Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 5 ++ overrides/override-other.txt | 92 ++++++++++++++++++------------------ overrides/override-xd.txt | 66 +++++++++++++++++++++++--- 3 files changed, 111 insertions(+), 52 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 43e0174..a97e7ce 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -639,6 +639,11 @@ descr: Gabor Marton remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... is-anonymous-proxy: yes
+net: 45.203.128.0/18 +descr: ProxyWow LLC +remarks: CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways +is-anonymous-proxy: yes + net: 45.220.72.0/22 descr: Low budget VPN service remarks: VPN provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 89ad8e0..c33e642 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -63,6 +63,11 @@ aut-num: AS4134 name: Chinanet Backbone remarks: has no sane AS name set in APNIC DB
+aut-num: AS4609 +descr: Companhia de Telecomunicacones de Macau SARL +remarks: ISP located in MO, but some RIR data needs manual correction due to ARIN DB situation +country: MO + aut-num: AS4754 name: Software Technology Park of India remarks: has no sane AS name set in APNIC DB @@ -90,6 +95,11 @@ descr: Greek Research and Technology Network (GRNET) S.A. remarks: ... located in GR country: GR
+aut-num: AS6079 +descr: RCN +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS6134 descr: XNNET LLC remarks: traces back to HK, seems to tamper with RIR data @@ -208,6 +218,11 @@ descr: Unicycle, LLC remarks: traces back to NL country: NL
+aut-num: AS26548 +descr: PureVoltage Hosting Inc. +remarks: ISP and IP hijacker located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS26636 descr: GBTCloud, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -263,6 +278,11 @@ descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage country: BG
+aut-num: AS34549 +descr: meerfarbig GmbH & Co. KG +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS34665 descr: Petersburg Internet Network Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -388,10 +408,10 @@ descr: MLAB Open Source Community remarks: traces back to DE country: DE
-aut-num: AS41564 -descr: Orion Network Limited -remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted -country: SE +aut-num: AS41378 +descr: Kirino LLC +remarks: traces back to AP vincinity, tampers with RIR data +country: AP
aut-num: AS41608 descr: NextGenWebs, S.L. @@ -603,11 +623,6 @@ descr: Reliance Jio Infocomm Limited remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage country: IN
-aut-num: AS55933 -descr: Cloudie Limited -remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region -country: AP - aut-num: AS56322 descr: ServerAstra Kft. remarks: ISP located in HU, but some RIR data for announced prefixes contain garbage @@ -633,16 +648,6 @@ descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU
-aut-num: AS57858 -descr: Inter Connects Inc. -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data -country: SE - -aut-num: AS57972 -descr: Inter Connects Inc. -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data -country: SE - aut-num: AS58061 descr: Scalaxy B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -665,8 +670,8 @@ country: BG
aut-num: AS58349 descr: INNETRA PC -remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU -country: EU +remarks: ... traceroutes dead-end in NL +country: NL
aut-num: AS58879 descr: Shanghai Anchang Network Security Technology Co.,Ltd. @@ -723,11 +728,6 @@ descr: DignusData LLC remarks: ISP located in PL, but _all_ RIR data for announced prefixes contain garbage country: PL
-aut-num: AS60485 -descr: Inter Connects Inc. / Jing Yun -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks -country: SE - aut-num: AS60546 descr: EU Routing Ltd remarks: fake offshore location (CY), hosted in NL @@ -818,6 +818,11 @@ descr: CloudITIDC Global remarks: ISP and/or IP hijacker located somewhere in AP country: AP
+aut-num: AS133613 +descr: MTel telecommunication company ltd. +remarks: ISP and located in MO, but some prefixes needs manual correction due to ARIN DB situation +country: MO + aut-num: AS133752 descr: Leaseweb Asia Pacific pte. ltd. remarks: ISP located in HK, some RIR data for announced prefixes contain garbage @@ -853,6 +858,11 @@ descr: LUOGELANG (FRANCE) LIMITED remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage country: HK
+aut-num: AS136167 +descr: China Telecom (Macau) Company Limited +remarks: located in MO, yet some prefixes show CN or HK instead +country: MO + aut-num: AS136274 descr: Cloud Servers Pvt Ltd remarks: ISP located in NL, all RIR data for announced prefixes contain garbage @@ -918,11 +928,6 @@ descr: Cloudflare Sydney, LLC remarks: ... but CF failed to set the country for announced prefixes to AU as well :-/ country: AU
-aut-num: AS139330 -descr: SANREN DATA LIMITED -remarks: IP hijacker located somewhere in AP region, tampers with RIR data -country: AP - aut-num: AS139471 descr: HWA CENT TELECOMMUNICATIONS LIMITED remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data @@ -955,7 +960,7 @@ country: HK
aut-num: AS139879 descr: Galaxy Broadband -remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd... +remarks: ISP located in PK, but some RIR data need manual correction due to ARIN DB situation country: PK
aut-num: AS140214 @@ -983,10 +988,10 @@ descr: Full Time Hosting remarks: ISP located in DE, tampers with RIR data country: DE
-aut-num: AS141746 -descr: Orenji Server -remarks: IP hijacker located somewhere in AP area (JP?) -country: AP +aut-num: AS141677 +descr: Nathosts Limited +remarks: ... located in HK? +country: HK
aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich @@ -1198,11 +1203,6 @@ descr: Des Capital B.V. remarks: Shady ISP located in NL, but RIR data for announced prefixes contain garbage country: NL
-aut-num: AS210848 -descr: Telkom Internet LTD -remarks: shady ISP currently located in NL -country: NL - aut-num: AS211380 descr: PAYWISE HOLDING Sp. z.o.o. remarks: ISP located in NL, but RIR data for announced prefixes contain garbage @@ -1248,11 +1248,6 @@ descr: MILEGROUP LTD remarks: traceroutes dead-end somewhere in Central Europe country: EU
-aut-num: AS212552 -descr: BitCommand LLC -remarks: Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe -country: EU - aut-num: AS212667 descr: RECONN LLC remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -1533,6 +1528,11 @@ descr: SpaceX Canada Corp. remarks: Accurate country code missing due to ARIN DB situation, see also: #12746 country: CA
+net: 103.126.4.0/23 +descr: Cyber Telecom ISP +remarks: Despite being allocated to AF, traceroutes end in NL +country: NL + net: 103.197.148.0/22 descr: I.C.S. Trabia-Network S.R.L. remarks: fake offshore location (HK), traces back to MD diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 738a699..2b50406 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -67,6 +67,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes
+aut-num: AS41564 +descr: Orion Network Limited +remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted +country: EU +drop: yes + aut-num: AS43092 descr: Kirin Communication Limited remarks: Hijacks IP space and tampers with RIR data, traces back to JP @@ -79,6 +85,12 @@ remarks: bulletproof ISP with strong links to RU country: RU drop: yes
+aut-num: AS44446 +descr: OOO SibirInvest +remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL +country: NL +drop: yes + aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL @@ -109,6 +121,12 @@ remarks: Autonomous System registered to offshore company, abuse contact is a fr country: AP drop: yes
+aut-num: AS55933 +descr: Cloudie Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP +drop: yes + aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL @@ -126,6 +144,18 @@ remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes
+aut-num: AS57858 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data +country: SE +drop: yes + +aut-num: AS57972 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data +country: SE +drop: yes + aut-num: AS58271 descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA @@ -143,6 +173,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes
+aut-num: AS60485 +descr: Inter Connects Inc. / Jing Yun +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks +country: SE +drop: yes + aut-num: AS61414 descr: EDGENAP LTD remarks: IP hijacking? Rogue ISP? @@ -190,6 +226,12 @@ remarks: IP hijacker located somewhere in AP area country: AP drop: yes
+aut-num: AS139330 +descr: SANREN DATA LIMITED +remarks: IP hijacker located somewhere in AP region, tampers with RIR data +country: AP +drop: yes + aut-num: AS140107 descr: CITIS CLOUD GROUP LIMITED remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?) @@ -201,6 +243,12 @@ remarks: ISP and IP hijacker located in HK, tampers with RIR data country: HK drop: yes
+aut-num: AS141746 +descr: Orenji Server +remarks: IP hijacker located somewhere in AP area (JP?) +country: AP +drop: yes + aut-num: AS200391 descr: KREZ 999 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data @@ -231,24 +279,30 @@ remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes
-aut-num: AS207812 -descr: DM AUTO EOOD -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG -drop: yes - aut-num: AS209272 descr: Alviva Holding Limited remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes
+aut-num: AS210848 +descr: Telkom Internet LTD +remarks: Rogue ISP (linked to AS202425) located in NL +country: NL +drop: yes + aut-num: AS211193 descr: ABDILAZIZ UULU ZHUSUP remarks: bulletproof ISP and IP hijacker, traces to RU country: RU drop: yes
+aut-num: AS212552 +descr: BitCommand LLC +remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network +country: EU +drop: yes + aut-num: AS213058 descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU