216.73.216.133

Inside the Bulletproof Hosting Network Behind 16,000+ Fake Shops

· Published 27/04/2026 18:16 · Modified 27/04/2026 16:31

Export JSON

Essential information

Published
27/04/2026 18:16
Modified
27/04/2026 16:31
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
afrinic autonomous systems bulletproof hosting counterfeit goods e-commerce fraud fake shops fibergrid shell companies stolen ip addresses
Tags
2026-04-27 afrinic autonomous systems bulletproof hosting counterfeit goods e-commerce fraud fake shops fibergrid shell companies stolen ip addresses
Related entities
9 indicators, 9 observables, 15 techniques (mitre), 10 others

Description

has operated as a provider for nearly a decade, currently hosting 16,700 active fraudulent e-commerce sites. The network exploits stolen African IPv4 address space worth $20-25 million, originally acquired through improper registrations. Despite claiming Seychelles-based operations, multilateration analysis reveals infrastructure concentrated in the United States, United Kingdom, Netherlands, Canada, and other Western countries, primarily within Equinix data centers. operates through a complex web of UK and Estonian using multiple to evade detection and enforcement. constitute 70% of malicious activity on this infrastructure, targeting consumers through search engines and social media with and payment fraud schemes. Disruption opportunities exist through upstream provider intervention, regional internet registry action, domain-level takedowns, and indicator sharing with security providers.

External references