From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: location@lists.ipfire.org Subject: Re: [PATCH] override-{a1,other,xd}: Regular batch of various overrides Date: Fri, 10 Dec 2021 09:00:19 +0000 Message-ID: In-Reply-To: <87e75b89-d6b2-3fcc-4181-dd760347348c@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0564401729437034906==" List-Id: --===============0564401729437034906== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you. Merged. All those networks that were removed, did they just cease to exist? -Michael > On 10 Dec 2021, at 07:07, Peter M=C3=BCller wr= ote: >=20 > Signed-off-by: Peter M=C3=BCller > --- > overrides/override-a1.txt | 48 ---------------- > overrides/override-other.txt | 104 ++++++++++++++++++++++------------- > overrides/override-xd.txt | 50 +++++++++++++++++ > 3 files changed, 117 insertions(+), 85 deletions(-) >=20 > diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt > index 5734c08..5fce4d9 100644 > --- a/overrides/override-a1.txt > +++ b/overrides/override-a1.txt > @@ -82,11 +82,6 @@ descr: Asiamax Ltd. VPN > remarks: VPN provider > is-anonymous-proxy: yes >=20 > -aut-num: AS39770 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > - > aut-num: AS43233 > descr: VPS 404 Ltd. > remarks: VPN provider [high confidence, but not proofed] located in ES > @@ -114,12 +109,6 @@ descr: BeeVPN ApS > remarks: VPN provider > is-anonymous-proxy: yes >=20 > -aut-num: AS51381 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > -country: RU > - > aut-num: AS51446 > descr: SP Argaev Artem Sergeyevich / Foundation Respect My Privacy > remarks: VPN provider [high confidence, but not proofed] > @@ -142,17 +131,6 @@ remarks: Tor relay and VPN provider, traces back to = SE [high confidence, but n > is-anonymous-proxy: yes > country: SE >=20 > -aut-num: AS55303 > -descr: Eagle Sky Co., Lt[d ?] > -remarks: Autonomous System registered to offshore company, abuse contact= is a freemail address, address says "0 Market Square, P.O. Box 364, Belize",= seems to trace to some location in AP vicinity > -is-anonymous-proxy: yes > -country: AP > - > -aut-num: AS56873 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > - > aut-num: AS58110 > descr: IP Volume Ltd. / Epik > remarks: Shady Autonomous System registered to letterbox company, possibl= y copycat operation of Epik registrar, many prefixes announced refer to "anon= ymize" infrastructure > @@ -168,11 +146,6 @@ descr: Geotelco Limited > remarks: VPN provider [high confidence, but not proofed] > is-anonymous-proxy: yes >=20 > -aut-num: AS60424 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > - > aut-num: AS60729 > descr: Zwiebelfreunde e.V. > remarks: Tor relay provider > @@ -214,12 +187,6 @@ descr: HERN Labs AB > remarks: VPN provider [high confidence, but not proofed] > is-anonymous-proxy: yes >=20 > -aut-num: AS206819 > -descr: ANSON NETWORK LIMITED > -remarks: Autonomous System registered to UK letterbox company, traces ba= ck through shady ISPs to TW > -is-anonymous-proxy: yes > -country: TW > - > aut-num: AS207688 > descr: DataHome S.A. > remarks: VPN provider located in BR [high confidence, but not proofed] > @@ -1430,11 +1397,6 @@ descr: Tredinvest LLC / bestwest[.]host > remarks: VPN provider or offering similar services [high confidence, but = not proofed] > is-anonymous-proxy: yes >=20 > -net: 185.215.113.0/24 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > - > net: 185.220.100.0/22 > descr: Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute > remarks: Tor relay provider > @@ -1692,11 +1654,6 @@ descr: LogicWeb Inc. / BGRVPN / Private Internet = Access / VPNetworks / Cookie > remarks: Hijacked AfriNIC IP chunk mostly used by VPN providers > is-anonymous-proxy: yes >=20 > -net: 196.61.192.0/20 > -descr: Inspiring Networks LTD > -remarks: hijacked (?) IP network owned by an offshore company [high conf= idence, but not proofed] > -is-anonymous-proxy: yes > - > net: 197.221.161.0/24 > descr: VPNClientPublics > remarks: VPN provider > @@ -2031,8 +1988,3 @@ net: 2c0f:f930::/32 > descr: Cyberdyne S.A. > remarks: Tor relay provider > is-anonymous-proxy: yes > - > -net: 2a10:9700::/29 > -descr: 1337TEAM LIMITED / eliteteam[.]to > -remarks: Owned by an offshore letterbox company, suspected rogue ISP > -is-anonymous-proxy: yes > diff --git a/overrides/override-other.txt b/overrides/override-other.txt > index 7d76534..ca9dbad 100644 > --- a/overrides/override-other.txt > +++ b/overrides/override-other.txt > @@ -85,6 +85,11 @@ descr: Tianhai InfoTech > remarks: IP hijacker located somewhere in AP, massively tampers with RIR da= ta > country: AP >=20 > +aut-num: AS5408 > +descr: Greek Research and Technology Network (GRNET) S.A. > +remarks: ... located in GR > +country: GR > + > aut-num: AS6134 > descr: XNNET LLC > remarks: traces back to an unknown oversea location (HK?), seems to tamper = with RIR data > @@ -363,6 +368,11 @@ descr: CNSERVERS LLC > remarks: Shady ISP located in US, tampers with RIR data > country: US >=20 > +aut-num: AS41047 > +descr: MLAB Open Source Community > +remarks: traces back to DE > +country: DE > + > aut-num: AS41466 > descr: Treidinvest LLC > remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in B= G, tampers with RIR data > @@ -408,6 +418,11 @@ descr: DGN TEKNOLOJI A.S. > remarks: ISP located in TR, but many RIR data for announced prefixes contai= n garbage > country: TR >=20 > +aut-num: AS43092 > +descr: Kirin Communication Limited > +remarks: tampers with RIR data, traces back to AP area > +country: AP > + > aut-num: AS43310 > descr: TOV "LVS" > remarks: ISP located in UA, but some RIR data for announced prefixes contai= n garbage > @@ -498,11 +513,6 @@ descr: LLC Baxet > remarks: tampers with RIR data, traces back to RU > country: RU >=20 > -aut-num: AS49447 > -descr: Nice IT Services Group Inc. > -remarks: Rogue ISP located in CH, but some RIR data for announced prefixes= contain garbage > -country: CH > - > aut-num: AS49466 > descr: KLAYER LLC > remarks: part of the "Asline" IP hijacking gang, traces back to AP region > @@ -748,6 +758,11 @@ descr: NForce Entertainment BV > remarks: currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in = NL > country: NL >=20 > +aut-num: AS131685 > +descr: Sun Network (Hong Kong) Limited > +remarks: ISP and/or IP hijacker located somewhere in AP > +country: AP > + > aut-num: AS132369 > descr: XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED > remarks: ISP located in HK, tampers with RIR data > @@ -758,9 +773,14 @@ descr: POWER LINE DATACENTER > remarks: ISP and/or IP hijacker located in HK, tampers with RIR data > country: HK >=20 > +aut-num: AS133201 > +descr: ABCDE GROUP COMPANY LIMITED > +remarks: ISP and/or IP hijacker located somewhere in AP > +country: AP > + > aut-num: AS133441 > descr: CloudITIDC Global > -remarks: ISP and/or IP hijacker located somehwere in AP > +remarks: ISP and/or IP hijacker located somewhere in AP > country: AP >=20 > aut-num: AS133752 > @@ -810,7 +830,7 @@ country: AP >=20 > aut-num: AS136800 > descr: ICIDC NETWORK > -remarks: IP hijacker located somehwere in AP, suspected to be part of the = "Asline" IP hijacking gang, tampers with RIR data > +remarks: IP hijacker located somewhere in AP, suspected to be part of the = "Asline" IP hijacking gang, tampers with RIR data > country: AP >=20 > aut-num: AS136933 > @@ -923,6 +943,11 @@ descr: Incomparable(HK)Network Co., Limited > remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data > country: AP >=20 > +aut-num: AS141746 > +descr: Orenji Server > +remarks: IP hijacker located somewhere in AP area (JP?) > +country: AP > + > aut-num: AS196682 > descr: FLP Kochenov Aleksej Vladislavovich > remarks: ISP located in UA, but RIR data for announced prefixes all say EU > @@ -933,11 +958,6 @@ descr: ALEXHOST SRL > remarks: ISP located in MD, majority of RIR data for announced prefixes con= tain garbage, we cannot trust this network > country: MD >=20 > -aut-num: AS200391 > -descr: KREZ 999 EOOD > -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in = BG, tampers with RIR data > -country: BG > - > aut-num: AS200699 > descr: Datashield, Inc. > remarks: fake offshore location (SC), traces back to NL > @@ -1028,6 +1048,11 @@ descr: Genius Guard / Genius Security Ltd. > remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU > country: RU >=20 > +aut-num: AS206819 > +descr: ANSON NETWORK LIMITED > +remarks: Autonomous System registered to UK letterbox company, traces back= through shady ISPs to TW > +country: TW > + > aut-num: AS206898 > descr: Server Hosting Pty Ltd > remarks: ISP located in NL, but some RIR data for announced prefixes contai= n garbage > @@ -1063,11 +1088,6 @@ descr: Altrosky Technology Ltd. > remarks: fake offshore location (SC), traces back to CZ and NL > country: EU >=20 > -aut-num: AS207812 > -descr: DM AUTO EOOD > -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in = BG, tampers with RIR data > -country: BG > - > aut-num: AS208046 > descr: Maximilian Kutzner trading as HostSlick > remarks: traces back to NL, but some RIR data for announced prefixes contai= n garbage > @@ -1248,6 +1268,11 @@ descr: Sun Network Company Limited > remarks: IP hijacker, traces back to AP region > country: AP >=20 > +aut-num: AS328608 > +descr: Africa on Cloud > +remarks: ... for some reason, I doubt a _real_ African ISP would announce = solely hijacked prefixes > +country: AP > + > aut-num: AS328703 > descr: Seven Network Inc. > remarks: traces back to ZA > @@ -1313,25 +1338,25 @@ descr: Wolverine Trading, LLC > remarks: IP hijacker located in US, tampers with RIR data > country: US >=20 > -net: 5.1.68.0/24 > -descr: GaiacomLC > -remarks: routed to DE, inaccurate RIR data > -country: DE > +net: 5.1.68.0/24 > +descr: GaiacomLC > +remarks: routed to DE, inaccurate RIR data > +country: DE >=20 > -net: 5.1.69.0/24 > -descr: GaiacomLC > -remarks: routed to DE, inaccurate RIR data > -country: DE > +net: 5.1.69.0/24 > +descr: GaiacomLC > +remarks: routed to DE, inaccurate RIR data > +country: DE >=20 > -net: 5.1.83.0/24 > -descr: GaiacomLC > -remarks: routed to DE, inaccurate RIR data > -country: DE > +net: 5.1.83.0/24 > +descr: GaiacomLC > +remarks: routed to DE, inaccurate RIR data > +country: DE >=20 > -net: 5.1.88.0/24 > -descr: GaiacomLC > -remarks: routed to DE, inaccurate RIR data > -country: DE > +net: 5.1.88.0/24 > +descr: GaiacomLC > +remarks: routed to DE, inaccurate RIR data > +country: DE >=20 > net: 5.252.32.0/22 > descr: StormWall s.r.o. > @@ -1413,6 +1438,11 @@ descr: Golden Internet LLC > remarks: fake location (KP), WHOIS contact points to RU > country: RU >=20 > +net: 91.90.120.0/24 > +descr: M247 LTD, Greenland Infrastructure > +remarks: ... traces back to CA > +country: CA > + > net: 91.149.194.0/24 > descr: IP Volume Ltd. / Epik > remarks: fake location (CH), traces back to SE > @@ -1488,10 +1518,10 @@ descr: Intelcom Group Ltd > remarks: fake offshore location (SC), traces back to RU > country: RU >=20 > -net: 185.140.204.0/22 > -descr: Hornetsecurity GmbH > -remarks: all suballocations are used in DE, but are assigned to US > -country: DE > +net: 185.140.204.0/22 > +descr: Hornetsecurity GmbH > +remarks: all suballocations are used in DE, but are assigned to US > +country: DE >=20 > net: 185.175.93.0/24 > descr: Perfect Hosting Solutions > diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt > index 7df6188..29057d9 100644 > --- a/overrides/override-xd.txt > +++ b/overrides/override-xd.txt > @@ -26,24 +26,57 @@ > # Please keep this file sorted. > # >=20 > +aut-num: AS39770 > +descr: 1337TEAM LIMITED / eliteteam[.]to > +remarks: Owned by an offshore letterbox company, suspected rogue ISP > +drop: yes > + > aut-num: AS48090 > descr: PPTECHNOLOGY LIMITED > remarks: bulletproof ISP (related to AS204655) located in NL > country: NL > drop: yes >=20 > +aut-num: AS49447 > +descr: Nice IT Services Group Inc. > +remarks: Rogue ISP located in CH, but some RIR data for announced prefixes= contain garbage > +country: CH > +drop: yes > + > +aut-num: AS51381 > +descr: 1337TEAM LIMITED / eliteteam[.]to > +remarks: Owned by an offshore letterbox company, suspected rogue ISP > +country: RU > +drop: yes > + > +aut-num: AS55303 > +descr: Eagle Sky Co., Lt[d ?] > +remarks: Autonomous System registered to offshore company, abuse contact i= s a freemail address, address says "0 Market Square, P.O. Box 364, Belize", s= eems to trace to some location in AP vicinity > +country: AP > +drop: yes > + > aut-num: AS56611 > descr: REBA Communications BV > remarks: bulletproof ISP (related to AS202425) located in NL > country: NL > drop: yes >=20 > +aut-num: AS56873 > +descr: 1337TEAM LIMITED / eliteteam[.]to > +remarks: Owned by an offshore letterbox company, suspected rogue ISP > +drop: yes > + > aut-num: AS57717 > descr: FiberXpress BV > remarks: bulletproof ISP (related to AS202425) located in NL > country: NL > drop: yes >=20 > +aut-num: AS60424 > +descr: 1337TEAM LIMITED / eliteteam[.]to > +remarks: Owned by an offshore letterbox company, suspected rogue ISP > +drop: yes > + > aut-num: AS62068 > descr: SpectraIP B.V. > remarks: bulletproof ISP (linked to AS202425 et al.) located in NL > @@ -62,6 +95,12 @@ remarks: bulletproof ISP (linked to AS202425 et al.) loc= ated in NL > country: NL > drop: yes >=20 > +aut-num: AS200391 > +descr: KREZ 999 EOOD > +remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in = BG, tampers with RIR data > +country: BG > +drop: yes > + > aut-num: AS202425 > descr: IP Volume Inc. > remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.)= located in NL > @@ -74,6 +113,12 @@ remarks: bulletproof ISP and IP hijacker, related to AS= 202425 and AS62355, trace > country: NL > drop: yes >=20 > +aut-num: AS207812 > +descr: DM AUTO EOOD > +remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in = BG, tampers with RIR data > +country: BG > +drop: yes > + > aut-num: AS204655 > descr: Novogara Ltd. > remarks: bulletproof ISP (strongly linked to AS202425) located in NL > @@ -85,3 +130,8 @@ descr: Datapacket Maroc SARL > remarks: bulletproof ISP (strongly linked to AS202425) located in NL > country: NL > drop: yes > + > +net: 2a10:9700::/29 > +descr: 1337TEAM LIMITED / eliteteam[.]to > +remarks: Owned by an offshore letterbox company, suspected rogue ISP > +drop: yes > --=20 > 2.26.2 --===============0564401729437034906==--