From patchwork Wed Nov 10 17:27:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4837 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4HqBd15gphz3wcx for ; Wed, 10 Nov 2021 17:27:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4HqBd12pm0zdh; Wed, 10 Nov 2021 17:27:49 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4HqBd128Zsz2yW2; Wed, 10 Nov 2021 17:27:49 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4HqBd027lmz2xd7 for ; Wed, 10 Nov 2021 17:27:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4HqBcy1hwpzdh for ; Wed, 10 Nov 2021 17:27:45 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1636565267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dYmpxjBCGq6Ai0UPIakUpYOM/uv+BOo/QvlP8nivP3A=; b=QsOocRY/LlRy4gVJlEkQ8z1b2zviaQBDLhunT+jxLS/dVvZ8u8vpTEFolak5aU1MAvMJuX rglatnqCMirg0MCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1636565267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dYmpxjBCGq6Ai0UPIakUpYOM/uv+BOo/QvlP8nivP3A=; b=IaP0i7/jB9irVu35QWwV441u2mbUaXqu+0cFq5mxJWrD8OZDvg+qJQELCQidh+fXP0MvCd 2HzyOWhladal7tS8OohMVVFFmOBqR4q3vGAgRafF9QMtugKDDNYmBXrBeqsEkOPIzouC6o +32/e/FO+KC09Vgd/71D3GJKaJNlwImGnrtCosleFo2temSvJlyR6fJDzceF1Qvy+hhFeO pI0hMcHCxy5hHPiOLpw42hK1UrRs2+HiE9195O4Qlb1d2HDvxcnQ7SYoTrPjeOYwFYrmtk LOyVr+61YHXVxQ56pmAr6wkUbFt47jlewS9Gu8oScthpPTklpC2qW/0EzcSO/A== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-{a1,other}: Regular batch of various overrides Message-ID: <20ba8a00-1146-f833-db2d-5ab8b70bf431@ipfire.org> Date: Wed, 10 Nov 2021 18:27:38 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-a1.txt | 27 ++++++++++++++++----------- overrides/override-other.txt | 30 ++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 70b97e1..5734c08 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -204,6 +204,11 @@ descr: Anonymizer, Inc. remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS201860 +descr: MyTelco Ltd +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + aut-num: AS205016 descr: HERN Labs AB remarks: VPN provider [high confidence, but not proofed] @@ -232,6 +237,11 @@ descr: V6 Networking LLC remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes +aut-num: AS208169 +descr: Artikel10 e.V. +remarks: Tor relay provider +is-anonymous-proxy: yes + aut-num: AS208256 descr: Stingers, Inc. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ @@ -248,12 +258,6 @@ descr: Foundation for Applied Privacy remarks: Tor relay provider is-anonymous-proxy: yes -aut-num: AS213005 -descr: Proxyseo Ltd. -remarks: VPN provider located in ES -is-anonymous-proxy: yes -country: ES - aut-num: AS208476 descr: Danilenko, Artyom remarks: (Rogue) VPN provider @@ -281,11 +285,6 @@ descr: Privex Inc. remarks: VPN and Tor relay provider is-anonymous-proxy: yes -aut-num: AS201860 -descr: MyTelco Ltd -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - aut-num: AS212052 descr: BOET NOTIFY LTD. remarks: VPN provider [high confidence, but not proofed] @@ -313,6 +312,12 @@ descr: NekoCloud Solutions Limited remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +aut-num: AS213005 +descr: Proxyseo Ltd. +remarks: VPN provider located in ES +is-anonymous-proxy: yes +country: ES + aut-num: AS213224 descr: Blue Black Squared Limited remarks: Owned by an offshore letterbox company, claims NL, but dead-ends in DE - hard to tell what is going on here diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 997b37e..dab86a0 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -344,6 +344,11 @@ descr: ab stract / Peter Kolmisoppi remarks: tampers with RIR data, traces back to SE country: SE +aut-num: AS39782 +descr: Rack Sphere Hosting S.A. +remarks: claims PA for some prefixes, but they are all hosted in CH +country: CH + aut-num: AS40034 descr: Confluence Networks Inc. remarks: fake offshore location (VG), traces back to Austin, TX, US @@ -409,6 +414,11 @@ descr: NForce Entertainment B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL +aut-num: AS43440 +descr: Digitale Suisse AG +remarks: ISP located in CH, but some RIR data for announced prefixes contain garbage +country: CH + aut-num: AS43624 descr: PQ HOSTING S.R.L. remarks: tampers with RIR data sometimes, traces back to NL @@ -559,6 +569,11 @@ descr: Cloudie Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS56322 +descr: ServerAstra Kft. +remarks: ISP located in HU, but some RIR data for announced prefixes contain garbage +country: HU + aut-num: AS56382 descr: vServer.site LTD remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage @@ -724,6 +739,11 @@ descr: BGP Consultancy Pte Ltd remarks: possibly invoved in IP hijacking, located somewhere in AP area country: AP +aut-num: AS64122 +descr: SWISS GLOBAL SERVICES S.A.S. +remarks: ... surprisingly, all of their prefixes are hosted in CH, yet they claim CO or PA for them +country: CH + aut-num: AS64425 descr: SKB Enterprise B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -1124,6 +1144,11 @@ descr: VPSSC Networks LTD remarks: ISP located in UA, but RIR data for announced prefixes contain garbage country: UA +aut-num: AS210848 +descr: Telkom Internet LTD +remarks: shady ISP currently located in NL +country: NL + aut-num: AS211380 descr: PAYWISE HOLDING Sp. z.o.o. remarks: ISP located in NL, but RIR data for announced prefixes contain garbage @@ -1194,6 +1219,11 @@ descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU country: RU +aut-num: AS213194 +descr: Alfa Web Solutions Ltd. +remarks: shady ISP located in NL +country: NL + aut-num: AS213373 descr: IP Connect Inc. remarks: fake offshore location (SC), traces back to NL