Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

MyLIR, Blake Shepherd, Twistic Limited & HostMyVM Ltd
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

MyLIR, Blake Shepherd, Twistic Limited & HostMyVM Ltd

PfcloudPfcloud Member
edited April 14 in Providers

Posting on behalf of a former MyLIR staff member due to accusions to both Pfcloud and the former staff

Hello,

This is a message from Apricot/Zenotrix (zenotrixian on Discord). On the 12th April 2024, Blake Shepherd "fired" me from my position of Administrator at MyLIR. Yesterday, 13th April 2024, he has now spread word that I am "untrustworthy" and related to a data breach that happened on the same day (today). I have worked with Blake for a long time now - and all I can say he's a nice guy - but he sacrifices his businesses for shitty little fraud. Today I will expose all of Blake Shepherd's businesses - and how MyLIR's audit was caused by Blake stealing RIPE LIR Accounts and attempting to transfer them to his own lir. Let's start from the beginning ~ I initially found MyLIR via some of my friends and I was interested in buying an ASN from them - as they are coincidentally resold by Plasma DC Solutions LLC (trading as PlasmaRack.com) and they had some of the cheapest prices with them. I got the chance to get my first ASN for free with the Free ASN Promotion ran in Oct/Nov 2023. MyLIR provided me with my first glimpse of the networking field, and I am forever grateful to Blake for giving this chance. Move forwards December - MyLIR opened Staff Applications - and I was accepted — without a NDA (Non-Disclosure Agreement). None of the staff signed a Non-Disclosure Agreement - I shrugged it off.

I was involved in the day-to-day running of MyLIR - responding to tickets and successfully completing LIR duties for customers. However, on or around the 19th of December 2023 - I saw in the RIPE LIR Dashboard that a transfer of one IPv4 /24 Subnet and one IPv6 /29 Subnet (worth around 9500€ + 2500€). I initially asked Blake and he said that he bought the IP Resources for 6000-8000€ altogether (this is extremely cheap for something worth 12000€). Multiple of the same type of requests also appeared on the same day - from many LIRs - including transfers from uk.serizy, uk.serizy1, uk.gaussman1, uk.lobos1. This amounted to over 50000€ worth of attempted stolen IPv4/IPv6 Resources. Fortunately the RIPE NCC blocked many of these requests - except one from uk.serizy -- Blake successfully stole 185.34.101.0/24. He then leased this prefix to wiggy (Colten Lange, owner of Plasma DC Solutions LLC also known as PlasmaRack.com), a known reseller of Twistic/MyLIR by then - you can see the prefix 185.34.101.0/24 was used for this purpose by looking at BGP History (see this on bgp.tools @ https://bgp.tools/prefix/185.34.101.0/24) - and looking at the transfer history by using RIPE NCC data. Foremost remember that wiggy did not know that he was leasing these prefixes. I will release the transfer agreements relating to this in due course.

Aside from that, Blake required a PayPal for MyLIR - so he did a pretty little announcement and asked for somebody to accept PayPal. The owner of Pfcloud (Aggro) offered to help him. To help Blake accept PayPal Payments, he was added to MyLIR's WHMCS Administrator Dashboard (https://billing.mylir.co.uk/A3min/) with the username "aggro" and the password "aggro" - the account being with FULL ADMINISTRATOR PERMISSIONS. This allowed somebody else to access his customer's data again without no Non-Disclosure Agreement in sight, and if anybody further knew that Aggro's paypal was being used they could have easily logged into the WHMCS and downloaded a WHMCS SQL dump causing major issues for the company. Additionally, Blake's use of different PayPal Accounts not owned by him is against PayPal's Terms of Service. A few months after Aggro added his PayPal, Blake was successfully accepted into the UK VAT program on HostMyVM LTD and he created a PayPal Account on behalf of HostMyVM LTD, which was used on behalf of MyLIR, which again is against PayPal TOS. He additionally claimed that he does not need to pay for VAT on HostMyVM LTD even though he WAS REGISTERED FOR VAT and is ACTIVELY ACCEPTING payments under that LTD. Shortly after he was termed from PayPal with both his personal+business accounts since he used the same number for all of them (LOL). He has also been doing money laundering - merging his salary from his job working at Tesco and MyLIR's little income into his bank account and paying the server invoice from Scaleblade. He has also been reporting MyLIR's income improperly with the government for Corporation Tax reasons etc.

I was interested how so many transfers were sent to the LIR at a short amount of time knowing that MyLIR has only made around €3000 in its whole lifetime. I asked Blake again and he folded - he confessed that he was hijacking RIPE NCC LIR Accounts using a certain method. He looked for emails which correlated with active RIPE LIR Accounts (notify field in maintainer objects from the RIPE NCC Database ~ https://apps.db.ripe.net) - and then checked if the email domain was registered or not. If the email domain was not registered, he used an exploit within IONOS's billing system to register free domains anonymously (more to come on this topic later) and either setup Cloudflare on the newly registered domain on the same Cloudflare account used for MyLIR and all of Blake's other domains ("nslookup -q=NS mylir.co.uk" and "nslookup -q=NS lobosnetw.com", you will see) OR setup IONOS' integrated mail system to redirect all emails from that domain to Blake's email address. I only know the exact scheme because they told me this in Discord VC. During this time, Blake also deleted all products in WHMCS causing people to have free 5€/year VMs forever (currently, MyLIR is literally losing money because they have a dedicated server in London).

After this, they did this for a few months - hijacking many LIRs such as tj.orioninvest (now defunct). This went on until the owner of the LIRs uk.serizy, uk.gausmann1 & uk.lobos1 (They are all owned by a Spanish Investment Company "Rock Internet S.L.", if you see this hi David!). This went on until Rock Internet dba Arkeero found out that their priceless LIR accounts have been stolen after the huge Orange Spain incident (This was not done by Twistic) - RIPE enforced 2FA shortly after this so RIPE LIR Hijacking so their methods became useless) started to report to RIPE that these IP Resources was wholeheartedly stolen and RIPE issued a reversal towards the transfer - Blake tried to send. This went on until the RIPE NCC had enough with the fraudulent requests (all requests asked for KYC except two, 1x IPv4 /24 (leased for 110€ per month to Colten) and 2x IPv6 /29s which were split into /32s sold to a botting customer) and created an audit season for MyLIR which has nearly taken up a quarter of the year at this point. You can look at RIPE DB logs and BGP Announcement History for AS60858, AS210912 and AS57870/AS59993 for more information.

Very recently (Week beginning 08/04/2024), they hijacked an APNIC account "HABIB OIL MILLS (PVT) LTD" with the prefix 103.121.40.0/22 (again; see bgp routing history for more - they announced this prefix ON THEIR MAIN ASN AS60858 to their MAIN UPSTREAM Scaleblade LTD). This got reported by Manuel to Scaleblade Ltd who is evidently kicking them out - they are moving to HyberHost - a customer I once served on behalf of MyLIR for their AS51692. APNIC has been contacted for further comment - and they have notified individuals that they are reporting this incident to the RIPE NCC.

MyLIR has also created a backlog of ASNs (not even profiting from this - as they supposedly are giving this precious resource out for FREE even without having a LIR THAT ACTUALLY WORKS) - to the people . They also got banned from PayPal multiple times - and now they are using Civilized Hosting LLC's PayPal, soon to be terminated as none of the staff are competent at this point.

From this, I recommend you to not use MyLIR for anything - Your data is not safe with them at all, and its ran by kids in its entirely. Your data is not secure at any point as it is shared by multiple people with no sort of contract between the company and the staff members.

Pfcloud will provide ASN Sponsorship for any existing ASN that is currently using Blake's LIR without charge.

Thanked by 1helloitsmeagain
«1

Comments

Sign In or Register to comment.