From patchwork Thu Sep 2 12:07:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4655 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4H0fnj3fYCz3x2Y for ; Thu, 2 Sep 2021 12:07:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4H0fnj07hXzSG; Thu, 2 Sep 2021 12:07:53 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4H0fnh6Z9Jz2xJj; Thu, 2 Sep 2021 12:07:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4H0fng6wKqz2xKZ for ; Thu, 2 Sep 2021 12:07:51 +0000 (UTC) Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "people01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4H0fng1rX3zSG; Thu, 2 Sep 2021 12:07:51 +0000 (UTC) Received: by people01.haj.ipfire.org (Postfix, from userid 1078) id 4H0fng0QXsz2xJX; Thu, 2 Sep 2021 12:07:51 +0000 (UTC) From: =?utf-8?q?Peter_M=C3=BCller?= To: location@lists.ipfire.org Subject: [PATCH] override-{a1,other}: regular batch of various overrides Date: Thu, 2 Sep 2021 12:07:49 +0000 Message-Id: <20210902120749.28037-1-peter.mueller@ipfire.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-a1.txt | 177 ++++++++++++++++++++++++++++++++++- overrides/override-other.txt | 20 ++++ 2 files changed, 195 insertions(+), 2 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index b4940b2..acb5cb2 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -34,6 +34,11 @@ descr: Maginfo remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS13487 +descr: ULTRA PACKET LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS16255 descr: IRIDIUM PROVIDER LTD remarks: VPN provider [high confidence, but not proofed] located in RU @@ -99,6 +104,11 @@ descr: Layer 3 VPN ASN remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS46732 +descr: RESIDENTIAL NETWORKING SOLUTIONS LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS51432 descr: BeeVPN ApS remarks: VPN provider @@ -184,6 +194,11 @@ descr: AMPR VPN remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS197640 +descr: OverPlay.Net LP +remarks: VPN and/or proxy provider +is-anonymous-proxy: yes + aut-num: AS201665 descr: Anonymizer, Inc. remarks: VPN provider @@ -206,6 +221,22 @@ remarks: VPN provider located in BR [high confidence, but not proofed] is-anonymous-proxy: yes country: BR +aut-num: AS207907 +descr: NSQ Venture (M) SDN BHD +remarks: Possibly part of https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/, also tampers with RIR data +is-anonymous-proxy: yes +country: US + +aut-num: AS207976 +descr: V6 Networking LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +aut-num: AS208256 +descr: Stingers, Inc. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS208294 descr: CIA TRIAD SECURITY LLC remarks: Tor relay provider located in or near Berlin, DE @@ -229,6 +260,11 @@ remarks: (Rogue) VPN provider is-anonymous-proxy: yes country: EU +aut-num: AS208979 +descr: RESNET INC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS209623 descr: David Craig remarks: (Rogue) VPN provider @@ -297,16 +333,47 @@ descr: Castle VPN remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS397539 +descr: LAKSH CYBERSECURITY AND DEFENSE LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS397685 descr: Business VPN LLC remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS397770 +descr: LAKSH CYBERSECURITY AND DEFENSE LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +aut-num: AS397881 +descr: Stingers, Inc. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +aut-num: AS398083 +descr: Ting Wireless +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes +country: US + aut-num: AS398271 descr: HardenedVPN[.]com LLC remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS398481 +descr: RedMercury Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +aut-num: AS398559 +descr: Tunbroker LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + aut-num: AS399928 descr: STELLAR PROXIES remarks: VPN or open proxy provider @@ -317,6 +384,11 @@ descr: VPN Consumer Network remarks: VPN provider is-anonymous-proxy: yes +net: 2.59.248.0/22 +descr: Mayak Creative Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 5.62.16.0/24 descr: Privax LTD / PRCDN Consumer Pool / AVAST s.r.o. remarks: VPN provider @@ -367,6 +439,11 @@ descr: Privax LTD / PRCDN Consumer Pool / AVAST s.r.o. remarks: VPN provider is-anonymous-proxy: yes +net: 5.181.40.0/22 +descr: Tal Mukdasi +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 5.182.34.0/24 descr: Coca Proxies VOF remarks: VPN provider @@ -382,6 +459,11 @@ descr: VPNTunnel remarks: VPN provider is-anonymous-proxy: yes +net: 5.253.56.0/22 +descr: Mayak Consulting Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 5.254.128.0/19 descr: VPNTunnel / Hushy VPN / Anonine VPN / Edelino Commerce Inc. remarks: VPN provider @@ -497,6 +579,12 @@ descr: GZ Systems Limited / PureVPN remarks: VPN provider is-anonymous-proxy: yes +net: 45.8.92.0/22 +descr: Cloud Computing Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes +country: US + net: 45.9.12.0/22 descr: VPNHost SIA remarks: VPN provider @@ -552,6 +640,16 @@ descr: Secure Internet LLC remarks: VPN provider is-anonymous-proxy: yes +net: 45.131.168.0/22 +descr: Xantho Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 45.135.160.0/22 +descr: Revonia Ltd. / LAKSH / IAPS +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 45.142.122.0/24 descr: Shtrauh Andrey remarks: VPN provider [high confidence, but not proofed] @@ -573,6 +671,16 @@ descr: Express VPN International Ltd remarks: VPN provider is-anonymous-proxy: yes +net: 45.155.128.0/22 +descr: Revonia Ltd. / LAKSH / IAPS +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 45.157.36.0/22 +descr: Gabor Marton +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 45.220.72.0/22 descr: Low budget VPN service remarks: VPN provider @@ -590,7 +698,7 @@ is-anonymous-proxy: yes net: 46.36.200.0/22 descr: IAPS Security Services, L.L.C. -remarks: VPN provider +remarks: VPN provider, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes net: 46.243.136.0/21 @@ -808,6 +916,11 @@ descr: VPNHOST SIA remarks: VPN provider is-anonymous-proxy: yes +net: 85.209.132.0/22 +descr: Mayak Creative Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 88.81.248.0/24 descr: TopNet ISP VPN remarks: VPN provider @@ -868,6 +981,11 @@ descr: Octopusnet VPN remarks: VPN provider is-anonymous-proxy: yes +net: 95.214.160.0/22 +descr: B Consulting Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 98.159.233.0/24 descr: VPN Consumer Network remarks: VPN provider @@ -1064,6 +1182,11 @@ descr: xTom Limited remarks: ... network operator thinks messing with countries and having an offshore company for it is funny :-/ is-anonymous-proxy: yes +net: 159.197.128.0/17 +descr: Nationwide Computer Systems, Inc. trading as IPTrading.com +remarks: Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 161.129.60.0/24 descr: 10VPN Hosting remarks: VPN provider @@ -1235,6 +1358,16 @@ descr: Freedom of Speech VPN / nVPN / David Craig remarks: (Rogue) VPN provider is-anonymous-proxy: yes +net: 185.147.100.0/22 +remarks: Mayak Smart Services Ltd. +descr: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 185.147.213.0/24 +descr: Strong Technology SE +remarks: VPN provider +is-anonymous-proxy: yes + net: 185.153.177.0/24 descr: NordVPN remarks: VPN provider @@ -1313,6 +1446,11 @@ descr: VKVPN remarks: VPN provider is-anonymous-proxy: yes +net: 185.239.244.0/22 +descr: Xantho Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 185.244.28.0/22 descr: Angelo Kreikamp trading as Forhosting / Freedom of Speech VPN / nVPN / David Craig / ... remarks: (Rogue) VPN provider @@ -1324,6 +1462,21 @@ remarks: (Rogue) VPN provider, fake location (SC), traces back to NL is-anonymous-proxy: yes country: NL +net: 185.244.104.0/22 +descr: Xantho Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 185.246.236.0/22 +descr: Xantho Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 185.254.16.0/22 +descr: Xantho Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 186.2.160.0/20 descr: DDOS-GUARD CORP. remarks: IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize" @@ -1489,6 +1642,16 @@ descr: NordVPN remarks: VPN provider is-anonymous-proxy: yes +net: 194.38.40.0/22 +descr: BIDIT Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + +net: 194.48.100.0/22 +descr: B Consulting Ltd. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 194.87.207.0/24 descr: Lynx Proxies Ltd. remarks: VPN provider @@ -1521,7 +1684,7 @@ is-anonymous-proxy: yes net: 196.52.0.0/14 descr: LogicWeb Inc. / BGRVPN / Private Internet Access / VPNetworks / CookieProxy / etc. pp. -remarks: large IP chunk mostly used by VPN providers +remarks: Hijacked AfriNIC IP chunk mostly used by VPN providers is-anonymous-proxy: yes net: 196.61.192.0/20 @@ -1539,6 +1702,11 @@ descr: Defender cloud international LLC remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +net: 198.228.0.0/16 +descr: Service Provider Corporation +remarks: Hijacked and loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 199.249.223.0/24 descr: Quintex Alliance Consulting remarks: Tor relay provider @@ -1754,6 +1922,11 @@ descr: CACHE-VPN-NET remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +net: 2a03:b600::/29 +descr: IAPS Security Services, L.L.C. +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: yes + net: 2a03:e600:100::/48 descr: Foundation for Applied Privacy remarks: Tor relay provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 2c7caaa..e99325b 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -354,6 +354,11 @@ descr: NextGenWebs, S.L. remarks: traces back to NL country: NL +aut-num: AS42237 +descr: AMATI FOUNDATION +remarks: ISP located in SE, seems to tamper with RIR data (proxies too?) +country: SE + aut-num: AS42397 descr: Bunea TELECOM SRL remarks: ISP located in RO, but some RIR data for announced prefixes contain garbage @@ -989,6 +994,11 @@ descr: AAEX NETWORK TECHNOLOGY LTD remarks: IP hijacker located in HK country: HK +aut-num: AS207429 +descr: Kapteyan Bilisim Teknolojileri +remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage +country: TR + aut-num: AS207461 descr: Liquid IO remarks: ISP located in US, but many RIR data for announced prefixes contain garbage @@ -1024,6 +1034,11 @@ descr: Internet Hosting Ltd. remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG +aut-num: AS208485 +descr: Nese Mala / Moon DC +remarks: shady ISP located in TR, but many RIR data for announced prefixes contain garbage +country: TR + aut-num: AS209132 descr: Alviva Holding Limited remarks: ISP located in BG, but RIR data for announced prefixes contain garbage @@ -1044,6 +1059,11 @@ descr: SEMrush CY LTD remarks: claims CY for announced prefixes, but they are all hosted in NL country: NL +aut-num: AS209371 +descr: Cenk Aksit +remarks: shady ISP located in TR, but RIR data for announced prefixes contain garbage +country: TR + aut-num: AS209401 descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage