Since the "Asline" IP hijacking gang tampers with RIR data, probably to evade location based firewall rules, their Autonomous Systems were pinned to the AP region (the given Hong Kong contact address seems to be bogus for at least one /16 stolen AFRINIC chunk) for safety reasons.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 25 +++++++++++++++---------- overrides/override-a2.txt | 12 ++++++++++++ overrides/override-a3.txt | 5 +++++ overrides/override-other.txt | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 10 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index e81d6c2..7aca339 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -596,16 +596,6 @@ descr: ThinkTech Technology Industrial CO. Limited remarks: VPN provider is-anonymous-proxy: yes
-net: 94.199.160.0/23 -descr: MIK Telecom VPN pool -remarks: VPN provider -is-anonymous-proxy: yes - -net: 95.129.56.0/21 -descr: Azimut-R VPN Service -remarks: VPN provider -is-anonymous-proxy: yes - net: 91.193.75.0/24 descr: KGB Hosting d.o.o. / David Craig remarks: (Rogue) VPN provider @@ -616,6 +606,21 @@ descr: Privax LTD remarks: VPN provider is-anonymous-proxy: yes
+net: 92.118.39.0/24 +descr: CloudMine NET +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + +net: 94.199.160.0/23 +descr: MIK Telecom VPN pool +remarks: VPN provider +is-anonymous-proxy: yes + +net: 95.129.56.0/21 +descr: Azimut-R VPN Service +remarks: VPN provider +is-anonymous-proxy: yes + net: 95.154.64.0/18 descr: Octopusnet VPN remarks: VPN provider diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index 8f03159..a55c940 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -152,6 +152,12 @@ descr: Arab Satellite Communications Organization remarks: Satellite Internet provider is-satellite-provider: yes
+aut-num: AS42962 +descr: CoreLink Communications +remarks: Chinese satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes +country: AP + aut-num: AS43905 descr: Telenor Satellite AS remarks: Satellite Internet provider @@ -1616,3 +1622,9 @@ net: 2a04:2880::/30 descr: Satellite Solutions Worldwide Ltd remarks: Satellite Internet provider is-satellite-provider: yes + +net: 2a0a:2840::/29 +descr: CoreLink Communications +remarks: Chinese satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes +country: AP diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 924c859..07b2621 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -1527,6 +1527,11 @@ descr: marbis GmbH remarks: Generic anycast network [high confidence, but not proofed] is-anycast: yes
+net: 2a05:7f00::/29 +descr: nic.at GmbH and friends +remarks: TLD operator's anycast network +is-anycast: yes + net: 2a06:e881:4001::/48 descr: Thomas Harwood remarks: Public anycast DNS resolver diff --git a/overrides/override-other.txt b/overrides/override-other.txt index d4c3f5b..98ea79b 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -18,6 +18,16 @@ descr: Iron Mountain Data Center remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US
+aut-num: AS18013 +descr: ASLINE LIMITED +remarks: IP hijacker, traces back to AP region +country: AP + +aut-num: AS18254 +descr: KLAYER LLC +remarks: part of the "Asline" IP hijacking gang, traces back to AP region +country: AP + aut-num: AS24700 descr: Yes Networks Unlimited Ltd remarks: traces to UA, but some RIR entries seem to contain garbage (VG) @@ -33,6 +43,11 @@ descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage country: BG
+aut-num: AS35478 +descr: Buena Telecom SRL +remarks: ISP located in RO, but RIR data for announced prefixes contain garbage +country: RO + aut-num: AS37518 descr: Fiber Grid Inc. remarks: tampers with RIR data, traces back to SE @@ -73,6 +88,11 @@ descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL
+aut-num: AS49466 +descr: KLAYER LLC +remarks: part of the "Asline" IP hijacking gang, traces back to AP region +country: AP + aut-num: AS49505 descr: Selectel remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -108,6 +128,11 @@ descr: DXTL Tseung Kwan O Service remarks: tampers with RIR data, traces back to AP region country: AP
+aut-num: AS137951 +descr: Clayer Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP + aut-num: AS201133 descr: Verdina Ltd. remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -138,6 +163,11 @@ descr: Altrosky Technology Ltd. remarks: fake offshore location (SC), traces back to CZ and NL country: EU
+aut-num: AS208046 +descr: Maximilian Kutzner trading as HostSlick +remarks: traces back to NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS209132 descr: Alviva Holding Limited remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -158,6 +188,11 @@ descr: IP Connect Inc. remarks: fake offshore location (SC), traces back to NL country: NL
+aut-num: AS398478 +descr: PEG TECH INC +remarks: ISP located in HK, tampers with RIR data +country: HK + net: 5.252.32.0/22 descr: StormWall s.r.o. remarks: claims to be located in DE, but traces back to somewhere else in central Europe