Hacker 10 – Security Hacker

Computer security
Menu
  • Anonymity
  • Encryption
  • Mobile Phone
  • Other
  • Security

Protect your privacy with a no logs VPN!

Join TorGuard
Home
Other
Fake ISP HM Customs And Excise HQ UK Network
Other

Fake ISP HM Customs And Excise HQ UK Network

John Durret 2 June, 2016

I was looking at the server logs when I detected multiple visitors coming from the HM Customs And Excise HQ Network, the UK government agency in charge of collecting custom duties at the border. I became mistrustful of so many visits from the same government department, using IPs 163.172.209.46, 163.172.145.100, 163.175.5.218 and others in the same range.

The first thing I did was a traceroute and I found out that 163.172.209.46 was in fact not located in the UK but in France, I then looked at the host name, as you can see in the picture it reads watchme.tor-exit.network, at the URL there is a message displayed saying that they are Tor Exit Router.

Additionaly I reaserched open data with DuckDuckGo and I uncovered a customer of a VPN company complaining in a blog that his OpenVPN French node was being identified on the Internet as belonging to UK Customs and Excise. Futhermore, I have discovered numerous warez and porn websites like Yellowasians identifying themselves as being hosted by Her Majesty Customs and Excise HQ.

Fake ISP Customs And Excise UK

Fake ISP Customs And Excise UK

What happened here? I suspect the network administraror entered as an IP owner HM Customs and Excise HQ when in reality their hosting company is Online.net, a subsidiary of the Iliad Group, a French company renting dedicated servers in France, also being marketed as Dedibox.

Likely they are doing this to avoid being blocked, many data centers out there block Tor exit nodes and this way it makes them harder to spot, the hostname is not always labelled you would need a traceroute to know this is not a UK IP, another benefit is that with this French IP you should be able to watch online TV restricted to UK viewers like the BBC iPlayer, but malicious bots can also use the craft to gather information before a hacking attack or spam.

I don’t know if it is legal impersonating a government agency in the IP, that is for lawyers to say and it will likely differ from country to country. I am only posting the information to help out other webmasters seeing multiple visits from a UK government to their site, no, they are not monitoring you, it is a fake ID.

Reddit
Tweet
Email
Prev Article
Next Article

Related Articles

Anti spy device Cyborg Unplug
Cyborg Unplug is a hardware device that scans your WiFi …

Wireless anti surveillance device Cyborg Unplug

French Alqeda terrorist located thanks to his computer IP
Mohamed Merah, a self-confessed Alqeda member of Algerian origin responsible …

French Alqeda terrorist located thanks to his computer IP

About The Author

John Durret

2 Comments

  1. similar situation

    163-172-33-86.rev.poneytelecom.eu also encountered and appears to be a full scan bot

    17 January, 2019
    • hacker10

      Hello,

      I have seen the IP poneytelecom.eu at some VPN servers, this is definitely not a residential home.

      18 January, 2019

Leave a Reply Cancel Reply

TorGuard

Pages

  • About
  • Anonymous OS list
  • Email encryption
  • Free VPN
  • Privacy Browsers
  • USB encryption

Blogroll

  • LibertyVPS.net
  • TorGuard VPN

Hacker 10 – Security Hacker

Computer security
Copyright © 2021 Hacker 10 - Security Hacker
Privacy by TorGuard VPN