[PATCH] override-{a1,other}: Regular batch of various overrides

[PATCH] override-{a1,other}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 5051 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    | 27 ++++++++++++++++-----------
 overrides/override-other.txt | 30 ++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 11 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 70b97e1..5734c08 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -204,6 +204,11 @@ descr:				Anonymizer, Inc.
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
+aut-num:			AS201860
+descr:				MyTelco Ltd
+remarks:			VPN provider [high confidence, but not proofed]
+is-anonymous-proxy:		yes
+
 aut-num:			AS205016
 descr:				HERN Labs AB
 remarks:			VPN provider [high confidence, but not proofed]
@@ -232,6 +237,11 @@ descr:				V6 Networking LLC
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:		yes
 
+aut-num:			AS208169
+descr:				Artikel10 e.V.
+remarks:			Tor relay provider
+is-anonymous-proxy:		yes
+
 aut-num:			AS208256
 descr:				Stingers, Inc.
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
@@ -248,12 +258,6 @@ descr:				Foundation for Applied Privacy
 remarks:			Tor relay provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS213005
-descr:				Proxyseo Ltd.
-remarks:			VPN provider located in ES
-is-anonymous-proxy:		yes
-country:			ES
-
 aut-num:			AS208476
 descr:				Danilenko, Artyom
 remarks:			(Rogue) VPN provider
@@ -281,11 +285,6 @@ descr:				Privex Inc.
 remarks:			VPN and Tor relay provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS201860
-descr:				MyTelco Ltd
-remarks:			VPN provider [high confidence, but not proofed]
-is-anonymous-proxy:		yes
-
 aut-num:			AS212052
 descr:				BOET NOTIFY LTD.
 remarks:			VPN provider [high confidence, but not proofed]
@@ -313,6 +312,12 @@ descr:				NekoCloud Solutions Limited
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 
+aut-num:			AS213005
+descr:				Proxyseo Ltd.
+remarks:			VPN provider located in ES
+is-anonymous-proxy:		yes
+country:			ES
+
 aut-num:			AS213224
 descr:				Blue Black Squared Limited
 remarks:			Owned by an offshore letterbox company, claims NL, but dead-ends in DE - hard to tell what is going on here
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 997b37e..dab86a0 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -344,6 +344,11 @@ descr:		ab stract / Peter Kolmisoppi
 remarks:	tampers with RIR data, traces back to SE
 country:	SE
 
+aut-num:	AS39782
+descr:		Rack Sphere Hosting S.A.
+remarks:	claims PA for some prefixes, but they are all hosted in CH
+country:	CH
+
 aut-num:	AS40034
 descr:		Confluence Networks Inc.
 remarks:	fake offshore location (VG), traces back to Austin, TX, US
@@ -409,6 +414,11 @@ descr:		NForce Entertainment B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
 country:	NL
 
+aut-num:	AS43440
+descr:		Digitale Suisse AG
+remarks:	ISP located in CH, but some RIR data for announced prefixes contain garbage
+country:	CH
+
 aut-num:	AS43624
 descr:		PQ HOSTING S.R.L.
 remarks:	tampers with RIR data sometimes, traces back to NL
@@ -559,6 +569,11 @@ descr:		Cloudie Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS56322
+descr:		ServerAstra Kft.
+remarks:	ISP located in HU, but some RIR data for announced prefixes contain garbage
+country:	HU
+
 aut-num:	AS56382
 descr:		vServer.site LTD
 remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
@@ -724,6 +739,11 @@ descr:		BGP Consultancy Pte Ltd
 remarks:	possibly invoved in IP hijacking, located somewhere in AP area
 country:	AP
 
+aut-num:	AS64122
+descr:		SWISS GLOBAL SERVICES S.A.S.
+remarks:	... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them
+country:	CH
+
 aut-num:	AS64425
 descr:		SKB Enterprise B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
@@ -1124,6 +1144,11 @@ descr:		VPSSC Networks LTD
 remarks:	ISP located in UA, but RIR data for announced prefixes contain garbage
 country:	UA
 
+aut-num:	AS210848
+descr:		Telkom Internet LTD
+remarks:	shady ISP currently located in NL
+country:	NL
+
 aut-num:	AS211380
 descr:		PAYWISE HOLDING Sp. z.o.o.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1194,6 +1219,11 @@ descr:		Private Internet Hosting LTD
 remarks:	bulletproof ISP located in RU
 country:	RU
 
+aut-num:	AS213194
+descr:		Alfa Web Solutions Ltd.
+remarks:	shady ISP located in NL
+country:	NL
+
 aut-num:	AS213373
 descr:		IP Connect Inc.
 remarks:	fake offshore location (SC), traces back to NL
-- 
2.26.2

[PATCH] override-{a1,other}: regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 14835 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    | 177 ++++++++++++++++++++++++++++++++++-
 overrides/override-other.txt |  20 ++++
 2 files changed, 195 insertions(+), 2 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index b4940b2..acb5cb2 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -34,6 +34,11 @@ descr:				Maginfo
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS13487
+descr:				ULTRA PACKET LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS16255
 descr:				IRIDIUM PROVIDER LTD
 remarks:			VPN provider [high confidence, but not proofed] located in RU
@@ -99,6 +104,11 @@ descr:				Layer 3 VPN ASN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS46732
+descr:				RESIDENTIAL NETWORKING SOLUTIONS LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS51432
 descr:				BeeVPN ApS
 remarks:			VPN provider
@@ -184,6 +194,11 @@ descr:				AMPR VPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS197640
+descr:				OverPlay.Net LP
+remarks:			VPN and/or proxy provider
+is-anonymous-proxy:	yes
+
 aut-num:			AS201665
 descr:				Anonymizer, Inc.
 remarks:			VPN provider
@@ -206,6 +221,22 @@ remarks:			VPN provider located in BR [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 country:			BR
 
+aut-num:			AS207907
+descr:				NSQ Venture (M) SDN BHD
+remarks:			Possibly part of https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/, also tampers with RIR data
+is-anonymous-proxy:	yes
+country:			US
+
+aut-num:			AS207976
+descr:				V6 Networking LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+aut-num:			AS208256
+descr:				Stingers, Inc.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS208294
 descr:				CIA TRIAD SECURITY LLC
 remarks:			Tor relay provider located in or near Berlin, DE
@@ -229,6 +260,11 @@ remarks:			(Rogue) VPN provider
 is-anonymous-proxy:	yes
 country:			EU
 
+aut-num:			AS208979
+descr:				RESNET INC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS209623
 descr:				David Craig
 remarks:			(Rogue) VPN provider
@@ -297,16 +333,47 @@ descr:				Castle VPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS397539
+descr:				LAKSH CYBERSECURITY AND DEFENSE LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS397685
 descr:				Business VPN LLC
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS397770
+descr:				LAKSH CYBERSECURITY AND DEFENSE LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+aut-num:			AS397881
+descr:				Stingers, Inc.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+aut-num:			AS398083
+descr:				Ting Wireless
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+country:			US
+
 aut-num:			AS398271
 descr:				HardenedVPN[.]com LLC
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS398481
+descr:				RedMercury Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+aut-num:			AS398559
+descr:				Tunbroker LLC
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 aut-num:			AS399928
 descr:				STELLAR PROXIES
 remarks:			VPN or open proxy provider
@@ -317,6 +384,11 @@ descr:				VPN Consumer Network
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				2.59.248.0/22
+descr:				Mayak Creative Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				5.62.16.0/24
 descr:				Privax LTD / PRCDN Consumer Pool / AVAST s.r.o.
 remarks:			VPN provider
@@ -367,6 +439,11 @@ descr:				Privax LTD / PRCDN Consumer Pool / AVAST s.r.o.
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				5.181.40.0/22
+descr:				Tal Mukdasi
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				5.182.34.0/24
 descr:				Coca Proxies VOF
 remarks:			VPN provider
@@ -382,6 +459,11 @@ descr:				VPNTunnel
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				5.253.56.0/22
+descr:				Mayak Consulting Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				5.254.128.0/19
 descr:				VPNTunnel / Hushy VPN / Anonine VPN / Edelino Commerce Inc.
 remarks:			VPN provider
@@ -497,6 +579,12 @@ descr:				GZ Systems Limited / PureVPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				45.8.92.0/22
+descr:				Cloud Computing Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+country:			US
+
 net:				45.9.12.0/22
 descr:				VPNHost SIA
 remarks:			VPN provider
@@ -552,6 +640,16 @@ descr:				Secure Internet LLC
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				45.131.168.0/22
+descr:				Xantho Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				45.135.160.0/22
+descr:				Revonia Ltd. / LAKSH / IAPS
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				45.142.122.0/24
 descr:				Shtrauh Andrey
 remarks:			VPN provider [high confidence, but not proofed]
@@ -573,6 +671,16 @@ descr:				Express VPN International Ltd
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				45.155.128.0/22
+descr:				Revonia Ltd. / LAKSH / IAPS
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				45.157.36.0/22
+descr:				Gabor Marton
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
@@ -590,7 +698,7 @@ is-anonymous-proxy:	yes
 
 net:				46.36.200.0/22
 descr:				IAPS Security Services, L.L.C.
-remarks:			VPN provider
+remarks:			VPN provider, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:	yes
 
 net:				46.243.136.0/21
@@ -808,6 +916,11 @@ descr:				VPNHOST SIA
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				85.209.132.0/22
+descr:				Mayak Creative Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				88.81.248.0/24
 descr:				TopNet ISP VPN
 remarks:			VPN provider
@@ -868,6 +981,11 @@ descr:				Octopusnet VPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				95.214.160.0/22
+descr:				B Consulting Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				98.159.233.0/24
 descr:				VPN Consumer Network
 remarks:			VPN provider
@@ -1064,6 +1182,11 @@ descr:				xTom Limited
 remarks:			... network operator thinks messing with countries and having an offshore company for it is funny :-/
 is-anonymous-proxy:	yes
 
+net:				159.197.128.0/17
+descr:				Nationwide Computer Systems, Inc. trading as IPTrading.com
+remarks:			Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				161.129.60.0/24
 descr:				10VPN Hosting
 remarks:			VPN provider
@@ -1235,6 +1358,16 @@ descr:				Freedom of Speech VPN / nVPN / David Craig
 remarks:			(Rogue) VPN provider
 is-anonymous-proxy:	yes
 
+net:				185.147.100.0/22
+remarks:			Mayak Smart Services Ltd.
+descr:				Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				185.147.213.0/24
+descr:				Strong Technology SE
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+
 net:				185.153.177.0/24
 descr:				NordVPN
 remarks:			VPN provider
@@ -1313,6 +1446,11 @@ descr:				VKVPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				185.239.244.0/22
+descr:				Xantho Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				185.244.28.0/22
 descr:				Angelo Kreikamp trading as Forhosting / Freedom of Speech VPN / nVPN / David Craig / ...
 remarks:			(Rogue) VPN provider
@@ -1324,6 +1462,21 @@ remarks:			(Rogue) VPN provider, fake location (SC), traces back to NL
 is-anonymous-proxy:	yes
 country:			NL
 
+net:				185.244.104.0/22
+descr:				Xantho Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				185.246.236.0/22
+descr:				Xantho Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				185.254.16.0/22
+descr:				Xantho Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				186.2.160.0/20
 descr:				DDOS-GUARD CORP.
 remarks:			IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize"
@@ -1489,6 +1642,16 @@ descr:				NordVPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				194.38.40.0/22
+descr:				BIDIT Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
+net:				194.48.100.0/22
+descr:				B Consulting Ltd.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				194.87.207.0/24
 descr:				Lynx Proxies Ltd.
 remarks:			VPN provider
@@ -1521,7 +1684,7 @@ is-anonymous-proxy:	yes
 
 net:				196.52.0.0/14
 descr:				LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / CookieProxy / etc. pp.
-remarks:			large IP chunk mostly used by VPN providers
+remarks:			Hijacked AfriNIC IP chunk mostly used by VPN providers
 is-anonymous-proxy:	yes
 
 net:				196.61.192.0/20
@@ -1539,6 +1702,11 @@ descr:				Defender cloud international LLC
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 
+net:				198.228.0.0/16
+descr:				Service Provider Corporation
+remarks:			Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				199.249.223.0/24
 descr:				Quintex Alliance Consulting
 remarks:			Tor relay provider
@@ -1754,6 +1922,11 @@ descr:				CACHE-VPN-NET
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 
+net:				2a03:b600::/29
+descr:				IAPS Security Services, L.L.C.
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:	yes
+
 net:				2a03:e600:100::/48
 descr:				Foundation for Applied Privacy
 remarks:			Tor relay provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 2c7caaa..e99325b 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -354,6 +354,11 @@ descr:		NextGenWebs, S.L.
 remarks:	traces back to NL
 country:	NL
 
+aut-num:	AS42237
+descr:		AMATI FOUNDATION
+remarks:	ISP located in SE, seems to tamper with RIR data (proxies too?)
+country:	SE
+
 aut-num:	AS42397
 descr:		Bunea TELECOM SRL
 remarks:	ISP located in RO, but some RIR data for announced prefixes contain garbage
@@ -989,6 +994,11 @@ descr:		AAEX NETWORK TECHNOLOGY LTD
 remarks:	IP hijacker located in HK
 country:	HK
 
+aut-num:	AS207429
+descr:		Kapteyan Bilisim Teknolojileri
+remarks:	ISP located in TR, but many RIR data for announced prefixes contain garbage
+country:	TR
+
 aut-num:	AS207461
 descr:		Liquid IO
 remarks:	ISP located in US, but many RIR data for announced prefixes contain garbage
@@ -1024,6 +1034,11 @@ descr:		Internet Hosting Ltd.
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 country:	BG
 
+aut-num:	AS208485
+descr:		Nese Mala / Moon DC
+remarks:	shady ISP located in TR, but many RIR data for announced prefixes contain garbage
+country:	TR
+
 aut-num:	AS209132
 descr:		Alviva Holding Limited
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
@@ -1044,6 +1059,11 @@ descr:		SEMrush CY LTD
 remarks:	claims CY for announced prefixes, but they are all hosted in NL
 country:	NL
 
+aut-num:	AS209371
+descr:		Cenk Aksit
+remarks:	shady ISP located in TR, but RIR data for announced prefixes contain garbage
+country:	TR
+
 aut-num:	AS209401
 descr:		Gudaev Maxim Amrakhovich
 remarks:	announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage
-- 
2.20.1

[PATCH] override-{a1,other}: regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 11705 bytes --]

This one removes networks owned by Cloud Innovation Ltd. from the
"anonymous proxy" category, since the majority of them does not appear
to host anonymous proxies after all.

Same goes for 145.249.104.0/22; all of these are shady areas, however.
They might go into an "XD" category one day, since we do not consider
routing traffic from and to these is a good idea. At the time of
writing, there are still some technical and political (Should libloc
become an opinionated database? Where would we cut the line?) issues to
be solved.

Apart from that, this patch adds some more ASNs hijacking IPv4 space out
of Hong Kong in particular and the Asia/Pacific area in general. Given
the current situation at AfriNIC (whose IPv4 networks are most affected)
and the political environment in this area, cleaning up this dump would
be a tricky and tedious task to do.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  15 -----
 overrides/override-other.txt | 105 +++++++++++++++++++++++++++++++++++
 2 files changed, 105 insertions(+), 15 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 7cd0359..b4940b2 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -573,11 +573,6 @@ descr:				Express VPN International Ltd
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
-net:				45.192.0.0/12
-descr:				Cloud Innovation Ltd.
-remarks:			hijacked (?) AFRINIC IP chunk owned by an offshore company, routed to several dirty networks worldwide, cannot tell what is going on here
-is-anonymous-proxy:	yes
-
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
@@ -1053,11 +1048,6 @@ descr:				Hurricane VPN
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
-net:				145.249.104.0/22
-descr:				Liberty Services / IP Volume Inc.
-remarks:			VPN provider [high confidence, but not proofed]
-is-anonymous-proxy:	yes
-
 net:				154.0.24.0/24
 descr:				WIFI and PROXY NET / Atlantique Telecom
 remarks:			VPN provider [high confidence, but not proofed]
@@ -1069,11 +1059,6 @@ remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 country:			FR
 
-net:				154.192.0.0/11
-descr:				Cloud Innovation Ltd.
-remarks:			hijacked AFRINIC IP chunk, owned by suspicous offshore company, scattered across dirty networks worldwide - not a safe place to go
-is-anonymous-proxy:	yes
-
 net:				156.0.200.0/22
 descr:				xTom Limited
 remarks:			... network operator thinks messing with countries and having an offshore company for it is funny :-/
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index b0ee0ca..2c7caaa 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -110,6 +110,11 @@ descr:		PJSC Rostelecom
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS12679
+descr:		Sokolov Dmitry Nikolaevich
+remarks:	ISP located in RU, but many RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS12722
 descr:		RECONN LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -134,11 +139,21 @@ descr:		KLAYER LLC
 remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
 country:	AP
 
+aut-num:	AS18530
+descr:		Isomedia, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS18779
 descr:		EGIHosting
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS207711
+descr:		Inteldome Corporation
+remarks:	... whose location we are unable to determine precisely, but its definitely not MH :-/
+country:	EU
+
 aut-num:	AS21100
 descr:		ITL LLC
 remarks:	ISP headquatered in BG and/or UA, physically located in NL, some RIR data for announced prefixes contain inaccurate data
@@ -204,6 +219,11 @@ descr:		combahton GmbH
 remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
 country:	DE
 
+aut-num:	AS30860
+descr:		Virtual Systems LLC
+remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
+country:	UA
+
 aut-num:	AS30982
 descr:		CAFE Informatique et telecommunications (defunct)
 remarks:	spamming bogon located in TG - formerly allocated to CAFE Informatique et telecommunications
@@ -234,6 +254,11 @@ descr:		IP Interactive UG (haftungsbeschraenkt)
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS35196
+descr:		Ihor Hosting LLC
+remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS35251
 descr:		NetLab
 remarks:	tampers with RIR data, most probably located in HK
@@ -264,6 +289,11 @@ descr:		Silverstar Invest Limited
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS35913
+descr:		DediPath LLC
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS37155
 descr:		NetOne Telecomunicacoes (defunct)
 remarks:	spamming bogon located in or near Luanda, AO - formerly allocated to NetOne Telecomunicacoes
@@ -579,6 +609,11 @@ descr:		Vault Dweller OU
 remarks:	traceroutes dead-end somewhere in or near RU
 country:	RU
 
+aut-num:	AS59796
+descr:		Stormwall s.r.o
+remarks:	appears to scatter across EU at least, RIR data contain garbage, might be an A3 candidate
+country:	EU
+
 aut-num:	AS60144
 descr:		3W Infra B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -624,6 +659,11 @@ descr:		SpectraIP B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
 country:	NL
 
+aut-num:	AS62079
+descr:		Ibernap Management S.L.
+remarks:	traces back to various locations in US
+country:   	US
+
 aut-num:	AS62355
 descr:		Network Dedicated SAS
 remarks:	bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL
@@ -714,11 +754,21 @@ descr:		Optix Pakistan (Pvt.) Limited
 remarks:	ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage
 country:	PK
 
+aut-num:	AS136545
+descr:		Blue Data Center
+remarks:	IP hijacker located somewhere in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS136800
 descr:		ICIDC NETWORK
 remarks:	IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 country:	AP
 
+aut-num:	AS136933
+descr:		Gigabitbank Global / Anchnet Asia Limited (?)
+remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
+country:	AP
+
 aut-num:	AS136988
 descr:		Leaseweb Australia Pty. Ltd.
 remarks:	ISP located in AU, some RIR data for announced prefixes contain garbage
@@ -729,6 +779,11 @@ descr:		Anchnet Asia Limited
 remarks:	IP hijacker located in HK, tampers with RIR data
 country:	HK
 
+aut-num:	AS137523
+descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
+remarks:	IP hijacker located in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS137951
 descr:		Clayer Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -739,6 +794,11 @@ descr:		MOACK.Co.LTD
 remarks:	ISP located in KR, some RIR data for announced prefixes contain garbage
 country:	KR
 
+aut-num:	AS138303
+descr:		Asquare International
+remarks:	... which appears to host their stuff solely in US
+country:	US
+
 aut-num:	AS138571
 descr:		SUPERCLOUDS LIMITED
 remarks:	ISP located in HK, tampers with RIR data
@@ -759,6 +819,11 @@ descr:		SANREN DATA LIMITED
 remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
 country:	AP
 
+aut-num:	AS139646
+descr:		HONG KONG Megalayer Technology Co.,Limited
+remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
+country:	HK
+
 aut-num:	AS139659
 descr:		LUCIDACLOUD LIMITED
 remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -774,6 +839,11 @@ descr:		Galaxy Broadband
 remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
 country:	PK
 
+aut-num:	AS140227
+descr:		Hong Kong Communications International Co., Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+
 aut-num:	AS140733
 descr:		Wujidun Network Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -784,6 +854,11 @@ descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
 
+aut-num:	AS141159
+descr:		Incomparable(HK)Network Co., Limited
+remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
 remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
@@ -914,6 +989,11 @@ descr:		AAEX NETWORK TECHNOLOGY LTD
 remarks:	IP hijacker located in HK
 country:	HK
 
+aut-num:	AS207461
+descr:		Liquid IO
+remarks:	ISP located in US, but many RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS207569
 descr:		Network Management Ltd.
 remarks:	traceroutes dead-end somewhere in or near RU
@@ -1004,6 +1084,11 @@ descr:		Harry Dowd
 remarks:	ISP located in GB, but RIR data for announced prefixes contain garbage
 country:	GB
 
+aut-num:	AS212913
+descr:		FOP Hornostay Mykhaylo Ivanovych
+remarks:	ISP located in RU, but some RIR data are inaccurate (UA)
+country:	RU
+
 aut-num:	AS212477
 descr:		RoyaleHosting B.V.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1054,6 +1139,11 @@ descr:		DDOS-GUARD CORP.
 remarks:	fake offshore location (BZ), traces back to RU
 country:	RU
 
+aut-num:	AS263744
+descr:		Udasha S.A.
+remarks:	traceroutes dead-end somewhere near NYC, US
+country:	US
+
 aut-num:	AS267784
 descr:		Flyservers S.A.
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
@@ -1084,6 +1174,11 @@ descr:		Leaseweb USA, Inc.
 remarks:	ISP located in Dallas, TX, US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS395886
+descr:		KURUN CLOUD INC
+remarks:	ISP and/or IP hijacker located in US, some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS395954
 descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -1204,6 +1299,11 @@ descr:		Vodafone US Inc.
 remarks:	large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data)
 country:   	ES
 
+net:		80.240.96.0/24
+descr:		LLC RusTel
+remarks:	fake location (RU), traces back to HK
+country:   	HK
+
 net:		85.202.80.0/24
 descr:		Amarutu Technology Ltd. / KoDDoS / ESecurity
 remarks:	fake offshore location (BZ), traces back to US
@@ -1234,6 +1334,11 @@ descr:		Petersburg Internet Network Ltd.
 remarks:	RIR data for suballocations contain garbage, they are all located in RU
 country:   	RU
 
+net:		92.223.90.0/24
+descr:		G-Core Labs S.A.
+remarks:	fake location (CY), traces back to HK
+country:   	HK
+
 net:		95.181.152.0/21
 descr:		QWARTA LLC
 remarks:	fake location (US), WHOIS contact and traceroutes point to RU
-- 
2.26.2