From patchwork Sun Apr 11 09:31:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4142 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FJ67N4ZTpz3yBV for ; Sun, 11 Apr 2021 09:31:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FJ67N1FBNz4KT; Sun, 11 Apr 2021 09:31:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FJ67N0VnDz2xmd; Sun, 11 Apr 2021 09:31:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FJ67L6sV9z2yS1 for ; Sun, 11 Apr 2021 09:31:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FJ67K2vRwz4KT for ; Sun, 11 Apr 2021 09:31:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1618133470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B3gCjyiU5xreq2ENiq0dYuetBkZnnllUok6MjM5hH3o=; b=QkHAJOk1r9GOXwqyttNkvNtnpKuI10pyIsuSGb2tyt3CLmYefYk8IHQwp9zsKM3xx0MVfI Fo/P1tL9J2S6cYBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1618133470; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B3gCjyiU5xreq2ENiq0dYuetBkZnnllUok6MjM5hH3o=; b=QsU2YxKQ3EnhpZgwI5KhP1/egtix8FD7uV4kHqPOzbnu2ADL22lI75j7AFGdcoCMoa90md j6HHVPxz7dMRHfmLq1B1M+0IYYjRFyki/7wjREDXwozfUOtoB0z1SWV9FfncG5KXtLy1k9 wneubReGCQlvYtj64s95h5R8xMA+K2L713DrmBW9w7OC3O8mQUsxX4KjQAK9o/YZZgNIWS WF+ZnmH3xeuPaNlv3zAvhm/h32W3Bz3GXuSoec2klOZerMgR3JQm5CpBA4/YRr/ivx8iX2 K7ao3RlA0AjQbUudVXTEeaCToHxLVicRoxB/NLGpE2EALeatPFJobT0JyLAiiw== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-{a{1,3},other}: regular batch of various overrides Message-ID: Date: Sun, 11 Apr 2021 11:31:04 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" These came to my attention last night. Signed-off-by: Peter Müller --- overrides/override-a1.txt | 17 ++++++++++-- overrides/override-a3.txt | 5 ++++ overrides/override-other.txt | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index ef3ec7d..0b50b76 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -99,9 +99,10 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes aut-num: AS55303 -descr: Eagle Sky Co., Lt -remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize" +descr: Eagle Sky Co., Lt[d ?] +remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity is-anonymous-proxy: yes +country: AP aut-num: AS58546 descr: Astrill VPN @@ -128,6 +129,12 @@ descr: Anonymizer, Inc. remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS206819 +descr: ANSON NETWORK LIMITED +remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW +is-anonymous-proxy: yes +country: TW + aut-num: AS207688 descr: DataHome S.A. remarks: VPN provider located in BR [high confidence, but not proofed] @@ -634,6 +641,12 @@ descr: Perfect Privacy LTD remarks: VPN provider is-anonymous-proxy: yes +net: 85.92.100.0/22 +descr: LoadProxy, LLC +remarks: VPN provider +is-anonymous-proxy: yes +country: US + net: 85.203.23.0/24 descr: VPN Consumer Network / falco-networks.com remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index dbf5dd7..36e03a3 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -160,6 +160,11 @@ descr: ipcom GmbH remarks: Generic anycast network is-anycast: yes +aut-num: AS209813 +descr: Fast Content Delivery Ltd. +remarks: Generic anycast network +is-anycast: yes + aut-num: AS210004 descr: Stichting Internet Domeinregistratie Nederland (SIDN) remarks: TLD operator's anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index a41d4da..d2c2423 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -128,6 +128,11 @@ descr: Cloud Management LLC remarks: tampers with RIR data, traces back to HK country: HK +aut-num: AS44015 +descr: Landgard Management Inc. +remarks: bulletproof ISP with strong links to RU +country: RU + aut-num: AS44477 descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -173,11 +178,21 @@ descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS56851 +descr: PE Skurykhin Mukola Volodumurovuch +remarks: tampers with RIR data, traces back to UA +country: UA + aut-num: AS57717 descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS57724 +descr: DDOS-GUARD LTD +remarks: shady ISP, customers massively tamper with RIR data, we cannot trust this network +country: RU + aut-num: AS57858 descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data @@ -193,6 +208,11 @@ descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA country: UA +aut-num: AS58349 +descr: INNETRA PC +remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU +country: EU + aut-num: AS59580 descr: Batterflyai Media Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -208,6 +228,11 @@ descr: Network Dedicated SAS remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL country: NL +aut-num: AS61977 +descr: Vivo Trade L.P. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -248,6 +273,11 @@ descr: Wujidun Network Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS200019 +descr: ALEXHOST SRL +remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network +country: MD + aut-num: AS200699 descr: Datashield, Inc. remarks: fake offshore location (SC), traces back to NL @@ -273,6 +303,11 @@ descr: FutureNow Incorporated remarks: ISP located in BG, but RIR data for announced prefixes contain garbage country: BG +aut-num: AS202920 +descr: DataClub S.A. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS202425 descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL @@ -308,6 +343,11 @@ descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage country: ES +aut-num: AS206397 +descr: Genius Guard / Genius Security Ltd. +remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU +country: RU + aut-num: AS207046 descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -338,6 +378,11 @@ descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage country: EU +aut-num: AS211849 +descr: Kakharov Orinbassar Maratuly +remarks: ISP located in RU, but RIR data for announced prefixes contain garbage +country: RU + aut-num: AS213035 descr: Serverion BV remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage @@ -458,6 +503,11 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU +net: 91.243.32.0/19 +descr: Petersburg Internet Network Ltd. +remarks: RIR data for suballocations contain garbage, they are all located in RU +country: RU + net: 95.181.152.0/21 descr: QWARTA LLC remarks: fake location (US), WHOIS contact and traceroutes point to RU