IP Hijacking For Dummies

Aftab Siddiqui aftab.siddiqui at gmail.com
Tue Jun 6 02:03:06 CST 2017


Same mobile number (+92-304-4000736 <+92%20304%204000736>) and address are
listed here for Blue Angel Hosting with only 1 peer AS206776.

aut-num:        AS206349
as-name:        blueangelhost
org:            ORG-BPL5-RIPE
sponsoring-org: ORG-HGC2-RIPE
import:         from AS206776 accept ANY
export:         to AS206776 announce AS206349
import:         from AS57344 accept ANY
export:         to AS57344 announce AS206349
admin-c:        SS30461-RIPE
tech-c:         SS30461-RIPE
remarks:        For information on "status:" attribute read
https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources
status:         ASSIGNED
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         blueangelhost
mnt-routes:     blueangelhost
created:        2017-02-08T10:44:15Z
last-modified:  2017-02-08T10:44:15Z
source:         RIPE

organisation:   ORG-BPL5-RIPE
org-name:       BlueAngelHost Pvt. Ltd
org-type:       OTHER
address:        HOUSE NO 173 STREET NO 4 BLOCK E YOHANA ABAD, FEROZ
PUR ROAD, LAHORE, PAKISTAN
abuse-c:        ACRO1320-RIPE
mnt-ref:        MNT-NETERRA
mnt-ref:        AZ39139-MNT
mnt-ref:        MNT-LIR-BG
mnt-by:         blueangelhost
created:        2016-10-21T17:23:02Z
last-modified:  2016-11-01T21:03:31Z
source:         RIPE # Filtered

person:         Sunil Shahzad
address:        HOUSE NO 173 STREET NO 4 BLOCK E YOHANA ABAD, FEROZ
PUR ROAD, LAHORE, PAKISTAN
phone:          +92-304-4000736
nic-hdl:        SS30461-RIPE
mnt-by:         blueangelhost
created:        2016-10-21T17:19:19Z
last-modified:  2016-10-21T17:19:19Z
source:         RIPE


On Tue, 6 Jun 2017 at 09:48 Ronald F. Guilmette <rfg at tristatelogic.com>
wrote:

>
> Late last night, I put together the following simple annotated listing of
> the routes being announced by AS34991.
>
> Beyond the quite apparent fact that this "Bulgarian" network is announcing
> a bunch of routes for blocks of IPv4 space allocated to various parties
> within the nation of Columbia (including the National University thereof)
> the other thing that struck me about this was the apparent relevance of
> a company called "host-offshore.com".
>
> Looking at the web site for that, it provides only a single contact
> phone number which is unambiguously a -Pakistani- phone number.  But
> of course, that makes perfect sense, because Pakistan is just down the
> street from Bulgaria (NOT!)
>
> It did also strike me as passing strange that this company has apparently
> elected to not actually put its own web server, name servers, or mail
> server anywhere within its own duly allocated IPv4 blocks.
>
> Things got even a bit more interesting when I tried to actually order a
> server from this company.  Apparently, all of their virtual servers
> are "sold out".  However... and please, somebody check me on this...
> I guess that all of the browsers on all of the platforms I have ready
> access to are broken or something, because try as I might, I could never
> quite succeed at reaching any page on this company's web site where I
> could order up -any- kind of server, virtual, dedicated, or otherwise.
>
> So, you know, this hosting company appears somewhat unique and unusual,
> at least from where I am sitting, in the sense that it is perhaps the
> only such "hosting" company that I've ever run across in my travels that
> doesn't actually have -anything- for sale.
>
> Personally, I don't really give a rat's ass if this site is just a cover
> for some inept criminals, or for Panstani ISI, or for the FSB, or for
> some of Putin's patriots, or even if it belongs to the NSA.  But I cannot
> help but bemoan the fact that here we are, and it is 2017 already, and
> yet, whichever bunch of lame-ass jerks are in fact behind this thing,
> apparently aren't even capable of slapping together a cover web site
> that is more than just some entirely shallow and not very effective false
> front.
>
> As a researcher and student of such things, I just think that by now,
> in 2017, we should have a somewhat more skilled class of frauds, rogues,
> criminals and spies on the Internet.  I mean this is just baby stuff,
> and it only takes a couple of minutes and few clicks to see past such
> transparent gibberish.
>
> So c'mon all ye criminals, rogues and spys!  You need to up your game
> fer cryin' out loud!  At least present us with something a bit more
> challenging than -this- kind of very superflous crap.  I mean, have you
> no self-respect?
>
> Geeeessshhh!
>
>
> Regards,
> rfg
>
>
>
> =======================================================================
> 79.124.77.0/24  -- Bulgaria -- host-offshore.com
> 82.118.233.0/24 -- Blugaria -- wirelessnetbg.info
> 91.92.144.0/24  -- Bulgaria -- host-offshore.com
> 130.185.254.0/24 -- Belize? -- host-offshore.com - formerly routed by
> Verdina)
> 152.204.132.0/24 -- Columbia
> 152.204.133.0/24 -- Columbia
> 152.231.25.0/24 -- Columbia
> 152.231.28.0/24 -- Columbia
> 168.176.187.0/24 -- Columbia, National University of
> 168.176.192.0/24 -- Columbia, National University of
> 168.176.194.0/24 -- Columbia, National University of
> 168.176.218.0/24 -- Columbia, National University of
> 168.176.219.0/24 -- Columbia, National University of
> 179.1.71.0/24 -- Columbia
> 181.57.40.0/24 -- Columbia
> 186.113.13.0/24 -- Columbia
> 186.113.15.0/24 -- Columbia
> 186.147.230.0/24 -- Columbia
> 190.90.31.0/24 -- Columbia
> 190.90.88.0/24 -- Columbia
> 200.1.65.0/24 -- Columbia
> 200.14.44.0/24 -- Columbia
> 200.24.3.0/24 -- Columbia
> 200.24.5.0/24 -- Columbia
>
> --
Best Wishes,

Aftab A. Siddiqui


More information about the NANOG mailing list