New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Aurologic accused of being a major actor in enabling cybercrime
This discussion has been closed.
Comments
I agree. It might not be the same to advertise protect yourself against censorship as a non-profit than it is to advertise ”we allow hosting everything” as a way to profit off of this ”everything”.
Everybody that runs a Tor node facilitates crime. I get your point, but just because they advertise their service as "bulletproof" does not mean we need to take action.
I know that they do handle abuse reports and as previously mentioned, the amount of abuse is lower than most other VPS providers.
You seem stuck on the word bulletproof. They openly advertise they allow everything and you were fine with it. You profited off of it. It’s not the same as Tor and the comparison is laughable.
It seems you can get away with so much by registering some shell company, get an asn, establish BGP session, and as long as you handle the abuse reports yourself. There is no issue.
Don't forget an upstream that's willing to facilitate your activities as long as you pay your bills on time.
Going back to this list, I would like to exclude following hosts since I was too quick to label them bulletproof
WAIcore Ltd (had problematic resellers in the past, doesnt seem to be the case anymore)
H2NEXUS LTD (i remember strong ties to Aeza, but thats not enough to classify them as such)
Private-Hosting di Cipriano oscar (not bulletproof, more like heavily abused and slow to react, they got added to Spamhaus drop list a month ago, so "abuse" is a better classification)
Everything else, I stand by 100%
I will flag my previous post so the staff can correct it.
So the new total is 13 abusive downstreams, ~29%.
I thought H2Nexus, in a practical sense, is Aeza?
If anyone know if that’s not the case or can confirm that, I’m all ears.
No, they are not.
H2Nexus is not Aeza.
That I know. That’s why I said ”in a practical sense”. I’m more interested in what others have to say about that, to be honest.
Care to comment on abuse coming from CrazyRDP? I thought you didn't receive anything, but @AS203446 claims it was the most abuse he has ever seen.
So which one is it? You cannot really say you didn't do due diligence when your inbox is flooded with abuse reports for illegal shit.
Got this sent to me, please correct if anything is wrong or misleading, preferably in DMs if you wanna make sure it's edited. I’m not the author, but I found it interesting.
Again, please don't take the below as facts, instead, take it with a grain of salt, do your own research.
Bulletproof and Malicious Hosting Providers
Aéza International Limited (bulletproof)
WAIcore Ltd (bulletproof, aurologic is their ASN sponsor LIR)
Railnet LLC (Daniel Mishayev aka Pfcloud/Whitelabel Solutions MAYBE related, disputed)
Hosts a lot of malware:
- urlhause: https://urlhaus.abuse.ch/asn/214943/
-
- https://gbhackers.com/russian-hackers-leverage-bulletproof-hosting/
H2NEXUS LTD (bulletproof, disputed)
Hosts some malware, not that much:
- urlhause: https://urlhaus.abuse.ch/asn/215730/
GLOBAL CONNECTIVITY SOLUTIONS LLP (abuse/fastflux)
Go Host Ltd (bulletproof)
Hosts a proxmox machine for Pfcloud, no other information.
Visafone Communications Limited (hijacked prefixes announced for months and used for proxies)
Enough information about wide scale hijack with ~14k IPs being used for NexusNet residential Proxies.
Pfcloud UG (bulletproof)
DMCA Ignored ZMAP allowed no KYC hosting providers
Already did that, no abuse floods were caused by that downstream nor did we know about something called CrazyRDP being on our network. Continous and desperate asking doesnt change facts, instead it questions sanity.
Remember, this was back in July, I don't know if anything changed between July and November. I'm not trying to blame aurologic here by saying: Hey look, we received a lot of abuse and they didn't. Obviously it could be the case that they did indeed receive a lot of abuse but it could also be totally different.
I remember that CrazyRDP was using like three AS numbers and at least one of them was upstream of the other two. Maybe they changed their structure to keep their upstreams for a longer time after we shut them off?
Deflected. Non-credible, no complaint received. Freedom of speech.
/s
Anything for 200. Any Thing. ANY.
Its 0xhost.net, I know someone who has reported CSAM forum to them, and they didn't take it down.
They also serve as Slovenia location for Pfcloud.
They are also NL location for AnonRDP
As I said above, seems like it was a bad actor reseller, network doesn't seem to have much abuse now.
H2NEXUS does not offer bulletproof services.
I've added disputed next to it, but honestly it's hard to define really because it's not a legal nor a very clear term. Between suspending immediately on any abuse to completely ignoring anything, there's lots of ways in between, where exactly one draws the line for that term is subjective really.
It's also quite a shit term.
I don't think Daniel Mishayev is related to Railnet LLC nor do I think that PfCloud is related to them.
Thx, added disputed there as well, you probably know better than me.
mnt-ref: WHITELABEL-MNT
Whitelabel Solutions, Ltd. is an Israeli company owned by Pfcloud, it previously served as a transit network for AnonRDP, and a network for spoofing thanks to their TATA port.
They might use the same LIR but I don't see any connection between them.
I was talking about Railnet being connected to Whitelabel/Daniel or Pfcloud. That is not the case.
Their company literally has another Pfcloud company listed as an agent
Railnet?
Yes
https://sosbes.sos.ky.gov/BusSearchNProfile/Profile.aspx/?ctr=1365818
And also, since we're on the topic:
I see. But I guess Whitelabel just got them the LLC, I was talking about their operation, not related.
Upstreams
AS51396 - Pfcloud UG
idk bro
The LLC, the ASN, the transit... It's just a big coincidence guys!