[PATCH] overrides-{a1,other,xd}: Regular batch of various overrides

[PATCH] overrides-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 15327 bytes --]

Swiss company Securebit AG continues to think messing with country codes
is funny... :-/

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |   5 --
 overrides/override-other.txt | 140 ++++++++++++++++++++---------------
 overrides/override-xd.txt    |  74 +++++++++++++++---
 3 files changed, 144 insertions(+), 75 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 5fce4d9..7365738 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -285,11 +285,6 @@ remarks:			VPN provider located in ES
 is-anonymous-proxy:		yes
 country:			ES
 
-aut-num:			AS213224
-descr:				Blue Black Squared Limited
-remarks:			Owned by an offshore letterbox company, claims NL, but dead-ends in DE - hard to tell what is going on here
-is-anonymous-proxy:		yes
-
 aut-num:			AS394087
 descr:				Secure Internet LLC / PureVPN
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 05901f6..8b228af 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -149,11 +149,6 @@ descr:		Blue Diamond Network Co., Ltd.
 remarks:	Hiding behind fake ISP Navitgo LLC (AS59721), tampers with RIR data
 country:	NL
 
-aut-num:	AS18013
-descr:		ASLINE LIMITED
-remarks:	IP hijacker, traces back to AP region
-country:	AP
-
 aut-num:	AS18185
 name:		Northern Taiwan Community University
 remarks:	has no sane AS name set in APNIC DB
@@ -173,31 +168,16 @@ descr:		EGIHosting
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
-aut-num:	AS207711
-descr:		Inteldome Corporation
-remarks:	... whose location we are unable to determine precisely, but its definitely not MH :-/
-country:	EU
-
 aut-num:	AS21100
 descr:		ITL LLC
 remarks:	ISP headquatered in BG and/or UA, physically located in NL, some RIR data for announced prefixes contain inaccurate data
 country:	NL
 
-aut-num:	AS22769
-descr:		DDOSING NETWORK
-remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
-country:	AP
-
 aut-num:	AS23858
 descr:		xTom Pty. Ltd.
 remarks:	ISP located in AU, RIR data for announced prefixes contain garbage
 country:	AU
 
-aut-num:	AS24009
-descr:		HK UNITE TELECOMMUNICATIONS DEVELOPMENT LIMITED
-remarks:	IP hijacker (?) located in HK, tampers with RIR data
-country:	HK
-
 aut-num:	AS24700
 descr:		Yes Networks Unlimited Ltd
 remarks:	traces to UA, but some RIR entries seem to contain garbage (VG)
@@ -218,6 +198,11 @@ descr:		Unicycle, LLC
 remarks:	traces back to NL
 country:	NL
 
+aut-num:	AS26636
+descr:		GBTCloud, Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS27411
 descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -358,6 +343,11 @@ descr:		Rack Sphere Hosting S.A.
 remarks:	claims PA for some prefixes, but they are all hosted in CH
 country:	CH
 
+aut-num:	AS40021
+descr:		Contabo Inc.
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS40034
 descr:		Confluence Networks Inc.
 remarks:	fake offshore location (VG), traces back to Austin, TX, US
@@ -373,13 +363,8 @@ descr:		MLAB Open Source Community
 remarks:	traces back to DE
 country:	DE
 
-aut-num:	AS41466
-descr:		Treidinvest LLC
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-
 aut-num:	AS41564
-descr:		Packet Exchange Limited
+descr:		Orion Network Limited
 remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
 country:	SE
 
@@ -409,7 +394,7 @@ remarks:	ISP located in GB, but some RIR data for announced prefixes contain gar
 country:	GB
 
 aut-num:	AS42960
-descr:		Cloud Management LLC
+descr:		VH Global Limited
 remarks:	tampers with RIR data, traces back to AP area
 country:	AP
 
@@ -418,11 +403,6 @@ descr:		DGN TEKNOLOJI A.S.
 remarks:	ISP located in TR, but many RIR data for announced prefixes contain garbage
 country:	TR
 
-aut-num:	AS43092
-descr:		Kirin Communication Limited
-remarks:	tampers with RIR data, traces back to AP area
-country:	AP
-
 aut-num:	AS43310
 descr:		TOV "LVS"
 remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
@@ -453,11 +433,6 @@ descr:		NbIServ
 remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
 country:	DE
 
-aut-num:	AS44015
-descr:		Landgard Management Inc.
-remarks:	bulletproof ISP with strong links to RU
-country:	RU
-
 aut-num:	AS44477
 descr:		IP Oleinichenko Denis
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -468,6 +443,11 @@ descr:		Skylink Data Center BV
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
 country:	NL
 
+aut-num:	AS44901
+descr:		Belcloud LTD
+remarks:	ISP located in BG, but some RIR data for announced prefixes contain garbage
+country:	BG
+
 aut-num:	AS44992
 descr:		KeonWoo PARK
 remarks:	claims US for its prefixes announced, but traces back to KR
@@ -493,6 +473,11 @@ descr:		Spectre Operations BV
 remarks:	ISP located in NL, but some RIR data for suballocations of announced prefixes contain garbage
 country:	NL
 
+aut-num:	AS48024
+descr:		NEROCLOUD Ltd.
+remarks:	RIR data faked/incorrect, cannot trust this network
+country:	EU
+
 aut-num:	AS48158
 descr:		DigitalOne AG
 remarks:	Services appear to be hosted in RU, RIR data faked/incorrect
@@ -545,7 +530,7 @@ country:	NL
 
 aut-num:	AS50360
 descr:		Tamatiya EOOD / 4Vendeta
-remarks:	Questionable (at best) ISP located in BG, clients massively tamper with RIR data
+remarks:	Questionable ISP located in BG, clients massively tamper with RIR data
 country:	BG
 
 aut-num:	AS50673
@@ -553,6 +538,11 @@ descr:		Serverius Holding B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
 country:	NL
 
+aut-num:	AS51167
+descr:		Contabo GmbH
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS51089
 descr:		SALTYFISH TECH LTD
 remarks:	traceroutes dead-end somewhere near HK
@@ -638,11 +628,6 @@ descr:		ULTRANEX LTD
 remarks:	fake offshore location (CY), hosted in NL
 country:   	NL
 
-aut-num:	AS58271
-descr:		FOP Gubina Lubov Petrivna
-remarks:	bulletproof ISP operating from a war zone in eastern UA
-country:	UA
-
 aut-num:	AS58294
 descr:		CloudWall Ltd.
 remarks:	RIR data neither contain a postal address nor a phone number, traceroutes end in Sofia, BG
@@ -1080,14 +1065,24 @@ country:	US
 
 aut-num:	AS207569
 descr:		Network Management Ltd.
-remarks:	traceroutes dead-end somewhere in or near RU
-country:	RU
+remarks:	traceroutes dead-end somewhere in or near CZ
+country:	CZ
 
 aut-num:	AS207616
 descr:		Altrosky Technology Ltd.
 remarks:	fake offshore location (SC), traces back to CZ and NL
 country:	EU
 
+aut-num:	AS207711
+descr:		Inteldome Corporation
+remarks:	... whose location we are unable to determine precisely, but its definitely not MH :-/
+country:	EU
+
+aut-num:	AS207968
+descr:		Internetservice Hahn
+remarks:	AQ != DE, you know
+country:	DE
+
 aut-num:	AS208046
 descr:		Maximilian Kutzner trading as HostSlick
 remarks:	traces back to NL, but some RIR data for announced prefixes contain garbage
@@ -1098,11 +1093,6 @@ descr:		Access2.IT Group B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
 country:	NL
 
-aut-num:	AS208410
-descr:		Internet Hosting Ltd.
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-
 aut-num:	AS208485
 descr:		Nese Mala / Moon DC
 remarks:	shady ISP located in TR, but many RIR data for announced prefixes contain garbage
@@ -1118,11 +1108,6 @@ descr:		Miti 2000 EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 country:	BG
 
-aut-num:	AS209272
-descr:		Alviva Holding Limited
-remarks:	bulletproof ISP operating from a war zone in eastern UA
-country:	UA
-
 aut-num:	AS209366
 descr:		SEMrush CY LTD
 remarks:	claims CY for announced prefixes, but they are all hosted in NL
@@ -1148,6 +1133,11 @@ descr:		VPSSC Networks LTD
 remarks:	ISP located in UA, but RIR data for announced prefixes contain garbage
 country:	UA
 
+aut-num:	AS210654
+descr:		Des Capital B.V.
+remarks:	Shady ISP located in NL, but RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS210848
 descr:		Telkom Internet LTD
 remarks:	shady ISP currently located in NL
@@ -1203,6 +1193,11 @@ descr:		MILEGROUP LTD
 remarks:	traceroutes dead-end somewhere in Central Europe
 country:	EU
 
+aut-num:	AS212552
+descr:		BitCommand LLC
+remarks:	Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe
+country:	EU
+
 aut-num:	AS212667
 descr:		RECONN LLC
 remarks:	ISP located in RU, but RIR data for announced prefixes contain garbage
@@ -1218,11 +1213,6 @@ descr:		Serverion BV
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
 country:	NL
 
-aut-num:	AS213058
-descr:		Private Internet Hosting LTD
-remarks:	bulletproof ISP located in RU
-country:	RU
-
 aut-num:	AS213194
 descr:		Alfa Web Solutions Ltd.
 remarks:	shady ISP located in NL
@@ -1263,6 +1253,11 @@ descr:		xTom Limited
 remarks:	ISP located in ZA, RIR data for announced prefixes contain garbage
 country:	ZA
 
+aut-num:	AS328227
+descr:		Xhostserver LLC
+remarks:	ISP located in ZA, many RIR data for announced prefixes contain garbage
+country:	ZA
+
 aut-num:	AS328543
 descr:		Sun Network Company Limited
 remarks:	IP hijacker, traces back to AP region
@@ -1398,6 +1393,11 @@ descr:		IPv4 Superhub Limited
 remarks:	network owned by an HK company, traces back to HK as well - but is assigned to DE. Nice try...
 country:	HK
 
+net:		45.129.136.0/24
+descr:		Flyservers S.A.
+remarks:	fake offshore location (PA), traces back to NL
+country:   	NL
+
 net:		45.134.12.0/24
 descr:		MS Network LTD
 remarks:	fake offshore location (SC), traces back to NL
@@ -1493,6 +1493,21 @@ descr:		PSINet, Inc. (PSI) / Cogent Communications
 remarks:	Cogent IP range used in Europe, according to ARIN whois ("COGENT-EUROPEAN-OPERATIONS-001")
 country:   	EU
 
+net:		141.98.82.0/24
+descr:		Flyservers S.A.
+remarks:	fake offshore location (PA), traces back to RO
+country:   	RO
+
+net:		141.98.83.0/24
+descr:		Flyservers S.A.
+remarks:	fake offshore location (PA), traces back to RO
+country:   	RO
+
+net:		146.19.102.0/24
+descr:		Norbert Miczuga
+remarks:	... who thinks messing with country codes is funny :-/
+country:   	CH
+
 net:		149.22.96.0/19
 descr:		Manx Telecom Limited
 remarks:	Suballocation of Cogent, country code missing due to ARIN DB situation (https://community.ipfire.org/t/location-database-update-error-country-code/6451/)
@@ -1608,6 +1623,11 @@ descr:		Openfactory GmbH
 remarks:	... who thinks assigning networks to AQ is funny :-/
 country:   	EU
 
+net:		2a10:ccc0::/29
+descr:		Securebit AG
+remarks:	... who thinks assigning networks to AQ is funny :-/
+country:	CH
+
 net:		2402:e940:f00::/48
 descr:		Wind Cloud Network Technology Co Ltd.
 remarks:	appears to be used out of Tokyo, JP
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 29057d9..b669621 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -26,11 +26,41 @@
 # Please keep this file sorted.
 #
 
+aut-num:	AS18013
+descr:		ASLINE LIMITED
+remarks:	IP hijacker, traces back to AP region
+country:	AP
+drop:		yes
+
+aut-num:	AS22769
+descr:		DDOSING NETWORK
+remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
+country:	AP
+drop:		yes
+
+aut-num:	AS24009
+descr:		LANLIAN INTERNATIONAL HOLDING GROUP LIMITED
+remarks:	IP hijacker located in HK, tampers with RIR data
+country:	HK
+drop:		yes
+
 aut-num:	AS39770
 descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS43092
+descr:		Kirin Communication Limited
+remarks:	Hijacks IP space and tampers with RIR data, traces back to JP
+country:	JP
+drop:		yes
+
+aut-num:	AS44015
+descr:		Landgard Management Inc.
+remarks:	bulletproof ISP with strong links to RU
+country:	RU
+drop:		yes
+
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
@@ -72,6 +102,18 @@ remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS58271
+descr:		FOP Gubina Lubov Petrivna
+remarks:	bulletproof ISP operating from a war zone in eastern UA
+country:	UA
+drop:		yes
+
+aut-num:	AS58810
+descr:		iZus Co., Ltd
+remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity
+country:	AP
+drop:		yes
+
 aut-num:	AS60424
 descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
@@ -83,12 +125,6 @@ remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
 country:	NL
 drop:		yes
 
-aut-num:	AS62355
-descr:		Network Dedicated SAS
-remarks:	bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL
-country:	NL
-drop:		yes
-
 aut-num:	AS64425
 descr:		SKB Enterprise B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
@@ -113,16 +149,28 @@ remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace
 country:	NL
 drop:		yes
 
+aut-num:	AS204655
+descr:		Novogara Ltd.
+remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS207812
 descr:		DM AUTO EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
 country:	BG
 drop:		yes
 
-aut-num:	AS204655
-descr:		Novogara Ltd.
-remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
-country:	NL
+aut-num:	AS209272
+descr:		Alviva Holding Limited
+remarks:	bulletproof ISP operating from a war zone in eastern UA
+country:	UA
+drop:		yes
+
+aut-num:	AS213058
+descr:		Private Internet Hosting LTD
+remarks:	bulletproof ISP located in RU
+country:	RU
 drop:		yes
 
 aut-num:	AS328671
@@ -131,7 +179,13 @@ remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 drop:		yes
 
+net:		2a0e:b107:d10::/44
+descr:		NZB.si Enterprises
+remarks:	Tampers with RIR data, not a safe place to route traffic to
+drop:		yes
+
 net:		2a10:9700::/29
 descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+country:	RU
 drop:		yes
-- 
2.26.2

[PATCH] overrides-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 16198 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  26 +++-----
 overrides/override-other.txt | 125 +++++++++++++++++------------------
 overrides/override-xd.txt    |  96 +++++++++++++++++++++++++--
 3 files changed, 163 insertions(+), 84 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 7365738..5b620fe 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -34,11 +34,6 @@ descr:				Maginfo
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS13487
-descr:				ULTRA PACKET LLC
-remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
-is-anonymous-proxy:		yes
-
 aut-num:			AS16255
 descr:				IRIDIUM PROVIDER LTD
 remarks:			VPN provider [high confidence, but not proofed] located in RU
@@ -300,21 +295,11 @@ descr:				Castle VPN
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS397539
-descr:				LAKSH CYBERSECURITY AND DEFENSE LLC
-remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
-is-anonymous-proxy:		yes
-
 aut-num:			AS397685
 descr:				Business VPN LLC
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS397770
-descr:				LAKSH CYBERSECURITY AND DEFENSE LLC
-remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
-is-anonymous-proxy:		yes
-
 aut-num:			AS397881
 descr:				Stingers, Inc.
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
@@ -341,6 +326,12 @@ descr:				Tunbroker LLC
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:		yes
 
+aut-num:			AS399587
+descr:				UT
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:		yes
+country:			US
+
 aut-num:			AS399928
 descr:				STELLAR PROXIES
 remarks:			VPN or open proxy provider
@@ -1174,6 +1165,11 @@ descr:				IPNET-VPNS
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 
+net:				166.137.0.0/16
+descr:				Service Provider Corporation
+remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
+is-anonymous-proxy:		yes
+
 net:				169.239.152.0/22
 descr:				AfriVPN Ltd
 remarks:			VPN provider, traces back to ZA
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 8b228af..56bb12e 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -82,7 +82,7 @@ remarks:	has no sane AS name set in APNIC DB
 
 aut-num:	AS4842
 descr:		Tianhai InfoTech
-remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
+remarks:	IP hijacker located somewhere in AP, tampers with RIR data
 country:	AP
 
 aut-num:	AS5408
@@ -146,18 +146,18 @@ country:	US
 
 aut-num:	AS15828
 descr:		Blue Diamond Network Co., Ltd.
-remarks:	Hiding behind fake ISP Navitgo LLC (AS59721), tampers with RIR data
-country:	NL
+remarks:	Shady ISP located somewhere in AP
+country:	AP
+
+aut-num:	AS16262
+descr:		Datacheap Ltd.
+remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
+country:	RU
 
 aut-num:	AS18185
 name:		Northern Taiwan Community University
 remarks:	has no sane AS name set in APNIC DB
 
-aut-num:	AS18254
-descr:		KLAYER LLC
-remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
-country:	AP
-
 aut-num:	AS18530
 descr:		Isomedia, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -178,6 +178,11 @@ descr:		xTom Pty. Ltd.
 remarks:	ISP located in AU, RIR data for announced prefixes contain garbage
 country:	AU
 
+aut-num:	AS24413
+descr:		Sunrise
+remarks:	ISP located in somewhere in AP
+country:	AP
+
 aut-num:	AS24700
 descr:		Yes Networks Unlimited Ltd
 remarks:	traces to UA, but some RIR entries seem to contain garbage (VG)
@@ -258,6 +263,16 @@ descr:		Petersburg Internet Network Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS34806
+descr:		ASLINE LIMITED
+remarks:	... located in HK
+country:	HK
+
+aut-num:	AS34985
+descr:		Kirin Communication Limited
+remarks:	ISP located in JP, but some RIR data for announced prefixes contain garbage
+country:	JP
+
 aut-num:	AS35042
 descr:		IP Interactive UG (haftungsbeschraenkt)
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
@@ -568,6 +583,11 @@ descr:		PEG TECH INC
 remarks:	ISP and/or IP hijacker located in US this time, tampers with RIR data
 country:	US
 
+aut-num:	AS55330
+descr:		AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK
+remarks:	For some reason, some "Airbus Defence and Space AS" prefixes are announced by this one...
+country:	AF
+
 aut-num:	AS55836
 descr:		Reliance Jio Infocomm Limited
 remarks:	ISP located in IN, but some RIR data for announced prefixes contain garbage
@@ -703,6 +723,11 @@ descr:		4b42 UG (haftungsbeschränkt)
 remarks:	... who thinks messing with countries is funny :-/
 country:   	LI
 
+aut-num:	AS61635
+descr:		GOPLEX TELECOMUNICACOES E INTERNET LTDA - ME
+remarks:	... traces back to NL
+country:   	NL
+
 aut-num:	AS61977
 descr:		Vivo Trade L.P.
 remarks:	another shady customer of "DDoS Guard Ltd."
@@ -738,11 +763,6 @@ descr:		SWISS GLOBAL SERVICES S.A.S.
 remarks:	... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them
 country:	CH
 
-aut-num:	AS64437
-descr:		NForce Entertainment BV
-remarks:	currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
-country:	NL
-
 aut-num:	AS131685
 descr:		Sun Network (Hong Kong) Limited
 remarks:	ISP and/or IP hijacker located somewhere in AP
@@ -760,8 +780,8 @@ country:	HK
 
 aut-num:	AS133201
 descr:		ABCDE GROUP COMPANY LIMITED
-remarks:	ISP and/or IP hijacker located somewhere in AP
-country:	AP
+remarks:	ISP and/or IP hijacker located in HK
+country:	HK
 
 aut-num:	AS133441
 descr:		CloudITIDC Global
@@ -779,8 +799,8 @@ remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "
 country:	AP
 
 aut-num:	AS134196
-descr:		ULan Network Limited
-remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+descr:		Cloudie Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region (HK? CN?)
 country:	AP
 
 aut-num:	AS134351
@@ -808,16 +828,6 @@ descr:		Optix Pakistan (Pvt.) Limited
 remarks:	ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage
 country:	PK
 
-aut-num:	AS136545
-descr:		Blue Data Center
-remarks:	IP hijacker located somewhere in AP area, tampers with RIR data
-country:	AP
-
-aut-num:	AS136800
-descr:		ICIDC NETWORK
-remarks:	IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
-country:	AP
-
 aut-num:	AS136933
 descr:		Gigabitbank Global / Anchnet Asia Limited (?)
 remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
@@ -835,13 +845,8 @@ country:	HK
 
 aut-num:	AS137523
 descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
-remarks:	IP hijacker located in AP area, tampers with RIR data
-country:	AP
-
-aut-num:	AS137951
-descr:		Clayer Limited
-remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
-country:	AP
+remarks:	ISP and IP hijacker located in HK, tampers with RIR data
+country:	HK
 
 aut-num:	AS138195
 descr:		MOACK.Co.LTD
@@ -923,11 +928,6 @@ descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
 
-aut-num:	AS141159
-descr:		Incomparable(HK)Network Co., Limited
-remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
-country:	AP
-
 aut-num:	AS141746
 descr:		Orenji Server
 remarks:	IP hijacker located somewhere in AP area (JP?)
@@ -1153,11 +1153,6 @@ descr:		JMT Paso Limited
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
 country:	NL
 
-aut-num:	AS211849
-descr:		Kakharov Orinbassar Maratuly
-remarks:	ISP and/or IP hijacker located in RU, but RIR data for announced prefixes contain garbage
-country:	RU
-
 aut-num:	AS211992
 descr:		WFD SERVICE LTD
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1238,6 +1233,11 @@ descr:		Udasha S.A.
 remarks:	traceroutes dead-end somewhere near NYC, US
 country:	US
 
+aut-num:	AS264097
+descr:		WIID Telecomunicai¿½i¿½es do Brasil
+remarks:	... traces back to NL
+country:	NL
+
 aut-num:	AS267784
 descr:		Flyservers S.A.
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
@@ -1258,11 +1258,6 @@ descr:		Xhostserver LLC
 remarks:	ISP located in ZA, many RIR data for announced prefixes contain garbage
 country:	ZA
 
-aut-num:	AS328543
-descr:		Sun Network Company Limited
-remarks:	IP hijacker, traces back to AP region
-country:	AP
-
 aut-num:	AS328608
 descr:		Africa on Cloud
 remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
@@ -1293,16 +1288,16 @@ descr:		Leaseweb USA, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS397423
+descr:		Tier.Net Technologies LLC
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS398343
 descr:		Baxet Group Inc.
 remarks:	traceroutes dead-end near Moscow, RU
 country:	RU
 
-aut-num:	AS398478
-descr:		PEG TECH INC
-remarks:	ISP located in HK, tampers with RIR data
-country:	HK
-
 aut-num:	AS398823
 descr:		PEG TECH INC
 remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -1320,7 +1315,7 @@ country:	HK
 
 aut-num:	AS399471
 descr:		Serverion LLC
-remarks:	ISP located in NL, RIR data contain garbage
+remarks:	ISP located in NL, some RIR data contain garbage
 country:	NL
 
 aut-num:	AS399077
@@ -1418,26 +1413,21 @@ descr:		US AFG 20200130
 remarks:	claims to be located in US, but traces back to SK
 country:   	SK
 
+net:		45.155.121.0/24
+descr:		Itace International Limited
+remarks:	claims to be located in HK, but traces back to RO
+country:   	RO
+
 net:		47.60.0.0/14
 descr:		Vodafone US Inc.
 remarks:	large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data)
 country:   	ES
 
-net:		80.240.96.0/24
-descr:		LLC RusTel
-remarks:	fake location (RU), traces back to HK
-country:   	HK
-
 net:		85.202.80.0/24
 descr:		Amarutu Technology Ltd. / KoDDoS / ESecurity
 remarks:	fake offshore location (BZ), traces back to US
 country:   	US
 
-net:		88.151.117.0/24
-descr:		Golden Internet LLC
-remarks:	fake location (KP), WHOIS contact points to RU
-country:   	RU
-
 net:		91.90.120.0/24
 descr:		M247 LTD, Greenland Infrastructure
 remarks:	... traces back to CA
@@ -1588,6 +1578,11 @@ descr:		NetConn Services Ltd
 remarks:	APNIC chunk owned by a HK-based company, routed to AP region, but assigned to SC
 country:	AP
 
+net:		193.176.24.0/22
+descr:		REACOM GmbH
+remarks:	The entire network is used out of RU
+country:	RU
+
 net:		193.186.196.0/22
 descr:		QUIKA LTD
 remarks:	claims to be located in DE, traces back to GB
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index b669621..76ceab3 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -26,16 +26,34 @@
 # Please keep this file sorted.
 #
 
+aut-num:	AS18254
+descr:		KLAYER LLC
+remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
+country:	AP
+drop:		yes
+
 aut-num:	AS18013
 descr:		ASLINE LIMITED
-remarks:	IP hijacker, traces back to AP region
-country:	AP
+remarks:	IP hijacker, traces back to HK
+country:	HK
+drop:		yes
+
+aut-num:	AS211849
+descr:		Kakharov Orinbassar Maratuly
+remarks:	ISP and IP hijacker located in RU, many RIR data for announced prefixes contain garbage
+country:	RU
+drop:		yes
+
+aut-num:	AS24009
+descr:		LANLIAN INTERNATIONAL HOLDING GROUP LIMITED
+remarks:	IP hijacker and bulletproof ISP, possibly located near Los Angeles, US
+country:	US
 drop:		yes
 
 aut-num:	AS22769
 descr:		DDOSING NETWORK
-remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
-country:	AP
+remarks:	IP hijacker located in US, massively tampers with RIR data
+country:	US
 drop:		yes
 
 aut-num:	AS24009
@@ -119,6 +137,11 @@ descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS61414
+descr:		EDGENAP LTD
+remarks:	IP hijacking? Rogue ISP?
+drop:		yes
+
 aut-num:	AS62068
 descr:		SpectraIP B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
@@ -131,6 +154,41 @@ remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS136545
+descr:		Blue Data Center
+remarks:	IP hijacker located somewhere in AP area, tampers with RIR data
+country:	AP
+drop:		yes
+
+aut-num:	AS136800
+descr:		ICIDC NETWORK
+remarks:	IP hijacker located in HK, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
+country:	HK
+drop:		yes
+
+aut-num:	AS137951
+descr:		Clayer Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
+country:	HK
+drop:		yes
+
+aut-num:	AS138648
+descr:		ASLINE Global Exchange
+remarks:	IP hijacker located somewhere in AP area
+country:	AP
+drop:		yes
+
+aut-num:	AS140107
+descr:		CITIS CLOUD GROUP LIMITED
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
+drop:		yes
+
+aut-num:	AS141159
+descr:		Incomparable(HK)Network Co., Limited
+remarks:	ISP and IP hijacker located in HK, tampers with RIR data
+country:	HK
+drop:		yes
+
 aut-num:	AS200391
 descr:		KREZ 999 EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
@@ -149,6 +207,12 @@ remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace
 country:	NL
 drop:		yes
 
+aut-num:	AS204428
+descr:		SS-Net
+remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country:	BG
+drop:		yes
+
 aut-num:	AS204655
 descr:		Novogara Ltd.
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
@@ -167,18 +231,42 @@ remarks:	bulletproof ISP operating from a war zone in eastern UA
 country:	UA
 drop:		yes
 
+aut-num:	AS211193
+descr:		ABDILAZIZ UULU ZHUSUP
+remarks:	bulletproof ISP and IP hijacker, traces to RU
+country:	RU
+drop:		yes
+
 aut-num:	AS213058
 descr:		Private Internet Hosting LTD
 remarks:	bulletproof ISP located in RU
 country:	RU
 drop:		yes
 
+aut-num:	AS328543
+descr:		Sun Network Company Limited
+remarks:	IP hijacker, traces back to AP region
+country:	AP
+drop:		yes
+
 aut-num:	AS328671
 descr:		Datapacket Maroc SARL
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS398478
+descr:		PEG TECH INC
+remarks:	ISP located in HK, tampers with RIR data
+country:	HK
+drop:		yes
+
+net:		196.11.32.0/20
+descr:		Sanlam Life Insurance Limited
+remarks:	Stolen AfriNIC IPv4 space announced from NL
+country:	NL
+drop:		yes
+
 net:		2a0e:b107:d10::/44
 descr:		NZB.si Enterprises
 remarks:	Tampers with RIR data, not a safe place to route traffic to
-- 
2.26.2