Thank you. Merged.
All those networks that were removed, did they just cease to exist?
-Michael
On 10 Dec 2021, at 07:07, Peter Müller peter.mueller@ipfire.org wrote:
Signed-off-by: Peter Müller peter.mueller@ipfire.org
overrides/override-a1.txt | 48 ---------------- overrides/override-other.txt | 104 ++++++++++++++++++++++------------- overrides/override-xd.txt | 50 +++++++++++++++++ 3 files changed, 117 insertions(+), 85 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 5734c08..5fce4d9 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -82,11 +82,6 @@ descr: Asiamax Ltd. VPN remarks: VPN provider is-anonymous-proxy: yes
-aut-num: AS39770 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes
aut-num: AS43233 descr: VPS 404 Ltd. remarks: VPN provider [high confidence, but not proofed] located in ES @@ -114,12 +109,6 @@ descr: BeeVPN ApS remarks: VPN provider is-anonymous-proxy: yes
-aut-num: AS51381 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes -country: RU
aut-num: AS51446 descr: SP Argaev Artem Sergeyevich / Foundation Respect My Privacy remarks: VPN provider [high confidence, but not proofed] @@ -142,17 +131,6 @@ remarks: Tor relay and VPN provider, traces back to SE [high confidence, but n is-anonymous-proxy: yes country: SE
-aut-num: AS55303 -descr: Eagle Sky Co., Lt[d ?] -remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity -is-anonymous-proxy: yes -country: AP
-aut-num: AS56873 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes
aut-num: AS58110 descr: IP Volume Ltd. / Epik remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure @@ -168,11 +146,6 @@ descr: Geotelco Limited remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes
-aut-num: AS60424 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes
aut-num: AS60729 descr: Zwiebelfreunde e.V. remarks: Tor relay provider @@ -214,12 +187,6 @@ descr: HERN Labs AB remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes
-aut-num: AS206819 -descr: ANSON NETWORK LIMITED -remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW -is-anonymous-proxy: yes -country: TW
aut-num: AS207688 descr: DataHome S.A. remarks: VPN provider located in BR [high confidence, but not proofed] @@ -1430,11 +1397,6 @@ descr: Tredinvest LLC / bestwest[.]host remarks: VPN provider or offering similar services [high confidence, but not proofed] is-anonymous-proxy: yes
-net: 185.215.113.0/24 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes
net: 185.220.100.0/22 descr: Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute remarks: Tor relay provider @@ -1692,11 +1654,6 @@ descr: LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / Cookie remarks: Hijacked AfriNIC IP chunk mostly used by VPN providers is-anonymous-proxy: yes
-net: 196.61.192.0/20 -descr: Inspiring Networks LTD -remarks: hijacked (?) IP network owned by an offshore company [high confidence, but not proofed] -is-anonymous-proxy: yes
net: 197.221.161.0/24 descr: VPNClientPublics remarks: VPN provider @@ -2031,8 +1988,3 @@ net: 2c0f:f930::/32 descr: Cyberdyne S.A. remarks: Tor relay provider is-anonymous-proxy: yes
-net: 2a10:9700::/29 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Owned by an offshore letterbox company, suspected rogue ISP -is-anonymous-proxy: yes diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 7d76534..ca9dbad 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -85,6 +85,11 @@ descr: Tianhai InfoTech remarks: IP hijacker located somewhere in AP, massively tampers with RIR data country: AP
+aut-num: AS5408 +descr: Greek Research and Technology Network (GRNET) S.A. +remarks: ... located in GR +country: GR
aut-num: AS6134 descr: XNNET LLC remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data @@ -363,6 +368,11 @@ descr: CNSERVERS LLC remarks: Shady ISP located in US, tampers with RIR data country: US
+aut-num: AS41047 +descr: MLAB Open Source Community +remarks: traces back to DE +country: DE
aut-num: AS41466 descr: Treidinvest LLC remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data @@ -408,6 +418,11 @@ descr: DGN TEKNOLOJI A.S. remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage country: TR
+aut-num: AS43092 +descr: Kirin Communication Limited +remarks: tampers with RIR data, traces back to AP area +country: AP
aut-num: AS43310 descr: TOV "LVS" remarks: ISP located in UA, but some RIR data for announced prefixes contain garbage @@ -498,11 +513,6 @@ descr: LLC Baxet remarks: tampers with RIR data, traces back to RU country: RU
-aut-num: AS49447 -descr: Nice IT Services Group Inc. -remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage -country: CH
aut-num: AS49466 descr: KLAYER LLC remarks: part of the "Asline" IP hijacking gang, traces back to AP region @@ -748,6 +758,11 @@ descr: NForce Entertainment BV remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL country: NL
+aut-num: AS131685 +descr: Sun Network (Hong Kong) Limited +remarks: ISP and/or IP hijacker located somewhere in AP +country: AP
aut-num: AS132369 descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED remarks: ISP located in HK, tampers with RIR data @@ -758,9 +773,14 @@ descr: POWER LINE DATACENTER remarks: ISP and/or IP hijacker located in HK, tampers with RIR data country: HK
+aut-num: AS133201 +descr: ABCDE GROUP COMPANY LIMITED +remarks: ISP and/or IP hijacker located somewhere in AP +country: AP
aut-num: AS133441 descr: CloudITIDC Global -remarks: ISP and/or IP hijacker located somehwere in AP +remarks: ISP and/or IP hijacker located somewhere in AP country: AP
aut-num: AS133752 @@ -810,7 +830,7 @@ country: AP
aut-num: AS136800 descr: ICIDC NETWORK -remarks: IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data +remarks: IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data country: AP
aut-num: AS136933 @@ -923,6 +943,11 @@ descr: Incomparable(HK)Network Co., Limited remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data country: AP
+aut-num: AS141746 +descr: Orenji Server +remarks: IP hijacker located somewhere in AP area (JP?) +country: AP
aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich remarks: ISP located in UA, but RIR data for announced prefixes all say EU @@ -933,11 +958,6 @@ descr: ALEXHOST SRL remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network country: MD
-aut-num: AS200391 -descr: KREZ 999 EOOD -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG
aut-num: AS200699 descr: Datashield, Inc. remarks: fake offshore location (SC), traces back to NL @@ -1028,6 +1048,11 @@ descr: Genius Guard / Genius Security Ltd. remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU country: RU
+aut-num: AS206819 +descr: ANSON NETWORK LIMITED +remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW +country: TW
aut-num: AS206898 descr: Server Hosting Pty Ltd remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -1063,11 +1088,6 @@ descr: Altrosky Technology Ltd. remarks: fake offshore location (SC), traces back to CZ and NL country: EU
-aut-num: AS207812 -descr: DM AUTO EOOD -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG
aut-num: AS208046 descr: Maximilian Kutzner trading as HostSlick remarks: traces back to NL, but some RIR data for announced prefixes contain garbage @@ -1248,6 +1268,11 @@ descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region country: AP
+aut-num: AS328608 +descr: Africa on Cloud +remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes +country: AP
aut-num: AS328703 descr: Seven Network Inc. remarks: traces back to ZA @@ -1313,25 +1338,25 @@ descr: Wolverine Trading, LLC remarks: IP hijacker located in US, tampers with RIR data country: US
-net: 5.1.68.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE +net: 5.1.68.0/24 +descr: GaiacomLC +remarks: routed to DE, inaccurate RIR data +country: DE
-net: 5.1.69.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE +net: 5.1.69.0/24 +descr: GaiacomLC +remarks: routed to DE, inaccurate RIR data +country: DE
-net: 5.1.83.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE +net: 5.1.83.0/24 +descr: GaiacomLC +remarks: routed to DE, inaccurate RIR data +country: DE
-net: 5.1.88.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE +net: 5.1.88.0/24 +descr: GaiacomLC +remarks: routed to DE, inaccurate RIR data +country: DE
net: 5.252.32.0/22 descr: StormWall s.r.o. @@ -1413,6 +1438,11 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU
+net: 91.90.120.0/24 +descr: M247 LTD, Greenland Infrastructure +remarks: ... traces back to CA +country: CA
net: 91.149.194.0/24 descr: IP Volume Ltd. / Epik remarks: fake location (CH), traces back to SE @@ -1488,10 +1518,10 @@ descr: Intelcom Group Ltd remarks: fake offshore location (SC), traces back to RU country: RU
-net: 185.140.204.0/22 -descr: Hornetsecurity GmbH -remarks: all suballocations are used in DE, but are assigned to US -country: DE +net: 185.140.204.0/22 +descr: Hornetsecurity GmbH +remarks: all suballocations are used in DE, but are assigned to US +country: DE
net: 185.175.93.0/24 descr: Perfect Hosting Solutions diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 7df6188..29057d9 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -26,24 +26,57 @@ # Please keep this file sorted. #
+aut-num: AS39770 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +drop: yes
aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL country: NL drop: yes
+aut-num: AS49447 +descr: Nice IT Services Group Inc. +remarks: Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage +country: CH +drop: yes
+aut-num: AS51381 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +country: RU +drop: yes
+aut-num: AS55303 +descr: Eagle Sky Co., Lt[d ?] +remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity +country: AP +drop: yes
aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes
+aut-num: AS56873 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +drop: yes
aut-num: AS57717 descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes
+aut-num: AS60424 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +drop: yes
aut-num: AS62068 descr: SpectraIP B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -62,6 +95,12 @@ remarks: bulletproof ISP (linked to AS202425 et al.) located in NL country: NL drop: yes
+aut-num: AS200391 +descr: KREZ 999 EOOD +remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data +country: BG +drop: yes
aut-num: AS202425 descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL @@ -74,6 +113,12 @@ remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace country: NL drop: yes
+aut-num: AS207812 +descr: DM AUTO EOOD +remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data +country: BG +drop: yes
aut-num: AS204655 descr: Novogara Ltd. remarks: bulletproof ISP (strongly linked to AS202425) located in NL @@ -85,3 +130,8 @@ descr: Datapacket Maroc SARL remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes
+net: 2a10:9700::/29 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP
+drop: yes
2.26.2