Searching IP address data to find more clues for cybercrime investigations has become common practice. And for those who are dealing with cybercriminal suspects from Africa, getting real-time and comprehensive IP address ownership information is possible with an IP Neblocks WHOIS Database that contains information on AFRINIC IP addresses.
With these insights, users will be able, for example, to investigate the so-called “Nigerian scams,” which the region has become notorious for. You may be wondering what these scams are, so let us tell you all about them and how our IP Netblocks services can help.
What Is a Nigerian Scam?
If there is one place in Africa that gained notoriety for cybercrime, it would be Nigeria, after which the name of a particular type of online scam originated. Back in the early 1990s, Nigerian scammers successfully siphoned off millions of dollars from Westerners through what we now know as “Nigerian scams.”
Also known as “419,” “Yahoo,” “Nigerian prince,” “romance,” and “advanced-fee” scams, these involved attackers sending messages, mostly via email or messaging app, to potential victims and asking their help to transfer money out of their country. In the messages, the attackers promised to give the victims a considerable amount of money in exchange for their assistance.
Despite several warnings from the Federal Bureau of Investigation (FBI), Nigerian scammers still rake in thousands of dollars from unsuspecting individuals. In August 2019, for instance, U.S. law enforcement agents arrested 80 individuals, mostly from Nigeria, for participating in business email fraud and romance scams.
Given these incidents, organizations and individuals alike should be warier indeed about similar communications coming from the region and anywhere else in the world. One of the ways to avoid becoming the next victim is by performing a WHOIS search for an AFRINIC IP range.
What Is AFRINIC? How Does it Relate to IP Netblocks?
The African Network Information Centre (AFRINIC) serves as the regional Internet registry for Africa and nearby islands. It is mainly responsible for handing out ranges of IP addresses (known as “netblocks”) and Autonomous System Numbers (ASN) to Internet service providers (ISPs) in the region.
Our IP Netblocks WHOIS services contain information on the IP address blocks allocated by the agency, whose data points include:
- Abuse contact email address
- Owner type
Users can query information about Africa-based IP addresses in two ways:
- Downloading it and using a spreadsheet application: The following section provides specific instructions on how to see its contents in CSV format.
- Using a connected API: In this case, they can use IP Netblocks API.
How to Use IP Netblocks WHOIS Database
If you are looking for the owner of an IP block from Africa, here are the steps to follow when using IP Netblocks WHOIS Database. Sign up for an account at https://www.whoisxmlapi.com/. Once registered, you can download the database in two ways:
Via File Transfer Protocol (FTP) using the following details:
- Host: datafeeds.whoisxmlapi.com
- Port: 21210
- Username: “user”
- Password: This is the same as your API key, which you can get from the My Products page.
Via HyperText Transfer Protocol Secure (HTTPS) using the following details:
- Base path: https://ip-netblocks.whoisxmlapi.com/datafeeds
- Username and password: This is the same as your API key, which you can get from the My Products page.
Now, suppose you are investigating the source of a Nigerian scam message. But all you have is the IP address 220.127.116.11 (note that the IP address was randomly chosen and does not pertain to any attacker).
With the IP Netblocks WHOIS Database on hand, copy the first three sets of decimal numbers (each set is separated by a dot or period). Then, on the database, hit Ctrl+F and paste it into the search field and hit Enter. Look at the highlighted IP block or blocks and see if the IP address is part of it. If it is, you should be able to find the ISP that owns it.
You should also find an abuse contact email address. You can then send a complaint to that email address as a starting point. The ISP can then launch an investigation into the matter and find a resolution.
How Many Addresses Does AFRINIC Manage? How Comprehensive Is Our Data?
AFRINIC manages more than 1,600 members from different areas of the region and was allotted, along with the other four RIRs, with 16.8 million IP addresses issued by the Internet Corporation for Assigned Names and Numbers (ICANN). Our IP Netblocks WHOIS Database recently underwent enhancement to provide information on as much as 99% of the ranges in the region, making it as comprehensive as possible.
IP Netblocks API and IP Netblocks WHOIS Database are useful in obtaining additional information on offending IP addresses from the African region and anywhere else in the world. At a time when scams occur left and right, relevant data on IP ranges can save potential victims from fraud.