remarks: VPN provider
is-anonymous-proxy: yes
-aut-num: AS39770
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
-
aut-num: AS43233
descr: VPS 404 Ltd.
remarks: VPN provider [high confidence, but not proofed] located in ES
remarks: VPN provider
is-anonymous-proxy: yes
-aut-num: AS51381
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
-country: RU
-
aut-num: AS51446
descr: SP Argaev Artem Sergeyevich / Foundation Respect My Privacy
remarks: VPN provider [high confidence, but not proofed]
is-anonymous-proxy: yes
country: SE
-aut-num: AS55303
-descr: Eagle Sky Co., Lt[d ?]
-remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
-is-anonymous-proxy: yes
-country: AP
-
-aut-num: AS56873
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
-
aut-num: AS58110
descr: IP Volume Ltd. / Epik
remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure
remarks: VPN provider [high confidence, but not proofed]
is-anonymous-proxy: yes
-aut-num: AS60424
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
-
aut-num: AS60729
descr: Zwiebelfreunde e.V.
remarks: Tor relay provider
remarks: VPN provider [high confidence, but not proofed]
is-anonymous-proxy: yes
-aut-num: AS206819
-descr: ANSON NETWORK LIMITED
-remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
-is-anonymous-proxy: yes
-country: TW
-
aut-num: AS207688
descr: DataHome S.A.
remarks: VPN provider located in BR [high confidence, but not proofed]
remarks: VPN provider or offering similar services [high confidence, but not proofed]
is-anonymous-proxy: yes
-net: 185.215.113.0/24
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
-
net: 185.220.100.0/22
descr: Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute
remarks: Tor relay provider
remarks: Hijacked AfriNIC IP chunk mostly used by VPN providers
is-anonymous-proxy: yes
-net: 196.61.192.0/20
-descr: Inspiring Networks LTD
-remarks: hijacked (?) IP network owned by an offshore company [high confidence, but not proofed]
-is-anonymous-proxy: yes
-
net: 197.221.161.0/24
descr: VPNClientPublics
remarks: VPN provider
descr: Cyberdyne S.A.
remarks: Tor relay provider
is-anonymous-proxy: yes
-
-net: 2a10:9700::/29
-descr: 1337TEAM LIMITED / eliteteam[.]to
-remarks: Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy: yes
remarks: IP hijacker located somewhere in AP, massively tampers with RIR data
country: AP
+aut-num: AS5408
+descr: Greek Research and Technology Network (GRNET) S.A.
+remarks: ... located in GR
+country: GR
+
aut-num: AS6134
descr: XNNET LLC
remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data
remarks: Shady ISP located in US, tampers with RIR data
country: US
+aut-num: AS41047
+descr: MLAB Open Source Community
+remarks: traces back to DE
+country: DE
+
aut-num: AS41466
descr: Treidinvest LLC
remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage
country: TR
+aut-num: AS43092
+descr: Kirin Communication Limited
+remarks: tampers with RIR data, traces back to AP area
+country: AP
+
aut-num: AS43310
descr: TOV "LVS"
remarks: ISP located in UA, but some RIR data for announced prefixes contain garbage
remarks: tampers with RIR data, traces back to RU
country: RU
-aut-num: AS49447
-descr: Nice IT Services Group Inc.
-remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
-country: CH
-
aut-num: AS49466
descr: KLAYER LLC
remarks: part of the "Asline" IP hijacking gang, traces back to AP region
remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
country: NL
+aut-num: AS131685
+descr: Sun Network (Hong Kong) Limited
+remarks: ISP and/or IP hijacker located somewhere in AP
+country: AP
+
aut-num: AS132369
descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
remarks: ISP located in HK, tampers with RIR data
remarks: ISP and/or IP hijacker located in HK, tampers with RIR data
country: HK
+aut-num: AS133201
+descr: ABCDE GROUP COMPANY LIMITED
+remarks: ISP and/or IP hijacker located somewhere in AP
+country: AP
+
aut-num: AS133441
descr: CloudITIDC Global
-remarks: ISP and/or IP hijacker located somehwere in AP
+remarks: ISP and/or IP hijacker located somewhere in AP
country: AP
aut-num: AS133752
aut-num: AS136800
descr: ICIDC NETWORK
-remarks: IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
+remarks: IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
country: AP
aut-num: AS136933
remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data
country: AP
+aut-num: AS141746
+descr: Orenji Server
+remarks: IP hijacker located somewhere in AP area (JP?)
+country: AP
+
aut-num: AS196682
descr: FLP Kochenov Aleksej Vladislavovich
remarks: ISP located in UA, but RIR data for announced prefixes all say EU
remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
country: MD
-aut-num: AS200391
-descr: KREZ 999 EOOD
-remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country: BG
-
aut-num: AS200699
descr: Datashield, Inc.
remarks: fake offshore location (SC), traces back to NL
remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU
country: RU
+aut-num: AS206819
+descr: ANSON NETWORK LIMITED
+remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
+country: TW
+
aut-num: AS206898
descr: Server Hosting Pty Ltd
remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage
remarks: fake offshore location (SC), traces back to CZ and NL
country: EU
-aut-num: AS207812
-descr: DM AUTO EOOD
-remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country: BG
-
aut-num: AS208046
descr: Maximilian Kutzner trading as HostSlick
remarks: traces back to NL, but some RIR data for announced prefixes contain garbage
remarks: IP hijacker, traces back to AP region
country: AP
+aut-num: AS328608
+descr: Africa on Cloud
+remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
+country: AP
+
aut-num: AS328703
descr: Seven Network Inc.
remarks: traces back to ZA
remarks: IP hijacker located in US, tampers with RIR data
country: US
-net: 5.1.68.0/24
-descr: GaiacomLC
-remarks: routed to DE, inaccurate RIR data
-country: DE
+net: 5.1.68.0/24
+descr: GaiacomLC
+remarks: routed to DE, inaccurate RIR data
+country: DE
-net: 5.1.69.0/24
-descr: GaiacomLC
-remarks: routed to DE, inaccurate RIR data
-country: DE
+net: 5.1.69.0/24
+descr: GaiacomLC
+remarks: routed to DE, inaccurate RIR data
+country: DE
-net: 5.1.83.0/24
-descr: GaiacomLC
-remarks: routed to DE, inaccurate RIR data
-country: DE
+net: 5.1.83.0/24
+descr: GaiacomLC
+remarks: routed to DE, inaccurate RIR data
+country: DE
-net: 5.1.88.0/24
-descr: GaiacomLC
-remarks: routed to DE, inaccurate RIR data
-country: DE
+net: 5.1.88.0/24
+descr: GaiacomLC
+remarks: routed to DE, inaccurate RIR data
+country: DE
net: 5.252.32.0/22
descr: StormWall s.r.o.
remarks: fake location (KP), WHOIS contact points to RU
country: RU
+net: 91.90.120.0/24
+descr: M247 LTD, Greenland Infrastructure
+remarks: ... traces back to CA
+country: CA
+
net: 91.149.194.0/24
descr: IP Volume Ltd. / Epik
remarks: fake location (CH), traces back to SE
remarks: fake offshore location (SC), traces back to RU
country: RU
-net: 185.140.204.0/22
-descr: Hornetsecurity GmbH
-remarks: all suballocations are used in DE, but are assigned to US
-country: DE
+net: 185.140.204.0/22
+descr: Hornetsecurity GmbH
+remarks: all suballocations are used in DE, but are assigned to US
+country: DE
net: 185.175.93.0/24
descr: Perfect Hosting Solutions
# Please keep this file sorted.
#
+aut-num: AS39770
+descr: 1337TEAM LIMITED / eliteteam[.]to
+remarks: Owned by an offshore letterbox company, suspected rogue ISP
+drop: yes
+
aut-num: AS48090
descr: PPTECHNOLOGY LIMITED
remarks: bulletproof ISP (related to AS204655) located in NL
country: NL
drop: yes
+aut-num: AS49447
+descr: Nice IT Services Group Inc.
+remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
+country: CH
+drop: yes
+
+aut-num: AS51381
+descr: 1337TEAM LIMITED / eliteteam[.]to
+remarks: Owned by an offshore letterbox company, suspected rogue ISP
+country: RU
+drop: yes
+
+aut-num: AS55303
+descr: Eagle Sky Co., Lt[d ?]
+remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
+country: AP
+drop: yes
+
aut-num: AS56611
descr: REBA Communications BV
remarks: bulletproof ISP (related to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS56873
+descr: 1337TEAM LIMITED / eliteteam[.]to
+remarks: Owned by an offshore letterbox company, suspected rogue ISP
+drop: yes
+
aut-num: AS57717
descr: FiberXpress BV
remarks: bulletproof ISP (related to AS202425) located in NL
country: NL
drop: yes
+aut-num: AS60424
+descr: 1337TEAM LIMITED / eliteteam[.]to
+remarks: Owned by an offshore letterbox company, suspected rogue ISP
+drop: yes
+
aut-num: AS62068
descr: SpectraIP B.V.
remarks: bulletproof ISP (linked to AS202425 et al.) located in NL
country: NL
drop: yes
+aut-num: AS200391
+descr: KREZ 999 EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country: BG
+drop: yes
+
aut-num: AS202425
descr: IP Volume Inc.
remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
country: NL
drop: yes
+aut-num: AS207812
+descr: DM AUTO EOOD
+remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country: BG
+drop: yes
+
aut-num: AS204655
descr: Novogara Ltd.
remarks: bulletproof ISP (strongly linked to AS202425) located in NL
remarks: bulletproof ISP (strongly linked to AS202425) located in NL
country: NL
drop: yes
+
+net: 2a10:9700::/29
+descr: 1337TEAM LIMITED / eliteteam[.]to
+remarks: Owned by an offshore letterbox company, suspected rogue ISP
+drop: yes
projects / location / location-database.git / commitdiff
