This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
- Previous message (by thread): [anti-abuse-wg] Draft Anti-Abuse WG Minutes from RIPE 81
- Next message (by thread): [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Nov 30 08:08:41 CET 2020
Please be advised that the set of IPv4 blocks listed below appear to be squatted on at the present time, with the apparent aid and assistance of AS44050 -- "Petersburg Internet Network Ltd." (Russia) and also AS58552 -- "PT Multidata Rancana Prima" (Indonesia). These blocks appear to be mostly or entirely very old "legacy" block, primarily from the ARIN region. It should additionally be noted that downstream from AS44050 and AS58552 there appear to be a number of other ASNs which themselves appear to be squatted on, without the consent or permission of the rightful owners, at the present time, and tghat these are the ASNs that are actually routing most or all of the squatted-on IPv4 space listed in teh table below, specifically: AS6603 US CottonWood CyberVentures (NOTE: legacy ASN) AS7309 US The Virtual Marketing Corporation (NOTE: legacy ASN) AS24199 ID Dini Nusa Kusuma, P.T. (allocated: 2011-03-01) AS62927 US Moose-Tec (allocated: 2015-02-20) AS198448 -- unknown/unallocated All parties are advsed to take action as seems appropriate, under the circumstances. Looking at the RIPE Routing History, specifically for AS7309, strongly suggests that this extensive squatting campaign has been ongoing since at least 2019-09-29. The table below only lists currently active squats however. Most or all of these are represented in the (unsecured) RADB data base in association with the somewhat mysterious email addresses <irr at uswo.network> and/or <ipadmin at uswo.network>. The uswo.network domain name was registered on 2020-07-24. It has no associated web site, nor indeed does it or any subdomain associated with it have any IP address. (MX is set to send email to the mail servers of registrar namecheap.com.) #------------------------------------------------------------------------ # COUNT: 1 ORG: (CA) ARENAC "Arena Communications" #------------------------------------------------------------------------ 199.84.16.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (CA) HUSKY-1 "Husky Energy Inc." #------------------------------------------------------------------------ 199.185.144.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (CA) NINS-1 "AllCore Communications Inc." #------------------------------------------------------------------------ 68.66.48.0/20 #------------------------------------------------------------------------ # COUNT: 16 ORG: (ID) IRT-DNK-ID "PT Dini Nusa Kusuma" #------------------------------------------------------------------------ 202.89.208.0/24 202.89.209.0/24 202.89.210.0/24 202.89.211.0/24 202.89.212.0/24 202.89.213.0/24 202.89.214.0/24 202.89.215.0/24 202.89.216.0/24 202.89.217.0/24 202.89.218.0/24 202.89.219.0/24 202.89.220.0/24 202.89.221.0/24 202.89.222.0/24 202.89.223.0/24 #------------------------------------------------------------------------ # COUNT: 1 ORG: (PT) HS2098-RIPE "Rumos, SA" #------------------------------------------------------------------------ 192.199.16.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) CORP "Corporate Communications, Inc." #------------------------------------------------------------------------ 207.70.224.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) DHIN "Dean Health Information Network" #------------------------------------------------------------------------ 199.217.16.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) DTEK "Friends of Synergytics" #------------------------------------------------------------------------ 207.228.192.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) EVANS-25 "Evanston Data & Colocation, Inc." #------------------------------------------------------------------------ 96.45.144.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) FLEXFA "Flexfab Division" #------------------------------------------------------------------------ 204.44.208.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) HASTIN-6 "Hastings Entertainment Inc." #------------------------------------------------------------------------ 204.156.192.0/20 #------------------------------------------------------------------------ # COUNT: 2 ORG: (US) HAWK "Hawk Communications" #------------------------------------------------------------------------ 69.8.64.0/20 69.8.96.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) IE "Enternet Express" #------------------------------------------------------------------------ 206.125.16.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) MACROV-1 "Rovi Corporation" #------------------------------------------------------------------------ 64.92.224.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) PHSKL "Popham Haik Schnobrich &Kaufman, LTD" #------------------------------------------------------------------------ 204.147.96.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) PLCA "PlanetCable Corp." #------------------------------------------------------------------------ 24.137.16.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) RPHP "Rush Prudential Health Plans" #------------------------------------------------------------------------ 204.128.32.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) SHC-1 "Sun Health Corporation" #------------------------------------------------------------------------ 198.153.32.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) SYSTEM-71 "Systems and Electronics Inc." #------------------------------------------------------------------------ 199.73.64.0/20 #------------------------------------------------------------------------ # COUNT: 1 ORG: (US) UPTHE "Upthere, Inc." #------------------------------------------------------------------------ 104.156.144.0/20
- Previous message (by thread): [anti-abuse-wg] Draft Anti-Abuse WG Minutes from RIPE 81
- Next message (by thread): [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]