From patchwork Sun Jan 16 11:19:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 4971 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JcCHN2svJz3wcx for ; Sun, 16 Jan 2022 11:19:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JcCHM5k8Zzsy; Sun, 16 Jan 2022 11:19:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JcCHM3lB8z2xPJ; Sun, 16 Jan 2022 11:19:43 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JcCHM05Rzz2xgV for ; Sun, 16 Jan 2022 11:19:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4JcCHK5c20zsy for ; Sun, 16 Jan 2022 11:19:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1642331982; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SFJFdq3Zx+gzvYSiHHstRbrtPFYrCTfb3B/9yZCMcAc=; b=edffxIEGZR4uAHf6WxxgPbLdA6OVq4Gb8cEv8zkHywSYG+OjdEFrf4ElxQ51wsN1zpc83N 9uDGKjbKJeEmn1dfv/nfDQ1dmqZnYwQQSAUPKStA/Jz+LnxUodc8QNT3lYouITkJuSUh07 tYWvgCO5Gm6oexF1EvuMZwtlVTafRMucWakmF6OHOy7djMS2EHVne1oDs2xYYrKiBFHBrq oLZMsgmuisqE2tUA8KCgL+Ts/tPa7T8tn8t+xAXqvotDik0ydSBVq8XnWhWmEuCOSO9P9X MIp70JqWnFjdyUXu+/bC49NDjX9MLtkAHjWei5i3jngfGHVCy/3Ebs4U6rX0CA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1642331982; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SFJFdq3Zx+gzvYSiHHstRbrtPFYrCTfb3B/9yZCMcAc=; b=RXbHSyzRglt3LqxiaqNl4W9m3LABSqqI8XptHpH+QU5xTOoninoTita84YRCh60UjU/eYw dvEZ6G74N2fQE8DA== Message-ID: Date: Sun, 16 Jan 2022 11:19:27 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Location" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] override-{a1,other,xd}: Regular batch of various overrides X-BeenThere: location@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: location-bounces@lists.ipfire.org Sender: "Location" Signed-off-by: Peter Müller --- overrides/override-a1.txt | 5 ++ overrides/override-other.txt | 92 ++++++++++++++++++------------------ overrides/override-xd.txt | 66 +++++++++++++++++++++++--- 3 files changed, 111 insertions(+), 52 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 43e0174..a97e7ce 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -639,6 +639,11 @@ descr: Gabor Marton remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes +net: 45.203.128.0/18 +descr: ProxyWow LLC +remarks: CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways +is-anonymous-proxy: yes + net: 45.220.72.0/22 descr: Low budget VPN service remarks: VPN provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 89ad8e0..c33e642 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -63,6 +63,11 @@ aut-num: AS4134 name: Chinanet Backbone remarks: has no sane AS name set in APNIC DB +aut-num: AS4609 +descr: Companhia de Telecomunicacones de Macau SARL +remarks: ISP located in MO, but some RIR data needs manual correction due to ARIN DB situation +country: MO + aut-num: AS4754 name: Software Technology Park of India remarks: has no sane AS name set in APNIC DB @@ -90,6 +95,11 @@ descr: Greek Research and Technology Network (GRNET) S.A. remarks: ... located in GR country: GR +aut-num: AS6079 +descr: RCN +remarks: ISP located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS6134 descr: XNNET LLC remarks: traces back to HK, seems to tamper with RIR data @@ -208,6 +218,11 @@ descr: Unicycle, LLC remarks: traces back to NL country: NL +aut-num: AS26548 +descr: PureVoltage Hosting Inc. +remarks: ISP and IP hijacker located in US, but some RIR data for announced prefixes contain garbage +country: US + aut-num: AS26636 descr: GBTCloud, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -263,6 +278,11 @@ descr: Neterra Ltd. remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage country: BG +aut-num: AS34549 +descr: meerfarbig GmbH & Co. KG +remarks: ISP located in DE, but some RIR data for announced prefixes contain garbage +country: DE + aut-num: AS34665 descr: Petersburg Internet Network Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -388,10 +408,10 @@ descr: MLAB Open Source Community remarks: traces back to DE country: DE -aut-num: AS41564 -descr: Orion Network Limited -remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted -country: SE +aut-num: AS41378 +descr: Kirino LLC +remarks: traces back to AP vincinity, tampers with RIR data +country: AP aut-num: AS41608 descr: NextGenWebs, S.L. @@ -603,11 +623,6 @@ descr: Reliance Jio Infocomm Limited remarks: ISP located in IN, but some RIR data for announced prefixes contain garbage country: IN -aut-num: AS55933 -descr: Cloudie Limited -remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region -country: AP - aut-num: AS56322 descr: ServerAstra Kft. remarks: ISP located in HU, but some RIR data for announced prefixes contain garbage @@ -633,16 +648,6 @@ descr: Telefonica LLC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU -aut-num: AS57858 -descr: Inter Connects Inc. -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data -country: SE - -aut-num: AS57972 -descr: Inter Connects Inc. -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data -country: SE - aut-num: AS58061 descr: Scalaxy B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -665,8 +670,8 @@ country: BG aut-num: AS58349 descr: INNETRA PC -remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU -country: EU +remarks: ... traceroutes dead-end in NL +country: NL aut-num: AS58879 descr: Shanghai Anchang Network Security Technology Co.,Ltd. @@ -723,11 +728,6 @@ descr: DignusData LLC remarks: ISP located in PL, but _all_ RIR data for announced prefixes contain garbage country: PL -aut-num: AS60485 -descr: Inter Connects Inc. / Jing Yun -remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks -country: SE - aut-num: AS60546 descr: EU Routing Ltd remarks: fake offshore location (CY), hosted in NL @@ -818,6 +818,11 @@ descr: CloudITIDC Global remarks: ISP and/or IP hijacker located somewhere in AP country: AP +aut-num: AS133613 +descr: MTel telecommunication company ltd. +remarks: ISP and located in MO, but some prefixes needs manual correction due to ARIN DB situation +country: MO + aut-num: AS133752 descr: Leaseweb Asia Pacific pte. ltd. remarks: ISP located in HK, some RIR data for announced prefixes contain garbage @@ -853,6 +858,11 @@ descr: LUOGELANG (FRANCE) LIMITED remarks: Shady ISP located in HK, RIR data for announced prefixes contain garbage country: HK +aut-num: AS136167 +descr: China Telecom (Macau) Company Limited +remarks: located in MO, yet some prefixes show CN or HK instead +country: MO + aut-num: AS136274 descr: Cloud Servers Pvt Ltd remarks: ISP located in NL, all RIR data for announced prefixes contain garbage @@ -918,11 +928,6 @@ descr: Cloudflare Sydney, LLC remarks: ... but CF failed to set the country for announced prefixes to AU as well :-/ country: AU -aut-num: AS139330 -descr: SANREN DATA LIMITED -remarks: IP hijacker located somewhere in AP region, tampers with RIR data -country: AP - aut-num: AS139471 descr: HWA CENT TELECOMMUNICATIONS LIMITED remarks: ISP and/or IP hijacker located in AP area, tampers with RIR data @@ -955,7 +960,7 @@ country: HK aut-num: AS139879 descr: Galaxy Broadband -remarks: ISP located in PK, but announces 204.137.128.0/18, which is ARIN space, assigned to "AGIS" / Cogent - odd... +remarks: ISP located in PK, but some RIR data need manual correction due to ARIN DB situation country: PK aut-num: AS140214 @@ -983,10 +988,10 @@ descr: Full Time Hosting remarks: ISP located in DE, tampers with RIR data country: DE -aut-num: AS141746 -descr: Orenji Server -remarks: IP hijacker located somewhere in AP area (JP?) -country: AP +aut-num: AS141677 +descr: Nathosts Limited +remarks: ... located in HK? +country: HK aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich @@ -1198,11 +1203,6 @@ descr: Des Capital B.V. remarks: Shady ISP located in NL, but RIR data for announced prefixes contain garbage country: NL -aut-num: AS210848 -descr: Telkom Internet LTD -remarks: shady ISP currently located in NL -country: NL - aut-num: AS211380 descr: PAYWISE HOLDING Sp. z.o.o. remarks: ISP located in NL, but RIR data for announced prefixes contain garbage @@ -1248,11 +1248,6 @@ descr: MILEGROUP LTD remarks: traceroutes dead-end somewhere in Central Europe country: EU -aut-num: AS212552 -descr: BitCommand LLC -remarks: Hides behind a CDN ISP, traceroutes dead-end somewhere in Central Europe -country: EU - aut-num: AS212667 descr: RECONN LLC remarks: ISP located in RU, but RIR data for announced prefixes contain garbage @@ -1533,6 +1528,11 @@ descr: SpaceX Canada Corp. remarks: Accurate country code missing due to ARIN DB situation, see also: #12746 country: CA +net: 103.126.4.0/23 +descr: Cyber Telecom ISP +remarks: Despite being allocated to AF, traceroutes end in NL +country: NL + net: 103.197.148.0/22 descr: I.C.S. Trabia-Network S.R.L. remarks: fake offshore location (HK), traces back to MD diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 738a699..2b50406 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -67,6 +67,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes +aut-num: AS41564 +descr: Orion Network Limited +remarks: shady uplink for a bunch of dirty ISPs in SE (and likely elsewhere in EU), routing stolen AfriNIC networks, RIR data of prefixes announced by this AS cannot be trusted +country: EU +drop: yes + aut-num: AS43092 descr: Kirin Communication Limited remarks: Hijacks IP space and tampers with RIR data, traces back to JP @@ -79,6 +85,12 @@ remarks: bulletproof ISP with strong links to RU country: RU drop: yes +aut-num: AS44446 +descr: OOO SibirInvest +remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL +country: NL +drop: yes + aut-num: AS48090 descr: PPTECHNOLOGY LIMITED remarks: bulletproof ISP (related to AS204655) located in NL @@ -109,6 +121,12 @@ remarks: Autonomous System registered to offshore company, abuse contact is a fr country: AP drop: yes +aut-num: AS55933 +descr: Cloudie Limited +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region +country: AP +drop: yes + aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL @@ -126,6 +144,18 @@ remarks: bulletproof ISP (related to AS202425) located in NL country: NL drop: yes +aut-num: AS57858 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data +country: SE +drop: yes + +aut-num: AS57972 +descr: Inter Connects Inc. +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data +country: SE +drop: yes + aut-num: AS58271 descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA @@ -143,6 +173,12 @@ descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP drop: yes +aut-num: AS60485 +descr: Inter Connects Inc. / Jing Yun +remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks +country: SE +drop: yes + aut-num: AS61414 descr: EDGENAP LTD remarks: IP hijacking? Rogue ISP? @@ -190,6 +226,12 @@ remarks: IP hijacker located somewhere in AP area country: AP drop: yes +aut-num: AS139330 +descr: SANREN DATA LIMITED +remarks: IP hijacker located somewhere in AP region, tampers with RIR data +country: AP +drop: yes + aut-num: AS140107 descr: CITIS CLOUD GROUP LIMITED remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, location unknown (AP? HK? US?) @@ -201,6 +243,12 @@ remarks: ISP and IP hijacker located in HK, tampers with RIR data country: HK drop: yes +aut-num: AS141746 +descr: Orenji Server +remarks: IP hijacker located somewhere in AP area (JP?) +country: AP +drop: yes + aut-num: AS200391 descr: KREZ 999 EOOD remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data @@ -231,24 +279,30 @@ remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes -aut-num: AS207812 -descr: DM AUTO EOOD -remarks: another shady customer of "Tamatiya EOOD / 4Vendeta", located in BG, tampers with RIR data -country: BG -drop: yes - aut-num: AS209272 descr: Alviva Holding Limited remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes +aut-num: AS210848 +descr: Telkom Internet LTD +remarks: Rogue ISP (linked to AS202425) located in NL +country: NL +drop: yes + aut-num: AS211193 descr: ABDILAZIZ UULU ZHUSUP remarks: bulletproof ISP and IP hijacker, traces to RU country: RU drop: yes +aut-num: AS212552 +descr: BitCommand LLC +remarks: Dirty ISP located somewhere in EU, cannot trust RIR data of this network +country: EU +drop: yes + aut-num: AS213058 descr: Private Internet Hosting LTD remarks: bulletproof ISP located in RU