Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 26 +++----- overrides/override-other.txt | 125 +++++++++++++++++------------------ overrides/override-xd.txt | 96 +++++++++++++++++++++++++-- 3 files changed, 163 insertions(+), 84 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 7365738..5b620fe 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -34,11 +34,6 @@ descr: Maginfo remarks: VPN provider is-anonymous-proxy: yes
-aut-num: AS13487 -descr: ULTRA PACKET LLC -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... -is-anonymous-proxy: yes - aut-num: AS16255 descr: IRIDIUM PROVIDER LTD remarks: VPN provider [high confidence, but not proofed] located in RU @@ -300,21 +295,11 @@ descr: Castle VPN remarks: VPN provider is-anonymous-proxy: yes
-aut-num: AS397539 -descr: LAKSH CYBERSECURITY AND DEFENSE LLC -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... -is-anonymous-proxy: yes - aut-num: AS397685 descr: Business VPN LLC remarks: VPN provider is-anonymous-proxy: yes
-aut-num: AS397770 -descr: LAKSH CYBERSECURITY AND DEFENSE LLC -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... -is-anonymous-proxy: yes - aut-num: AS397881 descr: Stingers, Inc. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... @@ -341,6 +326,12 @@ descr: Tunbroker LLC remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... is-anonymous-proxy: yes
+aut-num: AS399587 +descr: UT +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... +is-anonymous-proxy: yes +country: US + aut-num: AS399928 descr: STELLAR PROXIES remarks: VPN or open proxy provider @@ -1174,6 +1165,11 @@ descr: IPNET-VPNS remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes
+net: 166.137.0.0/16 +descr: Service Provider Corporation +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... +is-anonymous-proxy: yes + net: 169.239.152.0/22 descr: AfriVPN Ltd remarks: VPN provider, traces back to ZA diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 8b228af..56bb12e 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -82,7 +82,7 @@ remarks: has no sane AS name set in APNIC DB
aut-num: AS4842 descr: Tianhai InfoTech -remarks: IP hijacker located somewhere in AP, massively tampers with RIR data +remarks: IP hijacker located somewhere in AP, tampers with RIR data country: AP
aut-num: AS5408 @@ -146,18 +146,18 @@ country: US
aut-num: AS15828 descr: Blue Diamond Network Co., Ltd. -remarks: Hiding behind fake ISP Navitgo LLC (AS59721), tampers with RIR data -country: NL +remarks: Shady ISP located somewhere in AP +country: AP + +aut-num: AS16262 +descr: Datacheap Ltd. +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU
aut-num: AS18185 name: Northern Taiwan Community University remarks: has no sane AS name set in APNIC DB
-aut-num: AS18254 -descr: KLAYER LLC -remarks: part of the "Asline" IP hijacking gang, traces back to AP region -country: AP - aut-num: AS18530 descr: Isomedia, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -178,6 +178,11 @@ descr: xTom Pty. Ltd. remarks: ISP located in AU, RIR data for announced prefixes contain garbage country: AU
+aut-num: AS24413 +descr: Sunrise +remarks: ISP located in somewhere in AP +country: AP + aut-num: AS24700 descr: Yes Networks Unlimited Ltd remarks: traces to UA, but some RIR entries seem to contain garbage (VG) @@ -258,6 +263,16 @@ descr: Petersburg Internet Network Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU
+aut-num: AS34806 +descr: ASLINE LIMITED +remarks: ... located in HK +country: HK + +aut-num: AS34985 +descr: Kirin Communication Limited +remarks: ISP located in JP, but some RIR data for announced prefixes contain garbage +country: JP + aut-num: AS35042 descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -568,6 +583,11 @@ descr: PEG TECH INC remarks: ISP and/or IP hijacker located in US this time, tampers with RIR data country: US
+aut-num: AS55330 +descr: AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK +remarks: For some reason, some "Airbus Defence and Space AS" prefixes are announced by this one... +country: AF + aut-num: AS55836 descr: Reliance Jio Infocomm Limited remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage @@ -703,6 +723,11 @@ descr: 4b42 UG (haftungsbeschränkt) remarks: ... who thinks messing with countries is funny :-/ country: LI
+aut-num: AS61635 +descr: GOPLEX TELECOMUNICACOES E INTERNET LTDA - ME +remarks: ... traces back to NL +country: NL + aut-num: AS61977 descr: Vivo Trade L.P. remarks: another shady customer of "DDoS Guard Ltd." @@ -738,11 +763,6 @@ descr: SWISS GLOBAL SERVICES S.A.S. remarks: ... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them country: CH
-aut-num: AS64437 -descr: NForce Entertainment BV -remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL -country: NL - aut-num: AS131685 descr: Sun Network (Hong Kong) Limited remarks: ISP and/or IP hijacker located somewhere in AP @@ -760,8 +780,8 @@ country: HK
aut-num: AS133201 descr: ABCDE GROUP COMPANY LIMITED -remarks: ISP and/or IP hijacker located somewhere in AP -country: AP +remarks: ISP and/or IP hijacker located in HK +country: HK
aut-num: AS133441 descr: CloudITIDC Global @@ -779,8 +799,8 @@ remarks: IP hijacker located somewhere in AP area, suspected to be part of the " country: AP
aut-num: AS134196 -descr: ULan Network Limited -remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +descr: Cloudie Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region (HK? CN?) country: AP
aut-num: AS134351 @@ -808,16 +828,6 @@ descr: Optix Pakistan (Pvt.) Limited remarks: ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage country: PK
-aut-num: AS136545 -descr: Blue Data Center -remarks: IP hijacker located somewhere in AP area, tampers with RIR data -country: AP - -aut-num: AS136800 -descr: ICIDC NETWORK -remarks: IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data -country: AP - aut-num: AS136933 descr: Gigabitbank Global / Anchnet Asia Limited (?) remarks: IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data @@ -835,13 +845,8 @@ country: HK
aut-num: AS137523 descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED -remarks: IP hijacker located in AP area, tampers with RIR data -country: AP - -aut-num: AS137951 -descr: Clayer Limited -remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region -country: AP +remarks: ISP and IP hijacker located in HK, tampers with RIR data +country: HK
aut-num: AS138195 descr: MOACK.Co.LTD @@ -923,11 +928,6 @@ descr: Full Time Hosting remarks: ISP located in DE, tampers with RIR data country: DE
-aut-num: AS141159 -descr: Incomparable(HK)Network Co., Limited -remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data -country: AP - aut-num: AS141746 descr: Orenji Server remarks: IP hijacker located somewhere in AP area (JP?) @@ -1153,11 +1153,6 @@ descr: JMT Paso Limited remarks: ISP located in NL, but RIR data for announced prefixes contain garbage country: NL
-aut-num: AS211849 -descr: Kakharov Orinbassar Maratuly -remarks: ISP and/or IP hijacker located in RU, but RIR data for announced prefixes contain garbage -country: RU - aut-num: AS211992 descr: WFD SERVICE LTD remarks: ISP located in NL, but RIR data for announced prefixes contain garbage @@ -1238,6 +1233,11 @@ descr: Udasha S.A. remarks: traceroutes dead-end somewhere near NYC, US country: US
+aut-num: AS264097 +descr: WIID Telecomunicai¿½i¿½es do Brasil +remarks: ... traces back to NL +country: NL + aut-num: AS267784 descr: Flyservers S.A. remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage @@ -1258,11 +1258,6 @@ descr: Xhostserver LLC remarks: ISP located in ZA, many RIR data for announced prefixes contain garbage country: ZA
-aut-num: AS328543 -descr: Sun Network Company Limited -remarks: IP hijacker, traces back to AP region -country: AP - aut-num: AS328608 descr: Africa on Cloud remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes @@ -1293,16 +1288,16 @@ descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US
+aut-num: AS397423 +descr: Tier.Net Technologies LLC +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS398343 descr: Baxet Group Inc. remarks: traceroutes dead-end near Moscow, RU country: RU
-aut-num: AS398478 -descr: PEG TECH INC -remarks: ISP located in HK, tampers with RIR data -country: HK - aut-num: AS398823 descr: PEG TECH INC remarks: ISP and/or IP hijacker located in HK, tampers with RIR data @@ -1320,7 +1315,7 @@ country: HK
aut-num: AS399471 descr: Serverion LLC -remarks: ISP located in NL, RIR data contain garbage +remarks: ISP located in NL, some RIR data contain garbage country: NL
aut-num: AS399077 @@ -1418,26 +1413,21 @@ descr: US AFG 20200130 remarks: claims to be located in US, but traces back to SK country: SK
+net: 45.155.121.0/24 +descr: Itace International Limited +remarks: claims to be located in HK, but traces back to RO +country: RO + net: 47.60.0.0/14 descr: Vodafone US Inc. remarks: large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data) country: ES
-net: 80.240.96.0/24 -descr: LLC RusTel -remarks: fake location (RU), traces back to HK -country: HK - net: 85.202.80.0/24 descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to US country: US
-net: 88.151.117.0/24 -descr: Golden Internet LLC -remarks: fake location (KP), WHOIS contact points to RU -country: RU - net: 91.90.120.0/24 descr: M247 LTD, Greenland Infrastructure remarks: ... traces back to CA @@ -1588,6 +1578,11 @@ descr: NetConn Services Ltd remarks: APNIC chunk owned by a HK-based company, routed to AP region, but assigned to SC country: AP
+net: 193.176.24.0/22 +descr: REACOM GmbH +remarks: The entire network is used out of RU +country: RU + net: 193.186.196.0/22 descr: QUIKA LTD remarks: claims to be located in DE, traces back to GB diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index b669621..76ceab3 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -26,16 +26,34 @@ # Please keep this file sorted. #
+aut-num: AS18254 +descr: KLAYER LLC +remarks: part of the "Asline" IP hijacking gang, traces back to AP region +country: AP +drop: yes + aut-num: AS18013 descr: ASLINE LIMITED -remarks: IP hijacker, traces back to AP region -country: AP +remarks: IP hijacker, traces back to HK +country: HK +drop: yes + +aut-num: AS211849 +descr: Kakharov Orinbassar Maratuly +remarks: ISP and IP hijacker located in RU, many RIR data for announced prefixes contain garbage +country: RU +drop: yes + +aut-num: AS24009 +descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED +remarks: IP hijacker and bulletproof ISP, possibly located near Los Angeles, US +country: US drop: yes
aut-num: AS22769 descr: DDOSING NETWORK -remarks: IP hijacker located somewhere in AP, massively tampers with RIR data -country: AP +remarks: IP hijacker located in US, massively tampers with RIR data +country: US drop: yes
aut-num: AS24009 @@ -119,6 +137,11 @@ descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes
+aut-num: AS61414 +descr: EDGENAP LTD +remarks: IP hijacking? Rogue ISP? +drop: yes + aut-num: AS62068 descr: SpectraIP B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -131,6 +154,41 @@ remarks: bulletproof ISP (linked to AS202425 et al.) located in NL country: NL drop: yes
+aut-num: AS136545 +descr: Blue Data Center +remarks: IP hijacker located somewhere in AP area, tampers with RIR data +country: AP +drop: yes + +aut-num: AS136800 +descr: ICIDC NETWORK +remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data +country: HK +drop: yes + +aut-num: AS137951 +descr: Clayer Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK +country: HK +drop: yes + +aut-num: AS138648 +descr: ASLINE Global Exchange +remarks: IP hijacker located somewhere in AP area +country: AP +drop: yes + +aut-num: AS140107 +descr: CITIS CLOUD GROUP LIMITED +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?) +drop: yes + +aut-num: AS141159 +descr: Incomparable(HK)Network Co., Limited +remarks: ISP and IP hijacker located in HK, tampers with RIR data +country: HK +drop: yes + aut-num: AS200391 descr: KREZ 999 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data @@ -149,6 +207,12 @@ remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace country: NL drop: yes
+aut-num: AS204428 +descr: SS-Net +remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data +country: BG +drop: yes + aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL @@ -167,18 +231,42 @@ remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes
+aut-num: AS211193 +descr: ABDILAZIZ UULU ZHUSUP +remarks: bulletproof ISP and IP hijacker, traces to RU +country: RU +drop: yes + aut-num: AS213058 descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU country: RU drop: yes
+aut-num: AS328543 +descr: Sun Network Company Limited +remarks: IP hijacker, traces back to AP region +country: AP +drop: yes + aut-num: AS328671 descr: Datapacket Maroc SARL remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes
+aut-num: AS398478 +descr: PEG TECH INC +remarks: ISP located in HK, tampers with RIR data +country: HK +drop: yes + +net: 196.11.32.0/20 +descr: Sanlam Life Insurance Limited +remarks: Stolen AfriNIC IPv4 space announced from NL +country: NL +drop: yes + net: 2a0e:b107:d10::/44 descr: NZB.si Enterprises remarks: Tampers with RIR data, not a safe place to route traffic to