- Location - lists.ipfire.org

[PATCH] override-{a{1,3},other}: regular batch of various overrides
by Peter Müller 11 Apr '21

11 Apr '21

These came to my attention last night. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- overrides/override-a1.txt | 17 ++++++++++-- overrides/override-a3.txt | 5 ++++ overrides/override-other.txt | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index ef3ec7d..0b50b76 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -99,9 +99,10 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes aut-num: AS55303 -descr: Eagle Sky Co., Lt -remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize" +descr: Eagle Sky Co., Lt[d ?] +remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity is-anonymous-proxy: yes +country: AP aut-num: AS58546 descr: Astrill VPN @@ -128,6 +129,12 @@ descr: Anonymizer, Inc. remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS206819 +descr: ANSON NETWORK LIMITED +remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW +is-anonymous-proxy: yes +country: TW + aut-num: AS207688 descr: DataHome S.A. remarks: VPN provider located in BR [high confidence, but not proofed] @@ -634,6 +641,12 @@ descr: Perfect Privacy LTD remarks: VPN provider is-anonymous-proxy: yes +net: 85.92.100.0/22 +descr: LoadProxy, LLC +remarks: VPN provider +is-anonymous-proxy: yes +country: US + net: 85.203.23.0/24 descr: VPN Consumer Network / falco-networks.com remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index dbf5dd7..36e03a3 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -160,6 +160,11 @@ descr: ipcom GmbH remarks: Generic anycast network is-anycast: yes +aut-num: AS209813 +descr: Fast Content Delivery Ltd. +remarks: Generic anycast network +is-anycast: yes + aut-num: AS210004 descr: Stichting Internet Domeinregistratie Nederland (SIDN) remarks: TLD operator's anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index a41d4da..d2c2423 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -128,6 +128,11 @@ descr: Cloud Management LLC remarks: tampers with RIR data, traces back to HK country: HK +aut-num: AS44015 +descr: Landgard Management Inc. +remarks: bulletproof ISP with strong links to RU +country: RU + aut-num: AS44477 descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -173,11 +178,21 @@ descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS56851 +descr: PE Skurykhin Mukola Volodumurovuch +remarks: tampers with RIR data, traces back to UA +country: UA + aut-num: AS57717 descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS57724 +descr: DDOS-GUARD LTD +remarks: shady ISP, customers massively tamper with RIR data, we cannot trust this network +country: RU + aut-num: AS57858 descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data @@ -193,6 +208,11 @@ descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA country: UA +aut-num: AS58349 +descr: INNETRA PC +remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU +country: EU + aut-num: AS59580 descr: Batterflyai Media Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -208,6 +228,11 @@ descr: Network Dedicated SAS remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL country: NL +aut-num: AS61977 +descr: Vivo Trade L.P. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -248,6 +273,11 @@ descr: Wujidun Network Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS200019 +descr: ALEXHOST SRL +remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network +country: MD + aut-num: AS200699 descr: Datashield, Inc. remarks: fake offshore location (SC), traces back to NL @@ -273,6 +303,11 @@ descr: FutureNow Incorporated remarks: ISP located in BG, but RIR data for announced prefixes contain garbage country: BG +aut-num: AS202920 +descr: DataClub S.A. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS202425 descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL @@ -308,6 +343,11 @@ descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage country: ES +aut-num: AS206397 +descr: Genius Guard / Genius Security Ltd. +remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU +country: RU + aut-num: AS207046 descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -338,6 +378,11 @@ descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage country: EU +aut-num: AS211849 +descr: Kakharov Orinbassar Maratuly +remarks: ISP located in RU, but RIR data for announced prefixes contain garbage +country: RU + aut-num: AS213035 descr: Serverion BV remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage @@ -458,6 +503,11 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU +net: 91.243.32.0/19 +descr: Petersburg Internet Network Ltd. +remarks: RIR data for suballocations contain garbage, they are all located in RU +country: RU + net: 95.181.152.0/21 descr: QWARTA LLC remarks: fake location (US), WHOIS contact and traceroutes point to RU -- 2.26.2

1 0

[PATCH] overrides-a{1,2}: weekly batch of overrides
by Peter Müller 10 Apr '21

10 Apr '21

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- overrides/override-a1.txt | 11 +++++++++++ overrides/override-a2.txt | 5 +++++ 2 files changed, 16 insertions(+) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 76a5a52..ef3ec7d 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -128,6 +128,12 @@ descr: Anonymizer, Inc. remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS207688 +descr: DataHome S.A. +remarks: VPN provider located in BR [high confidence, but not proofed] +is-anonymous-proxy: yes +country: BR + aut-num: AS208294 descr: Markus Koch remarks: Tor relay provider @@ -748,6 +754,11 @@ descr: VPN Consumer Network remarks: VPN provider is-anonymous-proxy: yes +net: 104.165.145.0/24 +descr: Paceweb Proxy +remarks: VPN provider +is-anonymous-proxy: yes + net: 104.238.32.0/24 descr: VPN Consumer Network remarks: VPN provider diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 72d1a1d..f53053b 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -157,6 +157,11 @@ descr: Emerging Markets Communications / SantanderTeleport / ... remarks: Satellite Internet provider is-satellite-provider: yes +aut-num: AS28429 +descr: Enlace de Datos y Redes SA de CV +remarks: Satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes + aut-num: AS29137 descr: Eutelsat S.A. remarks: Satellite Internet provider -- 2.26.2

1 0

[PATCH] override-other: fix overrides for orphaned Yugoslavian networks
by Peter Müller 05 Apr '21

05 Apr '21

https://lists.ipfire.org/pipermail/location/2021-April/000267.html Cc: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- overrides/override-other.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/overrides/override-other.txt b/overrides/override-other.txt index b428d9f..a41d4da 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -543,6 +543,21 @@ descr: NetConn Services Ltd remarks: APNIC chunk owned by a HK-based company, routed to AP region, but assigned to SC country: AP +net: 195.66.165.0/24 +descr: Posta Crne Gore +remarks: Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html +country: ME + +net: 195.252.115.0/24 +descr: Drenik ISP +remarks: Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html +country: ME + +net: 195.252.120.0/24 +descr: AB SOFT +remarks: Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html +country: ME + net: 198.144.120.0/23 descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to NL -- 2.26.2

1 0

[PATCH v2] location-importer.in: skip networks with unknown country codes
by Peter Müller 04 Apr '21

04 Apr '21

There is no sense in parsing and storting networks whose country codes cannot be found in the ISO-3166-x country code table. This avoids side effects in applications using the location database, and introduces another sanity check to compensate bogus RIR data. On location02, this affects some networks from APNIC (country code: ZZ) as well as a bunch of smaller allocations within the RIPE region still tagged to CS or YU (Yugoslavia). To my surprise, no network tagged as SU (Soviet Union) was found - while the NIC for .su TLD is still operational. :-) Applying this patch causes the countries to be processed before update_whois() is called. In case no countries are present in the SQL table, this check is silently omitted. Fixes: #12510 Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- src/python/location-importer.in | 38 ++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/src/python/location-importer.in b/src/python/location-importer.in index e2f201b..1e08458 100644 --- a/src/python/location-importer.in +++ b/src/python/location-importer.in @@ -388,10 +388,17 @@ class CLI(object): TRUNCATE TABLE networks; """) + # Fetch all valid country codes to check parsed networks aganist... + rows = self.db.query("SELECT * FROM countries ORDER BY country_code") + validcountries = [] + + for row in rows: + validcountries.append(row.country_code) + for source in location.importer.WHOIS_SOURCES: with downloader.request(source, return_blocks=True) as f: for block in f: - self._parse_block(block) + self._parse_block(block, validcountries) # Process all parsed networks from every RIR we happen to have access to, # insert the largest network chunks into the networks table immediately... @@ -467,7 +474,7 @@ class CLI(object): # Download data with downloader.request(source) as f: for line in f: - self._parse_line(line) + self._parse_line(line, validcountries) def _check_parsed_network(self, network): """ @@ -532,7 +539,7 @@ class CLI(object): # be suitable for libloc consumption... return True - def _parse_block(self, block): + def _parse_block(self, block, validcountries = None): # Get first line to find out what type of block this is line = block[0] @@ -542,7 +549,7 @@ class CLI(object): # inetnum if line.startswith("inet6num:") or line.startswith("inetnum:"): - return self._parse_inetnum_block(block) + return self._parse_inetnum_block(block, validcountries) # organisation elif line.startswith("organisation:"): @@ -573,7 +580,7 @@ class CLI(object): autnum.get("asn"), autnum.get("org"), ) - def _parse_inetnum_block(self, block): + def _parse_inetnum_block(self, block, validcountries = None): log.debug("Parsing inetnum block:") inetnum = {} @@ -616,10 +623,10 @@ class CLI(object): if not inetnum or not "country" in inetnum: return - # Skip objects with bogus country code 'ZZ' - if inetnum.get("country") == "ZZ": - log.warning("Skipping network with bogus country 'ZZ': %s" % \ - (inetnum.get("inet6num") or inetnum.get("inetnum"))) + # Skip objects with unknown country codes + if validcountries and inetnum.get("country") not in validcountries: + log.warning("Skipping network with bogus country '%s': %s" % \ + (inetnum.get("country"), inetnum.get("inet6num") or inetnum.get("inetnum"))) return # Iterate through all networks enumerated from above, check them for plausibility and insert @@ -652,7 +659,7 @@ class CLI(object): org.get("organisation"), org.get("org-name"), ) - def _parse_line(self, line): + def _parse_line(self, line, validcountries = None): # Skip version line if line.startswith("2"): return @@ -667,8 +674,15 @@ class CLI(object): log.warning("Could not parse line: %s" % line) return - # Skip any lines that are for stats only - if country_code == "*": + # Skip any lines that are for stats only or do not have a country + # code at all (avoids log spam below) + if not country_code or country_code == '*': + return + + # Skip objects with unknown country codes + if validcountries and country_code not in validcountries: + log.warning("Skipping line with bogus country '%s': %s" % \ + (country_code, line)) return if type in ("ipv6", "ipv4"): -- 2.26.2

2 3

[PATCH] location-importer.in: process unaligned IP ranges in RIR data files correctly
by Peter Müller 01 Apr '21

01 Apr '21

The IP range given in an inetnum object apparently not necessarily matches distinct subnet boundaries. As a result, the current attempt to calculate its CIDR mask resulted in faulty subnets not covering the entire IP range. This patch leaves the task of enumerating subnets to the ipaddress module itself, which handles things much more robust. Since the output may contain of several subnets, a list for the inetnum key is necessary as well as a loop over them when conducting the SQL statements. Fixes: #12595 Cc: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- src/python/location-importer.in | 31 +++++++++++-------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/src/python/location-importer.in b/src/python/location-importer.in index 2506925..e2f201b 100644 --- a/src/python/location-importer.in +++ b/src/python/location-importer.in @@ -3,7 +3,7 @@ # # # libloc - A library to determine the location of someone on the Internet # # # -# Copyright (C) 2020 IPFire Development Team <info(a)ipfire.org> # +# Copyright (C) 2020-2021 IPFire Development Team <info(a)ipfire.org> # # # # This library is free software; you can redistribute it and/or # # modify it under the terms of the GNU Lesser General Public # @@ -604,18 +604,10 @@ class CLI(object): log.warning("Could not parse line: %s" % line) return - # Set prefix to default - prefix = 32 - - # Count number of addresses in this subnet - num_addresses = int(end_address) - int(start_address) - if num_addresses: - prefix -= math.log(num_addresses, 2) - - inetnum["inetnum"] = "%s/%.0f" % (start_address, prefix) + inetnum["inetnum"] = list(ipaddress.summarize_address_range(start_address, end_address)) elif key == "inet6num": - inetnum[key] = val + inetnum[key] = [ipaddress.ip_network(val, strict=False)] elif key == "country": inetnum[key] = val.upper() @@ -630,15 +622,14 @@ class CLI(object): (inetnum.get("inet6num") or inetnum.get("inetnum"))) return - network = ipaddress.ip_network(inetnum.get("inet6num") or inetnum.get("inetnum"), strict=False) - - if not self._check_parsed_network(network): - return - - self.db.execute("INSERT INTO _rirdata(network, country) \ - VALUES(%s, %s) ON CONFLICT (network) DO UPDATE SET country = excluded.country", - "%s" % network, inetnum.get("country"), - ) + # Iterate through all networks enumerated from above, check them for plausibility and insert + # them into the database, if _check_parsed_network() succeeded + for single_network in inetnum.get("inet6num") or inetnum.get("inetnum"): + if self._check_parsed_network(single_network): + self.db.execute("INSERT INTO _rirdata(network, country) \ + VALUES(%s, %s) ON CONFLICT (network) DO UPDATE SET country = excluded.country", + "%s" % single_network, inetnum.get("country"), + ) def _parse_org_block(self, block): org = {} -- 2.26.2

2 7

Error in ' list-networks-by-cc'
by Gisle Vanem 01 Apr '21

01 Apr '21

When issuing: location.py list-networks-by-cc XX I get this error: for n in db.search_networks(country_code=country_code, family=ns.family): TypeError: 'country_code' is an invalid keyword argument for this function But this works better: @@ -506,7 +506,7 @@ f = writer(sys.stdout, prefix=country_code) # Print all matching networks - for n in db.search_networks(country_code=country_code, family=ns.family): + for n in db.search_networks(country_codes=[country_code.upper()], family=ns.family): f.write(n) --- with the added bonus that I can do 'no' or 'NO'. -- --gv

2 1

Problem in urllib?
by Gisle Vanem 01 Apr '21

01 Apr '21

I have a problem with he Python-module and downloading a new .db-file. Used as: py -3 location.py --debug update always returns: HTTP GET Request to location.ipfire.org URL: https://location.ipfire.org/databases/1/location.db.xz Headers: If-modified-since: Tue, 30 Mar 2021 04:04:14 GMT User-agent: location/0.9.4 HTTP Response: 410 Headers: date: Tue, 30 Mar 2021 08:32:16 GMT content-length: 282 content-type: text/html; charset=iso-8859-1 strict-transport-security: max-age=31536000; includeSubDomains; preload connection: close https://location.ipfire.org/databases/ reported: HTTP Error 410: Gone Could not download a new database But when using wget or Chrome, the above URL downloads just fine. Maybe there is a problem with urllib in Windows' version of Python 3.6.5? Or it's a server and CA-path problem since my curl says: subject alt name(s) or common name do not match "location.ipfire.org" (but a 'curl -k ..' works). How can I solve this? I've tried several ca-bundle files to no avail. -- --gv

2 4

override entries change network prefix length
by Peter Müller 29 Mar '21

29 Mar '21

Hello Michael, hello location folks (CC'ed), finally having some spare time to spend on ${things}, I thought working on #11754, #12594 and #12595 might be a good idea to improve the results of our location database. :-) Since #11754 and #12594 involve something like automated overrides to fetched RIR data, I recently noticed adding overrides is changing the displayed network length in a "location lookup" output: > [root@maverick ~]# location lookup 176.10.99.192 > 176.10.99.192: > Network : 176.10.99.192/27 > Country : Switzerland > Autonomous System : AS51395 - Datasource AG > Anonymous Proxy : yes 176.10.99.192 is part of 176.10.96.0/19, which is announced as such by AS51395, hence the output is misleading. A better result would be to display the original size of a BGP announcement, adding some flags if needed without stripping down the IP network size to the override. This is a minor issue as far as I am concerned, but before I create code that generates overrides en masse, I would like to discuss whether or not it is a good idea to keep the current behaviour. Thanks, and best regards, Peter Müller

2 1

mem-map leak in loc_database_free()
by Gisle Vanem 22 Mar '21

22 Mar '21

Hello list. In my Windows program I use the 'libloc' library and the compressed 'location.db.xz' file. I also have some functions to download, decompress to a temp-file. Then finally using 'CopyFile()' to update to the final .db-file. But my problem was that 'CopyFile()' failed with error 'ERROR_USER_MAPPED_FILE' since some regions to the file was not closed. I saw that 'libloc' does 5 calls to 'mmap()' but only 4 calls to 'munmap()' in 'loc_database_free()'; the freeing of 'db->countries_v1' is missing. So with this patch my program works fine: --- a/database.c 2020-12-03 15:04:38 +++ b/database.c 2021-03-21 17:21:04 @@ -446,6 +446,13 @@ ERROR(db->ctx, "Could not unmap network nodes section: %s\n", strerror(errno)); } + // Remove mapped countries nodes section + if (db->countries_v1) { + r = munmap(db->countries_v1, db->countries_count * sizeof(*db->countries_v1)); + if (r) + ERROR(db->ctx, "Could not unmap countries nodes section: %s\n", strerror(errno)); + } + if (db->pool) loc_stringpool_unref(db->pool); --------- Not sure how 'libloc' could work w/o this on Linux. What does a 'cp /tmp/location.db location-in-use.db' say when running one of the test programs in parallel? -- --gv

2 1

[PATCH] add overrides for dirty ISP conglomerate "Inter Connects Inc. & friends"
by Peter Müller 20 Mar '21

20 Mar '21

AS owned by a couple of letterbox companies in London (most notably Inter Connects Inc. and Packet Exchange Ltd.) were found to tamper massively with RIR data of prefixes they own or announce. Aside from that, these AS are currently hijacking AfriNIC chunks widely believed as being stolen - plus hosting some cybercrime stuff for good measure. Except for AS63119, all of these networks show strong links to Sweden, while some traceroutes dead-end at other places in Europe. As a consequence, we cannot trust the county information published by this actor, generously overriding them to limit damage to IPFire location database users. The author strongly recommends against accepting any traffic from or to these networks (some of them have ASN-DROP listings at Spamhaus indeed), but this aspect is out of scope for the IPFire location database. Just mentioning it here for the sake of completeness. :-) In addition, this patch features some IPv4 networks apparently operated by VPN providers in US - being shady as well, just saying. Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- overrides/override-a1.txt | 20 ++++++++++++++++++++ overrides/override-other.txt | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 1ccfa0a..76a5a52 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -297,6 +297,11 @@ descr: CloudVPN Inc. remarks: VPN provider is-anonymous-proxy: yes +net: 23.230.23.0/24 +descr: Colorberry VPN Services +remarks: VPN provider +is-anonymous-proxy: yes + net: 23.239.176.0/22 descr: CloudVPN Inc. remarks: VPN provider @@ -798,6 +803,11 @@ descr: PureVPN remarks: VPN provider is-anonymous-proxy: yes +net: 107.186.38.0/24 +descr: Colorberry VPN services +remarks: VPN provider +is-anonymous-proxy: yes + net: 109.70.100.0/24 descr: Foundation for Applied Privacy remarks: Tor relay provider @@ -853,6 +863,11 @@ descr: GZ Systems Limited / PureVPN remarks: VPN provider is-anonymous-proxy: yes +net: 142.252.111.0/24 +descr: Hurricane VPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 145.249.104.0/22 descr: Liberty Services / IP Volume Inc. remarks: VPN provider [high confidence, but not proofed] @@ -1344,6 +1359,11 @@ descr: VPN Consumer Network Services remarks: VPN provider is-anonymous-proxy: yes +net: 205.164.4.0/24 +descr: OpenVPN Technologies, Inc. +remarks: VPN provider +is-anonymous-proxy: yes + net: 205.185.193.0/24 descr: SecuredConnectivity remarks: VPN provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index bec4d80..b428d9f 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -103,6 +103,11 @@ descr: Treidinvest LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS41564 +descr: Packet Exchange Limited +remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted +country: EU + aut-num: AS42397 descr: Bunea TELECOM SRL remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage @@ -133,6 +138,11 @@ descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL +aut-num: AS41564 +descr: Global Colocation Limited +remarks: part of a dirty ISP conglomerate most likely operating out of SE +country: SE + aut-num: AS49466 descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to AP region @@ -168,6 +178,11 @@ descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS57858 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data +country: SE + aut-num: AS58073 descr: YISP BV remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -183,6 +198,11 @@ descr: Batterflyai Media Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS60485 +descr: Inter Connects Inc. / Jing Yun +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks +country: SE + aut-num: AS62355 descr: Network Dedicated SAS remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL @@ -193,6 +213,11 @@ descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK country: HK +aut-num: AS63119 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate, traces back to US this time +country: US + aut-num: AS64437 descr: NForce Entertainment BV remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL @@ -268,6 +293,11 @@ descr: Kevin Holly trading as Silent Ghost e.U. remarks: AS run by someone who thinks allocating IP networks to AQ is funny (it is not, kid) :-/ country: NL +aut-num: AS204353 +descr: Global Offshore Limited +remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted +country: EU + aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL @@ -343,6 +373,11 @@ descr: PEG TECH INC remarks: ISP located in HK, tampers with RIR data country: HK +aut-num: AS398826 +descr: OLink Cloud LLC +remarks: shady ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + net: 5.1.68.0/24 descr: GaiacomLC remarks: routed to DE, inaccurate RIR data -- 2.20.1

1 0

2024

2023

2022

2021

2020

2019

2018

2017

Location