From patchwork Mon Dec 27 18:49:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4943 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JN6CW0GkKz3wt3 for ; Mon, 27 Dec 2021 18:49:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JN6CV20kPz1GL; Mon, 27 Dec 2021 18:49:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JN6CT51hKz2xjr; Mon, 27 Dec 2021 18:49:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JN6CR63MHz2xLY for ; Mon, 27 Dec 2021 18:49:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4JN6CQ0hG0zdL for ; Mon, 27 Dec 2021 18:49:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1640630963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Hiox7y03Nq2v4nnMMGvtlgB7dmTdAcrxhR7wDhWA7Bc=; b=za4zd9i70TRsh2sFbUlMr4HjjfPNSzeUmSj2uIwSD6lDd1whqUVWwMBCuJ+kBvWpeR2CjS 2TeZJaNwmND67XAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1640630963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Hiox7y03Nq2v4nnMMGvtlgB7dmTdAcrxhR7wDhWA7Bc=; b=Wy/vckex8ws07Dh4v7e0Rk8l+T2pWqkm6UwZi3E4Ko8dpCCLWI0jnjAeptyonKb9L9bTiF pkvGMztcaBH8vnYqyyHkhjjSUl3k4oV6haDCEQ5A6UtZUFLeiw3tMG3egYf5Va1e6qtRtW 6NoRjz07jgu7AdHsTUrzrw1YV+eHy6jwTQ5FOY495mtjSi5G2WFZyOqNsQnIh7A6+8+ztV kBRtOEQx2jsuBw1ObmxIv7+ljvImQfcWiRBR6hThI/fJqsKdb40fJh42C4JhQZLItfOqJL /cR8tokMqHZmOOGZMJTRrdxk9jawJcG6cwmVdZBIHnDg+gyeRZufyvqmhBPB9Q== To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] overrides-{a1,other,xd}: Regular batch of various overrides Message-ID: <621a00ae-2684-df40-7f02-9beb13dc242b@ipfire.org> Date: Mon, 27 Dec 2021 19:49:15 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Swiss company Securebit AG continues to think messing with country codes is funny... :-/ Signed-off-by: Peter Müller --- overrides/override-a1.txt | 5 -- overrides/override-other.txt | 140 ++++++++++++++++++++--------------- overrides/override-xd.txt | 74 +++++++++++++++--- 3 files changed, 144 insertions(+), 75 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 5fce4d9..7365738 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -285,11 +285,6 @@ remarks: VPN provider located in ES is-anonymous-proxy: yes country: ES -aut-num: AS213224 -descr: Blue Black Squared Limited -remarks: Owned by an offshore letterbox company, claims NL, but dead-ends in DE - hard to tell what is going on here -is-anonymous-proxy: yes - aut-num: AS394087 descr: Secure Internet LLC / PureVPN remarks: VPN provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 05901f6..8b228af 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -149,11 +149,6 @@ descr: Blue Diamond Network Co., Ltd. remarks: Hiding behind fake ISP Navitgo LLC (AS59721), tampers with RIR data country: NL -aut-num: AS18013 -descr: ASLINE LIMITED -remarks: IP hijacker, traces back to AP region -country: AP - aut-num: AS18185 name: Northern Taiwan Community University remarks: has no sane AS name set in APNIC DB @@ -173,31 +168,16 @@ descr: EGIHosting remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US -aut-num: AS207711 -descr: Inteldome Corporation -remarks: ... whose location we are unable to determine precisely, but its definitely not MH :-/ -country: EU - aut-num: AS21100 descr: ITL LLC remarks: ISP headquatered in BG and/or UA, physically located in NL, some RIR data for announced prefixes contain inaccurate data country: NL -aut-num: AS22769 -descr: DDOSING NETWORK -remarks: IP hijacker located somewhere in AP, massively tampers with RIR data -country: AP - aut-num: AS23858 descr: xTom Pty. Ltd. remarks: ISP located in AU, RIR data for announced prefixes contain garbage country: AU -aut-num: AS24009 -descr: HK UNITE TELECOMMUNICATIONS DEVELOPMENT LIMITED -remarks: IP hijacker (?) located in HK, tampers with RIR data -country: HK - aut-num: AS24700 descr: Yes Networks Unlimited Ltd remarks: traces to UA, but some RIR entries seem to contain garbage (VG) @@ -218,6 +198,11 @@ descr: Unicycle, LLC remarks: traces back to NL country: NL +aut-num: AS26636 +descr: GBTCloud, Inc. +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS27411 descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -358,6 +343,11 @@ descr: Rack Sphere Hosting S.A. remarks: claims PA for some prefixes, but they are all hosted in CH country: CH +aut-num: AS40021 +descr: Contabo Inc. +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS40034 descr: Confluence Networks Inc. remarks: fake offshore location (VG), traces back to Austin, TX, US @@ -373,13 +363,8 @@ descr: MLAB Open Source Community remarks: traces back to DE country: DE -aut-num: AS41466 -descr: Treidinvest LLC -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG - aut-num: AS41564 -descr: Packet Exchange Limited +descr: Orion Network Limited remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted country: SE @@ -409,7 +394,7 @@ remarks: ISP located in GB, but some RIR data for announced prefixes contain gar country: GB aut-num: AS42960 -descr: Cloud Management LLC +descr: VH Global Limited remarks: tampers with RIR data, traces back to AP area country: AP @@ -418,11 +403,6 @@ descr: DGN TEKNOLOJI A.S. remarks: ISP located in TR, but many RIR data for announced prefixes contain garbage country: TR -aut-num: AS43092 -descr: Kirin Communication Limited -remarks: tampers with RIR data, traces back to AP area -country: AP - aut-num: AS43310 descr: TOV "LVS" remarks: ISP located in UA, but some RIR data for announced prefixes contain garbage @@ -453,11 +433,6 @@ descr: NbIServ remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage country: DE -aut-num: AS44015 -descr: Landgard Management Inc. -remarks: bulletproof ISP with strong links to RU -country: RU - aut-num: AS44477 descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -468,6 +443,11 @@ descr: Skylink Data Center BV remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL +aut-num: AS44901 +descr: Belcloud LTD +remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage +country: BG + aut-num: AS44992 descr: KeonWoo PARK remarks: claims US for its prefixes announced, but traces back to KR @@ -493,6 +473,11 @@ descr: Spectre Operations BV remarks: ISP located in NL, but some RIR data for suballocations of announced prefixes contain garbage country: NL +aut-num: AS48024 +descr: NEROCLOUD Ltd. +remarks: RIR data faked/incorrect, cannot trust this network +country: EU + aut-num: AS48158 descr: DigitalOne AG remarks: Services appear to be hosted in RU, RIR data faked/incorrect @@ -545,7 +530,7 @@ country: NL aut-num: AS50360 descr: Tamatiya EOOD / 4Vendeta -remarks: Questionable (at best) ISP located in BG, clients massively tamper with RIR data +remarks: Questionable ISP located in BG, clients massively tamper with RIR data country: BG aut-num: AS50673 @@ -553,6 +538,11 @@ descr: Serverius Holding B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL +aut-num: AS51167 +descr: Contabo GmbH +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS51089 descr: SALTYFISH TECH LTD remarks: traceroutes dead-end somewhere near HK @@ -638,11 +628,6 @@ descr: ULTRANEX LTD remarks: fake offshore location (CY), hosted in NL country: NL -aut-num: AS58271 -descr: FOP Gubina Lubov Petrivna -remarks: bulletproof ISP operating from a war zone in eastern UA -country: UA - aut-num: AS58294 descr: CloudWall Ltd. remarks: RIR data neither contain a postal address nor a phone number, traceroutes end in Sofia, BG @@ -1080,14 +1065,24 @@ country: US aut-num: AS207569 descr: Network Management Ltd. -remarks: traceroutes dead-end somewhere in or near RU -country: RU +remarks: traceroutes dead-end somewhere in or near CZ +country: CZ aut-num: AS207616 descr: Altrosky Technology Ltd. remarks: fake offshore location (SC), traces back to CZ and NL country: EU +aut-num: AS207711 +descr: Inteldome Corporation +remarks: ... whose location we are unable to determine precisely, but its definitely not MH :-/ +country: EU + +aut-num: AS207968 +descr: Internetservice Hahn +remarks: AQ != DE, you know +country: DE + aut-num: AS208046 descr: Maximilian Kutzner trading as HostSlick remarks: traces back to NL, but some RIR data for announced prefixes contain garbage @@ -1098,11 +1093,6 @@ descr: Access2.IT Group B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL -aut-num: AS208410 -descr: Internet Hosting Ltd. -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG - aut-num: AS208485 descr: Nese Mala / Moon DC remarks: shady ISP located in TR, but many RIR data for announced prefixes contain garbage @@ -1118,11 +1108,6 @@ descr: Miti 2000 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG -aut-num: AS209272 -descr: Alviva Holding Limited -remarks: bulletproof ISP operating from a war zone in eastern UA -country: UA - aut-num: AS209366 descr: SEMrush CY LTD remarks: claims CY for announced prefixes, but they are all hosted in NL @@ -1148,6 +1133,11 @@ descr: VPSSC Networks LTD remarks: ISP located in UA, but RIR data for announced prefixes contain garbage country: UA +aut-num: AS210654 +descr: Des Capital B.V. +remarks: Shady ISP located in NL, but RIR data for announced prefixes contain garbage +country: NL + aut-num: AS210848 descr: Telkom Internet LTD remarks: shady ISP currently located in NL @@ -1203,6 +1193,11 @@ descr: MILEGROUP LTD remarks: traceroutes dead-end somewhere in Central Europe country: EU +aut-num: AS212552 +descr: BitCommand LLC +remarks: Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe +country: EU + aut-num: AS212667 descr: RECONN LLC remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -1218,11 +1213,6 @@ descr: Serverion BV remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage country: NL -aut-num: AS213058 -descr: Private Internet Hosting LTD -remarks: bulletproof ISP located in RU -country: RU - aut-num: AS213194 descr: Alfa Web Solutions Ltd. remarks: shady ISP located in NL @@ -1263,6 +1253,11 @@ descr: xTom Limited remarks: ISP located in ZA, RIR data for announced prefixes contain garbage country: ZA +aut-num: AS328227 +descr: Xhostserver LLC +remarks: ISP located in ZA, many RIR data for announced prefixes contain garbage +country: ZA + aut-num: AS328543 descr: Sun Network Company Limited remarks: IP hijacker, traces back to AP region @@ -1398,6 +1393,11 @@ descr: IPv4 Superhub Limited remarks: network owned by an HK company, traces back to HK as well - but is assigned to DE. Nice try... country: HK +net: 45.129.136.0/24 +descr: Flyservers S.A. +remarks: fake offshore location (PA), traces back to NL +country: NL + net: 45.134.12.0/24 descr: MS Network LTD remarks: fake offshore location (SC), traces back to NL @@ -1493,6 +1493,21 @@ descr: PSINet, Inc. (PSI) / Cogent Communications remarks: Cogent IP range used in Europe, according to ARIN whois ("COGENT-EUROPEAN-OPERATIONS-001") country: EU +net: 141.98.82.0/24 +descr: Flyservers S.A. +remarks: fake offshore location (PA), traces back to RO +country: RO + +net: 141.98.83.0/24 +descr: Flyservers S.A. +remarks: fake offshore location (PA), traces back to RO +country: RO + +net: 146.19.102.0/24 +descr: Norbert Miczuga +remarks: ... who thinks messing with country codes is funny :-/ +country: CH + net: 149.22.96.0/19 descr: Manx Telecom Limited remarks: Suballocation of Cogent, country code missing due to ARIN DB situation (https://community.ipfire.org/t/location-database-update-error-country-code/6451/) @@ -1608,6 +1623,11 @@ descr: Openfactory GmbH remarks: ... who thinks assigning networks to AQ is funny :-/ country: EU +net: 2a10:ccc0::/29 +descr: Securebit AG +remarks: ... who thinks assigning networks to AQ is funny :-/ +country: CH + net: 2402:e940:f00::/48 descr: Wind Cloud Network Technology Co Ltd. remarks: appears to be used out of Tokyo, JP diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 29057d9..b669621 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -26,11 +26,41 @@ # Please keep this file sorted. # +aut-num: AS18013 +descr: ASLINE LIMITED +remarks: IP hijacker, traces back to AP region +country: AP +drop: yes + +aut-num: AS22769 +descr: DDOSING NETWORK +remarks: IP hijacker located somewhere in AP, massively tampers with RIR data +country: AP +drop: yes + +aut-num: AS24009 +descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED +remarks: IP hijacker located in HK, tampers with RIR data +country: HK +drop: yes + aut-num: AS39770 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes +aut-num: AS43092 +descr: Kirin Communication Limited +remarks: Hijacks IP space and tampers with RIR data, traces back to JP +country: JP +drop: yes + +aut-num: AS44015 +descr: Landgard Management Inc. +remarks: bulletproof ISP with strong links to RU +country: RU +drop: yes + aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL @@ -72,6 +102,18 @@ remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes +aut-num: AS58271 +descr: FOP Gubina Lubov Petrivna +remarks: bulletproof ISP operating from a war zone in eastern UA +country: UA +drop: yes + +aut-num: AS58810 +descr: iZus Co., Ltd +remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, seems to trace to some location in AP vicinity +country: AP +drop: yes + aut-num: AS60424 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP @@ -83,12 +125,6 @@ remarks: bulletproof ISP (linked to AS202425 et al.) located in NL country: NL drop: yes -aut-num: AS62355 -descr: Network Dedicated SAS -remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL -country: NL -drop: yes - aut-num: AS64425 descr: SKB Enterprise B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -113,16 +149,28 @@ remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, trace country: NL drop: yes +aut-num: AS204655 +descr: Novogara Ltd. +remarks: bulletproof ISP (strongly linked to AS202425) located in NL +country: NL +drop: yes + aut-num: AS207812 descr: DM AUTO EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data country: BG drop: yes -aut-num: AS204655 -descr: Novogara Ltd. -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL +aut-num: AS209272 +descr: Alviva Holding Limited +remarks: bulletproof ISP operating from a war zone in eastern UA +country: UA +drop: yes + +aut-num: AS213058 +descr: Private Internet Hosting LTD +remarks: bulletproof ISP located in RU +country: RU drop: yes aut-num: AS328671 @@ -131,7 +179,13 @@ remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes +net: 2a0e:b107:d10::/44 +descr: NZB.si Enterprises +remarks: Tampers with RIR data, not a safe place to route traffic to +drop: yes + net: 2a10:9700::/29 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP +country: RU drop: yes