From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: [PATCH] override-{a1,other,xd}: Regular batch of various overrides
Date: Sun, 16 Jan 2022 11:19:27 +0000
Message-ID: <a76e28aa-e648-24eb-380e-4c70d60a2d53@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0423603690678355237=="
List-Id: <location.lists.ipfire.org>

--===============0423603690678355237==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 overrides/override-a1.txt    |  5 ++
 overrides/override-other.txt | 92 ++++++++++++++++++------------------
 overrides/override-xd.txt    | 66 +++++++++++++++++++++++---
 3 files changed, 111 insertions(+), 52 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 43e0174..a97e7ce 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -639,6 +639,11 @@ descr:				Gabor Marton
 remarks:			Loaded with proxies, see also: https://krebsonsecurity.com/2019/0=
8/the-rise-of-bulletproof-residential-networks/
 is-anonymous-proxy:		yes
=20
+net:				45.203.128.0/18
+descr:				ProxyWow LLC
+remarks:			CloudInnovation space leased to "ProxyWow LLC" - not a safe area =
to accept traffic from anyways
+is-anonymous-proxy:		yes
+
 net:				45.220.72.0/22
 descr:				Low budget VPN service
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 89ad8e0..c33e642 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -63,6 +63,11 @@ aut-num:	AS4134
 name:		Chinanet Backbone
 remarks:	has no sane AS name set in APNIC DB
=20
+aut-num:	AS4609
+descr:		Companhia de Telecomunicacones de Macau SARL
+remarks:	ISP located in MO, but some RIR data needs manual correction due to=
 ARIN DB situation
+country:	MO
+
 aut-num:	AS4754
 name:		Software Technology Park of India
 remarks:	has no sane AS name set in APNIC DB
@@ -90,6 +95,11 @@ descr:		Greek Research and Technology Network (GRNET) S.A.
 remarks:	... located in GR
 country:	GR
=20
+aut-num:	AS6079
+descr:		RCN
+remarks:	ISP located in US, but some RIR data for announced prefixes contain=
 garbage
+country:	US
+
 aut-num:	AS6134
 descr:		XNNET LLC
 remarks:	traces back to HK, seems to tamper with RIR data
@@ -208,6 +218,11 @@ descr:		Unicycle, LLC
 remarks:	traces back to NL
 country:	NL
=20
+aut-num:	AS26548
+descr:		PureVoltage Hosting Inc.
+remarks:	ISP and IP hijacker located in US, but some RIR data for announced =
prefixes contain garbage
+country:	US
+
 aut-num:	AS26636
 descr:		GBTCloud, Inc.
 remarks:	ISP located in US, but some RIR data for announced prefixes contain=
 garbage
@@ -263,6 +278,11 @@ descr:		Neterra Ltd.
 remarks:	ISP located in BG, but some RIR data for announced prefixes contain=
 garbage
 country:	BG
=20
+aut-num:	AS34549
+descr:		meerfarbig GmbH & Co. KG
+remarks:	ISP located in DE, but some RIR data for announced prefixes contain=
 garbage
+country:	DE
+
 aut-num:	AS34665
 descr:		Petersburg Internet Network Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain=
 garbage
@@ -388,10 +408,10 @@ descr:		MLAB Open Source Community
 remarks:	traces back to DE
 country:	DE
=20
-aut-num:	AS41564
-descr:		Orion Network Limited
-remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere =
in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by th=
is AS cannot be trusted
-country:	SE
+aut-num:	AS41378
+descr:		Kirino LLC
+remarks:	traces back to AP vincinity, tampers with RIR data
+country:	AP
=20
 aut-num:	AS41608
 descr:		NextGenWebs, S.L.
@@ -603,11 +623,6 @@ descr:		Reliance Jio Infocomm Limited
 remarks:	ISP located in IN, but some RIR data for announced prefixes contain=
 garbage
 country:	IN
=20
-aut-num:	AS55933
-descr:		Cloudie Limited
-remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, trac=
es back to AP region
-country:	AP
-
 aut-num:	AS56322
 descr:		ServerAstra Kft.
 remarks:	ISP located in HU, but some RIR data for announced prefixes contain=
 garbage
@@ -633,16 +648,6 @@ descr:		Telefonica LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain=
 garbage
 country:	RU
=20
-aut-num:	AS57858
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
-aut-num:	AS57972
-descr:		Inter Connects Inc.
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking stolen AfriNIC networks, massively tampers with RIR data
-country:	SE
-
 aut-num:	AS58061
 descr:		Scalaxy B.V.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain=
 garbage
@@ -665,8 +670,8 @@ country:	BG
=20
 aut-num:	AS58349
 descr:		INNETRA PC
-remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probab=
ly RU, but traceroutes dead-end somewhere else in EU
-country:	EU
+remarks:	... traceroutes dead-end in NL
+country:	NL
=20
 aut-num:	AS58879
 descr:		Shanghai Anchang Network Security Technology Co.,Ltd.
@@ -723,11 +728,6 @@ descr:		DignusData LLC
 remarks:	ISP located in PL, but _all_ RIR data for announced prefixes contai=
n garbage
 country:	PL
=20
-aut-num:	AS60485
-descr:		Inter Connects Inc. / Jing Yun
-remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking AfriNIC networks
-country:	SE
-
 aut-num:	AS60546
 descr:		EU Routing Ltd
 remarks:	fake offshore location (CY), hosted in NL
@@ -818,6 +818,11 @@ descr:		CloudITIDC Global
 remarks:	ISP and/or IP hijacker located somewhere in AP
 country:	AP
=20
+aut-num:	AS133613
+descr:		MTel telecommunication company ltd.
+remarks:	ISP and located in MO, but some prefixes needs manual correction du=
e to ARIN DB situation
+country:	MO
+
 aut-num:	AS133752
 descr:		Leaseweb Asia Pacific pte. ltd.
 remarks:	ISP located in HK, some RIR data for announced prefixes contain gar=
bage
@@ -853,6 +858,11 @@ descr:		LUOGELANG (FRANCE) LIMITED
 remarks:	Shady ISP located in HK, RIR data for announced prefixes contain ga=
rbage
 country:	HK
=20
+aut-num:	AS136167
+descr:		China Telecom (Macau) Company Limited
+remarks:	located in MO, yet some prefixes show CN or HK instead
+country:	MO
+
 aut-num:	AS136274
 descr:		Cloud Servers Pvt Ltd
 remarks:	ISP located in NL, all RIR data for announced prefixes contain garb=
age
@@ -918,11 +928,6 @@ descr:		Cloudflare Sydney, LLC
 remarks:	... but CF failed to set the country for announced prefixes to AU a=
s well :-/
 country:	AU
=20
-aut-num:	AS139330
-descr:		SANREN DATA LIMITED
-remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
-country:	AP
-
 aut-num:	AS139471
 descr:		HWA CENT TELECOMMUNICATIONS LIMITED
 remarks:	ISP and/or IP hijacker located in AP area, tampers with RIR data
@@ -955,7 +960,7 @@ country:	HK
=20
 aut-num:	AS139879
 descr:		Galaxy Broadband
-remarks:	ISP located in PK, but announces 204.137.128.0/18, which is ARIN sp=
ace, assigned to "AGIS" / Cogent - odd...
+remarks:	ISP located in PK, but some RIR data need manual correction due to =
ARIN DB situation
 country:	PK
=20
 aut-num:	AS140214
@@ -983,10 +988,10 @@ descr:		Full Time Hosting
 remarks:	ISP located in DE, tampers with RIR data
 country:	DE
=20
-aut-num:	AS141746
-descr:		Orenji Server
-remarks:	IP hijacker located somewhere in AP area (JP?)
-country:	AP
+aut-num:	AS141677
+descr:		Nathosts Limited
+remarks:	... located in HK?
+country:	HK
=20
 aut-num:	AS196682
 descr:		FLP Kochenov Aleksej Vladislavovich
@@ -1198,11 +1203,6 @@ descr:		Des Capital B.V.
 remarks:	Shady ISP located in NL, but RIR data for announced prefixes contai=
n garbage
 country:	NL
=20
-aut-num:	AS210848
-descr:		Telkom Internet LTD
-remarks:	shady ISP currently located in NL
-country:	NL
-
 aut-num:	AS211380
 descr:		PAYWISE HOLDING Sp. z.o.o.
 remarks:	ISP located in NL, but RIR data for announced prefixes contain garb=
age
@@ -1248,11 +1248,6 @@ descr:		MILEGROUP LTD
 remarks:	traceroutes dead-end somewhere in Central Europe
 country:	EU
=20
-aut-num:	AS212552
-descr:		BitCommand LLC
-remarks:	Hides behind a CDN ISP, traceroutes dead-end somewhere in Central E=
urope
-country:	EU
-
 aut-num:	AS212667
 descr:		RECONN LLC
 remarks:	ISP located in RU, but RIR data for announced prefixes contain garb=
age
@@ -1533,6 +1528,11 @@ descr:		SpaceX Canada Corp.
 remarks:	Accurate country code missing due to ARIN DB situation, see also: #=
12746
 country:	CA
=20
+net:		103.126.4.0/23
+descr:		Cyber Telecom ISP
+remarks:	Despite being allocated to AF, traceroutes end in NL
+country:	NL
+
 net:		103.197.148.0/22
 descr:		I.C.S. Trabia-Network S.R.L.
 remarks:	fake offshore location (HK), traces back to MD
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 738a699..2b50406 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -67,6 +67,12 @@ descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
=20
+aut-num:	AS41564
+descr:		Orion Network Limited
+remarks:	shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere =
in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by th=
is AS cannot be trusted
+country:	EU
+drop:		yes
+
 aut-num:	AS43092
 descr:		Kirin Communication Limited
 remarks:	Hijacks IP space and tampers with RIR data, traces back to JP
@@ -79,6 +85,12 @@ remarks:	bulletproof ISP with strong links to RU
 country:	RU
 drop:		yes
=20
+aut-num:	AS44446
+descr:		OOO SibirInvest
+remarks:	bulletproof ISP (related to AS202425 and AS57717) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
 remarks:	bulletproof ISP (related to AS204655) located in NL
@@ -109,6 +121,12 @@ remarks:	Autonomous System registered to offshore compan=
y, abuse contact is a fr
 country:	AP
 drop:		yes
=20
+aut-num:	AS55933
+descr:		Cloudie Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, trac=
es back to AP region
+country:	AP
+drop:		yes
+
 aut-num:	AS56611
 descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
@@ -126,6 +144,18 @@ remarks:	bulletproof ISP (related to AS202425) located i=
n NL
 country:	NL
 drop:		yes
=20
+aut-num:	AS57858
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
+aut-num:	AS57972
+descr:		Inter Connects Inc.
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking stolen AfriNIC networks, massively tampers with RIR data
+country:	SE
+drop:		yes
+
 aut-num:	AS58271
 descr:		FOP Gubina Lubov Petrivna
 remarks:	bulletproof ISP operating from a war zone in eastern UA
@@ -143,6 +173,12 @@ descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Owned by an offshore letterbox company, suspected rogue ISP
 drop:		yes
=20
+aut-num:	AS60485
+descr:		Inter Connects Inc. / Jing Yun
+remarks:	part of a dirty ISP conglomerate operating most likely out of SE, h=
ijacking AfriNIC networks
+country:	SE
+drop:		yes
+
 aut-num:	AS61414
 descr:		EDGENAP LTD
 remarks:	IP hijacking? Rogue ISP?
@@ -190,6 +226,12 @@ remarks:	IP hijacker located somewhere in AP area
 country:	AP
 drop:		yes
=20
+aut-num:	AS139330
+descr:		SANREN DATA LIMITED
+remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
+country:	AP
+drop:		yes
+
 aut-num:	AS140107
 descr:		CITIS CLOUD GROUP LIMITED
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, loca=
tion unknown (AP? HK? US?)
@@ -201,6 +243,12 @@ remarks:	ISP and IP hijacker located in HK, tampers with=
 RIR data
 country:	HK
 drop:		yes
=20
+aut-num:	AS141746
+descr:		Orenji Server
+remarks:	IP hijacker located somewhere in AP area (JP?)
+country:	AP
+drop:		yes
+
 aut-num:	AS200391
 descr:		KREZ 999 EOOD
 remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG=
, tampers with RIR data
@@ -231,24 +279,30 @@ remarks:	bulletproof ISP (strongly linked to AS202425) =
located in NL
 country:	NL
 drop:		yes
=20
-aut-num:	AS207812
-descr:		DM AUTO EOOD
-remarks:	another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG=
, tampers with RIR data
-country:	BG
-drop:		yes
-
 aut-num:	AS209272
 descr:		Alviva Holding Limited
 remarks:	bulletproof ISP operating from a war zone in eastern UA
 country:	UA
 drop:		yes
=20
+aut-num:	AS210848
+descr:		Telkom Internet LTD
+remarks:	Rogue ISP (linked to AS202425) located in NL
+country:	NL
+drop:		yes
+
 aut-num:	AS211193
 descr:		ABDILAZIZ UULU ZHUSUP
 remarks:	bulletproof ISP and IP hijacker, traces to RU
 country:	RU
 drop:		yes
=20
+aut-num:	AS212552
+descr:		BitCommand LLC
+remarks:	Dirty ISP located somewhere in EU, cannot trust RIR data of this ne=
twork
+country:	EU
+drop:		yes
+
 aut-num:	AS213058
 descr:		Private Internet Hosting LTD
 remarks:	bulletproof ISP located in RU
--=20
2.31.1

--===============0423603690678355237==--