#
# $Id: hostiles.txt,v 1.31 2006/02/04 23:37:57 cbiere Exp $
#
# Hostile IP addresses, completely banned from the Gnutella network.
#
# We don't accept connections from those hosts, never connect to them,
# and drop their query hits on the floor without relaying them.
#
# The following list is a default, based on a list provided by BearShare.
# If you want to customize this list, put it into your ~/.gtk-gnutella
# directory and edit it.  When hostiles.txt is present under that directory,
# the global list is ignored.
#
# This file may be changed whilst gtk-gnutella is running: it will notice
# the update and reload the file.
#

4.43.96.0/24
4.43.124.192/26
24.102.41.154
24.116.85.216
24.162.203.114
24.207.184.134
24.226.54.165
24.77.11.239
24.79.193.6
24.83.108.12
24.84.58.65
24.86.202.220
#38.118.0.0/16
#38.119.64.0/22
38.144.195.0/24
38.144.198.0/24
38.144.68.0/24
38.144.72.0/24
38.144.96.0/24
63.148.99.224/27
64.106.0.0/16
64.124.130.128/27
64.14.0.0/16
64.156.27.93
64.217.126.87
65.118.41.192/26
65.247.105.240/28
65.29.191.213
65.3.12.25
66.111.32.0/19
66.117.0.0/19
66.169.40.17
66.250.24.0/22
66.250.52.0/24
66.28.0.0/16
66.67.112.128
66.70.109.20
66.76.151.146
67.29.135.3
67.83.184.69
68.47.205.58
68.65.171.88
80.136.226.217
80.193.117.105
81.0.210.152
128.208.45.126
128.40.161.71
130.111.87.162
131.107.20.0/22
131.235.9.146
134.173.120.25
138.47.110.49
140.180.153.233
147.188.189.44
162.33.154.69
172.168.232.225
192.217.228.0/24
194.213.194.37
194.228.211.204
194.237.72.231
195.58.60.164
198.63.0.0/16
198.64.0.0/15
198.66.0.0/16
202.44.41.84
205.251.209.62
207.243.139.233
209.122.130.0/24
209.204.128.0/18
213.67.177.135
216.122.0.0/16
216.144.233.0/24

# Exodus Communications
64.37.192.0/18
64.209.128.0/20
64.210.192.0/19
167.216.232.0/21
209.67.0.0/16
209.143.224.0/20
209.202.128.0/18
216.109.64.0/19
216.104.224.0/19
216.177.64.0/19
216.182.192.0/19
216.219.96.0/20
216.32.0.0/14
216.74.128.0/18

###
### The following gathered by the gtk-gnutella team
###

# gtk-gnutella up to 0.94 handles CIDR notation WRONG!
# 66.186.39.0/26 -> 66.186.39.0/26

32.105.110.0/24

# Polls GWebCaches, highly suspicious
38.112.0.0/12

64.15.0.0/16
66.186.39.0/26

# Media Sentry
64.124.145.0/25
66.250.46.0/24
66.250.47.0/25

# ServerBeach (Peer 1 network)
64.34.160.0/19

# Sound Control Media Protection, Ltd.
# Professional bots: "LimeWire/4.9.11 1.4 GiB 462 files"; purpose unknown
64.71.160.0/27
64.71.162.64/27
64.71.164.128/27
64.71.178.160/27
65.19.134.160/27
65.19.142.32/27
65.19.154.160/27
65.19.176.32/27
66.220.2.224/27
66.220.6.64/27
66.220.11.64/27
66.220.12.128/27
66.220.12.192/26
66.220.26.128/27

209.51.160.0/19
216.66.0.0/18
216.218.128.0/17


# Surreal Host / Surreal Services
# obviously the same as Sound Control Media Protection
64.71.191.160/27

# Range at Peer1; seemingly also used by SCMP
69.90.119.128/27

# Range at FDC Servers.net, LLC, also used by SCMP
66.90.119.128/27

# Minnesota valley television
65.160.241.0/25

# DONet, Inc.
65.171.151.0/24

# Share dozens or hundreds of completely corrupted WMVs
67.18.128.0/24
67.18.129.0/24
67.18.213.0/24
67.19.6.0/24
67.19.8.0/24
205.177.73.0/24

# sBoOb.net, pr0n spammer
194.146.227.8

# cumfiesta, pr0n spammer
207.150.179.0/24

# goudkov.com, spammer
66.98.252.210
207.44.144.3
207.44.144.148

# Another DRM pr0n spammer
66.63.162.128/25

# Generic DRM pr0n spammer (mostly ASX files)
66.90.103.0/24
67.19.77.0/24
67.19.221.0/24
67.159.5.0/24
208.53.138.0/24
208.53.158.0/24

# isaveclub.com AKA esaveclub.com AKA edirectclub.com
69.44.155.0/24
69.44.156.0/24
69.44.157.0/24
69.44.158.0/24

# hosted by voxel.net, massive spamming, uploaded file contains also GWebCache
# URLs and possibly a trojan, SHA1 match fails continously
69.9.186.0/23
69.9.188.0/23
69.9.190.0/24

# hosted by net-sentry.net, suspicious GWebCache polling
69.26.174.0/24
69.26.191.0/24

# suspicious GWebCache polling
63.218.20.0/24
64.70.4.0/24
72.35.224.0/24
207.226.112.0/24
216.151.155.0/25

# weasel.net, diverse GWebCache spamming/trashing
66.68.124.56

# Generic spammer, results don't even match query
70.85.111.0/24
70.86.48.0/24
70.86.75.0/24

# Generic pr0n spammer, adds search term to filenames (mostly WMVs)
63.243.162.0/27
63.243.181.0/27

# ZIP files containing setup.exe, uses Shareaza, hosted by surfplanet.de
85.88.9.0/26

# Spammer hosted by pie.us
# (Sansui Ltd. has 206.223.156.0/24)
206.223.156.128/26

# DRM spam
64.40.98.106
# drmspace.com, 66103.vidlock.com
216.55.178.165
# vidlock.com
217.116.225.250

# University of Mississippi
130.74.0.0/16

# University of Delaware
128.175.0.0/16

# reserved range
79.79.55.0/24

114.46.32.0/24
116.108.101.0/24
165.193.220.0/24
167.216.144.0/24
206.251.8.0/25
207.234.131.147
207.234.131.148

# Strange client pool of Windoze(?) machines; they connect in hordes; most
# of them identify as LimeWire/4.0.5; Macrovision and Xeex are behind this.
63.216.76.0/24
63.220.57.0/24
63.219.21.0/24
154.37.66.0/24
204.193.134.0/24
204.193.136.0/24
205.134.238.0/23
207.171.61.0/25
208.49.28.0/24
209.10.143.0/24
209.11.134.0/24
209.195.16.0/24
209.195.58.0/24
212.71.252.0/24
216.151.154.0/24

# Foundation of Research and Technology (Greece)
139.91.0.0/16

# Time Warner Telecom
64.128.109.144/28
66.162.178.96/28
168.215.129.64/27
168.215.140.0/23
206.169.0.0/16
207.170.229.96/28
209.163.179.112/29
209.203.64.0/18
216.110.48.48/29

# fsh1.xcite.net and fsh2.xcite.net, reply to queries with $search + .exe
216.169.118.81
216.169.118.82

# GWebCache polling, dubious horde behaviour
204.9.117.0/24
204.9.118.0/24

# Overpeer, Inc
64.89.41.0/24
66.128.64.0/21
66.128.227.0/24
206.132.32.0/24
216.144.64.0/24
216.177.144.0/20

# Tacskill Hill
64.27.173.0/24
66.37.204.0/24
216.64.199.64/27
216.227.226.0/24

# Mindofteren
64.28.69.0/24
64.58.71.192/27
64.58.75.160/27
64.58.84.0/24
64.70.43.0/24
209.225.45.0/24

# Jomcaerten Co.
64.28.67.0/24
64.28.80.32/27
66.37.194.128/27
66.37.195.32/27
66.37.196.0/24
66.37.210.192/27
66.119.47.0/24
216.19.129.0/24
216.64.204.160/27

# Whailtracts
64.28.85.0/24
209.225.43.224/27
216.64.217.224/27
216.69.229.0/24

# Adult Xspace
69.50.160.0/19

# Spamming subnets from Cogent Communications
216.28.31.0/24

# Suspicious spamming ranges from Abovenet
64.124.113.0/24
64.124.15.0/24

# Suspicious individual IP addresses serving fakes
# From Abovenet:
64.124.58.153

###
### The following come from an htaccess denying RIAA/MPAA access
###

12.150.191.0/24
63.199.57.0/24
64.166.187.0/24
64.241.31.0/24
65.244.101.0/24

# Interland
64.224.0.0/14

# Hostway Corporation
66.113.128.0/17

# WareNet
66.252.128.0/20

67.112.252.0/24
67.125.49.0/24
81.4.78.0/24
146.82.174.0/24

# Motion Picture Association (fr)
194.183.226.144/29
194.183.226.192/27

195.20.32.99
198.70.114.0/24

# Motion Picture and Television Fund
204.154.8.0/21

208.192.0.0/16
208.207.98.25
208.209.2.0/24
208.225.90.0/24
208.229.253.0/24
208.49.164.0/24
208.50.66.0/24
212.241.48.0/24

# Quibus International AB -- subnet used by rogue agents (e.g. advertise
# as LimeWire in hits, and when connected, they send User-Agent: Gnucleus).
212.209.1.0/24

# Open Proxies
24.239.248.21
61.90.250.15
61.222.62.106
62.69.44.15
62.212.101.13
62.248.110.2
63.89.11.236
65.19.238.130
66.47.217.98
66.134.252.243
66.208.201.37
67.120.207.242
68.224.171.7
70.48.100.241
80.50.24.10
80.108.145.79
80.191.114.13
81.115.229.202
83.16.91.210
138.4.183.221
140.121.135.20
148.243.214.14
163.20.121.66
166.114.30.40
192.195.100.42
193.170.210.9
193.170.211.75
195.175.37.38
195.175.37.71
195.175.37.73
195.175.37.74
200.39.103.224
200.167.245.68
200.180.129.218
200.216.61.154
200.253.46.2
202.47.233.234
202.56.253.177
203.144.160.243
203.169.250.29
203.200.201.114
207.248.240.118
207.248.240.119
209.88.8.182
210.212.79.14
210.240.77.6
211.138.91.30
212.0.138.14
213.175.169.2
213.175.181.5
217.27.162.57
218.94.61.136

