override-{other,xd}: Regular batch of various overrides

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index a318c431c4249a114024cf1f1dbf83ad5cea97ec..3ef333c15e811dce26df9d6d67b6e804a69c8a8d 100644 (file)
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -1968,7 +1968,7 @@ remarks:  AQ != DE, you know
 country:       DE
 
 aut-num:       AS208046
-descr:         Maximilian Kutzner trading as HostSlick
+descr:         ColocationX Ltd.
 remarks:       traces back to NL, but some RIR data for announced prefixes contain garbage
 country:       NL
 

diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index 4893be2728c7fccf66857717f7164f2c9b94f910..c4ea78bc3273de8fdc5d453bdc9252a1a2fa7ecd 100644 (file)
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -49,24 +49,12 @@ remarks:    IP hijacker operating out of AP area (HK or TW?)
 country:       AP
 drop:          yes
 
-aut-num:       AS35029
-descr:         WebLine LTD
-remarks:       Rogue ISP
-country:       RU
-drop:          yes
-
 aut-num:       AS39770
 descr:         1337TEAM LIMITED / eliteteam[.]to
 remarks:       Bulletproof ISP
 country:       RU
 drop:          yes
 
-aut-num:       AS40193
-descr:         Trit Networks, LLC
-remarks:       all cybercrime hosting, all the time
-country:       US
-drop:          yes
-
 aut-num:       AS41564
 descr:         Orion Network Limited
 remarks:       shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks
@@ -78,12 +66,6 @@ remarks:     all cybercrime hosting, all the time
 country:       RU
 drop:          yes
 
-aut-num:       AS43092
-descr:         Kirin Communication Limited
-remarks:       Hijacks IP space and tampers with RIR data, traces back to JP
-country:       JP
-drop:          yes
-
 aut-num:       AS44446
 descr:         OOO SibirInvest
 remarks:       bulletproof ISP (related to AS202425 and AS57717) located in NL
@@ -133,6 +115,7 @@ drop:               yes
 aut-num:       AS49943
 descr:         IT Resheniya LLC
 remarks:       Rogue ISP
+country:       RU
 drop:          yes
 
 aut-num:       AS51381
@@ -192,6 +175,7 @@ drop:               yes
 aut-num:       AS57416
 descr:         LLC South Internet
 remarks:       Bulletproof ISP
+country:       RU
 drop:          yes
 
 aut-num:       AS57523
@@ -219,7 +203,7 @@ country:    SE
 drop:          yes
 
 aut-num:       AS58271
-descr:         FOP Gubina Lubov Petrivna
+descr:         Tyatkova Oksana Valerievna
 remarks:       bulletproof ISP operating from a war zone in eastern UA
 country:       UA
 drop:          yes
@@ -239,6 +223,7 @@ drop:               yes
 aut-num:       AS59425
 descr:         HORIZON LLC
 remarks:       Rogue ISP
+country:       RU
 drop:          yes
 
 aut-num:       AS59753
@@ -264,12 +249,6 @@ remarks:   part of a dirty ISP conglomerate operating most likely out of SE, hijac
 country:       SE
 drop:          yes
 
-aut-num:       AS60930
-descr:         Intem LLC
-remarks:       leaf AS with upstream to other dirty hosters, brute-force attacks galore
-country:       RU
-drop:          yes
-
 aut-num:       AS61302
 descr:         HUIZE LTD
 remarks:       Bulletproof ISP
@@ -606,11 +585,6 @@ remarks:   Attack network tracing back to NL
 country:       NL
 drop:          yes
 
-net:           61.177.172.0/23
-descr:         CHINANET jiangsu province network
-remarks:       Since July 27, 2022, this network conducts mass brute-force attacks galore
-drop:          yes
-
 net:           89.23.103.0/24
 descr:         Media Land LLC / abuse-server[.]su
 remarks:       bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/
@@ -673,11 +647,6 @@ remarks:   Attack network tracing back to UA
 country:       UA
 drop:          yes
 
-net:           185.196.220.0/24
-descr:         Makut Investments
-remarks:       Brute-force attack network
-drop:          yes
-
 net:           193.201.9.0/24
 descr:         Infolink LLC
 remarks:       Based on domains ending up there, this network is entirely malicious