New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
asn.haus - threat reporting for whole asns
I made a small site where you can report ASNs for malicious activity. its right now in alpha state because i need a lot of testing, dont expect reports to stay forever. i created it due to spamhaus just not being community based and i thought its just missing. the name is obviously stolen from urlhaus, huge kudos to them.
another site i wanna just leave here is spamshit.org, a good friend made it ^^
i hope i can get a bit of feedback on it and what i could improve. also please tell me if you find issues.
i didnt make one for ips since abuseipdb exists even though it needs a rework since the reports are not very reliable..
Comments
https://submit.spamhaus.org
???
Can't make this shit up lol
https://krebsonsecurity.com/2023/03/german-police-raid-ddos-friendly-host-flyhosting/ (this is OP)
What the fuck are you even doing anymore? Team up with Elad Cohen, I'm sure he would appreciate a buddy to grift with.
Team "Fuck Spamhaus" isn't sending their best, so far.
Since you seem to be too stupid to provide proof for your statements, I'll do it for you.
AS202437 is FlyHosting's ASN. FLYHOSTING LTD has "Julian ACHTER" as the director, which is OP.
https://ipinfo.io/AS202437
https://find-and-update.company-information.service.gov.uk/company/14523194/officers
Treesmokah, if you go out of your way to make burners, at least make them worth while by making people trust your statements at least a tiny lil bit.
Reguards.
-
Please ban all ASNs but exclude mine. Thank you. 🫣
@emgh
always needs verifying by spamhaus, never does shit
past is past, got dropped anyways. No lawsuit nothing
We both would agree that trusting third-party reporters as their report is 100% genuine is the worst idea possible (see abuseipdb being spammed by "tcp syn portscan" type of bs reports).
thats exactly why port scans arent something that can be reported. and i can always delete stuff that is invalid. its also why reporting via api isnt possible
another wrong idea. you can report port scan, but only if you have evidence that it can't be spoofed, tcp handshake is a savior. but arguably some might call this activity "banner grabbing", however I do think that it is still can be categorized as port scan
Do you expect anyone report each SSH bruteforce manually? What is the point then? It makes sense only if you run CERT/CSIRT and consider an information security incident something that actually breached the system, but asn.haus doesn't look like one
a tcp handshake is usually not being used for scanning, zmap and masscan use tcp syn.
you can only report an asn once, all further reports require you to edit your previous report
also obviously not everything is fully done yet, it states in post this is alpha. i am lookinf for bugs and having real people try it is the best way
This is gay, especially coming from this german.
Please read first paragraph of my previous post. It already addresses your concern.
How would you distinguish between cases when big cloud providers are abused from different IP addresses (but handled/taken down fast) without accounting for IP addresses? Also, what happens on AS number reassignment to another party?
you are right you confirmed that but i think its fine to set that under intrusion attempts
i have the ability to lock certain asns of being reported. while this destroys the free reporting its sometimes needed. i dont really know yet how to account for it, thas true.
on reassignments the user can request removal of all reports
im sorry it happened. i can change my past
I think he meant that it looks like conflict of interests given your background.
Spamhaus aren't saint either, but your alternative raises some good concerns as well and you will need to prove your worthiness first. Have a good luck with that!
wel im trying my best with as many projects as possible that could be useful, spamshit isnt by me but its kinda funny. they arent forgiving either. it will take time to gain a fair reputation again but at least im out of that stuff and want to continue legitimate
I don't think it is good for you or projects. Focus on one single thing and do it well.
As for spamhaus, so far I think they made the best efforts in lowering adoption by partially closing their DNSBL for big cloud networks like OVH, Hetzner, Azure etc... But if they took that decision, they might still have a bunch of well-paying corporate customers using their threat intelligence (and not for free!).
No you can't.
Please allow ip to search and convert it to ASN number automaticly.
Will help a lot.
if they would just actually have anything to do with the community..
i am mostly focused on al.uy yes, but some side ones dont hurt right?
ig my past will even in 10 years get back to me. i made mistakes and they happened. im happy it all got dropped but i want gain that rep back. i will never stop trying though
i am open for any suggestion or anything people might need more
i mistyped that, i meant i cant
oka
Sure it doesn't, but our time is limited as well as life energy. One need to sleep, touch grass *cough-cough* personal life, and meaningfully manage project stuff. Only you can decide how many is acceptable for you.
Just a friendly reminder to not take too much responsibility and duties that you can't handle.
this is true but at least i got a few friends to help with asn.haus
hopefully thatll work for now
added that thanks
Also means you can't change your future, you fucked up, you're doomed, you're fucked.
What is wrong with you? 🤨
LET'S ROCK !!! TY