AS58110 is especially interesting...
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 12 +++++++++++- overrides/override-a3.txt | 15 +++++++++++++++ overrides/override-other.txt | 37 +++++++++++++++++++++++++++++++++++- 3 files changed, 62 insertions(+), 2 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 06d2d20..fc97098 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -46,7 +46,7 @@ is-anonymous-proxy: yes
aut-num: AS34962 descr: Epik Network -remarks: VPN provider +remarks: Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure is-anonymous-proxy: yes
aut-num: AS35029 @@ -110,6 +110,11 @@ remarks: Autonomous System registered to offshore company, abuse contact is a is-anonymous-proxy: yes country: AP
+aut-num: AS58110 +descr: IP Volume Ltd. / Epik +remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure +is-anonymous-proxy: yes + aut-num: AS58546 descr: Astrill VPN remarks: VPN provider @@ -1045,6 +1050,11 @@ descr: Access Now remarks: Tor relay provider is-anonymous-proxy: yes
+net: 176.119.142.0/24 +descr: Artykova Alina Biktimerovna / BroVPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 178.170.136.0/22 descr: GZ Systems Limited / PureVPN remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 36e03a3..ec246c1 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -190,6 +190,16 @@ descr: Hybula B.V. remarks: Generic anycast network is-anycast: yes
+net: 5.182.48.0/24 +descr: FluxCDN +remarks: Generic anycast network +is-anycast: yes + +net: 5.182.49.0/24 +descr: FluxCDN +remarks: Generic anycast network +is-anycast: yes + net: 5.254.74.0/24 descr: VOXILITY LLC remarks: Generic anycast network @@ -535,6 +545,11 @@ descr: Thomas Steen Rasmussen / UncensoredDNS / censurfridns.dk remarks: Public anycast DNS resolver is-anycast: yes
+net: 92.118.229.0/24 +descr: Epik +remarks: Generic anycast network +is-anycast: yes + net: 92.223.95.0/24 descr: G-Core Labs S.A. remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index e56a208..4446279 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -93,6 +93,11 @@ descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage country: BG
+aut-num: AS35624 +descr: Neterra Ltd. +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU + aut-num: AS39287 descr: ab stract / Peter Kolmisoppi remarks: tampers with RIR data, traces back to SE @@ -378,6 +383,11 @@ descr: Genius Guard / Genius Security Ltd. remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU country: RU
+aut-num: AS206898 +descr: Server Hosting Pty Ltd +remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS207046 descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -423,6 +433,11 @@ descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage country: EU
+aut-num: AS210119 +descr: VPSSC Networks LTD +remarks: ISP located in UA, but RIR data for announced prefixes contain garbage +country: UA + aut-num: AS211849 descr: Kakharov Orinbassar Maratuly remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -508,6 +523,11 @@ descr: FlokiNET Ltd. remarks: fake offshore location (SC), traces back to RO country: RO
+net: 45.89.97.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to GB +country: GB + net: 45.93.16.0/22 descr: IPv4 Superhub Limited remarks: network owned by an HK company, traces back to HK as well - but is assigned to DE. Nice try... @@ -515,7 +535,7 @@ country: HK
net: 45.134.12.0/24 descr: MS Network LTD -remarks: fake offshore location (SC), traces back to NLm +remarks: fake offshore location (SC), traces back to NL country: NL
net: 45.134.144.0/22 @@ -548,6 +568,21 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU
+net: 91.149.194.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to SE +country: SE + +net: 91.149.195.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to SE +country: SE + +net: 91.149.224.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to NO +country: NO + net: 91.243.32.0/19 descr: Petersburg Internet Network Ltd. remarks: RIR data for suballocations contain garbage, they are all located in RU