From patchwork Sat Dec 12 20:20:44 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 3721
Return-Path: <location-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CtfDK3DBDz3wg0
	for <patchwork@web04.haj.ipfire.org>; Sat, 12 Dec 2020 20:20:49 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4CtfDK0v9dz18H;
	Sat, 12 Dec 2020 20:20:49 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CtfDK0Pm9z2xWR;
	Sat, 12 Dec 2020 20:20:49 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CtfDH48gdz2x9g
 for <location@lists.ipfire.org>; Sat, 12 Dec 2020 20:20:47 +0000 (UTC)
Received: from people01.haj.ipfire.org (people01.haj.ipfire.org
 [172.28.1.161])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "people01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail01.ipfire.org (Postfix) with ESMTPS id 4CtfDG69HMz18H;
 Sat, 12 Dec 2020 20:20:46 +0000 (UTC)
Received: by people01.haj.ipfire.org (Postfix, from userid 1078)
 id 4CtfDG4y3Hz2xb8; Sat, 12 Dec 2020 20:20:46 +0000 (UTC)
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: [PATCH] override-{a1,other}: regular batch of overrides
Date: Sat, 12 Dec 2020 20:20:44 +0000
Message-Id: <20201212202044.12481-1-peter.mueller@ipfire.org>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-BeenThere: location@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <location.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/location>,
 <mailto:location-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/location/>
List-Post: <mailto:location@lists.ipfire.org>
List-Help: <mailto:location-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/location>,
 <mailto:location-request@lists.ipfire.org?subject=subscribe>
Errors-To: location-bounces@lists.ipfire.org
Sender: "Location" <location-bounces@lists.ipfire.org>

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    |  6 +++++
 overrides/override-other.txt | 51 ++++++++++++++++++++++++++++++------
 2 files changed, 49 insertions(+), 8 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 7aca339..a0a4404 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -1007,6 +1007,12 @@ descr:				Angelo Kreikamp trading as Forhosting / Freedom of Speech VPN / nVPN /
 remarks:			(Rogue) VPN provider
 is-anonymous-proxy:	yes
 
+net:				185.244.29.0/24
+descr:				NINAZU VPN Service / Gerber EDV / David Craig
+remarks:			(Rogue VPN provider), fake location (SC), traces back to NL
+is-anonymous-proxy:	yes
+country:			NL
+
 net:				188.72.80.0/21
 descr:				GZ Systems Limited / PureVPN
 remarks:			VPN provider
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 98ea79b..fb60d97 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -13,6 +13,16 @@
 # Please keep this file sorted.
 #
 
+aut-num:	AS6134
+descr:		XNNET LLC
+remarks:	traces back to an unknown oversea location (Hong Kong?), seems to tamper with RIR data
+country:	HK
+
+aut-num:	AS8359
+descr:		MTS PJSC
+remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
+country:	RU
+
 aut-num:	AS12025
 descr:		Iron Mountain Data Center
 remarks:	ISP located in US, but some RIR data for announced prefixes contain garbage
@@ -78,10 +88,10 @@ descr:		UKSERVERS
 remarks:	ISP located in GB, but some RIR data for announced prefixes contain garbage
 country:	GB
 
-aut-num:	AS44446
-descr:		OOO SibirInvest
-remarks:	bulletproof ISP (related to AS204655), traces back to NL and BG
-country:	EU
+aut-num:	AS42960
+descr:		Cloud Management LLC
+remarks:	tampers with RIR data, traces back to HK
+country:	HK
 
 aut-num:	AS48090
 descr:		PPTECHNOLOGY LIMITED
@@ -103,6 +113,11 @@ descr:		Smart Telecom S.A.R.L
 remarks:	tampers with RIR data, traces back to RU
 country:	RU
 
+aut-num:	AS55933
+descr:		Cloudie Limited
+remarks:	part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region
+country:	AP
+
 aut-num:	AS56611
 descr:		REBA Communications BV
 remarks:	bulletproof ISP (related to AS202425) located in NL
@@ -188,6 +203,11 @@ descr:		IP Connect Inc.
 remarks:	fake offshore location (SC), traces back to NL
 country:	NL
 
+aut-num:	AS328543
+descr:		Sun Network Company Limited
+remarks:	IP hijacker, traces back to AP region
+country:	AP
+
 aut-num:	AS398478
 descr:		PEG TECH INC
 remarks:	ISP located in HK, tampers with RIR data
@@ -253,20 +273,35 @@ descr:		FlokiNET Ltd.
 remarks:	fake offshore location (SC), traces back to RO
 country:   	RO
 
+net:		185.175.93.0/24
+descr:		Perfect Hosting Solutions
+remarks:	bulletproof ISP related to AS204655, traces back to BG
+country:	BG
+
 net:		185.169.253.0/24
 descr:		Amarutu Technology Ltd. / KoDDoS / ESecurity
 remarks:	fake offshore location (BZ), traces back to US
 country:   	US
 
+net:		185.193.91.0/24
+descr:		Romanenko Stanislav Sergeevich
+remarks:	bulletproof ISP related to AS204655, traces back to BG
+country:	BG
+
 net:		185.193.124.0/22
 descr:		ab stract / Njalla
 remarks:	bogus RIR data pointing to the unpopulated Bouvet Island (BV), suballocations trace back to SE
 country:   	SE
 
-net:		185.244.29.0/24
-descr:		NINAZU VPN Service / Gerber EDV / David Craig
-remarks:	bulletproof ISP, fake location (SC), traces back to GB
-country:   	GB
+net:		185.227.152.0/22
+descr:		XinYuan Interconnect (HONG KONG [sic!]) Limited
+remarks:	claims to be located in DE, traces back to HK
+country:	HK
+
+net:		190.2.128.0/19
+descr:		WorldStream (LATAM) BV
+remarks:	LACNIC IP chunk solely used in NL (inaccurate data)
+country:	NL
 
 net:		193.29.12.0/22
 descr:		Bunea TELECOM SRL