amuck-landowner

IP Systems Ltd AS62741 Acquires A Lot Of IPs...

DomainBop

Dormant VPSB Pathogen
342,016 IPs to be exact acquired in a short period of time by this relatively new (domain registered October 25, 2014) British Virgin Islands Islands based low end VPS provider.  http://bgp.he.net/AS62741#_asinfo

Spamhaus is alleging that  3 of the /16's they acquired were hijacked by AS62741 and has put all 3 /16's on its DROP list.

http://www.spamhaus.org/sbl/query/SBL257918

Borealis - hijacked by AS62741

inetnum: 155.73.0.0 - 155.73.255.255

 

http://www.spamhaus.org/sbl/query/SBL257917

Global Network Services - hijacked by AS62741

 155.108.0.0 - 155.108.255.255

 

http://www.spamhaus.org/sbl/query/SBL257914

Rockwell Aerospace - hijacked by AS62741

CIDR: 130.196.0.0/16

 

 
 

Tyler

Active Member
A lot of IP's, indeed. A few things don't sit well with me:

-The fact that it is a British virgin islands company

-SpamHaus listing & accusation of IP hijacking

-342,016 IPs... for what?
 

DomainBop

Dormant VPSB Pathogen

The "premium" data center they use peers with TeliaSonera

-342,016 IPs... for what?
Renting IP blocks to others for one thing: http://www.webhostingtalk.com/showthread.php?t=1492094

Not too hard to work it out if you go by Spamhaus' records of their IP space.


104.143.112.0/20 SBL and DROP http://www.spamhaus.org/sbl/query/SBL257921


104.255.136.0/21 SBL and DROP http://www.spamhaus.org/sbl/query/SBL257923


130.148.0.0/16 SBL (Hijacked) http://www.spamhaus.org/sbl/query/SBL257919


130.196.0.0/16 SBL (Hijacked) http://www.spamhaus.org/sbl/query/SBL257914


138.128.224.0/19 SBL and DROP http://www.spamhaus.org/sbl/query/SBL257920


155.73.0.0/16 SBL (Hijacked) http://www.spamhaus.org/sbl/query/SBL257918


155.108.0.0/16 SBL (Hijacked) http://www.spamhaus.org/sbl/query/SBL257917


155.249.0.0/16 SBL (Hijacked) http://www.spamhaus.org/sbl/query/SBL257915


Every single one of their 342,016 IP addresses (i.e. 100.00%) is dirty and blacklisted by Spamhaus, and the majority of them are listed as hijacked IPs and on the DROP ("don't peer or route") list.


edited to add:

Spamhaus is alleging that 3 of the /16's they acquired were hijacked by AS62741 and has put all 3 /16's on its DROP list.
All 5 of the /16's they announce are now listed as hijacked IPs
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Stolen IPs.... stuff with it and others on spamming ranges..... yeah lots going on wrong with this picture.

As always I read the copy on their website.


"Isolated and SecureYour VPS is a container only accessible to you, which provides far better isolation and security compared to traditional shared hosting. We use ploop (containerized filesystems) to ensure the best file system isolation possible."
Ploop is an isolation feature now?>!?!??!?!?!

 

Then the icing on that fruitcake

 


Code:
first swipe panel on homepage

"Host your IPs with IP Systems LTD

We offer high quality virtual private servers for web and SEO professionals to better optimize their sites."
Who goes to find a host for IPs like this?  Then they bang that hole in the ground really good by targeting SEO optimizers.

Unsure who is behind the shell, but it's unsavory.  Virgin Islands incorporation was to throw folks off path and no details there to be found.

Suspect I'll hear someone whining about the mean folks in the interwebs with the magnifying lens.

Ploop + fake isolation / inferred privacy + stolen IPs + SEO... Whee.  I know WORK is a four letter word, but so is SCAM.
 

FlamesRunner

New Member
And again, it is possible that Spamhaus just doesn't like them so they put IPSystems LTD on their blocklist... (I still remember Colocrossing, wasn't fun)
 

drmike

100% Tier-1 Gogent
Who would have thought that these plans wouldn't work out for a multitude of reasons?


VM-512 Special
512MB RAM
64MB VSWAP
5GB SSD Disk Space (RAID Protected)
3 x IPV4 Addresses
/64 IPv6 Included
500GB Bandwidth included @ 1Gbit port speed
Instant setup
OpenVZ Virtualization with SolusVM Control Panel
$4.80/year (Less than .50 per month!), payment via Paypal or Bitcoin (Annual payment required)



VM-1024 Special
1024MB RAM
64MB VSWAP
10GB SSD Disk Space (RAID Protected)
6 x IPV4 Addresses
/64 IPv6 Included
1000GB Bandwidth included @ 1Gbit port speed
Instant setup
OpenVZ Virtualization with SolusVM Control Panel
$9.60/year (Less than 1.00 per month!), payment via Paypal or Bitcoin (Annual payment required)


$5 or $10 for year...  3 or 6 IPv4 addresses.  6 IPs certainly would require proper justification.

Ya' IP grab much mon?

http://bgp.he.net/AS62741#_prefixes


Issued:
104.143.112.0/20 IP Systems Limited Virgin Islands, British
104.255.136.0/21 IP Systems Limited Virgin Islands, British
138.128.224.0/19    IP Systems Limited Virgin Islands, British

Stolen:
130.148.0.0/16 GEC Sensors Limited United Kingdom
130.196.0.0/16 Rockwell Aerospace United States
155.73.0.0/16 Borealis Austria
155.108.0.0/16 Global Network Services United States
155.249.0.0/16 Tandon PLC United Kingdom

Aerospace... A poly chemical company...  A UK company.. and an anonymous name company that may be involved in who knows what...   Strange subset of IPs stolen.  All big /16 blocks...  Maybe it's time corporate at each each was made aware of unaccounted for assets.

I see on some of those spam DNS info.... someone shit in those ranges.
 
Last edited by a moderator:

dcdan

New Member
Verified Provider
How do you even steal that many IPs? Wouldn't they need to send a LOA to upstreams or something? How do you get upstreams to allow you announce something you do not own?
 

William

pr0
Verified Provider
And again, it is possible that Spamhaus just doesn't like them so they put IPSystems LTD on their blocklist... (I still remember Colocrossing, wasn't fun)
Borealis is an Austrian company and did neither sell nor rent their /16 to them - It was hijacked.
 

Bruce

New Member
Verified Provider
how easy is it to hijack IPs ? if they're not being announced, anyone else can ?

like this /22 

AS60148

is there a published list of "hijackable" IP blocks ? not that I want any. just interested in what's going on with unused blocks. would be good if ICANN revoked allocations when they're not used for a certain amount of time. now that IPv4 is depleted, this cybersquatting of IP blocks will become a bigger issue (hopefully)
 

Tyler

Active Member
And again, it is possible that Spamhaus just doesn't like them so they put IPSystems LTD on their blocklist... (I still remember Colocrossing, wasn't fun)
SpamHaus is not just some bully that lists people without reason. Let's not paint them as such.

Take a look at what happened with ColoCrossing (bird's eye view).

-ColoCrossing's IP's got listed and kept getting listed as part of escalations

-ColoCrossing made efforts to clean up its network. 

-Within about a month, most of ColoCrossing's IP's got de-listed. Anyone from HVH or CC will tell you that they now have clean IP's.

SpamHaus is just listing them because they didn't like ColoCrossing?
 

DomainBop

Dormant VPSB Pathogen
-Within about a month, most of ColoCrossing's IP's got de-listed. Anyone from HVH or CC will tell you that they now have clean IP's.
That depends on your definition of clean. They still have an entire /15 blacklisted so 131K dirty IPs or close to 17% of their 785K total. Compare that to a larger provider like Hetzner who has only 1 IP (out of 838K) blacklisted, or a giant with millions of customers like GoDaddy with only 4 IPs out of 863K blacklisted.

If you look at SenderBase CC still has a lot of IPs with poor reputations despite being removed from Spamhaus blacklists.  Poor reputation = you're going to have problems sending mail to some corporate networks. http://www.senderbase.org/lookup/domain/?search_string=colocrossing.com .

They also remain one of the worst networks for hosting forum spammers and other web based threats: https://cleantalk.org/blacklists/AS36352

Their buddies, ServerMania/ B2 Net , who are single homed to them still have a /16, or about 15% of their IPs blacklisted.

Some are saying their IPs are not blacklisted...
Every IP range in IPSystems AS is blacklisted so if someone has a VPS with an IP that isn't blacklisted then IPSystems is likely using their DC providers's IPs for some of their customers (their own website uses an IP from their DC provider  http://bgp.he.net/dns/ipsystemsltd.com#_ipinfo )
 
Last edited by a moderator:

joepie91

New Member
SpamHaus is not just some bully that lists people without reason.
Without reason? Maybe not. But their 'reasons' certainly aren't always valid reasons for rejecting e-mail (or other services) from an IP.

Spamhaus doesn't exactly have a clean history either - quite a few documented instances of them blacklisting IPs because they didn't like the response from the provider (regardless of whether any spam was sent), because the provider hosted content that was critical of Spamhaus, or because of reasons completely unrelated to spam (eg. "phishing page").

Given their poor track record of responding to delisting requests from smaller companies, I certainly wouldn't classify them as a 'legitimate' organization - internal and external politics play a large role in whether somebody gets listed or not, and there's lots of burned bridges everywhere. They are, at best, a group of often-misfiring vigilantes.

Their habit of immediately playing the "but would you trust what a criminal/spammer says?!" card upon any criticism (whether any such crime or spam has been proven/occurred or not) doesn't exactly reinforce their legitimacy either.
 
Last edited by a moderator:
Top
amuck-landowner