John Kristoff

You might not like this one, I believe this is an AI training org and has been spreading IP4 prefixes around to be announced and originated by big broadband providers.

https://social.bgp.tools/@transfers/statuses/01KN7R98TTMGET2E47SCND67FJ

Post by IP/ASN Transfers, @[email protected]

"IBM" (ARIN) transferred: 9.151.0.0/16 (Taken from 9.150.0.0/14), 9.232.0.0/15, 9.237.0.0/16 (Taken from 9.236.0.0/13), 9.249.0.0/16 (Taken from 9.249.0.0 - 9.255.255.255) to "Aviation RE LLC" (RIPE) (Estimated Market Value: $3.34 M)

bgp.tools
Apr 2 at 7:52pmWeb
Show threadRootWyrm πŸ‡ΊπŸ‡¦1d ago

@jtk @cR0w I can confirm "AVIATION RE LLC" is a long-standing and well documented source of all KINDS of abuse piggybacking on various US MSOs. It would not surprise me at all if they were involved in scraping; they have a history of being involved in spamming, mass phishing, and IPs engaged in various brute force attacks.

They also hide behind MSOs, so you can't ASN block.

Show threadcR0w πŸ΄β€β˜ οΈπŸ«ˆπŸ«1d ago
@rootwyrm @jtk Yep. I'll post the prefixes shortly for those interested in blocking them but like you said, it's cat and mouse with groups like that.
Show threadRootWyrm πŸ‡ΊπŸ‡¦1d ago

@cR0w @jtk especially as the MSOs refuse to stop doing business with them, even though they know full fucking well what is going on and has been going on for years.

We used to basically fucking disconnect ISPs that did shit like this.

Show threadCali1d ago
@jtk can someone ELI5 that for me
Show threadJohn Kristoff23h ago

@Cali BLUF: Some holders of large blocks of public IP4 addresses may use those resources in controversial ways.

That is the gentle, mildly antagonistic way of putting it.

In this case, a few large blocks of IP4 addresses have been transferred from the ARIN region by IBM to an organization some may not wish to have them in the RIPE region.

Note, I've not looked, but it is likely this transfer took place through a third party on the open market. The originating and receiving organizations don't really have anything to do with the each other in that case.

The receiver of the prefixes is Aviation RE LLC, registered in CA, US. They have obtained a fair amount of IP4 address space already and there is little public information about the organization. This organization does not appear to operate it's own network (i.e., ASN), but their prefixes are announced by a handful of big broadband networks on their behalf.

I believe at this time, public accusations of any wrongdoing are anecdotal, but a number of infosec orgs/people have this organization and their resources on their radar.