New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LowEndBox & LowEndTalk.
Comments
Well, @Mynymbox would disagree with their ASN being listed without any clear violation, SBL case opened or whatever. I would say there are reasons to suspect Spamhaus sometimes abuses their power, intentionally or not is another topic.
"Sovy Cloud Services" never announced a single prefix on its ASN, it served purely as a transit shell network. It was more than obvious what is going on.
And yes, they had multiple other transit services, from which they were promptly terminated.
Including the "LET host" that you are talking about, SMARTNET.
This is such a cope. How come no other provider has such "density" of criminal downstreams, as you?
You are single-handedly powering bulletproof hosting scene right now, all the way from "western" providers, to Russian forum hosts. I am not joking when I say, you are the most popular upstream of bulletproof hosts for a while now.
I refuse to believe that you are not aware who you are serving, and all the talk about you being an "internet critical infra", is insanity. You are nobody outside of criminal rings.
You are making Ecatel look legitimate, their network is much cleaner than yours. They are much larger than you, yet they manage to keep it clean with just one person.
Keep deflecting, I'm sure it will work great for your business. Everyone legitimate will quit, and you will be left with cybercriminals and pedophiles, which already are a big portion of your profit.
I doubt this thread will change any of your policies, but it will show everyone who are they working with.
It’s a free market. I explained why in this same thread. I don’t think I’ve ever suggested them doing anything illegal.
I avoid taking the bus whenever I can choose train instead. That doesn’t mean busses are illegal.
Not saying Aurologic is, but if a network is filled with substantially more shit than other networks because of their policies, I may choose to not be hosted there. Nothing illegal about that.
If someone can provide actual numbers showing Aurologic being overrepresented in hosting shit I’d appreciate it
Of course even if it’s showing they’re not
45 downstreams, out of which 15 are confirmed criminal hosts.
Aéza International Limited (bulletproof)
WAIcore Ltd (bulletproof)
Railnet LLC (bulletproof)
H2NEXUS LTD (bulletproof)
Global-Data System IT Corporation (bulletproof)
GLOBAL CONNECTIVITY SOLUTIONS LLP (abuse/fastflux)
Go Host Ltd (bulletproof)
Vladylsav Naumets (bulletproof)
Private-Hosting di Cipriano oscar (bulletproof)
Visafone Communications Limited (hijacked prefixes announced for months and used for proxies)
FEMO IT SOLUTIONS LIMITED (bulletproof)
SLAYER GROUP LIMITED (bulletproof)
49.3 Networking LLC (bulletproof)
Pfcloud UG (bulletproof)
Sovy Cloud Services (bulletproof)
33.33% of their downstreams
I guess the counter argument will always be ”if they’re illegal how come they exist riddle me that”
I have updated my post, missed a few ones
And that's just the hosts that I confirmed, there may be more that i didnt catch.
I have trolled Joseph in several other threads about facilitating Aeza, because it's just so brazen and obvious. Everyone, including himself, knows what's going on. Anyone going down the rabbit hole of "who is Joseph friends with" will have a good laugh as well (no, I am not suggesting he is friends with anyone at Aeza, but rather people with a similar modus operandi).
The difference between the people who came before Joseph and him is that he believes he is smarter and clever about it. To some degree, that's true. Still, the cracks are beginning to show.
I think its easier to notice than downstream distributing malware?
I can suggest that he indeed is, because I know more than I want to say publicly
He was notified about it a while ago, did nothing. We got them dropped from his upstreams though, such as Gcore.
They seem to be back now, by announcing smaller prefixes, still hijacked of course.
The ASN is also hijacked, that entity doesn't even exist anymore
https://techcabal.com/2024/08/19/mtn-liquidates-visafone/
You can clearly see what is going on here https://bgp.tools/rir-owner/F3628388
https://bgp.tools/prefix/41.71.128.0/17
Its operated by Dwight Meijers, whose real company is https://www.cloudto.nl/ (or rather, used to be, he also had AS215854 which has been re-allocated since)
He sold VPS on these hijacked prefixes as https://vp-s.cloud/
Laughable opsec, but that doesn't stop him from doing whatever the fuck he wants on Aurologic.
I can only report from my personal experience.
I'm also not sure if they would really have any benefit from blocking a provider for what ever reason.
However I think that they sometimes act like they are the internet police.
Probably makes something with you if you are the defacto default blocklist, and decisions are that poorly documented.
Could you provide proof for the "confirmation" of these? I namely can't find anything specific to hint to it's bulletproof nature.
I'd also like to add NETSHIELD LTD (AS49418) to the list just simply due to it's close connection to Railnet LLC, in terms of legal ownership.
https://nitter.net/spamhaus/status/1909230428470337734 (don't mind that its posted by Spamhaus, cause they admit to permitting malware in plain sight, when you contact them)
The rest, I will provide you with posts from cybercrime forums later, if I don't forget. Would have to look for it.
and GLOBAL CONNECTIVITY SOLUTIONS LLP is 4VPS/Morene which was discussed on this forum before, used by multiple fastflux networks.
Will leave it here, because I cannot stop laughing
This isn't really proof of anything, in my opinion. Is the likeliness of abuse on their networks higher because they advertise there? Yeah. Does that mean they don't take action, not really, no (unless they explicitly say so).
They're an hourly provider that doesn't KYC much -- that doesn't mean their bulletproof. There are multiple LET providers that could be used just as well to replace 4VPS in a fastflux setup.
Not sure about that, but we can ask @AS203446. When you were eating Joseph's Schnitzel (or was it the other way around, he was eating yours? I forgot), have you seen any signs of Joseph being compromised by Russia? I.e. anything about a secret lover named Masha, a distinct smell of vodka, or an exclamation of "suka" as a screwdriver fell into a rack )) ?
They literally sold bulletproof hosting on their site lol
It used to be called "loyal" or "Abuse" plan
https://archive.ph/YTDm4
I was not aware. Many kiss.
Lmao ”abuse plan”
Can someone dumb it down and tell me if we are praising or criticizing aurologic?
I can see how enabling cybercrime is bad. But cybercrime often overlaps with privacy (or piracy) related usage (eg: VPN/tor/dark-web), so, I'm not sure how to feel about this.
Straight from the fed's mouth, this is why we cannot have nice things.
Didn't notice any obvious signs or smell of vodka. The food was nice though.
Jokes aside, I think this discussion here is pointless, aurologic only needs to respond to requests from the authorities, not to requests from wannabe security researchers.
But I'll be honest: Sovy Cloud Services(Also known as Crazy RDP) was one of our customers for approximately 10 days. That was back in July.
The amount of abuse we received within these 10 days was the most abuse I've ever seen in the history of SMARTNET and all other companies I worked for in the past 8 years.
We then decided to terminate the service.
So it's hard to believe that other upstreams of Sovy Cloud Services(CrazyRDP) did not receive ANY abuse.
H2NEXUS does not offer bulletproof hosting.
Yet Joseph claims to have never received anything. Interesting
I can see why you are saying that, you are an upstream for a few bulletproof hosts yourself, including AnonRDP(Optibounce, LLC) and 62yun(ZhouyiSat Communications)
Still nowhere close Aurologic
Ah, competitors in the space? The recent drama suddenly makes much more sense.
They indeed are.
im lost, can someone explain what this is or tldr? thx
I think the exact same thing applies here:
ZhouyiSat handles abuse and I can confirm that. Intel shows that there is a lot of legitimate traffic originating from that network.
The question is if it's reason enough to terminate a service if someone claims to be bulletproof.
Honestly, both companies generate low amounts of abuse - similar to other downstreams. So I don't see any reason to terminate the services.
AnonRDP doesn’t sound suspect at all I definitely don’t see any certain clientele wanting anonymous RDP’s
@oloke @mandala any translators from "wannabe security researcher" to "fumo fumo"?
That someone, is themselves
