[anti-abuse-wg] weird ERX networks ?
Frank Gadegast ripe-anti-spam-wg at powerweb.de
Mon Mar 26 10:00:02 CEST 2012
Hi, we receive Spam from some networks we cannot find any whois record for. An example: 184.108.40.206 (we found about 1000 networks like this) ARINs whois says, its RIPE RIPEs whois says, its AFRINIC LACNIC also says, its AFRINIC but AFRINICs whois says, its "world-wide" ... So, where is this really allocated too and where can we we find a whois record for those networks ? Unallocated, but still in use from somebody ? Anybody an idea ? Here are the whois records: ARIN: NetRange: 220.127.116.11 - 18.104.22.168 CIDR: 22.214.171.124/8 OriginAS: NetName: RIPE-C3 NetHandle: NET-62-0-0-0-1 RIPE: inetnum: 126.96.36.199 - 188.8.131.52 org: ORG-AFNC1-RIPE netname: AFRINIC-NET-TRANSFERRED-20050223 descr: This network has been transferred to AFRINIC remarks: These IP addresses are assigned in the AFRINIC region. AFRINIC: inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC Kind regards, Frank -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================