From e5d563de22922f4433522a1e47f11928cbcb37e3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Sun, 11 Apr 2021 11:31:04 +0200 Subject: [PATCH] override-{a{1,3},other}: regular batch of various overrides MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit These came to my attention last night. Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- overrides/override-a1.txt | 17 ++++++++++-- overrides/override-a3.txt | 5 ++++ overrides/override-other.txt | 50 ++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index ef3ec7d..0b50b76 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -99,9 +99,10 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes aut-num: AS55303 -descr: Eagle Sky Co., Lt -remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize" +descr: Eagle Sky Co., Lt[d ?] +remarks: Autonomous System registered to offshore company, abuse contact is a freemail address, address says "0 Market Square, P.O. Box 364, Belize", seems to trace to some location in AP vicinity is-anonymous-proxy: yes +country: AP aut-num: AS58546 descr: Astrill VPN @@ -128,6 +129,12 @@ descr: Anonymizer, Inc. remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS206819 +descr: ANSON NETWORK LIMITED +remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW +is-anonymous-proxy: yes +country: TW + aut-num: AS207688 descr: DataHome S.A. remarks: VPN provider located in BR [high confidence, but not proofed] @@ -634,6 +641,12 @@ descr: Perfect Privacy LTD remarks: VPN provider is-anonymous-proxy: yes +net: 85.92.100.0/22 +descr: LoadProxy, LLC +remarks: VPN provider +is-anonymous-proxy: yes +country: US + net: 85.203.23.0/24 descr: VPN Consumer Network / falco-networks.com remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index dbf5dd7..36e03a3 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -160,6 +160,11 @@ descr: ipcom GmbH remarks: Generic anycast network is-anycast: yes +aut-num: AS209813 +descr: Fast Content Delivery Ltd. +remarks: Generic anycast network +is-anycast: yes + aut-num: AS210004 descr: Stichting Internet Domeinregistratie Nederland (SIDN) remarks: TLD operator's anycast network diff --git a/overrides/override-other.txt b/overrides/override-other.txt index a41d4da..d2c2423 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -128,6 +128,11 @@ descr: Cloud Management LLC remarks: tampers with RIR data, traces back to HK country: HK +aut-num: AS44015 +descr: Landgard Management Inc. +remarks: bulletproof ISP with strong links to RU +country: RU + aut-num: AS44477 descr: IP Oleinichenko Denis remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -173,11 +178,21 @@ descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS56851 +descr: PE Skurykhin Mukola Volodumurovuch +remarks: tampers with RIR data, traces back to UA +country: UA + aut-num: AS57717 descr: FiberXpress BV remarks: bulletproof ISP (related to AS202425) located in NL country: NL +aut-num: AS57724 +descr: DDOS-GUARD LTD +remarks: shady ISP, customers massively tamper with RIR data, we cannot trust this network +country: RU + aut-num: AS57858 descr: Inter Connects Inc. remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking stolen AfriNIC networks, massively tampers with RIR data @@ -193,6 +208,11 @@ descr: FOP Gubina Lubov Petrivna remarks: bulletproof ISP operating from a war zone in eastern UA country: UA +aut-num: AS58349 +descr: INNETRA PC +remarks: another shady customer of "DDoS Guard Ltd.", jurisdiction is probably RU, but traceroutes dead-end somewhere else in EU +country: EU + aut-num: AS59580 descr: Batterflyai Media Ltd. remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage @@ -208,6 +228,11 @@ descr: Network Dedicated SAS remarks: bulletproof ISP and IP hijacker, claims to be located in CH, but traces to NL country: NL +aut-num: AS61977 +descr: Vivo Trade L.P. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS62468 descr: VpsQuan L.L.C. remarks: claims to be located in US, but traces to HK @@ -248,6 +273,11 @@ descr: Wujidun Network Limited remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region country: AP +aut-num: AS200019 +descr: ALEXHOST SRL +remarks: ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network +country: MD + aut-num: AS200699 descr: Datashield, Inc. remarks: fake offshore location (SC), traces back to NL @@ -273,6 +303,11 @@ descr: FutureNow Incorporated remarks: ISP located in BG, but RIR data for announced prefixes contain garbage country: BG +aut-num: AS202920 +descr: DataClub S.A. +remarks: another shady customer of "DDoS Guard Ltd." +country: RU + aut-num: AS202425 descr: IP Volume Inc. remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) located in NL @@ -308,6 +343,11 @@ descr: Hauer Hosting Services Limited remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage country: ES +aut-num: AS206397 +descr: Genius Guard / Genius Security Ltd. +remarks: another shady customer of "DDoS Guard Ltd.", probably located in RU +country: RU + aut-num: AS207046 descr: Xtudio Networks S.L.U. remarks: ISP located in ES, but some RIR data for announced prefixes contain garbage @@ -338,6 +378,11 @@ descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage country: EU +aut-num: AS211849 +descr: Kakharov Orinbassar Maratuly +remarks: ISP located in RU, but RIR data for announced prefixes contain garbage +country: RU + aut-num: AS213035 descr: Serverion BV remarks: ISP located in NL, but RIR data for most announced prefixes contain garbage @@ -458,6 +503,11 @@ descr: Golden Internet LLC remarks: fake location (KP), WHOIS contact points to RU country: RU +net: 91.243.32.0/19 +descr: Petersburg Internet Network Ltd. +remarks: RIR data for suballocations contain garbage, they are all located in RU +country: RU + net: 95.181.152.0/21 descr: QWARTA LLC remarks: fake location (US), WHOIS contact and traceroutes point to RU -- 2.39.2