From: Peter Müller Date: Fri, 16 Sep 2022 10:14:58 +0000 (+0000) Subject: override-{a1,other,xd}: Regular batch of various overrides X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c0afe33fd414b1bb3856219515302021618570e;p=location%2Flocation-database.git override-{a1,other,xd}: Regular batch of various overrides Signed-off-by: Peter Müller --- diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index b5d9ab3..47cdfbe 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -55,21 +55,15 @@ descr: VPN de Mexico, S.A. de C.V. remarks: VPN provider is-anonymous-proxy: yes -aut-num: AS32781 -descr: Defender cloud international LLC -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - aut-num: AS34962 descr: Epik Network remarks: Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure is-anonymous-proxy: yes -aut-num: AS35029 -descr: WebLine LTD -remarks: (Rogue) VPN provider +aut-num: AS37287 +descr: Zain Zambia PLC +remarks: Many prefixes announced by this ASN are marked as VPN blocks is-anonymous-proxy: yes -country: RU aut-num: AS37560 descr: Cyberdyne S.A. @@ -82,18 +76,17 @@ descr: Asiamax Ltd. VPN remarks: VPN provider is-anonymous-proxy: yes -aut-num: AS43233 -descr: VPS 404 Ltd. -remarks: VPN provider [high confidence, but not proofed] located in ES -is-anonymous-proxy: yes -country: ES - aut-num: AS44571 descr: Netvillage Ltd. remarks: VPN provider [high confidence, but not proofed] located in or near RU is-anonymous-proxy: yes country: RU +aut-num: AS44724 +descr: Octopusnet LTD +remarks: VPN provider, not all VPN prefixes seem to be marked as such, so we go for the entire AS +is-anonymous-proxy: yes + aut-num: AS45792 descr: Layer 3 VPN ASN remarks: VPN provider @@ -290,6 +283,11 @@ remarks: VPN provider located in ES is-anonymous-proxy: yes country: ES +aut-num: AS269726 +descr: CHAMORRO ELADIO OSCAR (PROXY-AR) +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + aut-num: AS394087 descr: Secure Internet LLC / PureVPN remarks: VPN provider @@ -305,11 +303,6 @@ descr: Castle VPN remarks: VPN provider is-anonymous-proxy: yes -aut-num: AS397685 -descr: Business VPN LLC -remarks: VPN provider -is-anonymous-proxy: yes - aut-num: AS397881 descr: Stingers, Inc. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ @@ -939,11 +932,6 @@ descr: Electron telecom VPN Users remarks: VPN provider is-anonymous-proxy: yes -net: 95.154.64.0/18 -descr: Octopusnet VPN -remarks: VPN provider -is-anonymous-proxy: yes - net: 95.214.160.0/22 descr: B Consulting Ltd. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ @@ -1074,11 +1062,26 @@ descr: Secure Internet LLC / PureVPN remarks: VPN provider is-anonymous-proxy: yes +net: 104.253.42.0/24 +descr: Colorberry VPN Services +remarks: VPN provider +is-anonymous-proxy: yes + net: 107.186.38.0/24 descr: Colorberry VPN services remarks: VPN provider is-anonymous-proxy: yes +net: 109.68.136.0/22 +descr: Credolink ISP VPN pool +remarks: VPN provider +is-anonymous-proxy: yes + +net: 109.68.140.0/22 +descr: Credolink ISP VPN pool +remarks: VPN provider +is-anonymous-proxy: yes + net: 109.70.100.0/24 descr: Foundation for Applied Privacy remarks: Tor relay provider @@ -1313,6 +1316,11 @@ country: NL is-anonymous-proxy: yes drop: yes +net: 179.60.149.0/24 +descr: SafeVPN S.A. +remarks: VPN provider +is-anonymous-proxy: yes + net: 179.61.220.0/24 descr: GZ Systems Limited / PureVPN remarks: VPN provider @@ -1596,6 +1604,11 @@ descr: NordVPN remarks: VPN provider is-anonymous-proxy: yes +net: 194.34.159.0/24 +descr: Stadtwerke Rostock Netzgesellschaft mbH, marked as "VPN pool" to different entity +remarks: VPN provider +is-anonymous-proxy: yes + net: 194.35.233.0/24 descr: NordVPN remarks: VPN provider @@ -1821,6 +1834,16 @@ descr: ITNow S.A. VPN pool / CAXIA remarks: VPN provider is-anonymous-proxy: yes +net: 218.203.128.0/24 +descr: China Mobile Communications Corporation-ningxia-guyuan-custom VPN +remarks: VPN provider +is-anonymous-proxy: yes + +net: 218.203.136.0/24 +descr: China Mobile Communications Corporation-ningxia-guyuan-custom VPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 222.255.32.0/23 descr: IP Range assigned for VPN Service of VDC remarks: VPN provider @@ -1846,6 +1869,11 @@ descr: 10VPN Hosting remarks: VPN provider is-anonymous-proxy: yes +net: 2604:e8c0:7::/48 +descr: Mullvad VPN AB +remarks: VPN provider +is-anonymous-proxy: yes + net: 2606:1000::/32 descr: VPNtranet, LLC. remarks: VPN provider @@ -1986,6 +2014,11 @@ descr: 4b42 UG / Securebit Network / Tunnelbroker Network Sandefjord remarks: large IP chunk mostly used by VPN providers is-anonymous-proxy: yes +net: 2a0c:fe01::/32 +descr: MIN proxy +remarks: VPN provider +is-anonymous-proxy: yes + net: 2c0f:f930::/32 descr: Cyberdyne S.A. remarks: Tor relay provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 516a709..728b0e6 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -373,6 +373,11 @@ descr: ABGON Comunicaciones remarks: ISP located in CL, but some RIR data for announced prefixes contain garbage (BZ) country: CL +aut-num: AS28573 +descr: Claro NXT Telecomunicacoes Ltda +remarks: ISP located in BR, but some RIR data for announced prefixes contain garbage (BZ) +country: BR + aut-num: AS28753 descr: Leaseweb Deutschland GmbH remarks: ISP located in Frankfurt/Main, DE, but many RIR data for announced prefixes contain garbage diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index f3cb80c..1d0f3f5 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -37,11 +37,6 @@ remarks: Shady ISP hosting brute-force login attempt machines galore, claims GB country: LT drop: yes -aut-num: AS18254 -descr: KLAYER LLC -remarks: part of the "Asline" IP hijacking gang -drop: yes - aut-num: AS18013 descr: ASLINE LIMITED remarks: IP hijacker, traces back to HK @@ -54,6 +49,12 @@ remarks: IP hijacker operating out of AP area (HK or TW?) country: AP drop: yes +aut-num: AS35029 +descr: WebLine LTD +remarks: Rogue ISP +country: RU +drop: yes + aut-num: AS39770 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP @@ -164,12 +165,6 @@ remarks: another shady customer of "Tamatiya EOOD / 4Vendeta" country: BG drop: yes -aut-num: AS56447 -descr: 511 Far East Limited -remarks: IP hijacker, tampers with RIR data -country: RU -drop: yes - aut-num: AS56611 descr: REBA Communications BV remarks: bulletproof ISP (related to AS202425) located in NL @@ -188,7 +183,8 @@ drop: yes aut-num: AS57523 descr: Chang Way Technologies Co. Limited -remarks: bulletproof ISP, C&C server hosting galore +remarks: Bulletproof ISP +country: RU drop: yes aut-num: AS57717 @@ -361,12 +357,6 @@ remarks: Dirty ISP located in NL country: NL drop: yes -aut-num: AS196691 -descr: Get-Net LLC -remarks: IP hijacker in RU and dirty suballocations, not a safe place to go -country: RU -drop: yes - aut-num: AS200313 descr: IT WEB LTD remarks: All bulletproof/cybercrime hosting, all the time, not a safe AS to connect to @@ -390,24 +380,12 @@ remarks: bulletproof ISP (aka: AS29073 / Ecatel Ltd. / Quasi Networks Ltd.) loca country: NL drop: yes -aut-num: AS202476 -descr: Nevermind Inc. -remarks: Shady ISP in an extremely dirty neighborhood, tampers with RIR data, traces back to RU -country: RU -drop: yes - aut-num: AS202769 -descr: Cooperative Investments LLC +descr: NETSTYLE A. LTD remarks: bulletproof ISP and IP hijacker, related to AS202425 and AS62355, traces to NL country: NL drop: yes -aut-num: AS204341 -descr: Purple Raccoon Ltd. -remarks: Bulletproof ISP in an extremely dirty neighborhood full of IP hijackers -country: RU -drop: yes - aut-num: AS204353 descr: Global Offshore Limited remarks: part of a dirty ISP conglomerate with links to SE, RIR data of prefixes announced by this AS cannot be trusted @@ -426,12 +404,6 @@ remarks: bulletproof ISP (strongly linked to AS202425) located in NL country: NL drop: yes -aut-num: AS205702 -descr: Get-Net LLC -remarks: IP hijacker in RU and dirty suballocations, not a safe place to go -country: RU -drop: yes - aut-num: AS206728 descr: Media Land LLC remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ @@ -565,7 +537,7 @@ drop: yes aut-num: AS398478 descr: PEG TECH INC -remarks: ISP located in HK, tampers with RIR data +remarks: ISP located in HK, part of the ASLINE IP hijacking gang (?), tampers with RIR data country: HK drop: yes @@ -589,7 +561,8 @@ drop: yes aut-num: AS400506 descr: Black Apple -remarks: Solely announces hijacked prefixes, no legitimate infrastructure +remarks: Solely announces hijacked prefixes out of JP, no legitimate infrastructure +country: JP drop: yes net: 45.143.203.0/24 @@ -634,6 +607,11 @@ descr: Serverion B.V. remarks: Leased to Neterra, all cybercrime, all the time drop: yes +net: 111.7.96.0/24 +descr: China Mobile Communications Corporation +remarks: Brute-force attack network +drop: yes + net: 114.246.10.0/24 descr: China Unicom Beijing province network remarks: Brute-force attack network @@ -649,6 +627,11 @@ descr: China Education and Research Network remarks: Brute-force attack network drop: yes +net: 123.160.220.0/22 +descr: CHINANET henan province network +remarks: Brute-force attack network +drop: yes + net: 154.89.5.0/24 descr: Agotoz HK Limited remarks: Brute-force attack network