AS22558 - Routing apparently hijacked space

• Previous message (by thread): AT&T/L3 interconnect?
• Next message (by thread): AS22558 - Routing apparently hijacked space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I can't take credit for finding this one.  Somebody else on another
mailing list I'm on actually found it.

AS22558 itself _does not_ appear to be hijacked.  Rather this is
a relatively new (2009) AS, but the AS itself is very odd indeed.

It's contact phone number isn't working, it apparently has no web site
associated with its domain name (mpgnetworks.com) and although the whois
record clearly indicates that the company behind this AS is located in
California, the California Secretary of State's web site has no record
of any "MPG Networks, LLC" operating legally within California.

=====================================================================
ASNumber:       22558
ASName:         MPGNET
ASHandle:       AS22558
RegDate:        2010-01-27
Updated:        2010-01-27    
Ref:            http://whois.arin.net/rest/asn/AS22558

OrgName:        MPG Networks, LLC
OrgId:          MPGNE
Address:        707 Wilshire, suite 411
City:           Los Angeles
StateProv:      CA
PostalCode:     90017
Country:        US
RegDate:        2009-11-03
Updated:        2009-11-03
Ref:            http://whois.arin.net/rest/org/MPGNE

OrgTechHandle: MNA72-ARIN
OrgTechName:   MPG Networks Admin
OrgTechPhone:  +1-213-867-3652 
OrgTechEmail:  admin at mpgnetworks.com
OrgTechRef:    http://whois.arin.net/rest/poc/MNA72-ARIN
=====================================================================

So anyway, this AS appears to currently be routing what looks an awful
lot like a whole lot of abandoned legacy IP address space, to wit:

66.119.224.0/20
192.101.208.0/20
192.101.224.0/20
192.112.112.0/22
192.112.116.0/22
192.112.120.0/22
192.112.124.0/22
198.13.0.0/22
198.13.4.0/22
198.13.8.0/22
198.13.12.0/22
198.162.208.0/20
198.178.64.0/22
198.178.68.0/22
198.178.72.0/22
198.178.76.0/22
198.178.80.0/20
206.201.48.0/20

Furthermore, looking at the name server data for these blocks, what I see
in them sure as heck looks an awful lot like snowshoe spam domains to me.
(See listing attached below.)

Last but not least, robtex.com indicates that this entire AS is only
connected to the Internet via a single other AS, i.e. AS3491, aka
"Beyond The Network America, Inc."  And I'd just like to take this
opportunity to remind everyone that AS3491 is also still the only
connection to the Internet for two other hijacked ASes (and all of
the apparently hijacked address space that each of those is announcing),
i.e. AS6061 and AS10392.  In short, it does appear that the crooks are
now officially running the Internet.  (And yes, I _did_ properly
inform the fine folks at Beyond The Network America, Inc. last week
that they were aiding and abetting the effective theft of IP address
space by whoever has hijacked AS6061 and AS10392, _and_ I _did_ get
an acknowledgement back from them, indicating clearly that some live
human there had read my message.  But no, apparently they don't give
a rat's ass, and they are perfectly fine with aiding & abetting the
hijacker(s) in this case... presumably as long as whoever it is keeps
on sending them checks every month.)


Regards,
rfg



===============================================================
66.119.224.2
	ns1.reliancethanks.com
		reliancethanks.com
		aftermathinformational.com
66.119.224.3
	ns2.reliancethanks.com
		reliancethanks.com
		aftermathinformational.com
66.119.225.239
	ns.uberslinger.org
66.119.230.2
	ns1.sectionalplacement.com
		sectionalplacement.com
66.119.230.3
	ns2.sectionalplacement.com
		sectionalplacement.com
66.119.236.2
	ns1.sundayexceeding.com
		precisionwedge.com
		printablediscovered.com
		positivelyrecently.com
		platinumshall.com
		productionweekday.com
		sundayexceeding.com
66.119.236.3
	ns2.sundayexceeding.com
		precisionwedge.com
		printablediscovered.com
		positivelyrecently.com
		platinumshall.com
		productionweekday.com
		sundayexceeding.com
192.101.239.253
	fwd2.select1media.com
		fgty232oflyaway.com
		xswe321oracetrack.com
		asefo221shortness.com
		puth123ofreely.com
		jqtyo313outofbounds.com
		muiuo332consistent.com
		mjui332owalked.com
		etye112olightup.com
		ukkho121greatwin.com
		jlkk231believableo.com
		fthno223majority.com
		cddgo113longway.com
		select1media.com
		hngeo131intouch.com
		cdtu223leadingo.com
		zipi121ointhezone.com
		bhtq222oroadtrip.com
		sfewo331advantage.com
		cftho232likely.com
		qaxs221odarkness.com
		wefro212permanent.com
	fwd1.select1media.com
		fgty232oflyaway.com
		xswe321oracetrack.com
		asefo221shortness.com
		puth123ofreely.com
		jqtyo313outofbounds.com
		muiuo332consistent.com
		mjui332owalked.com
		etye112olightup.com
		ukkho121greatwin.com
		jlkk231believableo.com
		fthno223majority.com
		cddgo113longway.com
		select1media.com
		hngeo131intouch.com
		cdtu223leadingo.com
		zipi121ointhezone.com
		bhtq222oroadtrip.com
		sfewo331advantage.com
		cftho232likely.com
		qaxs221odarkness.com
		wefro212permanent.com
198.13.2.1
	ns1.publicidad3d.info
198.162.208.4
	ns1.dnsdeguyana.info
		unawareofthesubject.info
		toshowphilosopherof.info
		seekfromartbeauty.info
		passivelydiscoveredthinkabout.info
		ofartshakespeareanwhichour.info
		moonoftenprofessto.info
		lightetudetothe.info
		itsnormativesidenothing.info
		inpersonaladornmentbe.info
		hearsayintheworld.info
		betterworksofart.info
		besurecuttingwood.info
		aparttheart.info
		anotheruglyaestheticpurpose.info
		afewexamplesobjectjust.info
		itmustbebrought.com
		isbeyondtheprovince.com
		tastefinallyofselfscrutiny.com
		notexistforan.com
		theskepticorthe.com
		maylessentheprobabilities.com
198.162.208.5
	ns2.dnsdeguyana.info
		unawareofthesubject.info
		toshowphilosopherof.info
		seekfromartbeauty.info
		passivelydiscoveredthinkabout.info
		ofartshakespeareanwhichour.info
		moonoftenprofessto.info
		lightetudetothe.info
		itsnormativesidenothing.info
		inpersonaladornmentbe.info
		hearsayintheworld.info
		betterworksofart.info
		besurecuttingwood.info
		aparttheart.info
		anotheruglyaestheticpurpose.info
		afewexamplesobjectjust.info
		itmustbebrought.com
		isbeyondtheprovince.com
		tastefinallyofselfscrutiny.com
		notexistforan.com
		theskepticorthe.com
		maylessentheprobabilities.com
198.178.64.4
	ns1.barranquilla-dns.info
		thelesscanbe.info
		theirachievedrelationshe.info
		subjecttocorrectionjudgments.info
		psychologyinterestinbeauty.info
		principlesislessenthe.info
		primitivemenbeautyitself.info
		partofthesubject.info
		ourownpurposesabsolutely.info
		ofacriticrelations.info
		methodofobservationas.info
		lackofunderstandingof.info
		forusoftenprofess.info
		correctionthepathwayhimself.info
		andfunctionstheoreticalanalysis.info
		allappreciationofparticular.info
		accurateinjudgmentis.info
198.178.64.5
	ns2.barranquilla-dns.info
		thelesscanbe.info
		theirachievedrelationshe.info
		subjecttocorrectionjudgments.info
		psychologyinterestinbeauty.info
		principlesislessenthe.info
		primitivemenbeautyitself.info
		partofthesubject.info
		ourownpurposesabsolutely.info
		ofacriticrelations.info
		methodofobservationas.info
		lackofunderstandingof.info
		forusoftenprofess.info
		correctionthepathwayhimself.info
		andfunctionstheoreticalanalysis.info
		allappreciationofparticular.info
		accurateinjudgmentis.info
206.201.50.2
	ns1.respectivemotive.com
		pensplaces.com
		interviewedseller.com
		generallyrumored.com
		regulatorsstretches.com
		mailedmission.com
		forecasterpanic.com
		generosityamount.com
		itemprep.com
		fascinatingfixings.com
		schemepowerful.com
		scotlandwonderful.com
		fontvaried.com
		grindstonesocal.com
		exitingfuturists.com
		respectivemotive.com
		itemsupporting.com
		silkbid.com
		operationstudent.com
		listenmotivation.com
		necessitysupplies.com
		locationquadruple.com
		looksutility.com
206.201.50.3
	ns2.respectivemotive.com
		pensplaces.com
		interviewedseller.com
		generallyrumored.com
		regulatorsstretches.com
		mailedmission.com
		forecasterpanic.com
		generosityamount.com
		itemprep.com
		fascinatingfixings.com
		schemepowerful.com
		scotlandwonderful.com
		fontvaried.com
		grindstonesocal.com
		exitingfuturists.com
		respectivemotive.com
		itemsupporting.com
		silkbid.com
		operationstudent.com
		listenmotivation.com
		necessitysupplies.com
		locationquadruple.com
		looksutility.com
206.201.57.2
	ns1.shelfbuying.com
		venezuelaexpire.com
		styleoutput.com
		threadbarestabilizes.com
		reducesreoffering.com
		unawareneed.com
		bookscourtesy.com
		bannerswardrobe.com
		arenaformula.com
		architecturetougher.com
		broaderbasedvalidity.com
		citiesunderstood.com
		buddingprimary.com
		assistscontext.com
		certificatetransactions.com
		allocatereported.com
		althoughacquire.com
		advancednautical.com
		sponsorshipguidance.com
		withdrawsspoken.com
		sketchnecessarily.com
		technicalbestseller.com
		providingonline.com
		shelfbuying.com
		purchasetrial.com
		trainedmonumental.com
		promisecombinations.com
206.201.57.3
	ns2.shelfbuying.com
		venezuelaexpire.com
		styleoutput.com
		threadbarestabilizes.com
		reducesreoffering.com
		unawareneed.com
		bookscourtesy.com
		bannerswardrobe.com
		arenaformula.com
		architecturetougher.com
		broaderbasedvalidity.com
		citiesunderstood.com
		buddingprimary.com
		assistscontext.com
		certificatetransactions.com
		allocatereported.com
		althoughacquire.com
		advancednautical.com
		sponsorshipguidance.com
		withdrawsspoken.com
		sketchnecessarily.com
		technicalbestseller.com
		providingonline.com
		shelfbuying.com
		purchasetrial.com
		trainedmonumental.com
		promisecombinations.com

• Previous message (by thread): AT&T/L3 interconnect?
• Next message (by thread): AS22558 - Routing apparently hijacked space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]