From: Peter Müller Date: Sat, 17 Feb 2024 23:50:17 +0000 (+0000) Subject: override-{a1,other,xd}: Regular batch of various overrides X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e57313faca80b1eb691d126dc84f83215f8565aa;p=location%2Flocation-database.git override-{a1,other,xd}: Regular batch of various overrides Signed-off-by: Peter Müller --- diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt index aa433d5..64196ce 100644 --- a/overrides/override-a1.txt +++ b/overrides/override-a1.txt @@ -30,12 +30,12 @@ remarks: Tor relay provider is-anonymous-proxy: yes aut-num: AS8427 -descr: Maginfo +descr: Joint Stock Company TransTeleCom / Maginfo remarks: VPN provider is-anonymous-proxy: yes aut-num: AS16255 -descr: IRIDIUM PROVIDER LTD +descr: IRIDIUM PROVIDER LTD / ISP LLC remarks: VPN provider [high confidence, but not proofed] located in RU is-anonymous-proxy: yes country: RU @@ -50,16 +50,6 @@ descr: VPNsolutions Pty Ltd remarks: VPN provider is-anonymous-proxy: yes -aut-num: AS27683 -descr: VPN de Mexico, S.A. de C.V. -remarks: VPN provider -is-anonymous-proxy: yes - -aut-num: AS34962 -descr: Epik Network -remarks: Shady ISP and registrar, many prefixes announced refer to "anonymize" infrastructure -is-anonymous-proxy: yes - aut-num: AS37287 descr: Zain Zambia PLC remarks: Many prefixes announced by this ASN are marked as VPN blocks @@ -71,8 +61,8 @@ remarks: VPN and Tor relay provider located in SE is-anonymous-proxy: yes country: SE -aut-num: AS38814 -descr: Asiamax Ltd. VPN +aut-num: AS39351 +descr: 31173 Services AB remarks: VPN provider is-anonymous-proxy: yes @@ -81,33 +71,11 @@ descr: Cloudie Networks, LLC. remarks: VPN provider / IPv6 tunnel broker service is-anonymous-proxy: yes -aut-num: AS44571 -descr: Netvillage Ltd. -remarks: VPN provider [high confidence, but not proofed] located in or near RU -is-anonymous-proxy: yes -country: RU - aut-num: AS44724 descr: Octopusnet LTD remarks: VPN provider, not all VPN prefixes seem to be marked as such, so we go for the entire AS is-anonymous-proxy: yes -aut-num: AS45792 -descr: Layer 3 VPN ASN -remarks: VPN provider -is-anonymous-proxy: yes - -aut-num: AS46732 -descr: RESIDENTIAL NETWORKING SOLUTIONS LLC -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -aut-num: AS47158 -descr: IT LTD -remarks: Bulletproof hosting, loaded with IPv6 proxies -is-anonymous-proxy: yes -drop: yes - aut-num: AS51432 descr: BeeVPN ApS remarks: VPN provider @@ -118,12 +86,6 @@ descr: SP Argaev Artem Sergeyevich / Foundation Respect My Privacy remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes -aut-num: AS51852 -descr: Private Layer INC -remarks: VPN provider (claims PA or BZ for some prefixes, but they are all hosted in CH) -is-anonymous-proxy: yes -country: CH - aut-num: AS53559 descr: KST Networks / ANONYMIZER remarks: VPN provider [high confidence, but not proofed] @@ -135,11 +97,6 @@ remarks: Tor relay and VPN provider, traces back to SE [high confidence, but n is-anonymous-proxy: yes country: SE -aut-num: AS58110 -descr: IP Volume Ltd. / Epik -remarks: Shady Autonomous System registered to letterbox company, possibly copycat operation of Epik registrar, many prefixes announced refer to "anonymize" infrastructure -is-anonymous-proxy: yes - aut-num: AS58546 descr: Astrill VPN remarks: VPN provider @@ -151,39 +108,48 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes aut-num: AS60729 -descr: Zwiebelfreunde e.V. +descr: Stiftung Erneuerbare Freiheit / Zwiebelfreunde e.V. remarks: Tor relay provider is-anonymous-proxy: yes +aut-num: AS62651 +name: Strong Technology, LLC. +remarks: VPN provider +is-anonymous-proxy: yes + aut-num: AS62744 name: Quintex Alliance Consulting remarks: Tor relay provider is-anonymous-proxy: yes aut-num: AS132825 -descr: Defense Australia Network +descr: MYTEK TRADING PTY LTD f/k/a Defense Australia Network remarks: ... seems to be loaded with proxies, and not located in AU after all (HK?) is-anonymous-proxy: yes country: AP -aut-num: AS135609 -descr: AMPR VPN +aut-num: AS136787 +descr: TEFINCOM S.A. / NordVPN remarks: VPN provider is-anonymous-proxy: yes -aut-num: AS136787 -descr: TEFINCOM S.A. / NordVPN -remarks: VPN provider, most if not all prefixes announced by this AS trace back to AP area, but their RIR data contain garbage +aut-num: AS147049 +descr: PacketHub S.A. / NordVPN +remarks: VPN provider is-anonymous-proxy: yes -country: AP aut-num: AS197640 descr: OverPlay.Net LP remarks: VPN and/or proxy provider is-anonymous-proxy: yes +aut-num: AS200373 +descr: 3xK Tech GmbH +remarks: VPN and/or proxy provider +is-anonymous-proxy: yes + aut-num: AS201665 -descr: Anonymizer, Inc. +descr: Anonymizer, Inc. / KSTNETWORKS remarks: VPN provider is-anonymous-proxy: yes @@ -202,23 +168,17 @@ descr: HERN Labs AB remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes +aut-num: AS207137 +descr: PacketHub S.A. / NordVPN +remarks: VPN provider +is-anonymous-proxy: yes + aut-num: AS207688 descr: DataHome S.A. remarks: VPN provider located in BR [high confidence, but not proofed] is-anonymous-proxy: yes country: BR -aut-num: AS207907 -descr: NSQ Venture (M) SDN BHD -remarks: Possibly part of https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/, also tampers with RIR data -is-anonymous-proxy: yes -country: US - -aut-num: AS207976 -descr: V6 Networking LLC -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - aut-num: AS208169 descr: Artikel10 e.V. remarks: Tor relay provider @@ -245,14 +205,8 @@ descr: RESNET INC remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes -aut-num: AS209623 -descr: David Craig -remarks: (Rogue) VPN provider -is-anonymous-proxy: yes -country: EU - aut-num: AS209854 -descr: Surfshark Ltd. +descr: Cyberzone S.A. / Surfshark Ltd. remarks: VPN provider is-anonymous-proxy: yes @@ -261,9 +215,9 @@ descr: Privex Inc. remarks: VPN and Tor relay provider is-anonymous-proxy: yes -aut-num: AS212052 -descr: BOET NOTIFY LTD. -remarks: VPN provider [high confidence, but not proofed] +aut-num: AS211192 +descr: CYBERHOP LTD +remarks: VPN provider is-anonymous-proxy: yes aut-num: AS212200 @@ -271,30 +225,8 @@ descr: ONION NETWORKS LTD remarks: Tor relay provider is-anonymous-proxy: yes -aut-num: AS212371 -descr: Evolve Proxies Ltd. -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -aut-num: AS212786 -descr: Pooky L&W SDN BHD -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes -country: GB - -aut-num: AS212824 -descr: WildProxies -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes -country: NL - -aut-num: AS212987 -descr: NekoCloud Solutions Limited -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - aut-num: AS213005 -descr: Proxyseo Ltd. +descr: Proxyseo Ltd. / Invermae Solutions SL remarks: VPN provider located in ES is-anonymous-proxy: yes country: ES @@ -329,12 +261,6 @@ descr: Stingers, Inc. remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes -aut-num: AS398083 -descr: Ting Wireless -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes -country: US - aut-num: AS398271 descr: HardenedVPN[.]com LLC remarks: VPN provider @@ -351,32 +277,32 @@ remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/th is-anonymous-proxy: yes aut-num: AS399587 -descr: UT +descr: Ultra Telecom remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes country: US -aut-num: AS399928 -descr: STELLAR PROXIES -remarks: VPN or open proxy provider +aut-num: AS399989 +descr: ULTRA ONE +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes -net: 2.57.171.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes +aut-num: AS400522 +descr: rootcloud LLC +remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ +is-anonymous-proxy: ye -net: 2.59.248.0/22 -descr: Mayak Creative Ltd. +aut-num: AS400842 +descr: Tunbroker LLC remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ is-anonymous-proxy: yes -net: 5.62.16.0/24 -descr: Privax LTD / PRCDN Consumer Pool / AVAST s.r.o. +net: 2.57.171.0/24 +descr: VPN Consumer Network remarks: VPN provider is-anonymous-proxy: yes -net: 5.62.18.0/23 +net: 5.62.16.0/22 descr: Privax LTD / PRCDN Consumer Pool / AVAST s.r.o. remarks: VPN provider is-anonymous-proxy: yes @@ -421,91 +347,21 @@ descr: Privax LTD / PRCDN Consumer Pool / AVAST s.r.o. remarks: VPN provider is-anonymous-proxy: yes -net: 5.181.40.0/22 -descr: Tal Mukdasi -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 5.182.34.0/24 -descr: Coca Proxies VOF -remarks: VPN provider -is-anonymous-proxy: yes - -net: 5.182.35.0/24 -descr: Coca Proxies VOF -remarks: VPN provider -is-anonymous-proxy: yes - -net: 5.249.160.0/24 -descr: VPNTunnel -remarks: VPN provider -is-anonymous-proxy: yes - -net: 5.253.56.0/22 -descr: Mayak Consulting Ltd. -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - net: 5.254.128.0/19 descr: VPNTunnel / Hushy VPN / Anonine VPN / Edelino Commerce Inc. remarks: VPN provider is-anonymous-proxy: yes -net: 23.129.64.0/24 -descr: Emerald Onion -remarks: Tor relay provider -is-anonymous-proxy: yes - net: 23.133.64.0/24 descr: 10VPN Hosting remarks: VPN provider is-anonymous-proxy: yes -net: 23.226.219.0/24 -descr: CloudVPN Inc. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 23.226.40.0/24 -descr: CloudVPN Inc. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 23.230.23.0/24 -descr: Colorberry VPN Services -remarks: VPN provider -is-anonymous-proxy: yes - -net: 23.230.137.0/24 -descr: SSL Private Proxy -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 23.239.176.0/22 -descr: CloudVPN Inc. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 23.239.180.0/22 -descr: CloudVPN Inc. -remarks: VPN provider -is-anonymous-proxy: yes - -net: 23.239.184.0/22 -descr: CloudVPN Inc. -remarks: VPN provider -is-anonymous-proxy: yes - net: 23.247.24.0/24 descr: VPNREACTOR remarks: VPN provider is-anonymous-proxy: yes -net: 31.47.116.0/22 -descr: Maginfo -remarks: VPN provider -is-anonymous-proxy: yes - net: 37.123.216.0/21 descr: WellComm VPN remarks: VPN provider @@ -516,129 +372,28 @@ descr: VPNsecure Pty Ltd remarks: VPN provider is-anonymous-proxy: yes -net: 37.230.128.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 37.230.168.0/21 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 37.230.183.0/20 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 37.230.185.0/20 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 37.230.187.0/20 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - net: 41.79.250.0/24 descr: VPN for IPEng in ZA remarks: VPN provider is-anonymous-proxy: yes -net: 41.220.200.0/22 +net: 41.220.200.0/24 descr: VPN-Corporate / To public VPN remarks: VPN provider is-anonymous-proxy: yes -net: 43.226.228.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.8.92.0/22 -descr: Cloud Computing Ltd. -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes -country: US - -net: 45.9.12.0/22 -descr: VPNHost SIA -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.12.144.0/22 -descr: VPNHost SIA -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.14.80.0/22 -descr: ALTUS COMMUNICATIONS, INC. -remarks: VPN and/or open proxy provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 45.41.132.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.41.135.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.41.136.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.41.138.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.41.144.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.41.145.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.56.136.0/24 -descr: VPN Consumer Network -remarks: VPN provider -is-anonymous-proxy: yes - net: 45.74.0.0/18 descr: Secure Internet LLC remarks: VPN provider is-anonymous-proxy: yes -net: 45.131.168.0/22 -descr: Xantho Ltd. -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 45.135.160.0/22 -descr: Revonia Ltd. / LAKSH / IAPS -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 45.142.122.0/24 -descr: Shtrauh Andrey -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - net: 45.144.113.0/24 -descr: NordVPN +descr: Packethub S.A. / NordVPN remarks: VPN provider is-anonymous-proxy: yes net: 45.146.55.0/24 -descr: NordVPN +descr: VPN Consumer Atlanta, United States of America (was NordVPN) remarks: VPN provider is-anonymous-proxy: yes @@ -648,38 +403,12 @@ remarks: VPN provider [high confidence, but not proofed] is-anonymous-proxy: yes net: 45.149.175.0/24 -descr: NordVPN +descr: Packethub S.A. / NordVPN remarks: VPN provider is-anonymous-proxy: yes -net: 45.151.115.0/24 -descr: ikoProxies [high confidence, but not proofed] -remarks: VPN provider located in NL -is-anonymous-proxy: yes -country: NL - net: 45.154.138.0/24 -descr: Express VPN International Ltd -remarks: VPN provider -is-anonymous-proxy: yes - -net: 45.155.128.0/22 -descr: Revonia Ltd. / LAKSH / IAPS -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 45.157.36.0/22 -descr: Gabor Marton -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 45.203.128.0/18 -descr: ProxyWow LLC -remarks: CloudInnovation space leased to "ProxyWow LLC" - not a safe area to accept traffic from anyways -is-anonymous-proxy: yes - -net: 45.220.72.0/22 -descr: Low budget VPN service +descr: VPN Consumer Marseille, France (was: Express VPN International Ltd) remarks: VPN provider is-anonymous-proxy: yes @@ -688,111 +417,6 @@ descr: Secure Internet Limited remarks: VPN provider is-anonymous-proxy: yes -net: 46.36.200.0/22 -descr: IAPS Security Services, L.L.C. -remarks: VPN provider, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - -net: 46.243.136.0/21 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.144.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.148.0/23 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.150.0/24 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.204.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.208.0/20 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.233.0/24 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.234.0/23 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.237.0/24 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.239.0/24 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.240.0/23 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.244.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.248.0/22 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 46.243.236.0/24 -descr: GZ Systems Limited / PureVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 62.149.160.0/20 -descr: Aruba VPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 62.205.128.0/19 -descr: Netassist VPN service -remarks: VPN provider -is-anonymous-proxy: yes - -net: 64.64.98.0/24 -descr: OculusProxies -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 64.64.99.0/24 -descr: OculusProxies -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 64.64.104.0/24 -descr: OculusProxies -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 64.64.108.0/24 -descr: ExpressVPN -remarks: VPN provider -is-anonymous-proxy: yes - net: 64.64.123.0/24 descr: ExpressVPN remarks: VPN provider @@ -803,76 +427,11 @@ descr: SecuredConnectivity remarks: VPN provider is-anonymous-proxy: yes -net: 64.145.76.0/24 -descr: SecuredConnectivity -remarks: VPN provider -is-anonymous-proxy: yes - -net: 64.145.79.0/24 -descr: SecuredConnectivity -remarks: VPN provider -is-anonymous-proxy: yes - -net: 64.145.94.0/24 -descr: SecuredConnectivity -remarks: VPN provider -is-anonymous-proxy: yes - -net: 69.171.214.0/24 -descr: icedoutproxies.com -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - -net: 77.111.244.0/24 -descr: HERN Labs AB -remarks: VPN provider [high confidence, but not proofed] located somewhere in EU -is-anonymous-proxy: yes -country: EU - -net: 77.111.245.0/24 -descr: HERN Labs AB -remarks: VPN provider [high confidence, but not proofed] located in SG -is-anonymous-proxy: yes -country: SG - -net: 77.111.246.0/24 -descr: HERN Labs AB -remarks: VPN provider [high confidence, but not proofed] located in US -is-anonymous-proxy: yes -country: US - -net: 77.111.247.0/24 -descr: HERN Labs AB -remarks: VPN provider [high confidence, but not proofed] located in NL -is-anonymous-proxy: yes -country: NL - net: 77.247.181.160/28 descr: Zwiebelfreunde e.V. remarks: Tor relay provider is-anonymous-proxy: yes -net: 79.134.225.0/24 -descr: The PRIVACYFIRST Project -remarks: (Rogue) VPN provider hosting C&Cs en masse -is-anonymous-proxy: yes - -net: 80.254.74.0/20 -descr: Monzoon / SwissVPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 82.199.130.0/24 -descr: Perfect Privacy LTD -remarks: VPN provider -is-anonymous-proxy: yes - -net: 85.92.100.0/22 -descr: LoadProxy, LLC -remarks: VPN provider -is-anonymous-proxy: yes -country: US - net: 85.203.23.0/24 descr: VPN Consumer Network / falco-networks.com remarks: VPN provider @@ -888,21 +447,6 @@ descr: VPN-Services / KDDI Corporation remarks: VPN provider is-anonymous-proxy: yes -net: 85.203.53.0/24 -descr: Mullvad VPN AB -remarks: VPN provider -is-anonymous-proxy: yes - -net: 85.208.112.0/22 -descr: VPNHOST SIA -remarks: VPN provider -is-anonymous-proxy: yes - -net: 85.209.132.0/22 -descr: Mayak Creative Ltd. -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - net: 88.81.248.0/24 descr: TopNet ISP VPN remarks: VPN provider @@ -928,47 +472,22 @@ descr: "InsatCom-V, ISP: Leased lines, VPN (city Volgograd)" remarks: VPN provider (or something similar) is-anonymous-proxy: yes -net: 92.118.204.0/22 -descr: Mo's Operations GmbH -remarks: VPN provider [high confidence, but not proofed] -is-anonymous-proxy: yes - net: 92.119.17.0/24 descr: NordVPN remarks: VPN provider is-anonymous-proxy: yes -net: 94.199.160.0/23 -descr: MIK Telecom VPN pool -remarks: VPN provider -is-anonymous-proxy: yes - -net: 95.129.56.0/21 -descr: Azimut-R VPN Service -remarks: VPN provider -is-anonymous-proxy: yes - net: 95.140.81.0/24 descr: Electron telecom VPN Users remarks: VPN provider is-anonymous-proxy: yes -net: 95.214.160.0/22 -descr: B Consulting Ltd. -remarks: Loaded with proxies, see also: https://krebsonsecurity.com/2019/08/the-rise-of-bulletproof-residential-networks/ -is-anonymous-proxy: yes - net: 98.159.233.0/24 descr: VPN Consumer Network remarks: VPN provider is-anonymous-proxy: yes -net: 100.42.17.0/24 -descr: Castle VPN -remarks: VPN provider -is-anonymous-proxy: yes - -net: 103.6.219.0/24 +net: 103.6.216.0/22 descr: Astrill VPN remarks: VPN provider is-anonymous-proxy: yes diff --git a/overrides/override-other.txt b/overrides/override-other.txt index d76ba68..45d9b2a 100644 --- a/overrides/override-other.txt +++ b/overrides/override-other.txt @@ -1148,6 +1148,11 @@ descr: Oy Crea Nova Hosting Solution Ltd remarks: ISP located in FI, but some RIR data for announced prefixes contain garbage country: FI +aut-num: AS51852 +descr: Private Layer INC +remarks: Physically located in CH +countr: CH + aut-num: AS51999 descr: WhiteHat Inc. remarks: tampers with RIR data diff --git a/overrides/override-xd.txt b/overrides/override-xd.txt index 92c5c3a..8a5c333 100644 --- a/overrides/override-xd.txt +++ b/overrides/override-xd.txt @@ -220,18 +220,6 @@ remarks: Rogue ISP country: RU drop: yes -aut-num: AS59753 -descr: Vault Dweller OU -remarks: bulletproof ISP (related to AS57717) located in NL -country: NL -drop: yes - -aut-num: AS60424 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Bulletproof ISP -country: RU -drop: yes - aut-num: AS60485 descr: Inter Connects Inc. / Jing Yun remarks: part of a dirty ISP conglomerate operating most likely out of SE, hijacking AfriNIC networks @@ -390,12 +378,6 @@ descr: Partner LLC / LetHost LLC remarks: Bulletproof ISP drop: yes -aut-num: AS204655 -descr: Novogara Ltd. -remarks: bulletproof ISP (strongly linked to AS202425) located in NL -country: NL -drop: yes - aut-num: AS206728 descr: Media Land LLC remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ @@ -556,40 +538,6 @@ remarks: Attack network tracing back to NL country: NL drop: yes -net: 89.23.103.0/24 -descr: Media Land LLC / abuse-server[.]su -remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ -drop: yes - -net: 91.240.243.0/24 -descr: Media Land LLC -remarks: bulletproof ISP, see: https://krebsonsecurity.com/2019/07/meet-the-worlds-biggest-bulletproof-hoster/ -drop: yes - -net: 92.63.196.0/24 -descr: TOV VAIZ PARTNER / Perfect Hosting Solutions -remarks: Attack network tracing back to NL -country: NL -drop: yes - -net: 185.156.72.0/24 -descr: TOV VAIZ PARTNER / InterHost -remarks: Attack network tracing back to UA -country: UA -drop: yes - -net: 193.233.81.0/24 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Bulletproof ISP -country: RU -drop: yes - -net: 194.135.24.0/24 -descr: Tribeka Web Advisors S.A. -remarks: Tampers with RIR data, traces back to US, not a safe place to route traffic to -country: US -drop: yes - net: 196.11.32.0/20 descr: Sanlam Life Insurance Limited remarks: Stolen AfriNIC IPv4 space announced from NL? @@ -611,9 +559,3 @@ descr: ASLINE Limited remarks: APNIC chunk owned by a HK-based IP hijacker, but assigned to DE country: HK drop: yes - -net: 2a10:9700::/29 -descr: 1337TEAM LIMITED / eliteteam[.]to -remarks: Bulletproof ISP -country: RU -drop: yes