From patchwork Fri May 14 07:52:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4270 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4FhLMz4ZSnz44RW for ; Fri, 14 May 2021 07:52:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4FhLMz1Y9tzmP; Fri, 14 May 2021 07:52:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4FhLMy6SzJz2xd6; Fri, 14 May 2021 07:52:14 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4FhLMx2fF2z2xXY for ; Fri, 14 May 2021 07:52:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4FhLMv6zzQzcb for ; Fri, 14 May 2021 07:52:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1620978732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rcYOlx4X1yp4JGpWu48Uj3lYz8PNUCSQq7CflpzXA4A=; b=QkZMh8rSXzDaK0fkLsz7tXHz2smcP0ZqtxvLi7aEGKvvScRpEKi991BCtQgJ+NWaWPhM+4 6yJgwVuVhDDq+YAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1620978732; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rcYOlx4X1yp4JGpWu48Uj3lYz8PNUCSQq7CflpzXA4A=; b=e6doORGY+ZeoFZCk/FXztw4R9dIs9GGJqX1wG4/dzXzFQNhjp6DVU7whvpAh4RViG/KF2y yx2NaQNisYKVCyAbSvGvRj6D5+16PAbaZ47o0/GoZoHzm+Tm7wLxNBv+HPAuISxFYWu0xO 1dIQHP9SHVKy89BuAW3mj7aBnVpvuDEAVJhx1jnG+qOmzzWWUmUzyMBxJY7/e1vT6PLAv2 OnG6ViGrtTMiG8T2BJYXKDBtK/9P04j4NYJVdwQPP+Zdy79TXrMAZ/dfZ7ulunJAfT2IPO vr6mDf82mwVJnTxZ9n0ATiuI8HOM8o5LD8cnxqgGhhFkzYEMWOoviC7VaoG1jg== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-{a{1,3},other}: weekly batch of various overrides Message-ID: <196a6c58-1f91-c3e0-0bf0-252511328b81@ipfire.org> Date: Fri, 14 May 2021 09:52:09 +0200 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" AS58110 is especially interesting... Signed-off-by: Peter Müller --- overrides/override-a1.txt | 12 +++++++++++- overrides/override-a3.txt | 15 +++++++++++++++ overrides/override-other.txt | 37 +++++++++++++++++++++++++++++++++++- 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 06d2d20..fc97098 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -46,7 +46,7 @@ is-anonymous-proxy: yes aut-num: AS34962 descr: Epik Network -remarks: VPN provider +remarks: Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure is-anonymous-proxy: yes aut-num: AS35029 @@ -110,6 +110,11 @@ remarks: Autonomous System registered to offshore company, abuse contact is a is-anonymous-proxy: yes country: AP +aut-num: AS58110 +descr: IP Volume Ltd. / Epik +remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure +is-anonymous-proxy: yes + aut-num: AS58546 descr: Astrill VPN remarks: VPN provider @@ -1045,6 +1050,11 @@ descr: Access Now remarks: Tor relay provider is-anonymous-proxy: yes +net: 176.119.142.0/24 +descr: Artykova Alina Biktimerovna / BroVPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 178.170.136.0/22 descr: GZ Systems Limited / PureVPN remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index 36e03a3..ec246c1 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -190,6 +190,16 @@ descr: Hybula B.V. remarks: Generic anycast network is-anycast: yes +net: 5.182.48.0/24 +descr: FluxCDN +remarks: Generic anycast network +is-anycast: yes + +net: 5.182.49.0/24 +descr: FluxCDN +remarks: Generic anycast network +is-anycast: yes + net: 5.254.74.0/24 descr: VOXILITY LLC remarks: Generic anycast network @@ -535,6 +545,11 @@ descr: Thomas Steen Rasmussen / UncensoredDNS / censurfridns.dk remarks: Public anycast DNS resolver is-anycast: yes +net: 92.118.229.0/24 +descr: Epik +remarks: Generic anycast network +is-anycast: yes + net: 92.223.95.0/24 descr: G-Core Labs S.A. remarks: Generic anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index e56a208..4446279 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -93,6 +93,11 @@ descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage country: BG +aut-num: AS35624 +descr: Neterra Ltd. +remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage +country: RU + aut-num: AS39287 descr: ab stract / Peter Kolmisoppi remarks: tampers with RIR data, traces back to SE @@ -378,6 +383,11 @@ descr: Genius Guard / Genius Security Ltd. remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU country: RU +aut-num: AS206898 +descr: Server Hosting Pty Ltd +remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage +country: NL + aut-num: AS207046 descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -423,6 +433,11 @@ descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage country: EU +aut-num: AS210119 +descr: VPSSC Networks LTD +remarks: ISP located in UA, but RIR data for announced prefixes contain garbage +country: UA + aut-num: AS211849 descr: Kakharov Orinbassar Maratuly remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -508,6 +523,11 @@ descr: FlokiNET Ltd. remarks: fake offshore location (SC), traces back to RO country: RO +net: 45.89.97.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to GB +country: GB + net: 45.93.16.0/22 descr: IPv4 Superhub Limited remarks: network owned by an HK company, traces back to HK as well - but is assigned to DE. Nice try... @@ -515,7 +535,7 @@ country: HK net: 45.134.12.0/24 descr: MS Network LTD -remarks: fake offshore location (SC), traces back to NLm +remarks: fake offshore location (SC), traces back to NL country: NL net: 45.134.144.0/22 @@ -548,6 +568,21 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU +net: 91.149.194.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to SE +country: SE + +net: 91.149.195.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to SE +country: SE + +net: 91.149.224.0/24 +descr: IP Volume Ltd. / Epik +remarks: fake location (CH), traces back to NO +country: NO + net: 91.243.32.0/19 descr: Petersburg Internet Network Ltd. remarks: RIR data for suballocations contain garbage, they are all located in RU