Fibergrid has operated as a bulletproof hosting provider for nearly a decade, currently hosting 16,700 active fraudulent e-commerce sites. The network exploits stolen African IPv4 address space worth $20-25 million, originally acquired through improper AFRINIC registrations. Despite claiming Seychelles-based operations, multilateration analysis reveals infrastructure concentrated in the United States, United Kingdom, Netherlands, Canada, and other Western countries, primarily within Equinix data centers. Fibergrid operates through a complex web of UK and Estonian shell companies using multiple autonomous systems to evade detection and enforcement. Fake shops constitute 70% of malicious activity on this infrastructure, targeting consumers through search engines and social media with counterfeit goods and payment fraud schemes. Disruption opportunities exist through upstream provider intervention, regional internet registry action, domain-level takedowns, and indicator sharing with security providers.