Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 63 ++++++++++++++-- overrides/override-a2.txt | 5 ++ overrides/override-a3.txt | 90 ++++++++++++++++++++++ overrides/override-other.txt | 140 ++++++++++++++++++++++++++++++++--- 4 files changed, 283 insertions(+), 15 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 4dccbfc..284c3e8 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -71,6 +71,11 @@ descr: Asiamax Ltd. VPN remarks: VPN provider is-anonymous-proxy: yes
+aut-num: AS39770 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes + aut-num: AS43233 descr: VPS 404 Ltd. remarks: VPN provider [high confidence, but not proofed] located in ES @@ -93,6 +98,12 @@ descr: BeeVPN ApS remarks: VPN provider is-anonymous-proxy: yes
+aut-num: AS51381 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes +country: RU + aut-num: AS51446 descr: SP Argaev Artem Sergeyevich / Foundation Respect My Privacy remarks: VPN provider [high confidence, but not proofed] @@ -104,23 +115,28 @@ remarks: VPN provider (claims PA or BZ for some prefixes, but they are all hos is-anonymous-proxy: yes country: CH
+aut-num: AS53559 +descr: KST Networks / ANONYMIZER +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + aut-num: AS54990 descr: 1337 Services LLC remarks: Tor relay and VPN provider, traces back to SE [high confidence, but not proofed] is-anonymous-proxy: yes country: SE
-aut-num: AS53559 -descr: KST Networks / ANONYMIZER -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - aut-num: AS55303 descr: Eagle Sky Co., Lt[d ?] remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity is-anonymous-proxy: yes country: AP
+aut-num: AS56873 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes + aut-num: AS58110 descr: IP Volume Ltd. / Epik remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure @@ -136,6 +152,11 @@ descr: Geotelco Limited remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes
+aut-num: AS60424 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes + aut-num: AS60729 descr: Zwiebelfreunde e.V. remarks: Tor relay provider @@ -146,6 +167,12 @@ descr: Quintex Alliance Consulting remarks: Tor relay provider is-anonymous-proxy: yes
+aut-num: AS132825 +descr: Defense Australia Network +remarks: ... seems to be loaded with proxies, and not located in AU after all (HK?) +is-anonymous-proxy: yes +country: AP + aut-num: AS135609 descr: AMPR VPN remarks: VPN provider @@ -233,11 +260,22 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes country: GB
+aut-num: AS212824 +descr: WildProxies +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes +country: NL + aut-num: AS212987 descr: NekoCloud Solutions Limited remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes
+aut-num: AS213224 +descr: Blue Black Squared Limited +remarks: Owned by an offshore letterbox company, claims NL, but dead-ends in DE - hard to tell what is going on here +is-anonymous-proxy: yes + aut-num: AS394087 descr: Secure Internet LLC / PureVPN remarks: VPN provider @@ -1253,6 +1291,11 @@ descr: Tredinvest LLC / bestwest[.]host remarks: VPN provider or offering similar services [high confidence, but not proofed] is-anonymous-proxy: yes
+net: 185.215.113.0/24 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes + net: 185.220.100.0/22 descr: Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute remarks: Tor relay provider @@ -1450,6 +1493,11 @@ descr: Lynx Proxies Ltd. remarks: VPN provider is-anonymous-proxy: yes
+net: 194.110.84.0/24 +descr: NordVPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 194.242.2.0/24 descr: Mullvad VPN AB remarks: VPN provider @@ -1804,3 +1852,8 @@ net: 2c0f:f930::/32 descr: Cyberdyne S.A. remarks: Tor relay provider is-anonymous-proxy: yes + +net: 2a10:9700::/29 +descr: 1337TEAM LIMITED / eliteteam[.]to +remarks: Owned by an offshore letterbox company, suspected rogue ISP +is-anonymous-proxy: yes diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt index eeb4099..4aac6ea 100644 --- a/overrides/override-a2.txt +++ b/overrides/override-a2.txt @@ -468,6 +468,11 @@ descr: ALCON TELECOM LTD remarks: Satellite Internet provider is-satellite-provider: yes
+aut-num: AS212722 +descr: ALMASFOOFA for Communication & Internet Ltd +remarks: Satellite Internet provider [high confidence, but not proofed] +is-satellite-provider: yes + aut-num: AS265676 descr: INTERSAT S.A. remarks: Satellite Internet provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 4b313f8..3c38b69 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -14,6 +14,16 @@ descr: University of Pennsylvania remarks: Generic anycast network is-anycast: yes
+aut-num: AS1921 +descr: NIC.at +remarks: TLD operator's anycast network +is-anycast: yes + +aut-num: AS2484 +descr: AFNIC +remarks: TLD operator's anycast network +is-anycast: yes + aut-num: AS2591 descr: IMPLETEC TECHNOLOGIES LTD remarks: Generic anycast network, RIR contact data contain garbage :-/ @@ -25,6 +35,11 @@ descr: DirectNIC, Ltd. remarks: Generic anycast network [high confidence, but not proofed] is-anycast: yes
+aut-num: AS9179 +descr: FidoNet Registration Services Ltd. +remarks: Generic anycast network +is-anycast: yes + aut-num: AS13335 descr: Cloudflare, Inc. remarks: Worldwide CDN, does not make sense to assign their networks to a specific country @@ -35,6 +50,21 @@ descr: Akamai Technologies, Inc. remarks: Worldwide CDN, does not make sense to assign their networks to a specific country is-anycast: yes
+aut-num: AS18366 +descr: APNIC +remarks: Generic anycast network +is-anycast: yes + +aut-num: AS18368 +descr: APNIC +remarks: Generic anycast network +is-anycast: yes + +aut-num: AS18369 +descr: APNIC +remarks: Generic anycast network +is-anycast: yes + aut-num: AS20577 descr: TRADEWEB EUROPE LIMITED remarks: Generic anycast network [high confidence, but not proofed] @@ -100,6 +130,11 @@ descr: Canadian Internet Registration Authority (CIRA) remarks: Generic anycast network is-anycast: yes
+aut-num: AS41637 +descr: Hosting.de GmbH +remarks: Generic anycast network +is-anycast: yes + aut-num: AS42388 descr: ANEXIA Internetdienstleistungs GmbH remarks: Public anycast DNS nameserver network [high confidence, but not proofed] @@ -111,6 +146,16 @@ remarks: Generic anycast network [high confidence, but not proofed], RIR data co is-anycast: yes country: RU
+aut-num: AS47578 +descr: PRT Systems Limited +remarks: Generic anycast network +is-anycast: yes + +aut-num: AS48283 +descr: Stichting Internet Domeinregistratie Nederland +remarks: TLD operator's anycast network +is-anycast: yes + aut-num: AS49287 descr: Melbikomas UAB remarks: Generic anycast network [high confidence, but not proofed] @@ -127,6 +172,16 @@ descr: Misaka Network, Inc. remarks: Generic anycast network is-anycast: yes
+aut-num: AS57706 +descr: Hybula B.V. +remarks: Generic anycast network +is-anycast: yes + +aut-num: AS57926 +descr: SafeDNS, Inc. +remarks: Public anycast DNS resolver network [high confidence, but not proofed] +is-anycast: yes + aut-num: AS58093 descr: coreIT.pl remarks: Generic anycast network @@ -157,6 +212,11 @@ descr: EZNet LIMITED remarks: Generic anycast network is-anycast: yes
+aut-num: AS61107 +descr: TOONBOX STUDIO LTD +remarks: Generic anycast network [high confidence, but not proofed] +is-anycast: yes + aut-num: AS62766 descr: SJB Communications remarks: Generic anycast network @@ -177,6 +237,11 @@ descr: AusRegistry remarks: TLD operator's anycast network is-anycast: yes
+aut-num: AS134409 +descr: PublicDNS / HostLink +remarks: Public anycast DNS resolver network +is-anycast: yes + aut-num: AS198794 descr: Thomas Steen Rasmussen / UncensoredDNS / censurfridns.dk remarks: Public anycast DNS resolver network @@ -197,6 +262,11 @@ descr: CentralNic Ltd remarks: Generic anycast network is-anycast: yes
+aut-num: AS202687 +descr: Mainloop AB +remarks: Generic anycast network +is-anycast: yes + aut-num: AS203391 descr: Cloud DNS Ltd remarks: Generic anycast network @@ -222,6 +292,11 @@ descr: DEVCLIC SARL remarks: Generic anycast network is-anycast: yes
+aut-num: AS206763 +descr: XINDI Networks SRL +remarks: Generic anycast network +is-anycast: yes + aut-num: AS207021 descr: ipcom GmbH remarks: Generic anycast network @@ -242,6 +317,16 @@ descr: Stichting Internet Domeinregistratie Nederland (SIDN) remarks: TLD operator's anycast network is-anycast: yes
+aut-num: AS213059 +descr: Mythic Beasts Ltd. +remarks: Generic anycast network +is-anycast: yes + +aut-num: AS394695 +descr: PDR +remarks: TLD operator's anycast network [high confidence, but not proofed - RIR data contain garbage either way :-/ ] +is-anycast: yes + aut-num: AS396981 descr: Deteque LLC remarks: Generic anycast network @@ -1724,6 +1809,11 @@ descr: Erik Larsson remarks: Generic anycast network is-anycast: yes
+net: 2a06:e881:4304::/48 +descr: RISHIKESHAN LAVAKUMAR +remarks: Generic anycast network +is-anycast: yes + net: 2a0b:6b83::/48 descr: Roelf Wichertjes remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index c576d38..454d1d5 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -28,6 +28,11 @@ descr: Dimension Data remarks: ISP (?) located in ZA, but some RIR data for announced prefixes contain garbage country: ZA
+aut-num: AS4842 +descr: Tianhai InfoTech +remarks: IP hijacker located somewhere in AP, massively tampers with RIR data +country: AP + aut-num: AS6134 descr: XNNET LLC remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data @@ -123,6 +128,11 @@ descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage (BZ) country: US
+aut-num: AS34224 +descr: Neterra Ltd. +remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage +country: BG + aut-num: AS35042 descr: IP Interactive UG (haftungsbeschraenkt) remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -138,21 +148,16 @@ descr: Buena Telecom SRL remarks: ISP located in RO, but RIR data for announced prefixes contain garbage country: RO
-aut-num: AS37518 -descr: Fiber Grid Inc. -remarks: tampers with RIR data, traces back to SE -country: SE - -aut-num: AS34224 -descr: Neterra Ltd. -remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage -country: BG - aut-num: AS35145 descr: iDea Leaper Innovation Inc. remarks: tampers with RIR data, traces back to AP area country: AP
+aut-num: AS35415 +descr: Webzilla B.V. +remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS35619 descr: Kevin Buehl remarks: ... who thinks messing with countries is funny :-/ @@ -163,6 +168,16 @@ descr: Silverstar Invest Limited remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU
+aut-num: AS38197 +descr: Sun Network (Hong Kong) Limited +remarks: ISP located in HK (duh!), but some RIR data for announced prefixes contain garbage +country: HK + +aut-num: AS37518 +descr: Fiber Grid Inc. +remarks: tampers with RIR data, traces back to SE +country: SE + aut-num: AS39182 descr: Netex Limited remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -253,6 +268,16 @@ descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU
+aut-num: AS44992 +descr: KeonWoo PARK +remarks: claims US for its prefixes announced, but traces back to KR +country: KR + +aut-num: AS45753 +descr: Network and Security Solutions Limited +remarks: ISP located in HK, but some RIR data for announced prefixes contain garbage +country: HK + aut-num: AS47105 descr: Dreamtorrent Corp remarks: traceroutes dead-end somewhere in or near RU @@ -313,6 +338,11 @@ descr: Serverius Holding B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL
+aut-num: AS51089 +descr: SALTYFISH TECH LTD +remarks: traceroutes dead-end somewhere near HK +country: HK + aut-num: AS51558 descr: Smart Telecom S.A.R.L remarks: tampers with RIR data, traces back to RU @@ -323,11 +353,21 @@ descr: LLC Baxet remarks: tampers with RIR data, traces back to RU country: RU
+aut-num: AS51999 +descr: WhiteHat Inc. +remarks: tampers with RIR data +country: EU + aut-num: AS55933 descr: Cloudie Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP
+aut-num: AS56382 +descr: vServer.site LTD +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL @@ -428,6 +468,11 @@ descr: Inter Connects Inc. / Jing Yun remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks country: SE
+aut-num: AS60721 +descr: Bursabil Teknoloji A.S. +remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage +country: TR + aut-num: AS60781 descr: LeaseWeb Netherlands B.V. remarks: ISP located in Amsterdam, NL, but many RIR data for announced prefixes contain garbage @@ -468,6 +513,11 @@ descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate, traces back to US this time country: US
+aut-num: AS64050 +descr: BGP Consultancy Pte Ltd +remarks: possibly invoved in IP hijacking, located somewhere in AP area +country: AP + aut-num: AS64425 descr: SKB Enterprise B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -483,6 +533,16 @@ descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED remarks: ISP located in HK, tampers with RIR data country: HK
+aut-num: AS132839 +descr: POWER LINE DATACENTER +remarks: ISP and/or IP hijacker located in HK, tampers with RIR data +country: HK + +aut-num: AS133441 +descr: CloudITIDC Global +remarks: ISP and/or IP hijacker located somehwere in AP +country: AP + aut-num: AS133752 descr: Leaseweb Asia Pacific pte. ltd. remarks: ISP located in HK, some RIR data for announced prefixes contain garbage @@ -518,6 +578,11 @@ descr: Cloud Servers Pvt Ltd remarks: ISP located in NL, all RIR data for announced prefixes contain garbage country: NL
+aut-num: AS136800 +descr: ICIDC NETWORK +remarks: IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data +country: AP + aut-num: AS136988 descr: Leaseweb Australia Pty. Ltd. remarks: ISP located in AU, some RIR data for announced prefixes contain garbage @@ -533,6 +598,11 @@ descr: Clayer Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP
+aut-num: AS138195 +descr: MOACK.Co.LTD +remarks: ISP located KR in, some RIR data for announced prefixes contain garbage +country: KR + aut-num: AS138571 descr: SUPERCLOUDS LIMITED remarks: ISP located in HK, tampers with RIR data @@ -553,6 +623,11 @@ descr: SANREN DATA LIMITED remarks: IP hijacker located somewhere in AP region, tampers with RIR data country: AP
+aut-num: AS139659 +descr: LUCIDACLOUD LIMITED +remarks: ISP and/or IP hijacker located in HK, tampers with RIR data +country: HK + aut-num: AS139811 descr: ANLIAN NETWORK TECHNOLOGY CO., LIMITED remarks: ISP located in HK, tampers with RIR data @@ -693,6 +768,11 @@ descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage country: ES
+aut-num: AS207400 +descr: AAEX NETWORK TECHNOLOGY LTD +remarks: IP hijacker located in HK +country: HK + aut-num: AS207569 descr: Network Management Ltd. remarks: traceroutes dead-end somewhere in or near RU @@ -773,6 +853,11 @@ descr: WFD SERVICE LTD remarks: ISP located in NL, but RIR data for announced prefixes contain garbage country: NL
+aut-num: AS212001 +descr: Perry Paans trading as Release V.O.F. +remarks: ISP located in NL, but RIR data for announced prefixes contain garbage +country: NL + aut-num: AS212231 descr: Harry Dowd remarks: ISP located in GB, but RIR data for announced prefixes contain garbage @@ -788,6 +873,11 @@ descr: Massimo Cotrozzi remarks: ISP located in GB, but RIR data for announced prefixes contain garbage country: GB
+aut-num: AS212528 +descr: MILEGROUP LTD +remarks: traceroutes dead-end somewhere in Central Europe +country: EU + aut-num: AS212667 descr: RECONN LLC remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -848,11 +938,31 @@ descr: PEG TECH INC remarks: ISP located in HK, tampers with RIR data country: HK
+aut-num: AS398823 +descr: PEG TECH INC +remarks: ISP and/or IP hijacker located in HK, tampers with RIR data +country: HK + aut-num: AS398826 descr: OLink Cloud LLC remarks: shady ISP located in US, but some RIR data for announced prefixes contain garbage country: US
+aut-num: AS398993 +descr: PEG TECH INC +remarks: ISP and/or IP hijacker located in HK, tampers with RIR data +country: HK + +aut-num: AS399471 +descr: Serverion LLC +remarks: ISP located in NL, RIR data contain garbage +country: NL + +aut-num: AS399077 +descr: Tcloudnet +remarks: Part of the "ASLINE" IP hijacking gang, HK vicinity seems to be part of US too for them :-/ +country: AP + net: 5.1.68.0/24 descr: GaiacomLC remarks: routed to DE, inaccurate RIR data @@ -893,6 +1003,11 @@ descr: FlokiNET Ltd. remarks: fake offshore location (SC), traces back to RO country: RO
+net: 44.159.73.0/24 +descr: Soha Jin +remarks: inaccurate data from ARIN, traces back to CN +country: CN + net: 45.11.152.0/22 descr: Karolio IT paslaugos, UAB remarks: fake location (IR), traces back to NL @@ -1078,6 +1193,11 @@ descr: NetConn Services Ltd remarks: APNIC chunk owned by a HK-based company, routed to AP region, but assigned to SC country: AP
+net: 2402:e940:f00::/48 +descr: Wind Cloud Network Technology Co Ltd. +remarks: appears to be used out of Tokyo, JP +country: JP + net: 2a02:e00:ffe7::/48 descr: Bradler & Krantz GmbH & Co. KG remarks: allocated to DE, but actually announced from LT