Signed-off-by: Peter Müller peter.mueller@ipfire.org --- overrides/override-a1.txt | 37 +------------- overrides/override-other.txt | 95 ++++++++++++++++++++++++++++-------- overrides/override-xd.txt | 34 ++++++++++++- 3 files changed, 108 insertions(+), 58 deletions(-)
diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 5b620fe..43e0174 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -729,21 +729,6 @@ descr: GZ Systems Limited / PureVPN remarks: VPN provider is-anonymous-proxy: yes
-net: 62.73.7.0/24 -descr: Privax LTD / AVAST s.r.o. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 62.73.8.0/23 -descr: Privax LTD / AVAST s.r.o. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 62.73.10.0/24 -descr: Privax LTD / AVAST s.r.o. -remarks: VPN provider -is-anonymous-proxy: yes - net: 62.149.160.0/20 descr: Aruba VPN remarks: VPN provider @@ -835,7 +820,7 @@ is-anonymous-proxy: yes
net: 80.254.74.0/20 descr: Monzoon / SwissVPN -remarks: VPN provider [high confidence, but not proofed] +remarks: VPN provider is-anonymous-proxy: yes
net: 82.199.130.0/24 @@ -1135,11 +1120,6 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes country: FR
-net: 156.0.200.0/22 -descr: xTom Limited -remarks: ... network operator thinks messing with countries and having an offshore company for it is funny :-/ -is-anonymous-proxy: yes - net: 159.197.128.0/17 descr: Nationwide Computer Systems, Inc. trading as IPTrading.com remarks: Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-netw... @@ -1236,16 +1216,6 @@ descr: Private Internet Access remarks: VPN provider is-anonymous-proxy: yes
-net: 173.239.252.0/24 -descr: OculusProxies -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 173.239.252.0/24 -descr: BGRVPN -remarks: VPN provider -is-anonymous-proxy: yes - net: 173.244.32.0/19 descr: LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / CookieProxy / etc. pp. remarks: large IP chunk mostly used by VPN providers @@ -1505,11 +1475,6 @@ descr: GZ Systems Limited / PureVPN remarks: VPN provider is-anonymous-proxy: yes
-net: 190.115.16.0/20 -descr: DDOS-GUARD CORP. -remarks: IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize" -is-anonymous-proxy: yes - net: 191.96.1.0/23 descr: GZ Systems Limited / PureVPN remarks: VPN provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 56bb12e..89ad8e0 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -92,8 +92,8 @@ country: GR
aut-num: AS6134 descr: XNNET LLC -remarks: traces back to an unknown oversea location (HK?), seems to tamper with RIR data -country: AP +remarks: traces back to HK, seems to tamper with RIR data +country: HK
aut-num: AS6412 name: Zajil International Telecom Company @@ -144,6 +144,11 @@ descr: Nexril remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US
+aut-num: AS15611 +descr: Iranian Research Organization for Science & Technology +remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage +country: IR + aut-num: AS15828 descr: Blue Diamond Network Co., Ltd. remarks: Shady ISP located somewhere in AP @@ -268,6 +273,11 @@ descr: ASLINE LIMITED remarks: ... located in HK country: HK
+aut-num: AS34837 +descr: Institute for Research in Fundamental Sciences +remarks: ISP located in IR, but some RIR data for announced prefixes contain garbage +country: IR + aut-num: AS34985 descr: Kirin Communication Limited remarks: ISP located in JP, but some RIR data for announced prefixes contain garbage @@ -468,6 +478,11 @@ descr: KeonWoo PARK remarks: claims US for its prefixes announced, but traces back to KR country: KR
+aut-num: AS45250 +descr: Vocom International Telecommunications AP Area +remarks: ISP located in AP area, some RIR data for announced prefixes contain garbage +country: AP + aut-num: AS45671 descr: Servers Australia Pty. Ltd. remarks: ISP located in AU, but some RIR data for announced prefixes contain garbage @@ -578,11 +593,6 @@ descr: WhiteHat Inc. remarks: tampers with RIR data country: EU
-aut-num: AS54600 -descr: PEG TECH INC -remarks: ISP and/or IP hijacker located in US this time, tampers with RIR data -country: US - aut-num: AS55330 descr: AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK remarks: For some reason, some "Airbus Defence and Space AS" prefixes are announced by this one... @@ -658,6 +668,21 @@ descr: INNETRA PC remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU country: EU
+aut-num: AS58879 +descr: Shanghai Anchang Network Security Technology Co.,Ltd. +remarks: ... network infrastructure is believed to be located in HK, has some links to ASLINE hijacking gang +country: HK + +aut-num: AS59043 +descr: Guangzhou LanDong Information technology co., LTD +remarks: ... network infrastructure is believed to be located in HK +country: HK + +aut-num: AS59117 +descr: DREAM CLOUD INNOVATION PTE. LTD. +remarks: Claims to be located in JP or SG, but is likely located in HK +country: HK + aut-num: AS59253 descr: Leaseweb Asia Pacific pte. ltd. remarks: ISP located in SG, but some RIR data for announced prefixes contain garbage @@ -773,6 +798,11 @@ descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED remarks: ISP located in HK, tampers with RIR data country: HK
+aut-num: AS132813 +descr: HK AISI CLOUD COMPUTING LIMITED +remarks: ISP and/or IP hijacker located in HK, tampers with RIR data +country: HK + aut-num: AS132839 descr: POWER LINE DATACENTER remarks: ISP and/or IP hijacker located in HK, tampers with RIR data @@ -799,7 +829,7 @@ remarks: IP hijacker located somewhere in AP area, suspected to be part of the " country: AP
aut-num: AS134196 -descr: Cloudie Limited +descr: ANYUN INTERNET TECHNOLOGY (HK) CO.,LIMITED remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region (HK? CN?) country: AP
@@ -818,6 +848,11 @@ descr: Sky Digital Co., Ltd. remarks: IP hijacker located in TW, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data country: TW
+aut-num: AS135097 +descr: LUOGELANG (FRANCE) LIMITED +remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage +country: HK + aut-num: AS136274 descr: Cloud Servers Pvt Ltd remarks: ISP located in NL, all RIR data for announced prefixes contain garbage @@ -828,11 +863,26 @@ descr: Optix Pakistan (Pvt.) Limited remarks: ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage country: PK
+aut-num: AS136744 +descr: DREAM POWER TECHNOLOGY LIMITED +remarks: Located somewhere in AP (HK? KR?), tampers with RIR data a lot +country: AP + +aut-num: AS136746 +descr: XRCLOUD.NET INC. +remarks: ... located in HK +country: HK + aut-num: AS136933 descr: Gigabitbank Global / Anchnet Asia Limited (?) remarks: IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data country: AP
+aut-num: AS136950 +descr: Hong Kong FireLine Network LTD +remarks: ... located in HK (surprise!), but thinks allocating things to random countries worldwide is funny +country: HK + aut-num: AS136988 descr: Leaseweb Australia Pty. Ltd. remarks: ISP located in AU, some RIR data for announced prefixes contain garbage @@ -843,11 +893,6 @@ descr: Anchnet Asia Limited remarks: IP hijacker located in HK, tampers with RIR data country: HK
-aut-num: AS137523 -descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED -remarks: ISP and IP hijacker located in HK, tampers with RIR data -country: HK - aut-num: AS138195 descr: MOACK.Co.LTD remarks: ISP located in KR, some RIR data for announced prefixes contain garbage @@ -878,6 +923,11 @@ descr: SANREN DATA LIMITED remarks: IP hijacker located somewhere in AP region, tampers with RIR data country: AP
+aut-num: AS139471 +descr: HWA CENT TELECOMMUNICATIONS LIMITED +remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data +country: AP + aut-num: AS139640 descr: HK NEW CLOUD TECHNOLOGY LIMITED remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data @@ -908,6 +958,11 @@ descr: Galaxy Broadband remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd... country: PK
+aut-num: AS140214 +descr: Create Prominent Information Limited +remarks: Shady ISP located in HK +country: HK + aut-num: AS140224 descr: White-Sand Cloud Computing(HK) Co., LIMITED remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region @@ -938,6 +993,11 @@ descr: FLP Kochenov Aleksej Vladislavovich remarks: ISP located in UA, but RIR data for announced prefixes all say EU country: UA
+aut-num: AS197540 +descr: netcup GmbH +remarks: ISP located in DE, some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS200019 descr: ALEXHOST SRL remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network @@ -1260,8 +1320,8 @@ country: ZA
aut-num: AS328608 descr: Africa on Cloud -remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes -country: AP +remarks: ... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes - anyway, traces back to ZA :-/ +country: ZA
aut-num: AS328703 descr: Seven Network Inc. @@ -1678,11 +1738,6 @@ descr: 4b42 UG (haftungsbeschränkt) remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ country: DE
-net: 2a0f:7a80::/29 -descr: ASLINE Limited -remarks: APNIC chunk owned by a HK-based company, but assigned to DE -country: AP - net: 2a0f:e400:3000::/40 descr: Kevin Buehl remarks: ... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/ diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 76ceab3..738a699 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -40,8 +40,8 @@ drop: yes
aut-num: AS211849 descr: Kakharov Orinbassar Maratuly -remarks: ISP and IP hijacker located in RU, many RIR data for announced prefixes contain garbage -country: RU +remarks: ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage +country: KZ drop: yes
aut-num: AS24009 @@ -97,6 +97,12 @@ remarks: Owned by an offshore letterbox company, suspected rogue ISP country: RU drop: yes
+aut-num: AS54600 +descr: PEG TECH INC +remarks: ISP and IP hijacker located in US this time, tampers with RIR data +country: US +drop: yes + aut-num: AS55303 descr: Eagle Sky Co., Lt[d ?] remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity @@ -166,6 +172,12 @@ remarks: IP hijacker located in HK, suspected to be part of the "Asline" IP hija country: HK drop: yes
+aut-num: AS137523 +descr: HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED +remarks: ISP and IP hijacker located in HK, tampers with RIR data +country: HK +drop: yes + aut-num: AS137951 descr: Clayer Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK @@ -261,6 +273,18 @@ remarks: ISP located in HK, tampers with RIR data country: HK drop: yes
+aut-num: AS398993 +descr: PEG TECH INC +remarks: ISP located in JP, tampers with RIR data +country: JP +drop: yes + +aut-num: AS399195 +descr: PEG TECH INC +remarks: ISP located in KR, tampers with RIR data +country: KR +drop: yes + net: 196.11.32.0/20 descr: Sanlam Life Insurance Limited remarks: Stolen AfriNIC IPv4 space announced from NL @@ -272,6 +296,12 @@ descr: NZB.si Enterprises remarks: Tampers with RIR data, not a safe place to route traffic to drop: yes
+net: 2a0f:7a80::/29 +descr: ASLINE Limited +remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE +country: HK +drop: yes + net: 2a10:9700::/29 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP