# host1plus / DIGITAL ENERGY TECHNOLOGIES - Premium IP hoarding (proof inside)



## William (Sep 15, 2015)

Would have posted on LET but they probably ban me for it...

So, here is our all time favourite ZA/BR host host1plus - which also advertises here - sort of exposed as *THE* IP hoarder in the market. Everytime i tried to post this or similar as comment under a LEB post from them it got deleted, interesting or?

I might hate them, and so do others, but at least they provide SOME legit services (unlike other hoarders), but the public should still know what they do, right?

Let's see what we have, shall we? I ignore ARIN and RIPE here and focus on AFRINIC and LACNIC.

host1plus.com -> Registered to/trading as DIGITAL ENERGY TECHNOLOGIES LTD. (UK)

*BRAZIL/LACNIC/Chilean connection*

Test IPs for Brazil point to AS61440 registered as Digital Energy Technologies Chile SpA (CL), company does exist in Chile.

LACNIC nicely provides now a list of assigned blocks within the ASNUM object so we have this:

inetnum: 179.61.128/17
inetnum: 181.41.192/19
inetnum: 181.214/15
inetnum: 191.96/16
inetnum: 191.101/16

That are a total of a /14+ or 262144+ IPs (the /17 and /19 ignored) - Pretty large for even a large VPS provider, isn't it? Even more so in LACNIC area. For comparison, LeaseWeb, arguably MUCH larger than them, announces only 150k IPs...
Now, how are these justified you may ask? With shell companies and sometimes purely made up companies, simple as that - I was able to trace this shells to Host1Plus, mostly registered in the US (if at all):

*HomeChicago Int*     -> 

Total of 82 /24 assigned along with a /19 and a /21 (that are also announced as one /24 (first /24 in the network), which has been removed from the number).

Total num of IPs 20992+8192+2048= *31232*

*Speed Home Internet LTD* ->

Total of 44 /24s along with a /21 (which is, interestingly, 100% same way announced as the former one - First /24 of the block, then the entire block) and 2 /23.

Total num of IPs 11264+2048+512+512= *14336*

*US online LTD *->

Total of 41 /24s along with a /20 and a /23 (which, AGAIN, announces the first /24 of the block and then the /20 and /23).

Total num of IPs 10496+4096+512 = *15104*

*Dallas online LTD* ->

Total of 47 /24s along with a /23 (this time only announced as /23)

Total num of IPs 12032+512 = *12544*

*Verison Home Provider LTD* ->

Get it, "Verizon", creative isn't it? That is done to sound bigger and confuse the poor guy at LACNIC working on the request.

Total of 16 /24s and 2 /23 - Again announced as first /24 and then the entire block. I see a pattern there, do you?

Total num of IPs 4096+512+512 = *5120*

*AmOL wireless Net* ->

Total of 80 /24s, a /19, a /22 and 2 /23 - All announced in the same style again.

Total num of IPs 20480+8192+1024+512+512 = *30720*

*Home Internet Orang LTD*  ->

Again, "Orang" -> "Orange" - Weird or?

Total of 70 /24s, a /19 and 2 /23 - Again announced the same way.

Total num of IPs 17920+8192+512+512 = *27136*

*ATOL Intertnet* (sic) ->

Total of 46 /24s, 1 /22, 3 /23 and a /21 - Same style of announce.

Total num of IPs 11776+1024+512+512+512+2048 = *16384*

*CH wireless* ->

Total of 50 /24, 4 /23, 3 /22 and 1 /21 - Also announced like the others.

Total num of IPs 12800+512+512+512+512+1024+1024+1024+2048 = *19968*

So we conclude our LACNIC expose here with a total of *172544** IPs (that is MORE than a /15!)* of very shady justified space. Make up your own mind about it, but the case is pretty clear.

But wait, this is NOT everything - Seems host1plus got desperate and is already renting off blocks to VPN providers, for example:

191.96.75.0/24     PureVPN -> ZA
191.101.60.0/24     PureVPN -> HK
191.101.59.0/24     PureVPN -> HK
191.101.58.0/24     PureVPN -> HK
191.101.57.0/24     PureVPN -> HK
191.101.56.0/24     PureVPN -> SG
191.101.49.0/24     PureVPN -> ZA

191.101.61.0/24     SecureShield LLC -> ZA

Half of them is not even used within the LACNIC region, check yourself if you do not believe me 

AFRINIC is more interesting and follows tomorrow.... stay tuned... have a look at AS12586 for a bit of tease what to expect...

Obviously this was also sent to LACNIC, both in English and Spanish  - And i circumvented the first level idiots and straight contacted the CTO


----------



## HN-Matt (Sep 18, 2015)

IPv4 'depletion' or greedy hoarding's passionate affair with artificial scarcity? Find out next time on...


----------



## William (Jan 19, 2017)

Seems the "Verison" stuff was deeper than i thought, considering Host1Plus (which now also does ads here lol) was/is the main (mostly even sole, yea i admit i rather unknowingly sold some prefixes as well, as did others) supplier of Methbot:


https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-methbot/comment-page-2/#comment-423855


http://methbot.s3-website-us-east-1.amazonaws.com/IPs-CIDR.txt


At their IP pricing of few $/mo (on that scale probably close to 10-15$ per /24) Host1Plus still made a good amount of money on this - totals up to ~800k IPs/3100 /24s or at the very least 35k$/mo...


----------



## William (Jul 10, 2021)

Afrinic today revoked most of this ranges after 6 yours of court cases up to the Mauritius high court.

I expect Host1plus aka Heficed to be bankruot within the next few weeks.


----------

