On Fri, Dec 04, 2020 at 02:57:34PM -0800, Ronald F. Guilmette wrote:
I have just received a spam which has a so-called "payload" URL which the spammer wants me to visit, apparently so that I can be sold some male performance drugs of dubious origin.
The domain part of the URL resolves to the IPv4 address 217.8.117.98.
That address lies within a pair of bogon (unallocated) IPv4 address blocks, 217.8.116.0/24 and 217.8.117.0/24, that are both being routed by a common ASN, i.e. AS47510.
https://bgp.he.net/AS47510#_prefixes
It appears that AS47510 is itself an unallocated bogon at the present time:
https://bgp.he.net/AS47510#_asinfo
As can be readily seen at the above link, AS47510 is peering with only two other ASNs, i.e. AS29226 - JSC Mastertel (Russia) and AS35555 - Crex Fex Pex Internet System Solutions" LLC.
The latter ASN, AS35555 also appears to be an unallocated bogon ASN at the present time. Nontheless, that does not appear to be preventing it from peering with yet another Russian network, AS213254 - OOO Rait Telecom:
If you look at the previous whois - https://ipinfo.io/AS35555 still has a copy - you may notice that they had published a bunch of "user@spamhaus.org" addresses in "remarks:" field, which I suppose does not go very well with privacy laws and GDPR and is not an acceptable usage of the RIPE database. You may also find it interesting that, after running out of ASNs, they are currently announcing 217.8.117.0/24 from AS1214, an ASN in ARIN space ("Coloexchange") that had been entirely dormant (no announces) since January 2011 according to stat.ripe.net. It is somewhat suspect that an ASN of a US company without a web site comes back to life after almost 10 years of silence exclusively to announce a /24 in russian space, through a russian ISP.
It would be Nice, in my opinion, if someone who speaks Russian could make contact with the operators of AS29226 and AS213254 and respectfully suggest to them that they should cease peering with bogon ASNs, such as AS47510 and AS35555, including but not limited to bogon ASNs that are at present routing bogon IPv4 address space.
AS29226 is again involved, as they are the "AS1214" upstream. regards, furio
P.S. It appears that the company "Crex Fex Pex Internet System Solutions, LLC" which was the former owner of AS47510 and AS35555 and also AS60031 was a Russian entity, and one that most likely no longer qualifies as what one would call a "going concern":