Talk Show Host Starts IP Spoofing Friendly VPS Service In Buffalo

DomainBop

Dormant VPSB Pathogen
I'm torn between laughing and a massive facepalm.

I found this offer on LET and thought I'd share because every line of the offer, WHOIS, and website is flashing a warning sign.

Unmanaged KVM - 512MB Buffalo

512MB RAM 25GB Disk Space 1000GB Bandwidth 1Gbps Port Speed 1 IP Address 1 CPU Core Spoofing Enabled $6

Website: http:// bigbucks .cc Contact: bigbuckshelp @ outlook.com
Jerry Springer, hee hee.

Registry Registrant ID: 
Registrant Name: SPRINGER JERRY
Registrant Organization: SFDGDFGDF
Registrant Street: 19 SAINTS ROW
Registrant City: TORNTO
Registrant State/Province: NB
Registrant Postal Code: E3R4T5
Registrant Country: CA
Registrant Phone: +1.38453591124
Registrant Phone Ext: 
Registrant Fax: +1.5555555555
Registrant Fax Ext:
Fake WHOIS, fake address on site, fake LLC, IP spoofing enabled, lorem ipsum text, blank TOS,  a ripped template, HackForums advertiser,...what more could you want  (OK, maybe a nulled WHMCS to complete the picture but they disappoint on this score by actually licensing their WHMCS). :p
 

yomero

New Member
On a serious note, probably I need a host which allow this to fake some UDP packets send to the master list of Quake 3 and get one of my servers listed.

But despite that, this provider doesn't seem to be the best choice hehe...
 

Francisco

Company Lube
Verified Provider
That's amazing.

If spoofing is enabled in Buffalo that's sooooo sketchy.

I mean, it'd make sense, it's likely the cisco 3500's don't do ACL's in hardware.

Francisco
 

drmike

100% Tier-1 Gogent
The fncking pain!

512MB RAM 25GB Disk Space 1000GB Bandwidth 1Gbps Port Speed 1 IP Address 1 CPU Core Spoofing Enabled $6
Website: http:// bigbucks .cc Contact: bigbuckshelp @ outlook.com

1. Spoofing enabled?!?!??!?!?!?!?!?!??!  Jon Biloh is this the type of sh!t you promote in Buffalo?

2. .cc domain?!?!?!?! Yeah.

3. Outlook.com email?!?!?! Wheee

4. From their website banner === "You can choose between Windows 2003, 2008 and 2012 operation systems!"

Engwish?

5. From their website banner == "At BigBucks we utilize our next generation top of the tier datacenter to be able to protect from attacks u to 125gbps."

Next generation top of their tier.... KING OF THE BUFFALO SHIT HEAP.   Live from the ___6th___ floor?  Overlooking glorious Buff-a-whoa, with a view of lake mistake... Whee!

6. http://bigbucks.cc/pricing.htm

 = Lorem Ipsum

7. Twitter block on their website = filler

8. From their website the phone number = a copied template details:

https://www.google.com/?gws_rd=ssl#q=%22020+1345+3434%22

64 results.

Was this really an offer or just someone having fun?

BUT... if you throw the whois info on this you see some name servers... and those are in the same region....

Domain Name: SHOCKHOSTING.NET
Registry Domain ID: 1793569093_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-07-10 11:13:59
Creation Date: 2013-04-13 14:07:33
Registrar Registration Expiration Date: 2015-04-13 14:07:33
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Ashton Sherman
Registrant Organization: Shock Hosting
Registrant Street: 596 15 Hwy Lombardy
Registrant City: Smith Falls
Registrant State/Province: Ontario
Registrant Postal Code: K0G 1L0
Registrant Country: Canada
Registrant Phone: +1.6473814653
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]ShockHosting.net
Registry Admin ID:
Admin Name: Ashton Sherman
Admin Organization: Shock Hosting
Admin Street: 596 15 Hwy Lombardy
Admin City: Smith Falls
Admin State/Province: Ontario
Admin Postal Code: K0G 1L0
Admin Country: Canada
Admin Phone: +1.6473814653
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]ShockHosting.net
Registry Tech ID:
Tech Name: Ashton Sherman
Tech Organization: Shock Hosting
Tech Street: 596 15 Hwy Lombardy
Tech City: Smith Falls
Tech State/Province: Ontario
Tech Postal Code: K0G 1L0
Tech Country: Canada
Tech Phone: +1.6473814653
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]ShockHosting.net
Name Server: NS1.SHOCKHOSTING.NET
Name Server: NS2.SHOCKHOSTING.NET

Unsure if someone is trolling Shockhosting or what...  They don't appear to use CC, well yet.  But they do use Limestone (which LEB had prior issues with)...
 

DomainBop

Dormant VPSB Pathogen
LET deleted the offer so for anyone who missed it google cache

Unsure if someone is trolling Shockhosting or what..
BigBucks has been advertising on the skiddie forums so an offer on LET is usually the next step up the ladder for many of these HF hosts (and probably very fertile ground for customer acquisition).

1. Spoofing enabled?!?!??!?!?!?!?!?!??!
They also allow "small time ddosing". Scroll down on this ad and read the TOS snippets they included in their ad: "No HEAVY ddos, small time ddosing etc is acceptable"
 

Francisco

Company Lube
Verified Provider
1. Spoofing enabled?!?!??!?!?!?!?!?!??!  Jon Biloh is this the type of sh!t you promote in Buffalo?
I doubt he's condoning it, but he shouldn't be allowing it to happen, period. ACL's should be in place for all outbound traffic. No, not prefix lists, but actual ACL's to stop spoofing. Any decent router will do ACL's in hardware which means there's minimal overhead doing so.

HF hosts are always fun. I was looking to buy a brand the other week, but after I figured out what brand it was (due to him sending the NDA via his companies [email protected] email), I found their entire customer base was hackforums. No thanks.

Francisco
 

Wintereise

New Member
I doubt he's condoning it, but he shouldn't be allowing it to happen, period. ACL's should be in place for all outbound traffic. No, not prefix lists, but actual ACL's to stop spoofing

Or, just don't use collapsed edges / cores if your router can't handle it.

If you don't have to worry about symmetric / asymmetric routing, unicast rpf is a very basic feature in most new switches.
 

drmike

100% Tier-1 Gogent
Anyone here who is familiar said spoofing willing to give this offerer a try or CC Buffalo for that matter?

Obviously something that should be documented as networks where such is "enabled" are in the far minority and origins of lots of trouble.

Always good to have more dried timber for burning their castle down.
 

ftpitnipon

New Member
They also allow "small time ddosing". Scroll down on this ad and read the TOS snippets they included in their ad: "No HEAVY ddos, small time ddosing etc is acceptable"
Small time ddosing lol

Some days ago, I got offer from someone who needs a dedi with spoofing enabled.He even said he will pay twice.I refused him
 
Last edited by a moderator:

Francisco

Company Lube
Verified Provider
Small time ddosing lol

Some days ago, I got offer from someone who needs a dedi with spoofing enabled.He even said he will pay twice.I refused him
I'm sure he'd pay 10x the normal price, it isn't like he's using a legit CC, it'd be stolen.

I'm still waiting for Ecatel to get depeered again. Oh those were the days~

Francisco
 

Francisco

Company Lube
Verified Provider
The dude has got to be a troll.
No, he's just the usual HF host. If you ever browsed the site you'd see it's really common. What's not common

is seeing people trying to pull this crap in the US, usually it's a EU only thing (ecatel, voxility, random hosts in Ukraine, etc).

Someone has to be dumb as a cinder block to do that crap in a country the feds can walk on over and take an image of your drive.

Francisco
 
Top