[Community-Discuss] [afnog] Updates on the misappropriation of IPv4 resources

[Ronald F. Guilmette]

In message <CAEqgTWauoF=MRvqk-T2BaA7AsMQt=A-GomQ2aZiYtsMYey2FNg at mail.gmail.com>
Noah <noah at neo.co.tz> wrote:


>Please can you consolidate your very important and yet great research

>around the individuals Cohen, Uerlings, Abizeid, Deepak Mehta and Lu Heng.


I can only summarize the specific still-outstanding problems & issues
that I am aware of.  There could very well be much more, under the surface,
that I am not aware of.

I have repeatedly requested bulk access to AFRINIC WHOIS data which is
both (a) unredacted and also (b) historical and also (c) unredacted AND
historical.  I have been denied this data at every turn.  To add further
insult to injury, Ashil Oogarah, posting here as "AFRINIC Communication",
recently attempted to pretend that my data requests could be easily
accomodated by simply filing out a form for "bulk access".  But the
reality is that even if I did that, I would still be given only redacted
and -current- AFRINIC WHOIS data, *not* the unredacted and historical
data that I would need to make further progress in unraveling all of the
sordid mischief that has taken place with repsect to the AFRINIC WHOIS
data base over the years.  (Indeed it is a minor miracle that I have
been able to puzzle out as much as I have done, given the extreme and
pointless limits on WHOIS access that AFRINIC Management has imposed.)

Given the limitations under which I still labor, here is what I can tell
you.

The following legacy blocks are still "stolen", according to my definition
of that word in this context, and are still reaping profits, even as we
speak, for Mr. Cohen, Mr. Uerlings, and possibly also Mr. Byaruhanga,
who is still free to enjoy the fruits of his thefts from his comfortable
upscale home in Uganda.


ORG-TL1-AFRINIC - Trentyre (Pty) Ltd
160.122.0.0/16
Current routing summary:
   256  137951  HK  Clayer Limited

ORG-AA79-AFRINIC - Agrihold
163.198.0.0/16
Current routing summary:
   248  202769  US  Cooperative Investments LLC
     4  0       ??  UNROUTED IP SPACE
     2  43092   JP  OSOA Corporation., LTD
     2  19969   US  Joe's Datacenter, LLC

(Note that the contact person for "Cooperative Investments LLC" these days 
is Elad Cohen.)

ORG-AHL1-AFRINIC - Argus Holdings (Pty) Ltd
	WHOIS contacts now set to legacy-dbm at afrinic.net
164.88.0.0/16
Current routing summary:
   252  137951  HK  Clayer Limited
     2  140733  HK  HostUS Solutions LLC
     1  138538  CN  Ningbo Nanbian Tuoluo Xinxi Jishu Co., Ltd
     1  18013   HK  Asline Limited

ORG-WA1-AFRINIC - Woolworths Holdings Limited
	WHOIS contacts now restored/remediated (?)
165.3.0.0/16
Current routing summary:
   128  0       ??  UNROUTED IP SPACE
   113  54600   US  Peg Tech Inc
    10  21859   US  Zenlayer Inc
     3  137951  HK  Clayer Limited
     1  38197   AU  Sun Network (Hong Kong) Limited ***
     1  133441  KR  Cloud Information Technology (Intl) Telecom Group LIMITED

ORG-AISL1-AFRINIC - AECI Information Services (Pty) Ltd
168.80.0.0/15
Current routing summary:
   265  202769  US  Cooperative Investments LLC
   135  19969   US  Joe's Datacenter, LLC
    26  132335  IN  LeapSwitch Networks Pvt Ltd
    16  23679   AU  Media Antar Nusa PT.
     9  43092   JP  OSOA Corporation., LTD
     8  36351   US  SoftLayer Technologies Inc.
     8  45671   AU  Servers Australia Pty. Ltd
     8  63018   US  Dedicated.com
     8  56611   NL  REBA Communications BV
     8  24567   AU  QT Inc.
     6  0       ??  UNROUTED IP SPACE
     4  57717   NL  FiberXpress BV
     4  262287  BR  Maxihost LTDA
     3  49335   RU  LLC "Server v arendy"
     2  11990   US  Unlimited Net, LLC
     2  13737   US  INCX Global, LLC

(See note above regarding "Cooperative Investments LLC".)

ORG-IA41-AFRINIC - Network and Information Technology Limited
196.16.0.0/14
Current routing summary:
   539  202425  SC  IP Volume inc
   360  19969   US  Joe's Datacenter, LLC
    47  63956   AU  Colocation Australia Pty Ltd
    12  56611   NL  REBA Communications BV
     6  43092   JP  OSOA Corporation., LTD
     6  134451  ID  NewMedia Express Pte Ltd
     5  38001   AU  NewMedia Express Pte Ltd
     5  57717   NL  FiberXpress BV
     4  263812  AR  TL Group SRL ( IPXON Networks )
     4  49367   IT  Seflow S.N.C. Di Marco Brame' & C.
     4  20860   GB  Iomart Cloud Services Limited
     4  204655  GB  Novogara LTD
     4  42831   GB  UK Dedicated Servers Limited
     4  49335   RU  LLC "Server v arendy"
     2  31122   IE  Digiweb ltd
     2  136782  JP  Pingtan Hotline Co., Limited
     2  44066   DE  First Colo GmbH
     2  17216   US  Dc74 Llc
     2  53999   CA  Priority Colo Inc
     2  45382   KR  Ehostict
     2  262287  BR  Maxihost LTDA
     2  63018   US  Dedicated.com
     1  23470   US  ReliableSite.Net LLC
     1  9009    GB  M247 Ltd
     1  202769  US  Cooperative Investments LLC
     1  203833  DE  First Colo GmbH

ORG-AFNC1-AFRINIC - "ITC" - All blocks reclaimed to free pool by AFRINIC
196.193.0.0/16 -- unrouted
196.63.0.0/16 
Current routing summary:
   255  0       ??  UNROUTED IP SPACE
     1  54600   US  Peg Tech Inc
196.246.0.0/16
Current routing summary:
   252  0       ??  UNROUTED IP SPACE
     4  133495  PK  Vision telecom Private limited
196.45.112.0/20
Current routing summary:
     5  0       ??  UNROUTED IP SPACE
     4  30827   GB  Extraordinary Managed Services Ltd
     2  198381  AE  Star Satellite Communications Company - PJSC
     2  26754   ??  {{unknown organization}} ====> AS26754->"ITC" (see below)
     2  198394  AE  Star Satellite Communications Company - PJSC
     1  36351   US  SoftLayer Technologies Inc.

ORG-SCS1-AFRINIC - Safren Computer Services
155.159.0.0/16
Current routing summary:
   256  137951  HK  Clayer Limited

ORG-AA78-AFRINIC - Anglo American
163.197.0.0/16
Current routing summary:
   128  140107  HK  xiamen zhongheng Technology Ltd ****
    64  54600   US  Peg Tech Inc *** ****
    48  139330  HK  Sanren Data Limited ****
    16  137443  HK  Anchnet Asia Limited *** ****

ORG-SL72-AFRINIC - Sentrachem Limited
164.155.0.0/16
Current routing summary:
    96  54600   US  Peg Tech Inc *** ****
    77  139330  HK  Sanren Data Limited ****
    32  137951  HK  Clayer Limited
    32  136800  HK  Xiaozhiyun L.L.C *** ****
    17  132422  HK  Hong Kong Business Telecom Limited ***
     2  0       ??  UNROUTED IP SPACE

ORG-COCT1-AFRINIC - City of Cape Town
165.25.0.0/16 -- WHOIS reclaimed by rightful owner (currently unrouted)

ORG-ZZ21-AFRINIC - Trafex (Pty) Ltd
196.15.64.0/18
Current routing summary:
    40  0       ??  UNROUTED IP SPACE
    24  202769  US  Cooperative Investments LLC

(See note above regarding "Cooperative Investments LLC".)

ORG-MPL1-AFRINIC - Mega Plastics (Pty) Ltd
	contacts now set to: legacy-dbm at afrinic.net
160.121.0.0/16
Current routing summary:
   256  137951  HK  Clayer Limited

ORG-LTOL1-AFRINIC - Liquid Telecommunications Operations Limited
152.108.0.0/16 -- WHOIS & routing reclaimed by rightful owner

ORG-AM1-AFRINIC - African Oxygen Limited
155.235.0.0/16 - WHOIS reclaimed by rightful owner
Current routing summary:
    97  0       ??  UNROUTED IP SPACE
    64  140107  HK  xiamen zhongheng Technology Ltd  ****
    59  209484  HK  Asia Communications Co., Limited
    24  140224  HK  White-Sand Cloud Computing(HK) Co., LIMITED
    12  140227  HK  Hong Kong Communications International Co., Limited ***

ORG-ZZ154-AFRINIC - Nampak Management Services
	WHOIS now set to legacy-dbm at afrinic.net
196.10.61.0/24
196.10.62.0/23
196.10.64.0/19
Current routing summary:
    13  24567   AU  QT Inc.
     4  0       ??  UNROUTED IP SPACE
     4  138527  HK  Adc Group Co.,Limited
     4  43092   JP  OSOA Corporation., LTD
     4  58879   CN  Beijing CNISP Technology Co., Ltd. ***
     3  21859   US  Zenlayer Inc  ***
     2  34985   HK  Kirin Communication Limited
     1  24373   AU  Adc Group Co.,Limited *** ****

ORG-ACSL2-AFRINIC - Affiliated Computing Services (Pty) Ltd
160.116.0.0/16
Current routing summary:
   111  202769  US  Cooperative Investments LLC
   110  0       ??  UNROUTED IP SPACE
    16  199267  IL  Netstyle A. Ltd
     4  139640  HK  Hk New Cloud Technology Limited  ***
     4  24567   AU  QT Inc. **
     4  58879   CN  Beijing CNISP Technology Co., Ltd. ***
     3  19969   US  Joe's Datacenter, LLC
     2  262287  BR  Maxihost LTDA
     1  43945   IL  Netstyle A. Ltd
     1  43092   JP  OSOA Corporation., LTD

ORG-ZZ8-AFRINIC - Columbus Stainless (Proprietary) Limited
	WHOIS reclaimed by rightful owner
160.115.0.0/16  -- no current routing

ORG-TAEB1-AFRINIC - The Atomic Energy Board
168.206.0.0/16
Current routing summary:
   256  137951  HK  Clayer Limited

ORG-AI2-AFRINIC - "ITC" -- Reclaimed to free pool by AFRINIC
196.42.128.0/17 -- unrouted
196.194.0.0/15 
Current routing summary:
   403  0       ??  UNROUTED IP SPACE
    62  136384  PK  Optix Pakistan (Pvt.) Limited
    24  131284  AF  Etisalat Afghan
     6  132116  IN  Ani Network Pvt Ltd
     5  198504  AE  Star Satellite Communications Company - PJSC
     4  26754   ??  {{unknown organization}}  ====> AS26754 == "ITC"
     3  198381  AE  Star Satellite Communications Company - PJSC
     2  198247  AE  Star Satellite Communications Company - PJSC
     2  198394  AE  Star Satellite Communications Company - PJSC
     1  139043  PK  WellNetworks (Private) Limited

Please note that Ernest Byaruhanga is still enjoying some of his
stolen AFRINIC space, even as we speak, courtesy of SECOM and others,
who ought to be ashamed of themselves:

 https://bgp.he.net/AS26754#_prefixes

ORG-ZZ139-AFRINIC - "Link Data Group" 
198.54.232.0/24 -- WHOIS now set to legacy-dbm at afrinic.net - unrouted
196.62.0.0/16 - reclaimed to free pool by AFRINIC - unrouted
196.192.192.0/18 - reclaimed to free pool by AFRINIC - unrouted
213.247.0.0/19 - reclaimed to free pool by AFRINIC - unrouted
160.255.0.0/16 - reclaimed to free pool by AFRINIC - unrouted
196.207.64.0/18 - reclaimed to free pool by AFRINIC
Current routing summary:
    61  0       ??  UNROUTED IP SPACE
     2  132116  IN  Ani Network Pvt Ltd
     1  137085  IN  Nixi

Note that the following route object still exists in the RIPE WHOIS DB:

route:          213.247.0.0/21
origin:         AS327991
mnt-by:         MEGASURF-WIRELESS-MNT
created:        2016-09-02T11:58:16Z
last-modified:  2018-09-04T18:31:58Z
source:         RIPE-NONAUTH


ORG-ZZ23-AFRINIC - Nedbank / Cape of Good Hope Bank (CGHB)
	- fradulent allocations reclaimed to free pool
192.96.146.0/24 -- reclaimed by Nedbank/CGHB - unrouted
137.171.0.0/16 -- unrouted
165.52.0.0/14 -- unrouted
168.211.0.0/16 -- unrouted

+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_

In addition to all of the above AFRINIC issues, Elad Cohen, with the
help and connivance of his friends at FDCServers and Cogent Communications
was at one time also squatting on all of the following abandoned APNIC
IPv4 legacy blocks:

IRT-DOFD-AU - DOFD Department of Finance and Deregulation (AU)
168.198.0.0/16 -- currently unrouted

PMANET - Port of Melbourne Authority (AU)
139.44.0.0/16 -- currently unrouted

CROSFIELD (JP)
143.136.0.0/16 -- currently unrouted

ATDCL - Net One Systems Company, Limited (JP)
143.253.0.0/16 -- currently unrouted

CHIYODA-NET - Chiyoda Corporation (JP)
146.51.0.0/16 -- currently unrouted

Additionally, I have reason to believe that Elad Cohen was also responsible
for squatting on the following abandoned RIPE legacy IPv4 block, which he
appears to have done with the help and connivance of his friends at
Ecoband, Ltd. aka AS327814:

TELEFUNKEN SYSTEMTECHNIK ULM (DE)
149.207.0.0/16 - unrouted

+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_+_

In additional to all of the above, as I have recently pointed out, I have
questions about how any of the following three organzations were able to
qualify to become AFRINIC members and how each was able to further
qualify to receive the sizable non-legacy AFRINIC IPv4 block assignments
that they did receive and which they are -still- the listed registrants
of, even now:

ORG-LWI1-AFRINIC - LogicWeb Inc (US)
196.52.0.0/14  +++

ORG-FGI1-AFRINIC -- Fiber Grid, Inc. (Estonia/Seychelles)
165.231.0.0/16 +++
196.48.0.0/16
196.56.0.0/16
196.57.0.0/16
196.58.0.0/16
196.59.0.0/16
196.196.0.0/16
196.197.0.0/16
196.198.0.0/16
196.199.0.0/16
196.240.0.0/15
196.242.0.0/15
196.244.0.0/16
196.245.0.0/16
196.247.0.0/16

ORG-INL3-AFRINIC - Inspiring Networks {B.V.,Ltd.,LLC} - NL/Seychelles
45.220.64.0/18
196.61.192.0/20
197.231.208.0/22

Note of the above three entities appears to either now have, or to have
ever had any meaningful connection to the AFRINIC region, other than
plundering the resources thereof, thus raising the question of how and
why they were allowed to become AFRINIC members in the first place.

I look forward to receiving an answer to that question for each of these
three organizations.

Furthermore and separately, the specific IPv4 blocks liste above with
"+++" following their CIDRs are ones for which the historical WHOIS
data clearly implicates "ITC" which was a fradulent fake company name
used by Ernest Byaruhanga for many of his insider IP block thefts,
thus also rasing the question of how these blocks were obtained and
assigned, to LogicWeb, and also to Fiber Grid.


Regards,
rfg