gnarlymarley Posted October 4, 2019 Share Posted October 4, 2019 Sounds to me like the IP registries are confused. Seems to be that 185.254.121.237 is said by arin to be RIPE, but by everyone else to be IANA. The IP is in use and is routable. Does anyone else see what I am seeing returned from RIPE or is this just me? https://www.spamcop.net/sc?id=z6578180134z80ef26afa691a5047d301c474dcaaf8bz https://www.spamcop.net/sc?id=z6578095270z15fc50e4b2d4dad674d00394b23c6c24z https://www.spamcop.net/sc?action=rcache;ip=185.254.121.237 $ whois 185.254.121.237@whois.ripe.net [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '0.0.0.0 - 255.255.255.255' % No abuse contact registered for 0.0.0.0 - 255.255.255.255 inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space Quote Link to comment Share on other sites More sharing options...
petzl Posted October 4, 2019 Share Posted October 4, 2019 37 minutes ago, gnarlymarley said: Sounds to me like the IP registries are confused. Seems to be that 185.254.121.237 is said by arin to be RIPE, but by everyone else to be IANA. The IP is in use and is routable. Does anyone else see what I am seeing returned from RIPE or is this just me? https://www.spamcop.net/sc?id=z6578180134z80ef26afa691a5047d301c474dcaaf8bz no abuse address there is a registrar address domain: SWEETREBECCA.SU nserver: a.dnspod.com. nserver: b.dnspod.com. state: REGISTERED, DELEGATED person: Private Person e-mail: mailto:hunderalex[AT]rambler[DOT]ru registrar: RUCENTER-SU created: 2019-09-26T18:39:07Z paid-till: 2020-09-26T18:39:07Z free-date: 2020-10-29 source: TCI Phishing sitehttps://www.virustotal.com/gui/url/59d1efd146c2e4a124360c3ae9dc0ad238fa7d12317e299fd12a3b3c2ca3990a/detection Quote Link to comment Share on other sites More sharing options...
AJR Posted October 9, 2019 Share Posted October 9, 2019 On 10/4/2019 at 11:17 PM, gnarlymarley said: Sounds to me like the IP registries are confused. Seems to be that 185.254.121.237 is said by arin to be RIPE, but by everyone else to be IANA. The IP is in use and is routable. Does anyone else see what I am seeing returned from RIPE or is this just me? I see the same in the whois records - whois.iana.org says that RIPE is authoritative for the 185.0.0.0/8 IP address range, so ARIN is correct in referring to RIPE. The RIPE whois records have plenty of allocations in that block, but there's a hole spanning 185.254.120.0-185.254.123.254 which RIPE lists with the referral back to IANA (i.e. their "we're not the RIR for those addresses" response.) RIPE publish a daily report of what IP address ranges they're allocated (no contact details shown, just the address ranges, allocation date, and country of the registrant) at ftp://ftp.ripe.net/ripe/stats/, and the entry for these disappeared on 26 September: delegated-ripencc-20190925: ripencc|DE|ipv4|185.254.112.0|1024|20180410|allocated ripencc|AL|ipv4|185.254.116.0|1024|20180410|allocated ripencc|LT|ipv4|185.254.120.0|1024|20180410|allocated ripencc|DE|ipv4|185.254.124.0|1024|20180410|allocated ripencc|DK|ipv4|185.254.128.0|1024|20180410|allocated delegated-ripencc-20190926: ripencc|DE|ipv4|185.254.112.0|1024|20180410|allocated ripencc|AL|ipv4|185.254.116.0|1024|20180410|allocated ripencc|DE|ipv4|185.254.124.0|1024|20180410|allocated ripencc|DK|ipv4|185.254.128.0|1024|20180410|allocated I.e. on 25 September those addresses were listed as having been allocated to someone in Latvia on 10 April 2018, and become unallocated on the following day. There's no entry for these addresses in RIPE's published transfer records (https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/transfer-statistics), TL;DR: so those addresses don't currently belong to anyone, and if, as they appear to be, the previous holder is still routing them then they are now squatting on those addresses. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 9, 2019 Author Share Posted October 9, 2019 1 hour ago, AJR said: I.e. on 25 September those addresses were listed as having been allocated to someone in Latvia on 10 April 2018, and become unallocated on the following day. There's no entry for these addresses in RIPE's published transfer records (https://www.ripe.net/manage-ips-and-asns/resource-transfers-and-mergers/transfer-statistics), TL;DR: so those addresses don't currently belong to anyone, and if, as they appear to be, the previous holder is still routing them then they are now squatting on those addresses. Thanks, good to know. Yeah, it was picked up by Media Land as an be seen in BGP tables, https://bgp.he.net/AS206728#_prefixes out of Russia. I had contacted RIPE and all I got is Media Land is what I currently know about it. My contact at RIPE seems to think 185.254.121.0/24 has never been allocated to any organization (which leads me to believe they are only looking at what I can see and their front end support is not very helpful.) Hello, Thank you for coming back to us. The AS206728 belongs to MEDIALAND. However the range is not allocated. https://apps.db.ripe.net/db-web-ui/#/query?searchtext=AS206728 So they are announcing a network with a range which is unassigned from their own servers. Hope to have informed you sufficiently at this stage. Kind Regards, Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.