File: vault/ipv6_other.dat

# IPv6 signatures file (CIDRs for proxies, VPNs and other miscellaneous unwanted services).
# Canonical link to the online version of this file: https://github.com/CIDRAM/CIDRAM/blob/master/vault/ipv6_other.dat

# Version: 2019.260.254
# Last modified: 2019.09.18


# ---
# ASN 174 ("Cogent Communications").

# Myself and others have seen and experienced a significant amount of unwanted traffic from their ASN in the past (hack
# attempts, spamming, scraping, etc), and generally, this type of traffic should be blocked, but unfortunately, their
# ASN encompasses and interlaces significantly with with a number of benign, innocent ISPs, human endpoint, backbone
# architecture, etc that we don't want to block. Therefore, I'm splitting this up into multiple sections across
# multiple signature files accordingly.

# Wikipedia page about Cogent Communications: en.wikipedia.org/wiki/Cogent_Communications
# Refer bgpmon.net/large-scale-bgp-hijack-out-of-india/
# Refer forums.spybot.info/showthread.php?23632-SPAM-frauds-fakes-and-other-MALWARE-deliveries/page37
# Refer dyn.com/blog/mitm-internet-hijacking/

# When updating: Remove invalids to reduce false positive risk.

# Cogent VPNs+Proxies (AzireVPN, OVPN, BeeVPN ApS, Windscribe, etc; "^.*(?:Prox|Windscribe|VPN).*$").
# Updated: 2019.07.02
2001:978:902::/48 Deny Proxy
2001:978:f00::/48 Deny Proxy
2001:978:1403::/48 Deny Proxy
Origin: DE
2a07:a880:1416::/48 Deny Proxy
Origin: SE
Tag: Cogent VPNs+Proxies

# No announce description (frequent source of spam in some cases, general unwanted activity in others, etc).
# Updated: 2019.07.02
2a03:f80:420::/48 Deny Generic
Origin: AT
2001:978:907::/48 Deny Generic
2001:978:908::/47 Deny Generic
2001:978:a00::/48 Deny Generic
2001:978:1404::/47 Deny Generic
2001:978:1c04::/48 Deny Generic
2001:978:2101::/48 Deny Generic
2001:978:2102::/48 Deny Generic
2001:978:2307::/48 Deny Generic
2001:978:230b::/48 Deny Generic
2001:978:3c09::/48 Deny Generic
2001:978:3c0a::/48 Deny Generic
2001:978:5400::/48 Deny Generic
2001:978:6404::/48 Deny Generic
2001:978:6711::/48 Deny Generic
2001:978:a501::/48 Deny Generic
2001:978:b700::/48 Deny Generic
Origin: DE
2402:4480:302::/47 Deny Generic
Origin: HK
2a07:85c2::/48 Deny Generic
2a07:85c3::/48 Deny Generic
Origin: NL
2a0e:1c80:3::/48 Deny Generic
Origin: SE
2001:550:104::/48 Deny Generic
2001:550:10a::/48 Deny Generic
2001:550:208::/48 Deny Generic
2001:550:a0e::/47 Deny Generic
2001:550:a10::/47 Deny Generic
2001:550:a12::/48 Deny Generic
2001:550:b00:1::/64 Deny Generic
2001:550:b01::/48 Deny Generic
2001:550:d06::/48 Deny Generic
2001:550:d0a::/48 Deny Generic
2001:550:1500::/48 Deny Generic
2001:550:1702::/48 Deny Generic
2001:550:1d01::/48 Deny Generic
2001:550:1d07::/48 Deny Generic
2001:550:2109::/48 Deny Generic
2001:550:2200:500::/56 Deny Generic
2001:550:2209::/48 Deny Generic
2001:550:221c::/47 Deny Generic
2001:550:221e::/48 Deny Generic
2001:550:2603::/48 Deny Generic
2001:550:2604::/48 Deny Generic
2001:550:3102::/48 Deny Generic
2001:550:3d01::/48 Deny Generic
2001:550:3d06::/48 Deny Generic
2001:550:5607::/48 Deny Generic
2001:550:5c03::/48 Deny Generic
2001:550:5c04::/48 Deny Generic
2001:550:7709::/48 Deny Generic
2001:550:9802::/48 Deny Generic
2001:49f0:d0a3::/48 Deny Generic
2001:49f0:d0ae::/48 Deny Generic
2001:49f0:d0b2::/47 Deny Generic
2001:49f0:d0b5::/48 Deny Generic
2001:49f0:d0b6::/47 Deny Generic
2001:49f0:d0ba::/47 Deny Generic
2001:49f0:d0bc::/47 Deny Generic
2001:49f0:d0be::/48 Deny Generic
2001:49f0:d0c1::/48 Deny Generic
2001:49f0:d0c2::/47 Deny Generic
2001:49f0:d0c4::/46 Deny Generic
2001:49f0:d0c8::/47 Deny Generic
2001:49f0:d0d0::/46 Deny Generic
2001:49f0:d0d4::/47 Deny Generic
2001:49f0:d0d7::/48 Deny Generic
2001:49f0:d0d8::/48 Deny Generic
2620:17b:4::/48 Deny Generic
Origin: US
Tag: Cogent Other
---
recaptcha:
 enabled: true


# ASN 36351 ("SoftLayer Technologies").
# Careful when updating; Signatures reflect varying block reasons, split across multiple files.
# %Listed, Google Malware Dashboard: 0.06%.
# Stop Forum Spam (SFS) listings: 7,776.

# SoftLayer VPNs and proxies.
# Includes: Anything citing "TEFINCOM", "Packet Flip", "VPN", "proxy", "Privat Kommunikation", "Secure Internet".
# ^(.*(TEFINCOM|Packet Flip|VPN|Proxy|Privat Kommunikation|Secure Internet).*)$
# Excludes: Everything else.
# Updated: 2018.06.24 / Checked: 2019.08.13

2400:bb40:1000::/40 Deny Proxy
Origin: PA
2602:ff84:1::/48 Deny Proxy
2602:ff84:c::/47 Deny Proxy
2602:ff84:f::/48 Deny Proxy
2602:ff84:10::/47 Deny Proxy
2602:ff84:12::/48 Deny Proxy
Origin: US
Tag: SoftLayer VPNs


# ASN 59898 ("AllSafe Sarl").
# Related to "ProtonVPN", "ProtonMail", and "Proton Technologies". Provides VPNs and proxies, both public and private.
# Stop Forum Spam (SFS) listings: 6.
# Updated: 2018.04.17 / Checked: 2019.08.13

2a0a:6d40::/29 Deny Proxy
Origin: CH
Tag: AllSafe Sarl


# ASN 205100 ("F3 Netze e.V").
# Provides TOR exit nodes.
# Stop Forum Spam (SFS) listings: 7,594.
# Updated: 2018.04.23 / Checked: 2019.08.13

2a0b:f4c0::/40 Deny Proxy
2a0b:f4c0:100::/48 Deny Proxy
2a0b:f4c0:16c::/48 Deny Proxy
Origin: DE
Tag: F3 Netze e.V


# ASNs 42708, 43948 ("GleSYS AB"; formerly "Portlane AB").
# Exclude (carries human endpoints and seems clean):
# - "^.*Internetbolaget.*$\n"
# Mark as proxy:
# - "^(.*(?:VP[SN]|Tunnel|Edelino).*)$"
# Mark as cloud:
# - "^(.*(?:Host|Netelia|Sveaab|GleSYS|Webbplatsen|InfoGuard).*)$"
# Mark as spam (carries human endpoints, but also poses a spam risk):
# - "^(.*(?:Svenska).*)$"
# Everything else mark as generic.
# %Listed, Google Malware Dashboard: 0.13% (AS42708), 0.03% (AS43948).
# Stop Forum Spam (SFS) listings: 1,622 (AS42708).
# Updated: 2019.05.02 / Checked: 2019.09.18

2a02:750:8::/48 Deny Proxy
2a02:7ac0::/32 Deny Proxy
Origin: SE
Tag: Portlane Networks AB
---
recaptcha:
 enabled: true


# ASN 396507 ("Emerald Onion").
# Anonymous tor endpoint; Significant source of spam.
# Stop Forum Spam (SFS) listings: 19,550.
# Updated: 2019.05.03 / Checked: 2019.08.13

2620:18c::/36 Deny Proxy
Origin: US
Tag: Emerald Onion