Hacker 10 – Security Hacker

Computer security
Menu
  • Anonymity
  • Encryption
  • Mobile Phone
  • Other
  • Security

Protect your privacy with a no logs VPN!

Join WindScribe
Home
Other
Fake ISP HM Customs And Excise HQ UK Network
Other

Fake ISP HM Customs And Excise HQ UK Network

John Durret 2 June, 2016

I was looking at the server logs when I detected multiple visitors coming from the HM Customs And Excise HQ Network, the UK government agency in charge of collecting custom duties at the border. I became mistrustful of so many visits from the same government department, using IPs 163.172.209.46, 163.172.145.100, 163.175.5.218 and others in the same range.

The first thing I did was a traceroute and I found out that 163.172.209.46 was in fact not located in the UK but in France, I then looked at the host name, as you can see in the picture it reads watchme.tor-exit.network, at the URL there is a message displayed saying that they are Tor Exit Router.

Additionaly I reaserched open data with DuckDuckGo and I uncovered a customer of a VPN company complaining in a blog that his OpenVPN French node was being identified on the Internet as belonging to UK Customs and Excise. Futhermore, I have discovered numerous warez and porn websites like Yellowasians identifying themselves as being hosted by Her Majesty Customs and Excise HQ.

Fake ISP Customs And Excise UK

Fake ISP Customs And Excise UK

What happened here? I suspect the network administraror entered as an IP owner HM Customs and Excise HQ when in reality their hosting company is Online.net, a subsidiary of the Iliad Group, a French company renting dedicated servers in France, also being marketed as Dedibox.

Likely they are doing this to avoid being blocked, many data centers out there block Tor exit nodes and this way it makes them harder to spot, the hostname is not always labelled you would need a traceroute to know this is not a UK IP, another benefit is that with this French IP you should be able to watch online TV restricted to UK viewers like the BBC iPlayer, but malicious bots can also use the craft to gather information before a hacking attack or spam.

I don’t know if it is legal impersonating a government agency in the IP, that is for lawyers to say and it will likely differ from country to country. I am only posting the information to help out other webmasters seeing multiple visits from a UK government to their site, no, they are not monitoring you, it is a fake ID.

Reddit
Tweet
Email
Prev Article
Next Article

Related Articles

SSH in your browser with Chrome Secure Shell
Chrome Secure Shell is a terminal emulator, you can use …

SSH in your browser with Chrome Secure Shell

Brute force a Truecrypt volume with TrueCrack
Truecrack is an open source Linux only tool optimized with …

Brute force a Truecrypt volume with TrueCrack

About The Author

John Durret

2 Comments

  1. similar situation

    163-172-33-86.rev.poneytelecom.eu also encountered and appears to be a full scan bot

    17 January, 2019
    • hacker10

      Hello,

      I have seen the IP poneytelecom.eu at some VPN servers, this is definitely not a residential home.

      18 January, 2019

Hacker 10 – Security Hacker

Computer security
Copyright © 2025 Hacker 10 - Security Hacker
Privacy by TorGuard VPN