Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

In this Discussion

New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

A deeper look into DataPasa: BGP Routing, Russian linked upstreams, and a Paraguayan individual

Hi everyone,

I did some deeper network forensics on DataPasa Limited before deciding whether to use their services, and I wanted to share some documented architectural findings with the community.

While they advertise themselves as a clean UK Limited operating on budget infrastructure in Germany, a look into their actual BGP routing reveals a complex, single homed network setup that replicates classic bulletproof and state linked routing obfuscation patterns:

1. The ASN & Paraguayan Registration

DataPasa is exclusively announced via AS199566 (DATAPASA-AS). According to BGP.tools for AS199566 and the official RIPE NCC WHOIS Database, this Autonome System is not registered to the UK company, but to a private individual named Artem Lomakin, with a registered legal address in Encarnación, Paraguay.

Crucially, the official RIPE registry lists NETSHIELD LTD as the explicit "sponsoring-org" for this ASN. This proves that DataPasa did not just randomly buy transit from them, but relies entirely on Netshield as their upstream LIR to maintain their cryptographic network resources in the RIPE region.

2. The Single Homed Upstream (Netshield Ltd)

DataPasa's AS199566 is completely single homed behind NETSHIELD LTD (AS49418). Netshield is officially a UK shell entity registered at UK Companies House (Company Nr. 14769288) using corporate mailbox addresses (128 City Road / 71-75 Shelton Street). However, looking at their official network records (as indexed via public WHOIS scraping mirrors like ipinfo.io for AS49418), their primary administrative contact number is a Russian mobile phone starting with the country code +7 (+79029519859).

3. The Sanctioned Infrastructure & "Doppelgänger" Connection

Looking at who provides transit to Netshield (AS49418), the rabbit hole leads directly into officially flagged and sanctioned Russian cyber infrastructure:

  • Aeza Group & Aurologic GmbH: Following Western compliance pressure and data center expulsions, the US sanctioned Russian bulletproof provider Aeza Group LLC offloaded massive amounts of its malicious traffic to Aurologic GmbH (AS30823) and Netshield Ltd, which effectively acted as their Western European proxy network. This transition and the systemic handling of malicious infrastructure have been extensively documented by the Recorded Future Insikt Group Report.
  • DDoS-Guard.ru (AS49612): Netshield's peering with DDoS-Guard has been forensically linked by independent investigative groups to the technical infrastructure used to tunnel and shield the Kremlin-backed "Doppelgänger" disinformation campaign from Western legal takedowns, as detailed in the Qurium Media Foundation Investigation.
  • BiMajLink d.o.o. (AS62255): A company legally registered as a shell in Ljubljana, Slovenia, but officially managed and directed by Russian national Yury Gavrilov, serving as a primary BGP transit bridge to funnel traffic from Russian networks into Western Europe, visible via public routing tables on BGP.tools for AS62255.

Live Network Verification (Traceroute from Frankfurt)

To verify how DataPasa handles their infrastructure, I ran a traceroute directly from a server located at a major Frankfurt routing zone straight to DataPasa's IP (144.31.38.254). To maintain operational security, the source infrastructure hops have been anonymized, but the edge routing is fully transparent:

 1  * * * ([REDACTED] Local German Datacenter Edge)
 2  * * * ([REDACTED] Frankfurt Exchange Routing)
 3  100.65.91.1 (Internal Carrier Routing)
 4  gnm-ix-eu.7280qr-1.eqx8.fra.as49418.net (178.18.236.208)  1.021 ms
 5  109.206.242.89 (109.206.242.89)  1.026 ms
 6  109.206.242.43 (109.206.242.43)  1.895 ms
 7  45.89.62.23 (45.89.62.23)  1.601 ms
 8  10.101.17.3 (10.101.17.3)  7.556 ms
 9  144.31.38.254 (144.31.38.254)  7.424 ms

Technical Breakdown of the Traceroute:

  1. The Netshield Handover (Hop 4): At a sub-millisecond level (1.021 ms), the traffic is instantly handed over to NETSHIELD LTD (AS49418) at the Frankfurt exchange point. DataPasa does not use native Hetzner routing at the edge.
  2. The Internal Pipeline (Hop 5-7): The packets route through Netshield's internal Frankfurt infrastructure (45.89.62.23).
  3. The Private Tunnel (Hop 8): At Hop 8, we see a private IP address (10.101.17.3) accompanied by a sudden latency jump of ~6ms. This proves a private GRE/WireGuard backbone tunnel. Netshield is backhauling the traffic from Frankfurt directly to the physical server backend.
  4. The Target (Hop 9): The total round-trip time of 7.4 ms perfectly aligns with physical hardware sitting in a regional German datacenter (like Hetzner Falkenstein).

Compliance & Transparency Considerations

Since DataPasa is single homed behind Netshield, 100% of the traffic to and from their servers relies entirely on this specific routing chain.

Just putting these routing facts out there for anyone doing their due diligence on new providers.

Would love to hear the community’s thoughts on this specific setup, or perhaps a statement from @datapasa regarding their choice of upstream providers and network asset registration.

Thanked by 2oloke emg88

Comments

  • zGatozGato Member

    as soon as you see NETSHIELD LTD upstream = you know the deal

  • conceptconcept Member

    sounds about right.

Sign In or Register to comment.