remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to drop: yes aut-num: AS200391 descr: KREZ 999 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG drop: yes aut-num: AS202325 descr: 4Media Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG drop: yes aut-num: AS202425 descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL country: NL drop: yes aut-num: AS202769 descr: NETSTYLE A. LTD remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL country: NL drop: yes aut-num: AS204353 descr: Global Offshore Limited remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted country: EU drop: yes aut-num: AS204428 descr: SS-Net remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG drop: yes aut-num: AS204603 descr: Partner LLC / LetHost LLC remarks: Bulletproof ISP drop: yes aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes aut-num: AS206728 descr: Media Land LLC remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ country: RU drop: yes aut-num: AS207566 descr: Chang Way Technologies Co. Limited remarks: Rogue ISP country: RU drop: yes aut-num: AS209160 descr: Miti 2000 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG drop: yes aut-num: AS209272 descr: Alviva Holding Limited remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes aut-num: AS209559 descr: XHOST INTERNET SOLUTIONS LP remarks: Rogue ISP (linked to AS202425) located in NL country: NL drop: yes aut-num: AS210352 descr: Partner LLC remarks: All cybercrime hosting, all the time country: RU drop: yes aut-num: AS210644 descr: AEZA GROUP Ltd remarks: In all networks currently propagated by this AS, one is unable to find anything that has even a patina of legitimacy country: RU drop: yes aut-num: AS210848 descr: Telkom Internet LTD remarks: Rogue ISP (linked to AS202425) located in NL country: NL drop: yes aut-num: AS211059 descr: Tribeka Web Advisors S.A. remarks: Dirty ISP, see individual network entries below drop: yes aut-num: AS211193 descr: ABDILAZIZ UULU ZHUSUP remarks: bulletproof ISP and IP hijacker, traces to RU country: RU drop: yes aut-num: AS211252 descr: Delis LLC remarks: Bulletproof Serverion customer in NL, many RIR data for announced prefixes contain garbage country: NL drop: yes aut-num: AS211138 descr: Private-Hosting di Cipriano Oscar remarks: Bulletproof combahton GmbH customer in DE country: DE drop: yes aut-num: AS211805 descr: Media Land LLC remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ country: RU drop: yes aut-num: AS211849 descr: Kakharov Orinbassar Maratuly remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage country: KZ drop: yes aut-num: AS212283 descr: ROZA HOLIDAYS EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG country: BG drop: yes aut-num: AS212552 descr: BitCommand LLC remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network country: EU drop: yes aut-num: AS213010 descr: GigaHostingServices OU remarks: Does not appear to host any legitimate infrastructure whatsoever, just mass brute-force login attempts country: PL drop: yes aut-num: AS213058 descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU country: RU drop: yes aut-num: AS213194 descr: Alfa Web Solutions Ltd remarks: Rogue ISP (linked to AS57717) located in NL country: NL drop: yes aut-num: AS213254 descr: OOO RAIT TELECOM remarks: Bulletproof connectivity procurer for AS51381 country: RU drop: yes aut-num: AS328543 descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region country: AP drop: yes aut-num: AS328671 descr: Datapacket Maroc SARL remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes aut-num: AS393889 descr: EightJoy Network LLC remarks: Most likely hijacked or criminal AS country: HK drop: yes aut-num: AS398478 descr: PEG TECH INC remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data country: HK drop: yes aut-num: AS398993 descr: PEG TECH INC remarks: ISP located in JP, tampers with RIR data country: JP drop: yes aut-num: AS399195 descr: PEG TECH INC remarks: ISP located in KR, tampers with RIR data country: KR drop: yes aut-num: AS399674 descr: INTERNET HOSTSPACE GLOBAL INC remarks: Shady ISP located in US, solely announcing "Cloud Innovation Ltd." space - no one will miss it country: US drop: yes aut-num: AS400161 descr: Academy of Internet Research Limited Liability Company remarks: Mass-scanning, apparently without legitimate intention drop: yes aut-num: AS400506 descr: Black Apple remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure country: JP drop: yes net: 45.143.203.0/24 descr: TOV VAIZ PARTNER remarks: Attack network tracing back to NL country: NL drop: yes net: 61.177.172.0/23 descr: CHINANET jiangsu province network remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore drop: yes net: 89.23.103.0/24 descr: Media Land LLC / abuse-server[.]su remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ drop: yes net: 91.240.243.0/24 descr: Media Land LLC remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ drop: yes net: 92.63.196.0/24 descr: TOV VAIZ PARTNER / Perfect Hosting Solutions remarks: Attack network tracing back to NL country: NL drop: yes net: 103.176.21.0/24 descr: GIAP BICH NGOC COMMUNICATION COMPANY LIMITED remarks: Brute-force attack network drop: yes net: 109.206.241.0/24 descr: Serverion B.V. remarks: Leased to Neterra, all cybercrime, all the time drop: yes net: 111.7.96.0/24 descr: China Mobile Communications Corporation remarks: Brute-force attack network drop: yes net: 114.246.10.0/24 descr: China Unicom Beijing province network remarks: Brute-force attack network drop: yes net: 116.7.245.0/24 descr: CHINANET Guangdong province network remarks: Brute-force attack network drop: yes net: 116.57.185.0/24 descr: China Education and Research Network remarks: Brute-force attack network drop: yes net: 123.160.220.0/22 descr: CHINANET henan province network remarks: Brute-force attack network drop: yes net: 154.89.5.0/24 descr: Agotoz HK Limited remarks: Brute-force attack network drop: yes net: 185.156.72.0/24 descr: TOV VAIZ PARTNER / InterHost remarks: Attack network tracing back to UA country: UA drop: yes net: 185.196.220.0/24 descr: Makut Investments remarks: Brute-force attack network drop: yes net: 193.201.9.0/24 descr: Infolink LLC remarks: Based on domains ending up there, this network is entirely malicious drop: yes net: 193.233.81.0/24 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes net: 195.133.20.0/24 descr: Tribeka Web Advisors S.A. remarks: Tampers with RIR data, traces back to NL, not a safe place to route traffic to country: NL drop: yes net: 194.135.24.0/24 descr: Tribeka Web Advisors S.A. remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to country: US drop: yes net: 196.11.32.0/20 descr: Sanlam Life Insurance Limited remarks: Stolen AfriNIC IPv4 space announced from NL? country: NL drop: yes net: 2a0e:b107:17fe::/47 descr: Amarai-Network - Location Test @ Antarctic remarks: Tampers with RIR data, not a safe place to route traffic to drop: yes net: 2a0e:b107:d10::/44 descr: NZB.si Enterprises remarks: Tampers with RIR data, not a safe place to route traffic to drop: yes net: 2a0f:7a80::/29 descr: ASLINE Limited remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE country: HK drop: yes net: 2a10:9700::/29 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes