This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Jan 27 06:40:13 CET 2020
In message <20200127052621.GJ36653 at vurt.meerval.net>, Job Snijders <job at ntt.net> wrote: >The dates, the website at https://www.thriftdrug.org/, the non-US origin >of the announcement all seem to suggest that someone discovered the >block was dangling, the domain unregistered, and some quick registration >& forgery could lead to treasure. Yes. My apologies to all. I made a bit of a mistake here. Note that I no longer use the term "hijacked" because it is too imprecise. These days I only use the terms "squatted" or "stolen" where the latter is a term that I reserve for cases where the relevant WHOIS record has actually been fiddled. Upon further review, this block (206.195.224.0/19) now appears to have been stolen, i.e. with the (assumed unwitting) participation of ARIN. As Job has noted, multiple aspects of the WHOIS record are most certainly non-conformant with common sense. I highlight these below. (I have attempted to call the new contact phone number and it is dead/disconnected.) It is my hope, of course, that the apparent illicit take-over of this block was a product of garden variety incompetence @ ARIN, rather than, you know, the alternative. It appears from ARIN WhoWas data that this takeover began on 2019-08-12 with additional fradulent changes to the WHOIS also on 2019-08-14, 2019-08-15, and lastly 2019-09-24, when the OriginAS was fiddled to its present state. ================================================================== [Source: whois://whois.arin.net 2020-01-27 04:18:39 UTC] NetRange: 206.195.224.0 - 206.195.255.255 CIDR: 206.195.224.0/19 NetName: THRIFT-NET-1 NetHandle: NET-206-195-224-0-1 Parent: NET206 (NET-206-0-0-0-0) NetType: Direct Assignment OriginAS: AS12679 <========================= Russia ???? Organization: Thrift Drug, Inc. (THRIFT) RegDate: 1995-08-03 Updated: 2019-09-24 Ref: https://rdap.arin.net/registry/ip/206.195.224.0 OrgName: Thrift Drug, Inc. OrgId: THRIFT Address: 100 Delta Drive City: Pittsburgh StateProv: PA PostalCode: 15238 Country: US RegDate: 1994-03-15 Updated: 2019-08-14 Ref: https://rdap.arin.net/registry/entity/THRIFT OrgAbuseHandle: WEBBK16-ARIN OrgAbuseName: Webb, Kristi OrgAbusePhone: +1-885-923-1290 <================ dead/bogus OrgAbuseEmail: kwebb at thriftdrug.org <=============== bogus/parked OrgAbuseRef: https://rdap.arin.net/registry/entity/WEBBK16-ARIN OrgTechHandle: WEBBK16-ARIN OrgTechName: Webb, Kristi OrgTechPhone: +1-885-923-1290 <================ dead/bogus OrgTechEmail: kwebb at thriftdrug.org <=============== bogus/parked OrgTechRef: https://rdap.arin.net/registry/entity/WEBBK16-ARIN
- Previous message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [anti-abuse-wg] [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]