From: Peter Müller Date: Sat, 11 Mar 2023 13:22:23 +0000 (+0000) Subject: override-{other,xd}: Regular batch of various overrides X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ad03d2d4f6b3638f4f4d80678d67512e5f965d5;p=location%2Flocation-database.git override-{other,xd}: Regular batch of various overrides Signed-off-by: Peter Müller --- diff --git a/overrides/override-other.txt b/overrides/override-other.txt index a318c43..3ef333c 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1968,7 +1968,7 @@ remarks: AQ != DE, you know country: DE aut-num: AS208046 -descr: Maximilian Kutzner trading as HostSlick +descr: ColocationX Ltd. remarks: traces back to NL, but some RIR data for announced prefixes contain garbage country: NL diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 4893be2..c4ea78b 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -49,24 +49,12 @@ remarks: IP hijacker operating out of AP area (HK or TW?) country: AP drop: yes -aut-num: AS35029 -descr: WebLine LTD -remarks: Rogue ISP -country: RU -drop: yes - aut-num: AS39770 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Bulletproof ISP country: RU drop: yes -aut-num: AS40193 -descr: Trit Networks, LLC -remarks: all cybercrime hosting, all the time -country: US -drop: yes - aut-num: AS41564 descr: Orion Network Limited remarks: shady uplink for a bunch of dirty ISPs, routing stolen AfriNIC networks @@ -78,12 +66,6 @@ remarks: all cybercrime hosting, all the time country: RU drop: yes -aut-num: AS43092 -descr: Kirin Communication Limited -remarks: Hijacks IP space and tampers with RIR data, traces back to JP -country: JP -drop: yes - aut-num: AS44446 descr: OOO SibirInvest remarks: bulletproof ISP (related to AS202425 and AS57717) located in NL @@ -133,6 +115,7 @@ drop: yes aut-num: AS49943 descr: IT Resheniya LLC remarks: Rogue ISP +country: RU drop: yes aut-num: AS51381 @@ -192,6 +175,7 @@ drop: yes aut-num: AS57416 descr: LLC South Internet remarks: Bulletproof ISP +country: RU drop: yes aut-num: AS57523 @@ -219,7 +203,7 @@ country: SE drop: yes aut-num: AS58271 -descr: FOP Gubina Lubov Petrivna +descr: Tyatkova Oksana Valerievna remarks: bulletproof ISP operating from a war zone in eastern UA country: UA drop: yes @@ -239,6 +223,7 @@ drop: yes aut-num: AS59425 descr: HORIZON LLC remarks: Rogue ISP +country: RU drop: yes aut-num: AS59753 @@ -264,12 +249,6 @@ remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijac country: SE drop: yes -aut-num: AS60930 -descr: Intem LLC -remarks: leaf AS with upstream to other dirty hosters, brute-force attacks galore -country: RU -drop: yes - aut-num: AS61302 descr: HUIZE LTD remarks: Bulletproof ISP @@ -606,11 +585,6 @@ remarks: Attack network tracing back to NL country: NL drop: yes -net: 61.177.172.0/23 -descr: CHINANET jiangsu province network -remarks: Since July 27, 2022, this network conducts mass brute-force attacks galore -drop: yes - net: 89.23.103.0/24 descr: Media Land LLC / abuse-server[.]su remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ @@ -673,11 +647,6 @@ remarks: Attack network tracing back to UA country: UA drop: yes -net: 185.196.220.0/24 -descr: Makut Investments -remarks: Brute-force attack network -drop: yes - net: 193.201.9.0/24 descr: Infolink LLC remarks: Based on domains ending up there, this network is entirely malicious