All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
A deeper look into DataPasa: BGP Routing, Russian linked upstreams, and a Paraguayan individual
darkmaster
Member
Hi everyone,
I did some deeper network forensics on DataPasa Limited before deciding whether to use their services, and I wanted to share some documented architectural findings with the community.
While they advertise themselves as a clean UK Limited operating on budget infrastructure in Germany, a look into their actual BGP routing reveals a complex, single homed network setup that replicates classic bulletproof and state linked routing obfuscation patterns:
1. The ASN & Paraguayan Registration
DataPasa is exclusively announced via AS199566 (DATAPASA-AS). According to BGP.tools for AS199566 and the official RIPE NCC WHOIS Database, this Autonome System is not registered to the UK company, but to a private individual named Artem Lomakin, with a registered legal address in Encarnación, Paraguay.
Crucially, the official RIPE registry lists NETSHIELD LTD as the explicit "sponsoring-org" for this ASN. This proves that DataPasa did not just randomly buy transit from them, but relies entirely on Netshield as their upstream LIR to maintain their cryptographic network resources in the RIPE region.
2. The Single Homed Upstream (Netshield Ltd)
DataPasa's AS199566 is completely single homed behind NETSHIELD LTD (AS49418). Netshield is officially a UK shell entity registered at UK Companies House (Company Nr. 14769288) using corporate mailbox addresses (128 City Road / 71-75 Shelton Street). However, looking at their official network records (as indexed via public WHOIS scraping mirrors like ipinfo.io for AS49418), their primary administrative contact number is a Russian mobile phone starting with the country code +7 (+79029519859).
3. The Sanctioned Infrastructure & "Doppelgänger" Connection
Looking at who provides transit to Netshield (AS49418), the rabbit hole leads directly into officially flagged and sanctioned Russian cyber infrastructure:
- Aeza Group & Aurologic GmbH: Following Western compliance pressure and data center expulsions, the US sanctioned Russian bulletproof provider Aeza Group LLC offloaded massive amounts of its malicious traffic to Aurologic GmbH (AS30823) and Netshield Ltd, which effectively acted as their Western European proxy network. This transition and the systemic handling of malicious infrastructure have been extensively documented by the Recorded Future Insikt Group Report.
- DDoS-Guard.ru (AS49612): Netshield's peering with DDoS-Guard has been forensically linked by independent investigative groups to the technical infrastructure used to tunnel and shield the Kremlin-backed "Doppelgänger" disinformation campaign from Western legal takedowns, as detailed in the Qurium Media Foundation Investigation.
- BiMajLink d.o.o. (AS62255): A company legally registered as a shell in Ljubljana, Slovenia, but officially managed and directed by Russian national Yury Gavrilov, serving as a primary BGP transit bridge to funnel traffic from Russian networks into Western Europe, visible via public routing tables on BGP.tools for AS62255.
Live Network Verification (Traceroute from Frankfurt)
To verify how DataPasa handles their infrastructure, I ran a traceroute directly from a server located at a major Frankfurt routing zone straight to DataPasa's IP (144.31.38.254). To maintain operational security, the source infrastructure hops have been anonymized, but the edge routing is fully transparent:
1 * * * ([REDACTED] Local German Datacenter Edge)
2 * * * ([REDACTED] Frankfurt Exchange Routing)
3 100.65.91.1 (Internal Carrier Routing)
4 gnm-ix-eu.7280qr-1.eqx8.fra.as49418.net (178.18.236.208) 1.021 ms
5 109.206.242.89 (109.206.242.89) 1.026 ms
6 109.206.242.43 (109.206.242.43) 1.895 ms
7 45.89.62.23 (45.89.62.23) 1.601 ms
8 10.101.17.3 (10.101.17.3) 7.556 ms
9 144.31.38.254 (144.31.38.254) 7.424 ms
Technical Breakdown of the Traceroute:
- The Netshield Handover (Hop 4): At a sub-millisecond level (
1.021 ms), the traffic is instantly handed over to NETSHIELD LTD (AS49418) at the Frankfurt exchange point. DataPasa does not use native Hetzner routing at the edge. - The Internal Pipeline (Hop 5-7): The packets route through Netshield's internal Frankfurt infrastructure (
45.89.62.23). - The Private Tunnel (Hop 8): At Hop 8, we see a private IP address (
10.101.17.3) accompanied by a sudden latency jump of ~6ms. This proves a private GRE/WireGuard backbone tunnel. Netshield is backhauling the traffic from Frankfurt directly to the physical server backend. - The Target (Hop 9): The total round-trip time of 7.4 ms perfectly aligns with physical hardware sitting in a regional German datacenter (like Hetzner Falkenstein).
Compliance & Transparency Considerations
Since DataPasa is single homed behind Netshield, 100% of the traffic to and from their servers relies entirely on this specific routing chain.
Just putting these routing facts out there for anyone doing their due diligence on new providers.
Would love to hear the community’s thoughts on this specific setup, or perhaps a statement from @datapasa regarding their choice of upstream providers and network asset registration.

Comments
as soon as you see NETSHIELD LTD upstream = you know the deal
sounds about right.
And the problem here is? The sanctions? Or is there something technically problematic about their infrastructure?
Fair enough, for a cheap sandbox, nobody cares about SLAs.
But let’s be real, this isn't standard budget hosting. Setting up a UK shell company, registering an ASN to a private individual in Paraguay, using a Russian phone number, and backhauling traffic through a high risk proxy tunnel is an insane amount of operational gymnastics just to sell low-cost VMs.
Even for a toy box, that blueprint is incredibly sketchy.
Since when does Hermes Agent have a LET plugin?
100 pages on a bunch of guys running typo domains spreading nonsense. Now if you could trust your citizens to recognize that nyt1mes.com might not be the real thing but...
+7 is used by all ex soviet countries including KZ. The following number after the 7 indicates this is not a Russian number, this is Kazakhtelecom.
Sure but nothing illegal? Do you have any proof of illegal activity? Spying is not illegal in most of West EU if you dont affect the host country and hosting propaganda in Germany is at this time not really a crime yet.
Aurologic GmbH != Aeza Group
If anything this thread is solid advertising for them, yes the network setup is very nice with a sigle switch or router in DC and replicates Cyberbunkers tunnel setup (hopefully this time the police does NOT have the address).
Congratulations, you found an average ex-CIS hosting provider that simply doesnt give much shit about EU laws. There is literally hundreds of them since the war.
A good clickbait article. NetShield LTD is indeed our front company and upstream provider purely because of its low cost.
DataPasa Limited and Artem Lomakin, an individual, are quite directly connected (at the very least, I am the director of DataPasa Limited and hold Paraguayan residency).
If you don't know what you're talking about, it's better to stay silent. The country code +7 is used only in Russia. Kazakhstan has the code +77, and other post-Soviet countries have different codes altogether.
joj you idiot should have just shut up, now you made a sanctions violation by dealing with Russia.
I don't recall a time when British companies were subject to sanctions.
I understand that it’s hard to set aside your own Russophobia and read your own laws, which allow Russian citizens to register companies in the United Kingdom and conduct business there.
Hi.
We do not provide any services to Aeza, and we are certainly not acting as some kind of Western European proxy network for them.
The Recorded Future Insikt Group report says nothing about Netshield beyond a single mention in the "Active Networks Linked to aurologic" section, which simply lists all of aurologic's customers. We are just one of aurologic's clients, nothing more.
Netshield is a small IP transit provider serving a couple dozen hosting providers (https://bgp.tools/as/49418#downstreams). None of our clients have any active, persistent listings on Spamhaus, abuse.ch, or other abuse/spam databases.
If you do find something, feel free to email us at [email protected] and it will be handled. But you won't find anything, because what you're trying to find simply doesn't exist.
I'd also like to add that Netshield, its founders, and all of its clients are NOT under US, EU, or any other country's sanctions.
Free Advertising for you guys @datapasa @uk_netshield
For some reason, you’re making up facts that aren’t true and mixing up the contact information for NETSHIELD LTD and DataPasa Limited.
DataPasa Limited is not a shell company; we pay taxes in the UK, and all funds are received through Stripe into a UK bank account in a completely legal manner.
The UBO is a Russian citizen residing in the Republic of Paraguay, and DataPasa Limited’s contact information matches the company’s and the UBO’s place of residence.
u or AI did it?
Wow, this thread blew up faster than expected, but thank you to the providers for the absolute transparency and for confirming my forensic facts while claiming I am "making them up."
Let’s look at what @datapasa has explicitly admitted to the community so far:
1. You called NetShield your "front company" and upstream provider.
2. You confirmed the UBO is a Russian citizen.
3. You confirmed you hold Paraguayan residency, which aligns with the ASN registration to a private individual in Encarnación, Paraguay.
Paying UK taxes and having a Stripe account does not magically change your network architecture. A multi jurisdictional split (UK incorporation, Paraguayan asset registration, Russian ownership, German hardware) routed entirely through a single homed proxy tunnel is the textbook definition of an obfuscated setup designed to split legal liability and evade Western legal or abuse accountability.
@uk_netshield You claim you don't provide services to Aeza and are just a standard client of Aurologic, but live routing tables completely expose that defense. Your active BGP records show direct, bidirectional peering sessions with both Aeza Group LLC (AS216246) and Aéza International Limited (AS210644). You are not casually separated from them; you are actively exchanging traffic with them at the edge, as publicly indexed right here: https://bgp.tools/as/216246#connectivity
Furthermore, saying you are a small provider completely ignores your routing footprint. Your network is deeply intertwined with major high risk pipelines, maintaining active peerings with DDoS-Guard (AS49612), Rostelecom (AS12389), MegaFon (AS31133), and Vimpelcom (AS3216).
Claiming your network and clients face no sanctions risk is pure gaslighting when your official @as49418 twitter account publicly posted screenshots of your own banking accounts being frozen by the UK sanctions regime less than a year ago (August 7, 2025). Why lie to the LET community about your regulatory status when your own public announcements contradict you?
@William Thanks for the confidently incorrect telecom facts, but even @datapasa had to correct you. The +7 902 block is strictly a Russian mobile allocation (Tele2/Rostelecom), not Kazakhstan.
@DonnMo You are exactly right, this is fantastic advertising, but only for a very specific crowd. For users explicitly hunting for bulletproof setups or DMCA-ignored hosting to bypass Western legal reach, this is a goldmine.
Bottom line: If you just want a $2 toy box or a grey hat sandbox, go for it. But for anyone doing serious vendor due diligence for legitimate production infrastructure, the providers themselves just explicitly confirmed that this network is an absolute, non transparent operational minefield already facing active financial sanctions disruptions.
Grab the popcorn, the facts are on the table.
OK, so they are a little sketchy but where's the part that'll increase the value of my popcorn shares?
Who pissed in OP's cereal today?
It's been a long time since I've seen such AI slop.
I think you just don't understand anything about networks and how IX works. By the way, you can check out the peering arrangements of many European carriers—there's a high probability they'll also have connections with Aeza, Megafon, and other Russian companies.
I think you’re trying to find logic where there isn’t any.
I am a citizen of the Russian Federation who physically lives in Paraguay and holds Paraguayan residency (obviously). Since doing business in Paraguay is inconvenient and rife with corruption, I registered my business in a more convenient jurisdiction—the United Kingdom.
ASN is registered to an individual because it was registered before the legal entity DataPasa Limited was established.
The complaint about the hardware in Germany is strange in principle, since many hosting providers have hardware in Germany.
@datapasa a small offtopic question, you said you were running pureservers.org previously? were you the only one running it?
what happened to it? did you dissolve it completely? are you still running it?
what's up with this HK ASN?
https://ipinfo.io/AS214172
@datapasa i need a illicit activity, OK? Scan s allow at Hetzner location?
Yes, but i sold it.
We do not permit illegal activity or activity that generates high network traffic.
How did you have .by and a Belarusian ASN? Aren't you a Russian citizen?
This ASN still have subnets under your name ._.
https://ipinfo.io/AS214172
And also uses Netshield (not a surprise at this point)
I lived in Belarus for a while.
Only smol scan. I pay crypto. Thanks.