From: Peter Müller Date: Sat, 19 Feb 2022 11:15:03 +0000 (+0000) Subject: override-{a1,a3,other,xd}: Regular batch of various overrides X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=715c74a86a0100071ba5e744891079002e04e5b5;p=location%2Flocation-database.git override-{a1,a3,other,xd}: Regular batch of various overrides Signed-off-by: Peter Müller --- diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index ec0234f..089696b 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -162,6 +162,12 @@ descr: AMPR VPN remarks: VPN provider is-anonymous-proxy: yes +aut-num: AS136787 +descr: TEFINCOM S.A. / NordVPN +remarks: VPN provider, most if not all prefixes announced by this AS trace back to AP area, but their RIR data contain garbage +is-anonymous-proxy: yes +country: AP + aut-num: AS197640 descr: OverPlay.Net LP remarks: VPN and/or proxy provider @@ -1750,6 +1756,11 @@ descr: SecuredConnectivity remarks: VPN provider is-anonymous-proxy: yes +net: 212.30.63.0/24 +descr: ExpressVPN +remarks: VPN provider +is-anonymous-proxy: yes + net: 212.50.68.0/22 descr: Telnet VPN remarks: VPN provider diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt index da78310..c69ad5f 100644 --- a/overrides/override-a3.txt +++ b/overrides/override-a3.txt @@ -348,6 +348,12 @@ descr: Mythic Beasts Ltd. remarks: Generic anycast network is-anycast: yes +aut-num: AS262254 +descr: DDOS-GUARD CORP. +remarks: fake offshore location (BZ), actual jurisdiction is probably RU, shady CDN +is-anycast: yes +country: RU + aut-num: AS394695 descr: PDR remarks: TLD operator's anycast network [high confidence, but not proofed - RIR data contain garbage either way :-/ ] diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 5bba60f..039f889 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -119,11 +119,21 @@ descr: MTS PJSC remarks: ISP located in RU, but some RIR data for announced prefixes contain garbage country: RU +aut-num: AS9304 +descr: HGC Global Communications Limited +remarks: Jurisdiction is HK, pinning the location there +country: HK + aut-num: AS9312 descr: xTom Hong Kong Limited remarks: ISP located in HK, RIR data for announced prefixes contain garbage country: HK +aut-num: AS10103 +descr: HK Broadband Network Ltd. +remarks: ISP located in HK, some RIR data for announced prefixes contain garbage +country: HK + aut-num: AS12025 descr: Iron Mountain Data Center remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -149,6 +159,11 @@ descr: LUKOIL Technology Services GmbH remarks: T.I.L.: AT is RU, too country: RU +aut-num: AS13194 +descr: UAB "Bite Lietuva" +remarks: ISP located in LT, but some RIR data for announced prefixes contain garbage +country: LT + aut-num: AS13830 descr: Nexril remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -508,6 +523,11 @@ descr: Skylink Data Center BV remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage country: NL +aut-num: AS44889 +descr: Farhang Azma Communications Company LTD +remarks: ... contains traces of bogus RIR data +country: IR + aut-num: AS44901 descr: Belcloud LTD remarks: ISP located in BG, but some RIR data for announced prefixes contain garbage @@ -688,6 +708,11 @@ descr: ULTRANEX LTD remarks: fake offshore location (CY), hosted in NL country: NL +aut-num: AS58224 +descr: Iran Telecommunication Company PJS +remarks: ... located in IR +country: IR + aut-num: AS58294 descr: CloudWall Ltd. remarks: RIR data neither contain a postal address nor a phone number, traceroutes end in Sofia, BG @@ -733,6 +758,11 @@ descr: Vault Dweller OU remarks: traceroutes dead-end somewhere in or near RU country: RU +aut-num: AS60025 +descr: Parsun Network Solutions Germany Network +remarks: Claims to be located in DE, RIR data contain garbage, and all traceroutes dead-end in AU +country: AU + aut-num: AS60144 descr: 3W Infra B.V. remarks: ISP located in NL, but some RIR data for announced prefixes contain garbage @@ -833,6 +863,11 @@ descr: POWER LINE DATACENTER remarks: ISP and/or IP hijacker located in HK, tampers with RIR data country: HK +aut-num: AS133115 +descr: HK Kwaifong Group Limited +remarks: ... located in HK +country: HK + aut-num: AS133201 descr: ABCDE GROUP COMPANY LIMITED remarks: ISP and/or IP hijacker located in HK @@ -993,6 +1028,11 @@ descr: Galaxy Broadband remarks: ISP located in PK, but some RIR data need manual correction due to ARIN DB situation country: PK +aut-num: AS139989 +descr: CV Atha Media Prima +remarks: traces back to ID +country: ID + aut-num: AS140214 descr: Create Prominent Information Limited remarks: Shady ISP located in HK @@ -1028,6 +1068,11 @@ descr: High Family Technology Co., Limited remarks: (Rogue?) downstream of AS55933, located somewhere in AP country: AP +aut-num: AS142403 +descr: YISU CLOUD LTD +remarks: ... located in HK +country: HK + aut-num: AS196682 descr: FLP Kochenov Aleksej Vladislavovich remarks: ISP located in UA, but RIR data for announced prefixes all say EU @@ -1228,6 +1273,11 @@ descr: Cenk Aksit remarks: shady ISP located in TR, but RIR data for announced prefixes contain garbage country: TR +aut-num: AS209372 +descr: IP Men D.V +remarks: Jurisdiction of this is RU, we pin its location to it since (clients) tamper massively with RIR data :-/ +country: RU + aut-num: AS209401 descr: Gudaev Maxim Amrakhovich remarks: announcements scatter across various places in EU (DE/CZ/??), but RIR data contain garbage @@ -1333,10 +1383,10 @@ descr: SIA "Singularity Telecom" remarks: Shady customer of AS31732 (Parsun Network Solutions Pty. Ltd.) located in AU, RIR data for announced prefixes contain garbage country: AU -aut-num: AS262254 -descr: DDOS-GUARD CORP. -remarks: fake offshore location (BZ), traces back to RU -country: RU +aut-num: AS262287 +descr: Maxihost LTDA +remarks: Many if not all prefixes announced by this AS trace back to BR, yet their RIR data contain mostly garbage. Also, Maxihost LTDA does not seem to be able to prevent cyber criminals from abusing it's services - tomorrows bulletproof ISP? +country: BR aut-num: AS263744 descr: Udasha S.A. @@ -1398,6 +1448,11 @@ descr: Leaseweb USA, Inc. remarks: ISP located in US, but some RIR data for announced prefixes contain garbage country: US +aut-num: AS396356 +descr: Maxihost LLC +remarks: Many if not all prefixes announced by this AS trace back to US, yet their RIR data contain mostly garbage. Also, Maxihost LLC does not seem to be able to prevent cyber criminals from abusing it's services - tomorrows bulletproof ISP? +country: US + aut-num: AS397423 descr: Tier.Net Technologies LLC remarks: ISP located in US, but some RIR data for announced prefixes contain garbage @@ -1533,6 +1588,16 @@ descr: Itace International Limited remarks: claims to be located in HK, but traces back to RO country: RO +net: 45.180.20.0/24 +descr: DATAHOME S.A. +remarks: traces back to BR +country: BR + +net: 45.182.189.0/24 +descr: DATAHOME S.A. +remarks: traces back to RU +country: RU + net: 47.60.0.0/14 descr: Vodafone US Inc. remarks: large Vodafone IP chunk used in ES, but assigned by ARIN (inaccurate data) @@ -1668,6 +1733,11 @@ descr: Anthony Marshall / Game Hosting Net / FlokiNET Ltd. remarks: fake location (BA), traces back to RO country: RO +net: 179.60.151.0/24 +descr: DATAHOME S.A. +remarks: traces back to BR +country: BR + net: 185.10.68.0/24 descr: FlokiNET Ltd. remarks: fake offshore location (SC), traces back to RO diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index e4cbee2..338f466 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -123,8 +123,8 @@ drop: yes aut-num: AS55933 descr: Cloudie Limited -remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to AP region -country: AP +remarks: part of the "Asline" IP hijacking gang, tampers with RIR data, traces back to HK +country: HK drop: yes aut-num: AS56611