From: Peter Müller <peter.mueller@ipfire.org>
Date: Sun, 12 Mar 2023 10:46:20 +0000 (+0000)
Subject: override-{other,xd}: Regular batch of various overrides
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19686b71c56f258350d8c0c64b6387f39f593289;p=location%2Flocation-database.git

override-{other,xd}: Regular batch of various overrides

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 3ef333c..67f4229 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -1542,11 +1542,6 @@ descr:		SUPERCLOUDS LIMITED
 remarks:	ISP located in HK, tampers with RIR data
 country:	HK
 
-aut-num:	AS138687
-descr:		Xdeer Limited
-remarks:	Another shady Serverion customer located in NL, but tampers with RIR data en masse
-country:	NL
-
 aut-num:	AS138968
 descr:		rainbow network limited
 remarks:	IP hijacker located somewhere in AP area, suspected to be part of the "Asline" IP hijacking gang, tampers with RIR data
@@ -1702,6 +1697,11 @@ descr:		ALEXHOST SRL
 remarks:	ISP located in MD, majority of RIR data for announced prefixes contain garbage, we cannot trust this network
 country:	MD
 
+aut-num:	AS200482
+descr:		nexserv GmbH
+remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS200699
 descr:		Datashield, Inc.
 remarks:	fake offshore location (SC), traces back to NL
@@ -1852,6 +1852,11 @@ descr:		A2 Networks Inc.
 remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
 country:	NL
 
+aut-num:	AS204843
+descr:		STERLY VERI MERKEZI YAZILIM VE SIBER GUVENLIK HIZMETL...
+remarks:	ISP located in TR, but some RIR data for announced prefixes contain garbage
+country:	TR
+
 aut-num:	AS204997
 descr:		Network Management Ltd.
 remarks:	traceroutes dead-end somewhere in or near RU
@@ -1887,6 +1892,11 @@ descr:		Hybrid LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
 country:	RU
 
+aut-num:	AS206119
+descr:		Veganet Teknolojileri ve Hizmetleri LTD STI
+remarks:	ISP located in TR, but some RIR data for announced prefixes contain garbage
+country:	TR
+
 aut-num:	AS206397
 descr:		Genius Guard / Genius Security Ltd.
 remarks:	another shady customer of "DDoS Guard Ltd.", probably located in RU
@@ -2052,6 +2062,11 @@ descr:		Semih Mehmet CAN
 remarks:	ISP located in TR, but some RIR data for announced prefixes contain garbage
 country:	TR
 
+aut-num:	AS210464
+descr:		RKS HOSTING LLC
+remarks:	ISP located in NL, but some RIR data for announced prefixes contain garbage
+country:	NL
+
 aut-num:	AS210512
 descr:		Internet Technologies LLC
 remarks:	ISP located in RU, but some RIR data for announced prefixes contain garbage
@@ -2777,6 +2792,11 @@ descr:		QUIKA LTD
 remarks:	claims to be located in DE, traces back to GB
 country:	GB
 
+net:		195.133.20.0/24
+descr:		Tribeka Web Advisors S.A.
+remarks:	Tampers with RIR data, traces back to NL
+country:	NL
+
 net:		195.66.165.0/24
 descr:		Posta Crne Gore
 remarks:	Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html
diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt
index c4ea78b..0e7e855 100644
--- a/overrides/override-xd.txt
+++ b/overrides/override-xd.txt
@@ -319,6 +319,12 @@ remarks:	IP hijacker located in HK
 country:	HK
 drop:		yes
 
+aut-num:	AS138687
+descr:		Xdeer Limited
+remarks:	Rogue Serverion customer located in NL, tampers with RIR data en masse
+country:	NL
+drop:		yes
+
 aut-num:	AS139330
 descr:		SANREN DATA LIMITED
 remarks:	IP hijacker located somewhere in AP region, tampers with RIR data
@@ -626,16 +632,6 @@ descr:		CHINANET Guangdong province network
 remarks:	Brute-force attack network
 drop:		yes
 
-net:		116.57.185.0/24
-descr:		China Education and Research Network
-remarks:	Brute-force attack network
-drop:		yes
-
-net:		123.160.220.0/22
-descr:		CHINANET henan province network
-remarks:	Brute-force attack network
-drop:		yes
-
 net:		154.89.5.0/24
 descr:		Agotoz HK Limited
 remarks:	Brute-force attack network
@@ -647,23 +643,12 @@ remarks:	Attack network tracing back to UA
 country:	UA
 drop:		yes
 
-net:		193.201.9.0/24
-descr:		Infolink LLC
-remarks:	Based on domains ending up there, this network is entirely malicious
-drop:		yes
-
 net:		193.233.81.0/24
 descr:		1337TEAM LIMITED / eliteteam[.]to
 remarks:	Bulletproof ISP
 country:	RU
 drop:		yes
 
-net:		195.133.20.0/24
-descr:		Tribeka Web Advisors S.A.
-remarks:	Tampers with RIR data, traces back to NL, not a safe place to route traffic to
-country:	NL
-drop:		yes
-
 net:		194.135.24.0/24
 descr:		Tribeka Web Advisors S.A.
 remarks:	Tampers with RIR data, traces back to US, not a safe place to route traffic to