Your IP address is 54.196.88.85

Spam, Hacking and Network Abuse - Tracing the Culprits

 

Spam, Hacking and Network Abuse - Tracing the Culprits

Who is AFRINIC ? 
Finding the correct whois database 
Abuse/Spam from AFRINIC? 
Finding contacts for an IP address


Who is AFRINIC ?


AFRINIC is a Regional Internet Registry (RIR). We allocate/assign internet number resources (primarily, IP address space) to our members, mostly Internet Service Providers. These organisations are responsible for the activities originating from the address space allocated to them. Therefore any concerns or complaints should be directed to them and not to us.

To find out who to send your complaint to if network abuse is suspected, you are welcome to use the AFRINIC Whois Database. You will be able to locate details of IP address registrations within the our service region. Please note that the Whois Database does not contain information on all IP addresses in the world. There are five RIRs that allocate IP addresses to organisations in their service regions and store information about those addresses in their region's Whois Database.

 


Finding the correct whois database

 

To find the correct database containing information on an IP address, the first thing to do is to find the appropriate allocation block. A list of allocation blocks with the corresponding RIR can be found at:

http://www.iana.org/assignments/ipv4-address-space

For example, if your IP address begins with "41" you should locate this range within the list:

041/8    Apr 05   AFRINIC   (whois.AFRINIC.net)

In this example you can see that address space beginning with "41" has been allocated to AFRINIC. You should therefore use the AFRINIC Whois Database (whois.AFRINIC.net) to search for the responsible allocatee/assignee.

If the allocated block states: "Various Registries", you will have to search all five RIR databases to find the correct contact information (unfortunately). In future, there will be a whois client in development by the five RIRs (called "joint whois", or 'jwhois' that will solve this latter issue).

The five RIRs are:

  • APNIC , for Asia and the Pacific region.

 

Abuse/Spam from AFRINIC?


After starting RIR operations, AFRINIC took over most of the address space from the 196 block that had previously been allocated by IANA to ARIN. This block actually contains allocations to service regions of all the 5 RIRs. All African registrations were transferred from the respective RIR to the AFRINIC whois database. 'Placeholders' were left in place of these records at the respective RIR, showing information that this range of IP address space was transferred to AFRINIC. Usually, the place holder contains AFRINIC organisation information, and a directive to querry whois.AFRINIC.net for additional information.

At the moment, most personal firewalls are setup to extract a few lines from a whois query result (like the org-name, address and contacts). These clients will also default to whois.arin.net for queries on 196/8 address space, and will usually report that AFRINIC is the 'victim'. If you fall in such a scenario, please query the AFRINIC whois db before writting to us. (More information below).


Finding contacts for an IP address


To find the contacts responsible for address space that originates within the AFRINIC Service region, please query the AFRINIC Whois Database for the target IP address:

Enter the IP address into the Whois search box (in case of the web-based query). The output will list a number of objects. Firstly an inetnum object:

 

inetnum:      196.216.2.0 - 196.216.3.255 
netname:      AFRINIC 
...

 

The last objects listed will be organisation, person and/or role objects that detail the organisations and corresponsing persons responsible for the administration of the IP addresses. Please check these objects for remarks on who to send e-mails on spamming, hacking or connectivity issues. If you are unable to find any remarks please use the e-mail address included within the object. For example:

 

organisation: ORG-TIS100-TEST 
org-name:     Test Internet Services S.A.R.L 
org-type:     LIR 
country:      RW 
address:      Example Street 
              De Cock Street 12 
              Kigali, Rwanda 
e-mail:        This e-mail address is being protected from spambots. You need JavaScript enabled to view it  
mnt-ref:      JQ-MNT 
mnt-by:       AFRINIC-HM-TEST 
changed:       This e-mail address is being protected from spambots. You need JavaScript enabled to view it  
source:       TEST


person:       John Queue 
address:      Example Street 
              De Cock Street 12 
              Kigali, Rwanda 
phone:        +246 788 987676 
e-mail:        This e-mail address is being protected from spambots. You need JavaScript enabled to view it  
nic-hdl:      JQ9-AFRINIC 
mnt-by:       JQ-MNT 
remarks:      ******************************* 
remarks:      This object is only an example! 
remarks:      ******************************* 
changed:       This e-mail address is being protected from spambots. You need JavaScript enabled to view it 20020827 
changed:       This e-mail address is being protected from spambots. You need JavaScript enabled to view it  
source:       AFRINIC

 

Please only use the e-mail address specified in the "e-mail" attribute. Do not send mails to the other e-mail addresses within the objects because these e-mail addresses are used for specific purposes in the Whois Database. Therefore messages may not be forwarded to the correct party.

Be also aware that the person(s) listed in the object is most likely only an administrator of the organisation responsible for the address range and may not be the individual using the specific IP address. It might be necessary to lookup the returned organisation on the internet (google, etc) and find the correct contact details from their website (if any)

The AFRINIC Whois Database is a public database. It contains registration details for allocated and assigned internet resources in the AFRINIC service region. IP network operators in our service region enter and maintain the data. We aid operation of the database, but are not responsible for its contents. It is not within the scope of activities set by our membership to check data in the Whois Database for accuracy. Only the maintainers of objects in the database may make changes to data.