[PATCH] override-{a1,other,xd}: Regular batch of various overrides

[PATCH] override-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 12866 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  5 ++
 overrides/override-other.txt | 92 ++++++++++++++++++------------------
 overrides/override-xd.txt    | 66 +++++++++++++++++++++++---
 3 files changed, 111 insertions(+), 52 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 43e0174..a97e7ce 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -639,6 +639,11 @@ descr:				Gabor Marton
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:		yes
 
+net:				45.203.128.0/18
+descr:				ProxyWow LLC
+remarks:			CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways
+is-anonymous-proxy:		yes
+
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 89ad8e0..c33e642 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -63,6 +63,11 @@ aut-num:	AS4134
 name:		Chinanet Backbone
 remarks:	has no sane AS name set in APNIC DB
 
+aut-num:	AS4609
+descr:		Companhia de Telecomunicacones de Macau SARL
+remarks:	ISP located in MO, but some RIR data needs manual correction due to ARIN DB situation
+country:	MO
+
 aut-num:	AS4754
 name:		Software Technology Park of India
 remarks:	has no sane AS name set in APNIC DB
@@ -90,6 +95,11 @@ descr:		Greek Research and Technology Network (GRNET) S.A.
 remarks:	... located in GR
 country:	GR
 
+aut-num:	AS6079
+descr:		RCN
+remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS6134
 descr:		XNNET LLC
 remarks:	traces back to HK, seems to tamper with RIR data
@@ -208,6 +218,11 @@ descr:		Unicycle, LLC
 remarks:	traces back to NL
 country:	NL
 
+aut-num:	AS26548
+descr:		PureVoltage Hosting Inc.
+remarks:	ISP and IP hijacker located in US, but some RIR data for announced prefixes contain garbage
+country:	US
+
 aut-num:	AS26636
 descr:		GBTCloud, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -263,6 +278,11 @@ descr:		Neterra Ltd.
 remarks:	ISP located in BG, but some RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS34549
+descr:		meerfarbig GmbH & Co. KG
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS34665
 descr:		Petersburg Internet Network Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -388,10 +408,10 @@ descr:		MLAB Open Source Community
 remarks:	traces back to DE
 country:	DE
 
-aut-num:	AS41564
-descr:		Orion Network Limited
-remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
-country:	SE
+aut-num:	AS41378
+descr:		Kirino LLC
+remarks:	traces back to AP vincinity, tampers with RIR data
+country:	AP
 
 aut-num:	AS41608
 descr:		NextGenWebs, S.L.
@@ -603,11 +623,6 @@ descr:		Reliance Jio Infocomm Limited
 remarks:	ISP located in IN, but some RIR data for announced prefixes contain garbage
 country:	IN
 
-aut-num:	AS55933
-descr:		Cloudie Limited
-remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
-country:	AP
-
 aut-num:	AS56322
 descr:		ServerAstra Kft.
 remarks:	ISP located in HU, but some RIR data for announced prefixes contain garbage
@@ -633,16 +648,6 @@ descr:		Telefonica LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
-aut-num:	AS57858
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
-aut-num:	AS57972
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
 aut-num:	AS58061
 descr:		Scalaxy B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -665,8 +670,8 @@ country:	BG
 
 aut-num:	AS58349
 descr:		INNETRA PC
-remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
-country:	EU
+remarks:	... traceroutes dead-end in NL
+country:	NL
 
 aut-num:	AS58879
 descr:		Shanghai Anchang Network Security Technology Co.,Ltd.
@@ -723,11 +728,6 @@ descr:		DignusData LLC
 remarks:	ISP located in PL, but _all_ RIR data for announced prefixes contain garbage
 country:	PL
 
-aut-num:	AS60485
-descr:		Inter Connects Inc. / Jing Yun
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
-country:	SE
-
 aut-num:	AS60546
 descr:		EU Routing Ltd
 remarks:	fake offshore location (CY), hosted in NL
@@ -818,6 +818,11 @@ descr:		CloudITIDC Global
 remarks:	ISP and/or IP hijacker located somewhere in AP
 country:	AP
 
+aut-num:	AS133613
+descr:		MTel telecommunication company ltd.
+remarks:	ISP and located in MO, but some prefixes needs manual correction due to ARIN DB situation
+country:	MO
+
 aut-num:	AS133752
 descr:		Leaseweb Asia Pacific pte. ltd.
 remarks:	ISP located in HK, some RIR data for announced prefixes contain garbage
@@ -853,6 +858,11 @@ descr:		LUOGELANG (FRANCE) LIMITED
 remarks:	Shady ISP located in HK, RIR data for announced prefixes contain garbage
 country:	HK
 
+aut-num:	AS136167
+descr:		China Telecom (Macau) Company Limited
+remarks:	located in MO, yet some prefixes show CN or HK instead
+country:	MO
+
 aut-num:	AS136274
 descr:		Cloud Servers Pvt Ltd
 remarks:	ISP located in NL, all RIR data for announced prefixes contain garbage
@@ -918,11 +928,6 @@ descr:		Cloudflare Sydney, LLC
 remarks:	... but CF failed to set the country for announced prefixes to AU as well :-/
 country:	AU
 
-aut-num:	AS139330
-descr:		SANREN DATA LIMITED
-remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
-country:	AP
-
 aut-num:	AS139471
 descr:		HWA CENT TELECOMMUNICATIONS LIMITED
 remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -955,7 +960,7 @@ country:	HK
 
 aut-num:	AS139879
 descr:		Galaxy Broadband
-remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
+remarks:	ISP located in PK, but some RIR data need manual correction due to ARIN DB situation
 country:	PK
 
 aut-num:	AS140214
@@ -983,10 +988,10 @@ descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
 
-aut-num:	AS141746
-descr:		Orenji Server
-remarks:	IP hijacker located somewhere in AP area (JP?)
-country:	AP
+aut-num:	AS141677
+descr:		Nathosts Limited
+remarks:	... located in HK?
+country:	HK
 
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
@@ -1198,11 +1203,6 @@ descr:		Des Capital B.V.
 remarks:	Shady ISP located in NL, but RIR data for announced prefixes contain garbage
 country:	NL
 
-aut-num:	AS210848
-descr:		Telkom Internet LTD
-remarks:	shady ISP currently located in NL
-country:	NL
-
 aut-num:	AS211380
 descr:		PAYWISE HOLDING Sp. z.o.o.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garbage
@@ -1248,11 +1248,6 @@ descr:		MILEGROUP LTD
 remarks:	traceroutes dead-end somewhere in Central Europe
 country:	EU
 
-aut-num:	AS212552
-descr:		BitCommand LLC
-remarks:	Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe
-country:	EU
-
 aut-num:	AS212667
 descr:		RECONN LLC
 remarks:	ISP located in RU, but RIR data for announced prefixes contain garbage
@@ -1533,6 +1528,11 @@ descr:		SpaceX Canada Corp.
 remarks:	Accurate country code missing due to ARIN DB situation, see also: #12746
 country:	CA
 
+net:		103.126.4.0/23
+descr:		Cyber Telecom ISP
+remarks:	Despite being allocated to AF, traceroutes end in NL
+country:	NL
+
 net:		103.197.148.0/22
 descr:		I.C.S. Trabia-Network S.R.L.
 remarks:	fake offshore location (HK), traces back to MD
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 738a699..2b50406 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -67,6 +67,12 @@ descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS41564
+descr:		Orion Network Limited
+remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted
+country:	EU
+drop:		yes
+
 aut-num:	AS43092
 descr:		Kirin Communication Limited
 remarks:	Hijacks IP space and tampers with RIR data, traces back to JP
@@ -79,6 +85,12 @@ remarks:	bulletproof ISP with strong links to RU
 country:	RU
 drop:		yes
 
+aut-num:	AS44446
+descr:		OOO SibirInvest
+remarks:	bulletproof ISP (related to AS202425 and AS57717) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
@@ -109,6 +121,12 @@ remarks:	Autonomous System registered to offshore company, abuse contact is a fr
 country:	AP
 drop:		yes
 
+aut-num:	AS55933
+descr:		Cloudie Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+drop:		yes
+
 aut-num:	AS56611
 descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
@@ -126,6 +144,18 @@ remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS57858
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
+aut-num:	AS57972
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
 aut-num:	AS58271
 descr:		FOP Gubina Lubov Petrivna
 remarks:	bulletproof ISP operating from a war zone in eastern UA
@@ -143,6 +173,12 @@ descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
 
+aut-num:	AS60485
+descr:		Inter Connects Inc. / Jing Yun
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks
+country:	SE
+drop:		yes
+
 aut-num:	AS61414
 descr:		EDGENAP LTD
 remarks:	IP hijacking? Rogue ISP?
@@ -190,6 +226,12 @@ remarks:	IP hijacker located somewhere in AP area
 country:	AP
 drop:		yes
 
+aut-num:	AS139330
+descr:		SANREN DATA LIMITED
+remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
+country:	AP
+drop:		yes
+
 aut-num:	AS140107
 descr:		CITIS CLOUD GROUP LIMITED
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?)
@@ -201,6 +243,12 @@ remarks:	ISP and IP hijacker located in HK, tampers with RIR data
 country:	HK
 drop:		yes
 
+aut-num:	AS141746
+descr:		Orenji Server
+remarks:	IP hijacker located somewhere in AP area (JP?)
+country:	AP
+drop:		yes
+
 aut-num:	AS200391
 descr:		KREZ 999 EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
@@ -231,24 +279,30 @@ remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 drop:		yes
 
-aut-num:	AS207812
-descr:		DM AUTO EOOD
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-drop:		yes
-
 aut-num:	AS209272
 descr:		Alviva Holding Limited
 remarks:	bulletproof ISP operating from a war zone in eastern UA
 country:	UA
 drop:		yes
 
+aut-num:	AS210848
+descr:		Telkom Internet LTD
+remarks:	Rogue ISP (linked to AS202425) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS211193
 descr:		ABDILAZIZ UULU ZHUSUP
 remarks:	bulletproof ISP and IP hijacker, traces to RU
 country:	RU
 drop:		yes
 
+aut-num:	AS212552
+descr:		BitCommand LLC
+remarks:	Dirty ISP located somewhere in EU, cannot trust RIR data of this network
+country:	EU
+drop:		yes
+
 aut-num:	AS213058
 descr:		Private Internet Hosting LTD
 remarks:	bulletproof ISP located in RU
-- 
2.31.1

[PATCH] override-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 13121 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    | 37 +-------------
 overrides/override-other.txt | 95 ++++++++++++++++++++++++++++--------
 overrides/override-xd.txt    | 34 ++++++++++++-
 3 files changed, 108 insertions(+), 58 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 5b620fe..43e0174 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -729,21 +729,6 @@ descr:				GZ Systems Limited / PureVPN
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-net:				62.73.7.0/24
-descr:				Privax LTD / AVAST s.r.o.
-remarks:			VPN provider
-is-anonymous-proxy:		yes
-
-net:				62.73.8.0/23
-descr:				Privax LTD / AVAST s.r.o.
-remarks:			VPN provider
-is-anonymous-proxy:		yes
-
-net:				62.73.10.0/24
-descr:				Privax LTD / AVAST s.r.o.
-remarks:			VPN provider
-is-anonymous-proxy:		yes
-
 net:				62.149.160.0/20
 descr:				Aruba VPN
 remarks:			VPN provider
@@ -835,7 +820,7 @@ is-anonymous-proxy:		yes
 
 net:				80.254.74.0/20
 descr:				Monzoon / SwissVPN
-remarks:			VPN provider [high confidence, but not proofed]
+remarks:			VPN provider
 is-anonymous-proxy:		yes
 
 net:				82.199.130.0/24
@@ -1135,11 +1120,6 @@ remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 country:			FR
 
-net:				156.0.200.0/22
-descr:				xTom Limited
-remarks:			... network operator thinks messing with countries and having an offshore company for it is funny :-/
-is-anonymous-proxy:		yes
-
 net:				159.197.128.0/17
 descr:				Nationwide Computer Systems, Inc. trading as IPTrading.com
 remarks:			Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/
@@ -1236,16 +1216,6 @@ descr:				Private Internet Access
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-net:				173.239.252.0/24
-descr:				OculusProxies
-remarks:			VPN provider [high confidence, but not proofed]
-is-anonymous-proxy:		yes
-
-net:				173.239.252.0/24
-descr:				BGRVPN
-remarks:			VPN provider
-is-anonymous-proxy:		yes
-
 net:				173.244.32.0/19
 descr:				LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / CookieProxy / etc. pp.
 remarks:			large IP chunk mostly used by VPN providers
@@ -1505,11 +1475,6 @@ descr:				GZ Systems Limited / PureVPN
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-net:				190.115.16.0/20
-descr:				DDOS-GUARD CORP.
-remarks:			IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize"
-is-anonymous-proxy:		yes
-
 net:				191.96.1.0/23
 descr:				GZ Systems Limited / PureVPN
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 56bb12e..89ad8e0 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -92,8 +92,8 @@ country:	GR
 
 aut-num:	AS6134
 descr:		XNNET LLC
-remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
-country:	AP
+remarks:	traces back to HK, seems to tamper with RIR data
+country:	HK
 
 aut-num:	AS6412
 name:		Zajil International Telecom Company
@@ -144,6 +144,11 @@ descr:		Nexril
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
 country:	US
 
+aut-num:	AS15611
+descr:		Iranian Research Organization for Science & Technology
+remarks:	ISP located in IR, but some RIR data for announced prefixes contain garbage
+country:	IR
+
 aut-num:	AS15828
 descr:		Blue Diamond Network Co., Ltd.
 remarks:	Shady ISP located somewhere in AP
@@ -268,6 +273,11 @@ descr:		ASLINE LIMITED
 remarks:	... located in HK
 country:	HK
 
+aut-num:	AS34837
+descr:		Institute for Research in Fundamental Sciences
+remarks:	ISP located in IR, but some RIR data for announced prefixes contain garbage
+country:	IR
+
 aut-num:	AS34985
 descr:		Kirin Communication Limited
 remarks:	ISP located in JP, but some RIR data for announced prefixes contain garbage
@@ -468,6 +478,11 @@ descr:		KeonWoo PARK
 remarks:	claims US for its prefixes announced, but traces back to KR
 country:	KR
 
+aut-num:	AS45250
+descr:		Vocom International Telecommunications AP Area
+remarks:	ISP located in AP area, some RIR data for announced prefixes contain garbage
+country:	AP
+
 aut-num:	AS45671
 descr:		Servers Australia Pty. Ltd.
 remarks:	ISP located in AU, but some RIR data for announced prefixes contain garbage
@@ -578,11 +593,6 @@ descr:		WhiteHat Inc.
 remarks:	tampers with RIR data
 country:	EU
 
-aut-num:	AS54600
-descr:		PEG TECH INC
-remarks:	ISP and/or IP hijacker located in US this time, tampers with RIR data
-country:	US
-
 aut-num:	AS55330
 descr:		AFGHANTELECOM GOVERNMENT COMMUNICATION NETWORK
 remarks:	For some reason, some "Airbus Defence and Space AS" prefixes are announced by this one...
@@ -658,6 +668,21 @@ descr:		INNETRA PC
 remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
 country:	EU
 
+aut-num:	AS58879
+descr:		Shanghai Anchang Network Security Technology Co.,Ltd.
+remarks:	... network infrastructure is believed to be located in HK, has some links to ASLINE hijacking gang
+country:   	HK
+
+aut-num:	AS59043
+descr:		Guangzhou LanDong Information technology co., LTD
+remarks:	... network infrastructure is believed to be located in HK
+country:   	HK
+
+aut-num:	AS59117
+descr:		DREAM CLOUD INNOVATION PTE. LTD.
+remarks:	Claims to be located in JP or SG, but is likely located in HK
+country:	HK
+
 aut-num:	AS59253
 descr:		Leaseweb Asia Pacific pte. ltd.
 remarks:	ISP located in SG, but some RIR data for announced prefixes contain garbage
@@ -773,6 +798,11 @@ descr:		XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
 remarks:	ISP located in HK, tampers with RIR data
 country:	HK
 
+aut-num:	AS132813
+descr:		HK AISI CLOUD COMPUTING LIMITED
+remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
+country:	HK
+
 aut-num:	AS132839
 descr:		POWER LINE DATACENTER
 remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
@@ -799,7 +829,7 @@ remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "
 country:	AP
 
 aut-num:	AS134196
-descr:		Cloudie Limited
+descr:		ANYUN INTERNET TECHNOLOGY (HK) CO.,LIMITED
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region (HK? CN?)
 country:	AP
 
@@ -818,6 +848,11 @@ descr:		Sky Digital Co., Ltd.
 remarks:	IP hijacker located in TW, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 country:	TW
 
+aut-num:	AS135097
+descr:		LUOGELANG (FRANCE) LIMITED
+remarks:	Shady ISP located in HK, RIR data for announced prefixes contain garbage
+country:	HK
+
 aut-num:	AS136274
 descr:		Cloud Servers Pvt Ltd
 remarks:	ISP located in NL, all RIR data for announced prefixes contain garbage
@@ -828,11 +863,26 @@ descr:		Optix Pakistan (Pvt.) Limited
 remarks:	ISP located in PK, some RIR data for announced prefixes (bogons?) contain garbage
 country:	PK
 
+aut-num:	AS136744
+descr:		DREAM POWER TECHNOLOGY LIMITED
+remarks:	Located somewhere in AP (HK? KR?), tampers with RIR data a lot
+country:	AP
+
+aut-num:	AS136746
+descr:		XRCLOUD.NET INC.
+remarks:	... located in HK
+country:	HK
+
 aut-num:	AS136933
 descr:		Gigabitbank Global / Anchnet Asia Limited (?)
 remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 country:	AP
 
+aut-num:	AS136950
+descr:		Hong Kong FireLine Network LTD
+remarks:	... located in HK (surprise!), but thinks allocating things to random countries worldwide is funny
+country:	HK
+
 aut-num:	AS136988
 descr:		Leaseweb Australia Pty. Ltd.
 remarks:	ISP located in AU, some RIR data for announced prefixes contain garbage
@@ -843,11 +893,6 @@ descr:		Anchnet Asia Limited
 remarks:	IP hijacker located in HK, tampers with RIR data
 country:	HK
 
-aut-num:	AS137523
-descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
-remarks:	ISP and IP hijacker located in HK, tampers with RIR data
-country:	HK
-
 aut-num:	AS138195
 descr:		MOACK.Co.LTD
 remarks:	ISP located in KR, some RIR data for announced prefixes contain garbage
@@ -878,6 +923,11 @@ descr:		SANREN DATA LIMITED
 remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
 country:	AP
 
+aut-num:	AS139471
+descr:		HWA CENT TELECOMMUNICATIONS LIMITED
+remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
+country:	AP
+
 aut-num:	AS139640
 descr:		HK NEW CLOUD TECHNOLOGY LIMITED
 remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -908,6 +958,11 @@ descr:		Galaxy Broadband
 remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd...
 country:	PK
 
+aut-num:	AS140214
+descr:		Create Prominent Information Limited
+remarks:	Shady ISP located in HK
+country:	HK
+
 aut-num:	AS140224
 descr:		White-Sand Cloud Computing(HK) Co., LIMITED
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
@@ -938,6 +993,11 @@ descr:		FLP Kochenov Aleksej Vladislavovich
 remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
 country:	UA
 
+aut-num:	AS197540
+descr:		netcup GmbH
+remarks:	ISP located in DE, some RIR data for announced prefixes contain garbage
+country:	DE
+
 aut-num:	AS200019
 descr:		ALEXHOST SRL
 remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
@@ -1260,8 +1320,8 @@ country:	ZA
 
 aut-num:	AS328608
 descr:		Africa on Cloud
-remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
-country:	AP
+remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes - anyway, traces back to ZA :-/
+country:	ZA
 
 aut-num:	AS328703
 descr:		Seven Network Inc.
@@ -1678,11 +1738,6 @@ descr:		4b42 UG (haftungsbeschränkt)
 remarks:	... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/
 country:   	DE
 
-net:		2a0f:7a80::/29
-descr:		ASLINE Limited
-remarks:	APNIC chunk owned by a HK-based company, but assigned to DE
-country:	AP
-
 net:		2a0f:e400:3000::/40
 descr:		Kevin Buehl
 remarks:	... who thinks assigning networks to unpopulated Bouvet Island (BV) is funny :-/
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 76ceab3..738a699 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -40,8 +40,8 @@ drop:		yes
 
 aut-num:	AS211849
 descr:		Kakharov Orinbassar Maratuly
-remarks:	ISP and IP hijacker located in RU, many RIR data for announced prefixes contain garbage
-country:	RU
+remarks:	ISP and IP hijacker located in KZ, many RIR data for announced prefixes contain garbage
+country:	KZ
 drop:		yes
 
 aut-num:	AS24009
@@ -97,6 +97,12 @@ remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 country:	RU
 drop:		yes
 
+aut-num:	AS54600
+descr:		PEG TECH INC
+remarks:	ISP and IP hijacker located in US this time, tampers with RIR data
+country:	US
+drop:		yes
+
 aut-num:	AS55303
 descr:		Eagle Sky Co., Lt[d ?]
 remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
@@ -166,6 +172,12 @@ remarks:	IP hijacker located in HK, suspected to be part of the "Asline" IP hija
 country:	HK
 drop:		yes
 
+aut-num:	AS137523
+descr:		HONGKONG CLOUD NETWORK TECHNOLOGY CO., LIMITED
+remarks:	ISP and IP hijacker located in HK, tampers with RIR data
+country:	HK
+drop:		yes
+
 aut-num:	AS137951
 descr:		Clayer Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK
@@ -261,6 +273,18 @@ remarks:	ISP located in HK, tampers with RIR data
 country:	HK
 drop:		yes
 
+aut-num:	AS398993
+descr:		PEG TECH INC
+remarks:	ISP located in JP, tampers with RIR data
+country:	JP
+drop:		yes
+
+aut-num:	AS399195
+descr:		PEG TECH INC
+remarks:	ISP located in KR, tampers with RIR data
+country:	KR
+drop:		yes
+
 net:		196.11.32.0/20
 descr:		Sanlam Life Insurance Limited
 remarks:	Stolen AfriNIC IPv4 space announced from NL
@@ -272,6 +296,12 @@ descr:		NZB.si Enterprises
 remarks:	Tampers with RIR data, not a safe place to route traffic to
 drop:		yes
 
+net:		2a0f:7a80::/29
+descr:		ASLINE Limited
+remarks:	APNIC chunk owned by a HK-based IP hijacker, but assigned to DE
+country:	HK
+drop:		yes
+
 net:		2a10:9700::/29
 descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
-- 
2.26.2

Re: [PATCH] override-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 15958 bytes --]

Hello Michael,

thanks for your reply.

No, they are all still alive and kicking, but fit the "XD" category better. Some of them,
to the best of my knowledge, recently stopped using proxy/VPN services, so I removed them
from the A1 override file for improved accuracy.

Thanks, and best regards,
Peter Müller


> Thank you. Merged.
> 
> All those networks that were removed, did they just cease to exist?
> 
> -Michael
> 
>> On 10 Dec 2021, at 07:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>>
>> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
>> ---
>> overrides/override-a1.txt    |  48 ----------------
>> overrides/override-other.txt | 104 ++++++++++++++++++++++-------------
>> overrides/override-xd.txt    |  50 +++++++++++++++++
>> 3 files changed, 117 insertions(+), 85 deletions(-)
>>
>> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
>> index 5734c08..5fce4d9 100644
>> --- a/overrides/override-a1.txt
>> +++ b/overrides/override-a1.txt
>> @@ -82,11 +82,6 @@ descr:				Asiamax Ltd. VPN
>> remarks:			VPN provider
>> is-anonymous-proxy:		yes
>>
>> -aut-num:			AS39770
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> -
>> aut-num:			AS43233
>> descr:				VPS 404 Ltd.
>> remarks:			VPN provider [high confidence, but not proofed] located in ES
>> @@ -114,12 +109,6 @@ descr:				BeeVPN ApS
>> remarks:			VPN provider
>> is-anonymous-proxy:		yes
>>
>> -aut-num:			AS51381
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> -country:			RU
>> -
>> aut-num:			AS51446
>> descr:				SP Argaev Artem Sergeyevich / Foundation Respect My Privacy
>> remarks:			VPN provider [high confidence, but not proofed]
>> @@ -142,17 +131,6 @@ remarks:			Tor relay and VPN provider, traces back to SE [high confidence, but n
>> is-anonymous-proxy:		yes
>> country:			SE
>>
>> -aut-num:			AS55303
>> -descr:				Eagle Sky Co., Lt[d ?]
>> -remarks:			Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
>> -is-anonymous-proxy:		yes
>> -country:			AP
>> -
>> -aut-num:			AS56873
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> -
>> aut-num:			AS58110
>> descr:				IP Volume Ltd. / Epik
>> remarks:			Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure
>> @@ -168,11 +146,6 @@ descr:				Geotelco Limited
>> remarks:			VPN provider [high confidence, but not proofed]
>> is-anonymous-proxy:		yes
>>
>> -aut-num:			AS60424
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> -
>> aut-num:			AS60729
>> descr:				Zwiebelfreunde e.V.
>> remarks:			Tor relay provider
>> @@ -214,12 +187,6 @@ descr:				HERN Labs AB
>> remarks:			VPN provider [high confidence, but not proofed]
>> is-anonymous-proxy:		yes
>>
>> -aut-num:			AS206819
>> -descr:				ANSON NETWORK LIMITED
>> -remarks:			Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
>> -is-anonymous-proxy:		yes
>> -country:			TW
>> -
>> aut-num:			AS207688
>> descr:				DataHome S.A.
>> remarks:			VPN provider located in BR [high confidence, but not proofed]
>> @@ -1430,11 +1397,6 @@ descr:				Tredinvest LLC / bestwest[.]host
>> remarks:			VPN provider or offering similar services [high confidence, but not proofed]
>> is-anonymous-proxy:		yes
>>
>> -net:				185.215.113.0/24
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> -
>> net:				185.220.100.0/22
>> descr:				Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute
>> remarks:			Tor relay provider
>> @@ -1692,11 +1654,6 @@ descr:				LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / Cookie
>> remarks:			Hijacked AfriNIC IP chunk mostly used by VPN providers
>> is-anonymous-proxy:		yes
>>
>> -net:				196.61.192.0/20
>> -descr:				Inspiring Networks LTD
>> -remarks:			hijacked (?) IP network owned by an offshore company [high confidence, but not proofed]
>> -is-anonymous-proxy:		yes
>> -
>> net:				197.221.161.0/24
>> descr:				VPNClientPublics
>> remarks:			VPN provider
>> @@ -2031,8 +1988,3 @@ net:				2c0f:f930::/32
>> descr:				Cyberdyne S.A.
>> remarks:			Tor relay provider
>> is-anonymous-proxy:		yes
>> -
>> -net:				2a10:9700::/29
>> -descr:				1337TEAM LIMITED / eliteteam[.]to
>> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
>> -is-anonymous-proxy:		yes
>> diff --git a/overrides/override-other.txt b/overrides/override-other.txt
>> index 7d76534..ca9dbad 100644
>> --- a/overrides/override-other.txt
>> +++ b/overrides/override-other.txt
>> @@ -85,6 +85,11 @@ descr:		Tianhai InfoTech
>> remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
>> country:	AP
>>
>> +aut-num:	AS5408
>> +descr:		Greek Research and Technology Network (GRNET) S.A.
>> +remarks:	... located in GR
>> +country:	GR
>> +
>> aut-num:	AS6134
>> descr:		XNNET LLC
>> remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
>> @@ -363,6 +368,11 @@ descr:		CNSERVERS LLC
>> remarks:	Shady ISP located in US, tampers with RIR data
>> country:	US
>>
>> +aut-num:	AS41047
>> +descr:		MLAB Open Source Community
>> +remarks:	traces back to DE
>> +country:	DE
>> +
>> aut-num:	AS41466
>> descr:		Treidinvest LLC
>> remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
>> @@ -408,6 +418,11 @@ descr:		DGN TEKNOLOJI A.S.
>> remarks:	ISP located in TR, but many RIR data for announced prefixes contain garbage
>> country:	TR
>>
>> +aut-num:	AS43092
>> +descr:		Kirin Communication Limited
>> +remarks:	tampers with RIR data, traces back to AP area
>> +country:	AP
>> +
>> aut-num:	AS43310
>> descr:		TOV "LVS"
>> remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
>> @@ -498,11 +513,6 @@ descr:		LLC Baxet
>> remarks:	tampers with RIR data, traces back to RU
>> country:	RU
>>
>> -aut-num:	AS49447
>> -descr:		Nice IT Services Group Inc.
>> -remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
>> -country:	CH
>> -
>> aut-num:	AS49466
>> descr:		KLAYER LLC
>> remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
>> @@ -748,6 +758,11 @@ descr:		NForce Entertainment BV
>> remarks:	currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
>> country:	NL
>>
>> +aut-num:	AS131685
>> +descr:		Sun Network (Hong Kong) Limited
>> +remarks:	ISP and/or IP hijacker located somewhere in AP
>> +country:	AP
>> +
>> aut-num:	AS132369
>> descr:		XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
>> remarks:	ISP located in HK, tampers with RIR data
>> @@ -758,9 +773,14 @@ descr:		POWER LINE DATACENTER
>> remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
>> country:	HK
>>
>> +aut-num:	AS133201
>> +descr:		ABCDE GROUP COMPANY LIMITED
>> +remarks:	ISP and/or IP hijacker located somewhere in AP
>> +country:	AP
>> +
>> aut-num:	AS133441
>> descr:		CloudITIDC Global
>> -remarks:	ISP and/or IP hijacker located somehwere in AP
>> +remarks:	ISP and/or IP hijacker located somewhere in AP
>> country:	AP
>>
>> aut-num:	AS133752
>> @@ -810,7 +830,7 @@ country:	AP
>>
>> aut-num:	AS136800
>> descr:		ICIDC NETWORK
>> -remarks:	IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
>> +remarks:	IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
>> country:	AP
>>
>> aut-num:	AS136933
>> @@ -923,6 +943,11 @@ descr:		Incomparable(HK)Network Co., Limited
>> remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
>> country:	AP
>>
>> +aut-num:	AS141746
>> +descr:		Orenji Server
>> +remarks:	IP hijacker located somewhere in AP area (JP?)
>> +country:	AP
>> +
>> aut-num:	AS196682
>> descr:		FLP Kochenov Aleksej Vladislavovich
>> remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
>> @@ -933,11 +958,6 @@ descr:		ALEXHOST SRL
>> remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
>> country:	MD
>>
>> -aut-num:	AS200391
>> -descr:		KREZ 999 EOOD
>> -remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
>> -country:	BG
>> -
>> aut-num:	AS200699
>> descr:		Datashield, Inc.
>> remarks:	fake offshore location (SC), traces back to NL
>> @@ -1028,6 +1048,11 @@ descr:		Genius Guard / Genius Security Ltd.
>> remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
>> country:	RU
>>
>> +aut-num:	AS206819
>> +descr:		ANSON NETWORK LIMITED
>> +remarks:	Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
>> +country:	TW
>> +
>> aut-num:	AS206898
>> descr:		Server Hosting Pty Ltd
>> remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
>> @@ -1063,11 +1088,6 @@ descr:		Altrosky Technology Ltd.
>> remarks:	fake offshore location (SC), traces back to CZ and NL
>> country:	EU
>>
>> -aut-num:	AS207812
>> -descr:		DM AUTO EOOD
>> -remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
>> -country:	BG
>> -
>> aut-num:	AS208046
>> descr:		Maximilian Kutzner trading as HostSlick
>> remarks:	traces back to NL, but some RIR data for announced prefixes contain garbage
>> @@ -1248,6 +1268,11 @@ descr:		Sun Network Company Limited
>> remarks:	IP hijacker, traces back to AP region
>> country:	AP
>>
>> +aut-num:	AS328608
>> +descr:		Africa on Cloud
>> +remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
>> +country:	AP
>> +
>> aut-num:	AS328703
>> descr:		Seven Network Inc.
>> remarks:	traces back to ZA
>> @@ -1313,25 +1338,25 @@ descr:		Wolverine Trading, LLC
>> remarks:	IP hijacker located in US, tampers with RIR data
>> country:	US
>>
>> -net:        5.1.68.0/24
>> -descr:      GaiacomLC
>> -remarks:    routed to DE, inaccurate RIR data
>> -country:    DE
>> +net:		5.1.68.0/24
>> +descr:		GaiacomLC
>> +remarks:	routed to DE, inaccurate RIR data
>> +country:	DE
>>
>> -net:        5.1.69.0/24
>> -descr:      GaiacomLC
>> -remarks:    routed to DE, inaccurate RIR data
>> -country:    DE
>> +net:		5.1.69.0/24
>> +descr:		GaiacomLC
>> +remarks:	routed to DE, inaccurate RIR data
>> +country:	DE
>>
>> -net:        5.1.83.0/24
>> -descr:      GaiacomLC
>> -remarks:    routed to DE, inaccurate RIR data
>> -country:    DE
>> +net:		5.1.83.0/24
>> +descr:		GaiacomLC
>> +remarks:	routed to DE, inaccurate RIR data
>> +country:	DE
>>
>> -net:        5.1.88.0/24
>> -descr:      GaiacomLC
>> -remarks:    routed to DE, inaccurate RIR data
>> -country:    DE
>> +net:		5.1.88.0/24
>> +descr:		GaiacomLC
>> +remarks:	routed to DE, inaccurate RIR data
>> +country:	DE
>>
>> net:		5.252.32.0/22
>> descr:		StormWall s.r.o.
>> @@ -1413,6 +1438,11 @@ descr:		Golden Internet LLC
>> remarks:	fake location (KP), WHOIS contact points to RU
>> country:   	RU
>>
>> +net:		91.90.120.0/24
>> +descr:		M247 LTD, Greenland Infrastructure
>> +remarks:	... traces back to CA
>> +country:   	CA
>> +
>> net:		91.149.194.0/24
>> descr:		IP Volume Ltd. / Epik
>> remarks:	fake location (CH), traces back to SE
>> @@ -1488,10 +1518,10 @@ descr:		Intelcom Group Ltd
>> remarks:	fake offshore location (SC), traces back to RU
>> country:   	RU
>>
>> -net:        185.140.204.0/22
>> -descr:      Hornetsecurity GmbH
>> -remarks:    all suballocations are used in DE, but are assigned to US
>> -country:    DE
>> +net:		185.140.204.0/22
>> +descr:		Hornetsecurity GmbH
>> +remarks:	all suballocations are used in DE, but are assigned to US
>> +country:	DE
>>
>> net:		185.175.93.0/24
>> descr:		Perfect Hosting Solutions
>> diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
>> index 7df6188..29057d9 100644
>> --- a/overrides/override-xd.txt
>> +++ b/overrides/override-xd.txt
>> @@ -26,24 +26,57 @@
>> # Please keep this file sorted.
>> #
>>
>> +aut-num:	AS39770
>> +descr:		1337TEAM LIMITED / eliteteam[.]to
>> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
>> +drop:		yes
>> +
>> aut-num:	AS48090
>> descr:		PPTECHNOLOGY LIMITED
>> remarks:	bulletproof ISP (related to AS204655) located in NL
>> country:	NL
>> drop:		yes
>>
>> +aut-num:	AS49447
>> +descr:		Nice IT Services Group Inc.
>> +remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
>> +country:	CH
>> +drop:		yes
>> +
>> +aut-num:	AS51381
>> +descr:		1337TEAM LIMITED / eliteteam[.]to
>> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
>> +country:	RU
>> +drop:		yes
>> +
>> +aut-num:	AS55303
>> +descr:		Eagle Sky Co., Lt[d ?]
>> +remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
>> +country:	AP
>> +drop:		yes
>> +
>> aut-num:	AS56611
>> descr:		REBA Communications BV
>> remarks:	bulletproof ISP (related to AS202425) located in NL
>> country:	NL
>> drop:		yes
>>
>> +aut-num:	AS56873
>> +descr:		1337TEAM LIMITED / eliteteam[.]to
>> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
>> +drop:		yes
>> +
>> aut-num:	AS57717
>> descr:		FiberXpress BV
>> remarks:	bulletproof ISP (related to AS202425) located in NL
>> country:	NL
>> drop:		yes
>>
>> +aut-num:	AS60424
>> +descr:		1337TEAM LIMITED / eliteteam[.]to
>> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
>> +drop:		yes
>> +
>> aut-num:	AS62068
>> descr:		SpectraIP B.V.
>> remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
>> @@ -62,6 +95,12 @@ remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
>> country:	NL
>> drop:		yes
>>
>> +aut-num:	AS200391
>> +descr:		KREZ 999 EOOD
>> +remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
>> +country:	BG
>> +drop:		yes
>> +
>> aut-num:	AS202425
>> descr:		IP Volume Inc.
>> remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
>> @@ -74,6 +113,12 @@ remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace
>> country:	NL
>> drop:		yes
>>
>> +aut-num:	AS207812
>> +descr:		DM AUTO EOOD
>> +remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
>> +country:	BG
>> +drop:		yes
>> +
>> aut-num:	AS204655
>> descr:		Novogara Ltd.
>> remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
>> @@ -85,3 +130,8 @@ descr:		Datapacket Maroc SARL
>> remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
>> country:	NL
>> drop:		yes
>> +
>> +net:		2a10:9700::/29
>> +descr:		1337TEAM LIMITED / eliteteam[.]to
>> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
>> +drop:		yes
>> -- 
>> 2.26.2
> 

Re: [PATCH] override-{a1,other,xd}: Regular batch of various overrides

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 15226 bytes --]

Thank you. Merged.

All those networks that were removed, did they just cease to exist?

-Michael

> On 10 Dec 2021, at 07:07, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> overrides/override-a1.txt    |  48 ----------------
> overrides/override-other.txt | 104 ++++++++++++++++++++++-------------
> overrides/override-xd.txt    |  50 +++++++++++++++++
> 3 files changed, 117 insertions(+), 85 deletions(-)
> 
> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
> index 5734c08..5fce4d9 100644
> --- a/overrides/override-a1.txt
> +++ b/overrides/override-a1.txt
> @@ -82,11 +82,6 @@ descr:				Asiamax Ltd. VPN
> remarks:			VPN provider
> is-anonymous-proxy:		yes
> 
> -aut-num:			AS39770
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> -
> aut-num:			AS43233
> descr:				VPS 404 Ltd.
> remarks:			VPN provider [high confidence, but not proofed] located in ES
> @@ -114,12 +109,6 @@ descr:				BeeVPN ApS
> remarks:			VPN provider
> is-anonymous-proxy:		yes
> 
> -aut-num:			AS51381
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> -country:			RU
> -
> aut-num:			AS51446
> descr:				SP Argaev Artem Sergeyevich / Foundation Respect My Privacy
> remarks:			VPN provider [high confidence, but not proofed]
> @@ -142,17 +131,6 @@ remarks:			Tor relay and VPN provider, traces back to SE [high confidence, but n
> is-anonymous-proxy:		yes
> country:			SE
> 
> -aut-num:			AS55303
> -descr:				Eagle Sky Co., Lt[d ?]
> -remarks:			Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
> -is-anonymous-proxy:		yes
> -country:			AP
> -
> -aut-num:			AS56873
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> -
> aut-num:			AS58110
> descr:				IP Volume Ltd. / Epik
> remarks:			Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure
> @@ -168,11 +146,6 @@ descr:				Geotelco Limited
> remarks:			VPN provider [high confidence, but not proofed]
> is-anonymous-proxy:		yes
> 
> -aut-num:			AS60424
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> -
> aut-num:			AS60729
> descr:				Zwiebelfreunde e.V.
> remarks:			Tor relay provider
> @@ -214,12 +187,6 @@ descr:				HERN Labs AB
> remarks:			VPN provider [high confidence, but not proofed]
> is-anonymous-proxy:		yes
> 
> -aut-num:			AS206819
> -descr:				ANSON NETWORK LIMITED
> -remarks:			Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
> -is-anonymous-proxy:		yes
> -country:			TW
> -
> aut-num:			AS207688
> descr:				DataHome S.A.
> remarks:			VPN provider located in BR [high confidence, but not proofed]
> @@ -1430,11 +1397,6 @@ descr:				Tredinvest LLC / bestwest[.]host
> remarks:			VPN provider or offering similar services [high confidence, but not proofed]
> is-anonymous-proxy:		yes
> 
> -net:				185.215.113.0/24
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> -
> net:				185.220.100.0/22
> descr:				Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute
> remarks:			Tor relay provider
> @@ -1692,11 +1654,6 @@ descr:				LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / Cookie
> remarks:			Hijacked AfriNIC IP chunk mostly used by VPN providers
> is-anonymous-proxy:		yes
> 
> -net:				196.61.192.0/20
> -descr:				Inspiring Networks LTD
> -remarks:			hijacked (?) IP network owned by an offshore company [high confidence, but not proofed]
> -is-anonymous-proxy:		yes
> -
> net:				197.221.161.0/24
> descr:				VPNClientPublics
> remarks:			VPN provider
> @@ -2031,8 +1988,3 @@ net:				2c0f:f930::/32
> descr:				Cyberdyne S.A.
> remarks:			Tor relay provider
> is-anonymous-proxy:		yes
> -
> -net:				2a10:9700::/29
> -descr:				1337TEAM LIMITED / eliteteam[.]to
> -remarks:			Owned by an offshore letterbox company, suspected rogue ISP
> -is-anonymous-proxy:		yes
> diff --git a/overrides/override-other.txt b/overrides/override-other.txt
> index 7d76534..ca9dbad 100644
> --- a/overrides/override-other.txt
> +++ b/overrides/override-other.txt
> @@ -85,6 +85,11 @@ descr:		Tianhai InfoTech
> remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
> country:	AP
> 
> +aut-num:	AS5408
> +descr:		Greek Research and Technology Network (GRNET) S.A.
> +remarks:	... located in GR
> +country:	GR
> +
> aut-num:	AS6134
> descr:		XNNET LLC
> remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
> @@ -363,6 +368,11 @@ descr:		CNSERVERS LLC
> remarks:	Shady ISP located in US, tampers with RIR data
> country:	US
> 
> +aut-num:	AS41047
> +descr:		MLAB Open Source Community
> +remarks:	traces back to DE
> +country:	DE
> +
> aut-num:	AS41466
> descr:		Treidinvest LLC
> remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
> @@ -408,6 +418,11 @@ descr:		DGN TEKNOLOJI A.S.
> remarks:	ISP located in TR, but many RIR data for announced prefixes contain garbage
> country:	TR
> 
> +aut-num:	AS43092
> +descr:		Kirin Communication Limited
> +remarks:	tampers with RIR data, traces back to AP area
> +country:	AP
> +
> aut-num:	AS43310
> descr:		TOV "LVS"
> remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
> @@ -498,11 +513,6 @@ descr:		LLC Baxet
> remarks:	tampers with RIR data, traces back to RU
> country:	RU
> 
> -aut-num:	AS49447
> -descr:		Nice IT Services Group Inc.
> -remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
> -country:	CH
> -
> aut-num:	AS49466
> descr:		KLAYER LLC
> remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
> @@ -748,6 +758,11 @@ descr:		NForce Entertainment BV
> remarks:	currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
> country:	NL
> 
> +aut-num:	AS131685
> +descr:		Sun Network (Hong Kong) Limited
> +remarks:	ISP and/or IP hijacker located somewhere in AP
> +country:	AP
> +
> aut-num:	AS132369
> descr:		XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
> remarks:	ISP located in HK, tampers with RIR data
> @@ -758,9 +773,14 @@ descr:		POWER LINE DATACENTER
> remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
> country:	HK
> 
> +aut-num:	AS133201
> +descr:		ABCDE GROUP COMPANY LIMITED
> +remarks:	ISP and/or IP hijacker located somewhere in AP
> +country:	AP
> +
> aut-num:	AS133441
> descr:		CloudITIDC Global
> -remarks:	ISP and/or IP hijacker located somehwere in AP
> +remarks:	ISP and/or IP hijacker located somewhere in AP
> country:	AP
> 
> aut-num:	AS133752
> @@ -810,7 +830,7 @@ country:	AP
> 
> aut-num:	AS136800
> descr:		ICIDC NETWORK
> -remarks:	IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
> +remarks:	IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
> country:	AP
> 
> aut-num:	AS136933
> @@ -923,6 +943,11 @@ descr:		Incomparable(HK)Network Co., Limited
> remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
> country:	AP
> 
> +aut-num:	AS141746
> +descr:		Orenji Server
> +remarks:	IP hijacker located somewhere in AP area (JP?)
> +country:	AP
> +
> aut-num:	AS196682
> descr:		FLP Kochenov Aleksej Vladislavovich
> remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
> @@ -933,11 +958,6 @@ descr:		ALEXHOST SRL
> remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
> country:	MD
> 
> -aut-num:	AS200391
> -descr:		KREZ 999 EOOD
> -remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
> -country:	BG
> -
> aut-num:	AS200699
> descr:		Datashield, Inc.
> remarks:	fake offshore location (SC), traces back to NL
> @@ -1028,6 +1048,11 @@ descr:		Genius Guard / Genius Security Ltd.
> remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
> country:	RU
> 
> +aut-num:	AS206819
> +descr:		ANSON NETWORK LIMITED
> +remarks:	Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
> +country:	TW
> +
> aut-num:	AS206898
> descr:		Server Hosting Pty Ltd
> remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
> @@ -1063,11 +1088,6 @@ descr:		Altrosky Technology Ltd.
> remarks:	fake offshore location (SC), traces back to CZ and NL
> country:	EU
> 
> -aut-num:	AS207812
> -descr:		DM AUTO EOOD
> -remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
> -country:	BG
> -
> aut-num:	AS208046
> descr:		Maximilian Kutzner trading as HostSlick
> remarks:	traces back to NL, but some RIR data for announced prefixes contain garbage
> @@ -1248,6 +1268,11 @@ descr:		Sun Network Company Limited
> remarks:	IP hijacker, traces back to AP region
> country:	AP
> 
> +aut-num:	AS328608
> +descr:		Africa on Cloud
> +remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
> +country:	AP
> +
> aut-num:	AS328703
> descr:		Seven Network Inc.
> remarks:	traces back to ZA
> @@ -1313,25 +1338,25 @@ descr:		Wolverine Trading, LLC
> remarks:	IP hijacker located in US, tampers with RIR data
> country:	US
> 
> -net:        5.1.68.0/24
> -descr:      GaiacomLC
> -remarks:    routed to DE, inaccurate RIR data
> -country:    DE
> +net:		5.1.68.0/24
> +descr:		GaiacomLC
> +remarks:	routed to DE, inaccurate RIR data
> +country:	DE
> 
> -net:        5.1.69.0/24
> -descr:      GaiacomLC
> -remarks:    routed to DE, inaccurate RIR data
> -country:    DE
> +net:		5.1.69.0/24
> +descr:		GaiacomLC
> +remarks:	routed to DE, inaccurate RIR data
> +country:	DE
> 
> -net:        5.1.83.0/24
> -descr:      GaiacomLC
> -remarks:    routed to DE, inaccurate RIR data
> -country:    DE
> +net:		5.1.83.0/24
> +descr:		GaiacomLC
> +remarks:	routed to DE, inaccurate RIR data
> +country:	DE
> 
> -net:        5.1.88.0/24
> -descr:      GaiacomLC
> -remarks:    routed to DE, inaccurate RIR data
> -country:    DE
> +net:		5.1.88.0/24
> +descr:		GaiacomLC
> +remarks:	routed to DE, inaccurate RIR data
> +country:	DE
> 
> net:		5.252.32.0/22
> descr:		StormWall s.r.o.
> @@ -1413,6 +1438,11 @@ descr:		Golden Internet LLC
> remarks:	fake location (KP), WHOIS contact points to RU
> country:   	RU
> 
> +net:		91.90.120.0/24
> +descr:		M247 LTD, Greenland Infrastructure
> +remarks:	... traces back to CA
> +country:   	CA
> +
> net:		91.149.194.0/24
> descr:		IP Volume Ltd. / Epik
> remarks:	fake location (CH), traces back to SE
> @@ -1488,10 +1518,10 @@ descr:		Intelcom Group Ltd
> remarks:	fake offshore location (SC), traces back to RU
> country:   	RU
> 
> -net:        185.140.204.0/22
> -descr:      Hornetsecurity GmbH
> -remarks:    all suballocations are used in DE, but are assigned to US
> -country:    DE
> +net:		185.140.204.0/22
> +descr:		Hornetsecurity GmbH
> +remarks:	all suballocations are used in DE, but are assigned to US
> +country:	DE
> 
> net:		185.175.93.0/24
> descr:		Perfect Hosting Solutions
> diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
> index 7df6188..29057d9 100644
> --- a/overrides/override-xd.txt
> +++ b/overrides/override-xd.txt
> @@ -26,24 +26,57 @@
> # Please keep this file sorted.
> #
> 
> +aut-num:	AS39770
> +descr:		1337TEAM LIMITED / eliteteam[.]to
> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
> +drop:		yes
> +
> aut-num:	AS48090
> descr:		PPTECHNOLOGY LIMITED
> remarks:	bulletproof ISP (related to AS204655) located in NL
> country:	NL
> drop:		yes
> 
> +aut-num:	AS49447
> +descr:		Nice IT Services Group Inc.
> +remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
> +country:	CH
> +drop:		yes
> +
> +aut-num:	AS51381
> +descr:		1337TEAM LIMITED / eliteteam[.]to
> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
> +country:	RU
> +drop:		yes
> +
> +aut-num:	AS55303
> +descr:		Eagle Sky Co., Lt[d ?]
> +remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
> +country:	AP
> +drop:		yes
> +
> aut-num:	AS56611
> descr:		REBA Communications BV
> remarks:	bulletproof ISP (related to AS202425) located in NL
> country:	NL
> drop:		yes
> 
> +aut-num:	AS56873
> +descr:		1337TEAM LIMITED / eliteteam[.]to
> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
> +drop:		yes
> +
> aut-num:	AS57717
> descr:		FiberXpress BV
> remarks:	bulletproof ISP (related to AS202425) located in NL
> country:	NL
> drop:		yes
> 
> +aut-num:	AS60424
> +descr:		1337TEAM LIMITED / eliteteam[.]to
> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
> +drop:		yes
> +
> aut-num:	AS62068
> descr:		SpectraIP B.V.
> remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
> @@ -62,6 +95,12 @@ remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
> country:	NL
> drop:		yes
> 
> +aut-num:	AS200391
> +descr:		KREZ 999 EOOD
> +remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
> +country:	BG
> +drop:		yes
> +
> aut-num:	AS202425
> descr:		IP Volume Inc.
> remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
> @@ -74,6 +113,12 @@ remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace
> country:	NL
> drop:		yes
> 
> +aut-num:	AS207812
> +descr:		DM AUTO EOOD
> +remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
> +country:	BG
> +drop:		yes
> +
> aut-num:	AS204655
> descr:		Novogara Ltd.
> remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
> @@ -85,3 +130,8 @@ descr:		Datapacket Maroc SARL
> remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
> country:	NL
> drop:		yes
> +
> +net:		2a10:9700::/29
> +descr:		1337TEAM LIMITED / eliteteam[.]to
> +remarks:	Owned by an offshore letterbox company, suspected rogue ISP
> +drop:		yes
> -- 
> 2.26.2

[PATCH] override-{a1,other,xd}: Regular batch of various overrides

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 14361 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  48 ----------------
 overrides/override-other.txt | 104 ++++++++++++++++++++++-------------
 overrides/override-xd.txt    |  50 +++++++++++++++++
 3 files changed, 117 insertions(+), 85 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 5734c08..5fce4d9 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -82,11 +82,6 @@ descr:				Asiamax Ltd. VPN
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS39770
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
-
 aut-num:			AS43233
 descr:				VPS 404 Ltd.
 remarks:			VPN provider [high confidence, but not proofed] located in ES
@@ -114,12 +109,6 @@ descr:				BeeVPN ApS
 remarks:			VPN provider
 is-anonymous-proxy:		yes
 
-aut-num:			AS51381
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
-country:			RU
-
 aut-num:			AS51446
 descr:				SP Argaev Artem Sergeyevich / Foundation Respect My Privacy
 remarks:			VPN provider [high confidence, but not proofed]
@@ -142,17 +131,6 @@ remarks:			Tor relay and VPN provider, traces back to SE [high confidence, but n
 is-anonymous-proxy:		yes
 country:			SE
 
-aut-num:			AS55303
-descr:				Eagle Sky Co., Lt[d ?]
-remarks:			Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
-is-anonymous-proxy:		yes
-country:			AP
-
-aut-num:			AS56873
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
-
 aut-num:			AS58110
 descr:				IP Volume Ltd. / Epik
 remarks:			Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure
@@ -168,11 +146,6 @@ descr:				Geotelco Limited
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 
-aut-num:			AS60424
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
-
 aut-num:			AS60729
 descr:				Zwiebelfreunde e.V.
 remarks:			Tor relay provider
@@ -214,12 +187,6 @@ descr:				HERN Labs AB
 remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 
-aut-num:			AS206819
-descr:				ANSON NETWORK LIMITED
-remarks:			Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
-is-anonymous-proxy:		yes
-country:			TW
-
 aut-num:			AS207688
 descr:				DataHome S.A.
 remarks:			VPN provider located in BR [high confidence, but not proofed]
@@ -1430,11 +1397,6 @@ descr:				Tredinvest LLC / bestwest[.]host
 remarks:			VPN provider or offering similar services [high confidence, but not proofed]
 is-anonymous-proxy:		yes
 
-net:				185.215.113.0/24
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
-
 net:				185.220.100.0/22
 descr:				Zwiebelfreunde e.V. / F3 Netze e.V. / The Calyx Institute
 remarks:			Tor relay provider
@@ -1692,11 +1654,6 @@ descr:				LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / Cookie
 remarks:			Hijacked AfriNIC IP chunk mostly used by VPN providers
 is-anonymous-proxy:		yes
 
-net:				196.61.192.0/20
-descr:				Inspiring Networks LTD
-remarks:			hijacked (?) IP network owned by an offshore company [high confidence, but not proofed]
-is-anonymous-proxy:		yes
-
 net:				197.221.161.0/24
 descr:				VPNClientPublics
 remarks:			VPN provider
@@ -2031,8 +1988,3 @@ net:				2c0f:f930::/32
 descr:				Cyberdyne S.A.
 remarks:			Tor relay provider
 is-anonymous-proxy:		yes
-
-net:				2a10:9700::/29
-descr:				1337TEAM LIMITED / eliteteam[.]to
-remarks:			Owned by an offshore letterbox company, suspected rogue ISP
-is-anonymous-proxy:		yes
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 7d76534..ca9dbad 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -85,6 +85,11 @@ descr:		Tianhai InfoTech
 remarks:	IP hijacker located somewhere in AP, massively tampers with RIR data
 country:	AP
 
+aut-num:	AS5408
+descr:		Greek Research and Technology Network (GRNET) S.A.
+remarks:	... located in GR
+country:	GR
+
 aut-num:	AS6134
 descr:		XNNET LLC
 remarks:	traces back to an unknown oversea location (HK?), seems to tamper with RIR data
@@ -363,6 +368,11 @@ descr:		CNSERVERS LLC
 remarks:	Shady ISP located in US, tampers with RIR data
 country:	US
 
+aut-num:	AS41047
+descr:		MLAB Open Source Community
+remarks:	traces back to DE
+country:	DE
+
 aut-num:	AS41466
 descr:		Treidinvest LLC
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
@@ -408,6 +418,11 @@ descr:		DGN TEKNOLOJI A.S.
 remarks:	ISP located in TR, but many RIR data for announced prefixes contain garbage
 country:	TR
 
+aut-num:	AS43092
+descr:		Kirin Communication Limited
+remarks:	tampers with RIR data, traces back to AP area
+country:	AP
+
 aut-num:	AS43310
 descr:		TOV "LVS"
 remarks:	ISP located in UA, but some RIR data for announced prefixes contain garbage
@@ -498,11 +513,6 @@ descr:		LLC Baxet
 remarks:	tampers with RIR data, traces back to RU
 country:	RU
 
-aut-num:	AS49447
-descr:		Nice IT Services Group Inc.
-remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
-country:	CH
-
 aut-num:	AS49466
 descr:		KLAYER LLC
 remarks:	part of the "Asline" IP hijacking gang, traces back to AP region
@@ -748,6 +758,11 @@ descr:		NForce Entertainment BV
 remarks:	currently hijacks a single stolen /20 AfriNIC IPv4 net, hosted in NL
 country:	NL
 
+aut-num:	AS131685
+descr:		Sun Network (Hong Kong) Limited
+remarks:	ISP and/or IP hijacker located somewhere in AP
+country:	AP
+
 aut-num:	AS132369
 descr:		XIANGAO INTERNATIONAL TELECOMMUNICATION LIMITED
 remarks:	ISP located in HK, tampers with RIR data
@@ -758,9 +773,14 @@ descr:		POWER LINE DATACENTER
 remarks:	ISP and/or IP hijacker located in HK, tampers with RIR data
 country:	HK
 
+aut-num:	AS133201
+descr:		ABCDE GROUP COMPANY LIMITED
+remarks:	ISP and/or IP hijacker located somewhere in AP
+country:	AP
+
 aut-num:	AS133441
 descr:		CloudITIDC Global
-remarks:	ISP and/or IP hijacker located somehwere in AP
+remarks:	ISP and/or IP hijacker located somewhere in AP
 country:	AP
 
 aut-num:	AS133752
@@ -810,7 +830,7 @@ country:	AP
 
 aut-num:	AS136800
 descr:		ICIDC NETWORK
-remarks:	IP hijacker located somehwere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
+remarks:	IP hijacker located somewhere in AP, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
 country:	AP
 
 aut-num:	AS136933
@@ -923,6 +943,11 @@ descr:		Incomparable(HK)Network Co., Limited
 remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
 country:	AP
 
+aut-num:	AS141746
+descr:		Orenji Server
+remarks:	IP hijacker located somewhere in AP area (JP?)
+country:	AP
+
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
 remarks:	ISP located in UA, but RIR data for announced prefixes all say EU
@@ -933,11 +958,6 @@ descr:		ALEXHOST SRL
 remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
 country:	MD
 
-aut-num:	AS200391
-descr:		KREZ 999 EOOD
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-
 aut-num:	AS200699
 descr:		Datashield, Inc.
 remarks:	fake offshore location (SC), traces back to NL
@@ -1028,6 +1048,11 @@ descr:		Genius Guard / Genius Security Ltd.
 remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
 country:	RU
 
+aut-num:	AS206819
+descr:		ANSON NETWORK LIMITED
+remarks:	Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
+country:	TW
+
 aut-num:	AS206898
 descr:		Server Hosting Pty Ltd
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
@@ -1063,11 +1088,6 @@ descr:		Altrosky Technology Ltd.
 remarks:	fake offshore location (SC), traces back to CZ and NL
 country:	EU
 
-aut-num:	AS207812
-descr:		DM AUTO EOOD
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
-country:	BG
-
 aut-num:	AS208046
 descr:		Maximilian Kutzner trading as HostSlick
 remarks:	traces back to NL, but some RIR data for announced prefixes contain garbage
@@ -1248,6 +1268,11 @@ descr:		Sun Network Company Limited
 remarks:	IP hijacker, traces back to AP region
 country:	AP
 
+aut-num:	AS328608
+descr:		Africa on Cloud
+remarks:	... for some reason, I doubt a _real_ African ISP would announce solely hijacked prefixes
+country:	AP
+
 aut-num:	AS328703
 descr:		Seven Network Inc.
 remarks:	traces back to ZA
@@ -1313,25 +1338,25 @@ descr:		Wolverine Trading, LLC
 remarks:	IP hijacker located in US, tampers with RIR data
 country:	US
 
-net:        5.1.68.0/24
-descr:      GaiacomLC
-remarks:    routed to DE, inaccurate RIR data
-country:    DE
+net:		5.1.68.0/24
+descr:		GaiacomLC
+remarks:	routed to DE, inaccurate RIR data
+country:	DE
 
-net:        5.1.69.0/24
-descr:      GaiacomLC
-remarks:    routed to DE, inaccurate RIR data
-country:    DE
+net:		5.1.69.0/24
+descr:		GaiacomLC
+remarks:	routed to DE, inaccurate RIR data
+country:	DE
 
-net:        5.1.83.0/24
-descr:      GaiacomLC
-remarks:    routed to DE, inaccurate RIR data
-country:    DE
+net:		5.1.83.0/24
+descr:		GaiacomLC
+remarks:	routed to DE, inaccurate RIR data
+country:	DE
 
-net:        5.1.88.0/24
-descr:      GaiacomLC
-remarks:    routed to DE, inaccurate RIR data
-country:    DE
+net:		5.1.88.0/24
+descr:		GaiacomLC
+remarks:	routed to DE, inaccurate RIR data
+country:	DE
 
 net:		5.252.32.0/22
 descr:		StormWall s.r.o.
@@ -1413,6 +1438,11 @@ descr:		Golden Internet LLC
 remarks:	fake location (KP), WHOIS contact points to RU
 country:   	RU
 
+net:		91.90.120.0/24
+descr:		M247 LTD, Greenland Infrastructure
+remarks:	... traces back to CA
+country:   	CA
+
 net:		91.149.194.0/24
 descr:		IP Volume Ltd. / Epik
 remarks:	fake location (CH), traces back to SE
@@ -1488,10 +1518,10 @@ descr:		Intelcom Group Ltd
 remarks:	fake offshore location (SC), traces back to RU
 country:   	RU
 
-net:        185.140.204.0/22
-descr:      Hornetsecurity GmbH
-remarks:    all suballocations are used in DE, but are assigned to US
-country:    DE
+net:		185.140.204.0/22
+descr:		Hornetsecurity GmbH
+remarks:	all suballocations are used in DE, but are assigned to US
+country:	DE
 
 net:		185.175.93.0/24
 descr:		Perfect Hosting Solutions
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 7df6188..29057d9 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -26,24 +26,57 @@
 # Please keep this file sorted.
 #
 
+aut-num:	AS39770
+descr:		1337TEAM LIMITED / eliteteam[.]to
+remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+drop:		yes
+
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS49447
+descr:		Nice IT Services Group Inc.
+remarks:	Rogue ISP located in CH, but some RIR data for announced prefixes contain garbage
+country:	CH
+drop:		yes
+
+aut-num:	AS51381
+descr:		1337TEAM LIMITED / eliteteam[.]to
+remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+country:	RU
+drop:		yes
+
+aut-num:	AS55303
+descr:		Eagle Sky Co., Lt[d ?]
+remarks:	Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
+country:	AP
+drop:		yes
+
 aut-num:	AS56611
 descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS56873
+descr:		1337TEAM LIMITED / eliteteam[.]to
+remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+drop:		yes
+
 aut-num:	AS57717
 descr:		FiberXpress BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS60424
+descr:		1337TEAM LIMITED / eliteteam[.]to
+remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+drop:		yes
+
 aut-num:	AS62068
 descr:		SpectraIP B.V.
 remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
@@ -62,6 +95,12 @@ remarks:	bulletproof ISP (linked to AS202425 et al.) located in NL
 country:	NL
 drop:		yes
 
+aut-num:	AS200391
+descr:		KREZ 999 EOOD
+remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country:	BG
+drop:		yes
+
 aut-num:	AS202425
 descr:		IP Volume Inc.
 remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
@@ -74,6 +113,12 @@ remarks:	bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace
 country:	NL
 drop:		yes
 
+aut-num:	AS207812
+descr:		DM AUTO EOOD
+remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data
+country:	BG
+drop:		yes
+
 aut-num:	AS204655
 descr:		Novogara Ltd.
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
@@ -85,3 +130,8 @@ descr:		Datapacket Maroc SARL
 remarks:	bulletproof ISP (strongly linked to AS202425) located in NL
 country:	NL
 drop:		yes
+
+net:		2a10:9700::/29
+descr:		1337TEAM LIMITED / eliteteam[.]to
+remarks:	Owned by an offshore letterbox company, suspected rogue ISP
+drop:		yes
-- 
2.26.2