From: Peter Müller Date: Thu, 24 Mar 2022 17:05:56 +0000 (+0000) Subject: override-{a1,other,xd}: Regular batch of various overrides X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=988daa7ecef4603dbc9c2b3510391d6a402ef0ea;p=location%2Flocation-database.git override-{a1,other,xd}: Regular batch of various overrides Signed-off-by: Peter Müller --- diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index 644c3ae..827d49f 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -1426,11 +1426,6 @@ descr: Xantho Ltd. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes -net: 186.2.160.0/20 -descr: DDOS-GUARD CORP. -remarks: IP chunk owned by an offshore company, abuse contact is a freemail address, address says "1/2 Miles Northern Highway, Belize" -is-anonymous-proxy: yes - net: 188.72.80.0/21 descr: GZ Systems Limited / PureVPN remarks: VPN provider @@ -1516,16 +1511,6 @@ descr: NordVPN remarks: VPN provider is-anonymous-proxy: yes -net: 192.230.37.0/24 -descr: Privax LTD -remarks: VPN provider -is-anonymous-proxy: yes - -net: 192.230.39.0/24 -descr: Privax LTD -remarks: VPN provider -is-anonymous-proxy: yes - net: 192.241.169.122/32 descr: ssltunnel.net et al. remarks: Open proxy provider @@ -1566,11 +1551,6 @@ descr: Anonymouse / Anonymous S.A. remarks: VPN and open proxy provider is-anonymous-proxy: yes -net: 193.218.190.0/24 -descr: Private Internet Hosting LTD -remarks: VPN provider -is-anonymous-proxy: yes - net: 194.5.96.0/22 descr: Angelo Kreikamp trading as Forhosting / Privacy Online / Danilenko, Artyom / ... remarks: (Rogue) VPN provider @@ -1836,6 +1816,11 @@ descr: VPNtranet, LLC. remarks: VPN provider is-anonymous-proxy: yes +net: 2607:6100:e1::/48 +descr: VPN Tunnel Endpoints +remarks: VPN provider [high confidence, but not proofed] +is-anonymous-proxy: yes + net: 2620:7:6001::/48 descr: Quintex Alliance Consulting remarks: Tor relay provider diff --git a/overrides/override-other.txt b/overrides/override-other.txt index 681d670..19ac9b7 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1255,8 +1255,8 @@ country: RU aut-num: AS206819 descr: ANSON NETWORK LIMITED -remarks: Autonomous System registered to UK letterbox company, traces back through shady ISPs to TW -country: TW +remarks: another shady customer of "DDoS Guard Ltd.", located in AP area +country: AP aut-num: AS206898 descr: Server Hosting Pty Ltd @@ -1275,7 +1275,7 @@ country: NL aut-num: AS207400 descr: AAEX NETWORK TECHNOLOGY LTD -remarks: IP hijacker located in HK +remarks: ... traces back to HK country: HK aut-num: AS207429 @@ -1588,31 +1588,6 @@ descr: Serverion LLC remarks: ISP located in NL, some RIR data contain garbage country: NL -net: 5.1.68.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE - -net: 5.1.69.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE - -net: 5.1.83.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE - -net: 5.1.88.0/24 -descr: GaiacomLC -remarks: routed to DE, inaccurate RIR data -country: DE - -net: 5.252.32.0/22 -descr: StormWall s.r.o. -remarks: claims to be located in DE, but traces back to somewhere else in central Europe -country: EU - net: 31.220.0.0/22 descr: Amarutu Technology Ltd. / KoDDoS / ESecurity remarks: fake offshore location (BZ), traces back to NL @@ -1653,11 +1628,6 @@ descr: Flyservers S.A. remarks: fake offshore location (PA), traces back to NL country: NL -net: 45.134.12.0/24 -descr: MS Network LTD -remarks: fake offshore location (SC), traces back to NL -country: NL - net: 45.134.144.0/22 descr: IPv4 Superhub Limited remarks: same as 45.93.16.0/22 @@ -1855,13 +1825,13 @@ country: DE net: 185.143.223.0/24 descr: Lenar Davletshin -remarks: traceroutes dead-end somewhere after entering Voxility's network in Vienna, but that's not the location of this network -country: EU +remarks: traceroutes dead-end somewhere in US, network location appears to move a round a lot +country: US net: 185.175.93.0/24 descr: Perfect Hosting Solutions -remarks: bulletproof ISP related to AS204655, traces back to BG -country: BG +remarks: traces back to UA +country: UA net: 185.169.253.0/24 descr: Amarutu Technology Ltd. / KoDDoS / ESecurity @@ -1888,6 +1858,11 @@ descr: XinYuan Interconnect (HONG KONG [sic!]) Limited remarks: claims to be located in DE, traces back to HK country: HK +net: 188.40.220.0/24 +descr: FireStorm ISP GmbH +remarks: Hetzner customer, infrastructure is physically located in DE +country: DE + net: 190.2.128.0/19 descr: WorldStream (LATAM) BV remarks: LACNIC IP chunk solely used in NL (inaccurate data) @@ -1918,16 +1893,16 @@ descr: QUIKA LTD remarks: claims to be located in DE, traces back to GB country: GB -net: 194.87.218.0/24 -descr: Hauer Hosting Services Limited -remarks: traces back to RU -country: RU - net: 195.66.165.0/24 descr: Posta Crne Gore remarks: Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html country: ME +net: 195.191.81.0/24 +descr: Matthias Fetzer +remarks: traces back to UA at this time +country: UA + net: 195.252.115.0/24 descr: Drenik ISP remarks: Orphaned RIR data, see: https://lists.ipfire.org/pipermail/location/2021-April/000267.html diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index a414536..f3c8bbb 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -38,36 +38,12 @@ remarks: IP hijacker, traces back to HK country: HK drop: yes -aut-num: AS22133 -descr: Octet Brasil Ltda -remarks: Hijacked AS being announced out of RU -country: RU -drop: yes - -aut-num: AS24009 -descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED -remarks: IP hijacker and bulletproof ISP, possibly located near Los Angeles, US -country: US -drop: yes - aut-num: AS22769 descr: DDOSING NETWORK remarks: IP hijacker located in US, massively tampers with RIR data country: US drop: yes -aut-num: AS24009 -descr: LANLIAN INTERNATIONAL HOLDING GROUP LIMITED -remarks: IP hijacker located in HK, tampers with RIR data -country: HK -drop: yes - -aut-num: AS27891 -descr: Universidad PedagA³gica Experimental Libertador -remarks: Hijacked AS being announced out of RU -country: RU -drop: yes - aut-num: AS39770 descr: 1337TEAM LIMITED / eliteteam[.]to remarks: Owned by an offshore letterbox company, suspected rogue ISP @@ -201,12 +177,6 @@ descr: EDGENAP LTD remarks: IP hijacking? Rogue ISP? drop: yes -aut-num: AS61879 -descr: Ami¿½rica Latina Educacional Adm. e Servii¿½os LTDA -remarks: Hijacked AS being announced out of RU -country: RU -drop: yes - aut-num: AS62068 descr: SpectraIP B.V. remarks: bulletproof ISP (linked to AS202425 et al.) located in NL @@ -382,7 +352,7 @@ drop: yes aut-num: AS393889 descr: EightJoy Network LLC -remarks: All prefixes announced by this network are hijacked +remarks: Most likely hijacked AS drop: yes aut-num: AS398478 @@ -405,7 +375,7 @@ drop: yes net: 196.11.32.0/20 descr: Sanlam Life Insurance Limited -remarks: Stolen AfriNIC IPv4 space announced from NL +remarks: Stolen AfriNIC IPv4 space announced from NL? country: NL drop: yes