override-{a{1,3},other}: regular batch of various overrides

Message ID a684a7bf-3bd4-b753-ab22-93d5db0ca33d@ipfire.org
State Accepted
Commit e5d563de22922f4433522a1e47f11928cbcb37e3
Headers show
Series
  • override-{a{1,3},other}: regular batch of various overrides
Related show

Commit Message

Peter Müller April 11, 2021, 9:31 a.m. UTC
These came to my attention last night.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    | 17 ++++++++++--
 overrides/override-a3.txt    |  5 ++++
 overrides/override-other.txt | 50 ++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 2 deletions(-)

Patch

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index ef3ec7d..0b50b76 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -99,9 +99,10 @@  remarks:			VPN provider [high confidence, but not proofed]
 is-anonymous-proxy:	yes
 
 aut-num:			AS55303
-descr:				Eagle Sky Co., Lt
-remarks:			Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize"
+descr:				Eagle Sky Co., Lt[d ?]
+remarks:			Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity
 is-anonymous-proxy:	yes
+country:			AP
 
 aut-num:			AS58546
 descr:				Astrill VPN
@@ -128,6 +129,12 @@  descr:				Anonymizer, Inc.
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+aut-num:			AS206819
+descr:				ANSON NETWORK LIMITED
+remarks:			Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW
+is-anonymous-proxy:	yes
+country:			TW
+
 aut-num:			AS207688
 descr:				DataHome S.A.
 remarks:			VPN provider located in BR [high confidence, but not proofed]
@@ -634,6 +641,12 @@  descr:				Perfect Privacy LTD
 remarks:			VPN provider
 is-anonymous-proxy:	yes
 
+net:				85.92.100.0/22
+descr:				LoadProxy, LLC
+remarks:			VPN provider
+is-anonymous-proxy:	yes
+country:			US
+
 net:				85.203.23.0/24
 descr:				VPN Consumer Network / falco-networks.com
 remarks:			VPN provider
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index dbf5dd7..36e03a3 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -160,6 +160,11 @@  descr:		ipcom GmbH
 remarks:	Generic anycast network
 is-anycast:	yes
 
+aut-num:	AS209813
+descr:		Fast Content Delivery Ltd.
+remarks:	Generic anycast network
+is-anycast:	yes
+
 aut-num:	AS210004
 descr:		Stichting Internet Domeinregistratie Nederland (SIDN)
 remarks:	TLD operator's anycast network
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index a41d4da..d2c2423 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -128,6 +128,11 @@  descr:		Cloud Management LLC
 remarks:	tampers with RIR data, traces back to HK
 country:	HK
 
+aut-num:	AS44015
+descr:		Landgard Management Inc.
+remarks:	bulletproof ISP with strong links to RU
+country:	RU
+
 aut-num:	AS44477
 descr:		IP Oleinichenko Denis
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -173,11 +178,21 @@  descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 
+aut-num:	AS56851
+descr:		PE Skurykhin Mukola Volodumurovuch
+remarks:	tampers with RIR data, traces back to UA
+country:	UA
+
 aut-num:	AS57717
 descr:		FiberXpress BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
 country:	NL
 
+aut-num:	AS57724
+descr:		DDOS-GUARD LTD
+remarks:	shady ISP, customers massively tamper with RIR data, we cannot trust this network
+country:	RU
+
 aut-num:	AS57858
 descr:		Inter Connects Inc.
 remarks:	part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data
@@ -193,6 +208,11 @@  descr:		FOP Gubina Lubov Petrivna
 remarks:	bulletproof ISP operating from a war zone in eastern UA
 country:	UA
 
+aut-num:	AS58349
+descr:		INNETRA PC
+remarks:	another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU
+country:	EU
+
 aut-num:	AS59580
 descr:		Batterflyai Media Ltd.
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -208,6 +228,11 @@  descr:		Network Dedicated SAS
 remarks:	bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL
 country:	NL
 
+aut-num:	AS61977
+descr:		Vivo Trade L.P.
+remarks:	another shady customer of "DDoS Guard Ltd."
+country:	RU
+
 aut-num:	AS62468
 descr:		VpsQuan L.L.C.
 remarks:	claims to be located in US, but traces to HK
@@ -248,6 +273,11 @@  descr:		Wujidun Network Limited
 remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
 country:	AP
 
+aut-num:	AS200019
+descr:		ALEXHOST SRL
+remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
+country:	MD
+
 aut-num:	AS200699
 descr:		Datashield, Inc.
 remarks:	fake offshore location (SC), traces back to NL
@@ -273,6 +303,11 @@  descr:		FutureNow Incorporated
 remarks:	ISP located in BG, but RIR data for announced prefixes contain garbage
 country:	BG
 
+aut-num:	AS202920
+descr:		DataClub S.A.
+remarks:	another shady customer of "DDoS Guard Ltd."
+country:	RU
+
 aut-num:	AS202425
 descr:		IP Volume Inc.
 remarks:	bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL
@@ -308,6 +343,11 @@  descr:		Hauer Hosting Services Limited
 remarks:	ISP located in ES, but some RIR data for announced prefixes contain garbage
 country:	ES
 
+aut-num:	AS206397
+descr:		Genius Guard / Genius Security Ltd.
+remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
+country:	RU
+
 aut-num:	AS207046
 descr:		Xtudio Networks S.L.U.
 remarks:	ISP located in ES, but some RIR data for announced prefixes contain garbage
@@ -338,6 +378,11 @@  descr:		Gudaev Maxim Amrakhovich
 remarks:	announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage
 country:	EU
 
+aut-num:	AS211849
+descr:		Kakharov Orinbassar Maratuly
+remarks:	ISP located in RU, but RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS213035
 descr:		Serverion BV
 remarks:	ISP located in NL, but RIR data for most announced prefixes contain garbage
@@ -458,6 +503,11 @@  descr:		Golden Internet LLC
 remarks:	fake location (KP), WHOIS contact points to RU
 country:   	RU
 
+net:		91.243.32.0/19
+descr:		Petersburg Internet Network Ltd.
+remarks:	RIR data for suballocations contain garbage, they are all located in RU
+country:   	RU
+
 net:		95.181.152.0/21
 descr:		QWARTA LLC
 remarks:	fake location (US), WHOIS contact and traceroutes point to RU