New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Not only did they stop hosting c2/phishing/mawlare, but they also stopped false-flagging people's cat picture imageboards and edgy political commentary sites commenting on government corruption!
Got curios and did check spamhaus myself and they seem to actually be pretty sure its, at least for the given range, due to snowshoe spam. with a list of 167 entries
Edit: i did check some of the entries against other dbs, the couple ones i checked had 0 reports, bit odd
Edit2: even on crowdsec, there are only 8 ips listed from that range, with the expected tor exit tags and the obvious fallout of tor crap that comes along.
So, this is known malware and c2 host? Shouldn’t be banned from let?
Yeah thats not a good argument to make bud
That wasnt an argument, im taking the piss, obviously. lmao
Your taking the piss argument is not the one you want to make...
Yeah keep believing that. Track record and actions don't lie, words do.
Oh no, will there be consequences for that as well? Im still waiting for the ones those evildoers got, that do spread malware and setup those c2/phishing pages.
Yes, Denial of Service by planting evidence and reporting it to relevant stakeholders is surprisingly common
This is rather entertaining
They got removed like 8 days ago
https://imgur.com/sO19tkm
but still do crap
https://imgur.com/4kXlapk
Well, state sponsored actors might be somewhat apathetic but from my impression a good chunk of nonsense is even in 2026 still just kids being kids. Sure, all of this usually isn't just black and white meaning you get certain spectrum where different currents complement each other diverge, converge and so on but it's certainly not like everything instantly comes down to state actors or organized crime. Not like things would suddenly be that easy for those groups anyways even if the people pulling the strings won't be touched.
Spamhaus has today responded to us and given us 5 IPs on the given subnet that were spamming which were all assigned to a single service. Service suspended, ptrs removed
Very thankful for all the help!
glad to hear it! hopefully you can get the whole ASN unlisted soon
Your statements are full of hatred and racism. A complaint has already been filed against you.
Proving our point once again, thanks bro.
Wtf. Romanian hosts indeed can be shady. And it is not related to race or is hateful. Coiciu was well known “I dont’t care” hoster, hostfart is openly buying woman on the street after stealing 20k in btc.
Should we start on ru hosters and recent well known raids and shut downs? Or this also be deemed racist and hateful?
De-escalating to half racism now
LOL.
"If you wish to glimpse inside a human soul and get to know a man, don't bother analyzing his ways of being silent, of talking, of weeping, or seeing how much he is moved by noble ideas; you will get better results if you just watch him laugh. If he laughs well, he's a good man." Fyodor Dostoevsky
@tentor, @levi, I am more than sure that you have understood my point correctly, and you simply want to hide the LET member's statement, which is clearly racist and hateful, by using irrelevant reasoning. Your attempts are useless, and it's a shame for decent people to defend such participants.
Hi @aluy
I know this is frustrating, but Spamhaus will usually notify you once you're on the Snowshoe list.
I'll share my experience:
At this Snowshoe level, Spamhaus will begin notifying you via email about abuse of email addresses registered to your IP holder / RDAP. Unfortunately, we haven't experienced this for ASN Drop, and we hope to never be on their list.
To clean up your network, I recommend reviewing IP addresses individually before submitting an appeal to Spamhaus.
These three tools should be enough to clean up your network first, and try communicating with your customers.
Next time, don't be traumatized by this incident. If you manage it carefully, you can easily keep all IP addresses safe.
There are a few tools I'd like to suggest after you're succesfuly delisted from ASN Drop. You can use this website to bulk check subnets: https://www.bulkblacklistcheck.com/
Or if you want to do it yourself, Spamhaus actually offers a free query, make sure you install your own DNS (don't forward the DNS request). Simply type:
dig 2.53.132.185.zen.spamhaus.org +short @127.0.0.1
Example results:
127.0.0.2
127.0.0.9
This returned output has multiple meanings: https://www.spamhaus.org/faqs/dnsbl-usage/
As far as I know, since your subnet is listed in their v4 https://www.spamhaus.org/drop/drop_v4.json, you can start communicating this information to your customers if they are using an ISP that uses this Drop ASN to access your network, so they stay safe while you try to resolve this issue.
You can also clean your network, and if you're confident, you can leave it for 3-7 days until the entire network is completely clean. Because even if you're realy sure 100% that you've cleaned your network, Spamhaus and their sensors may still receive reports from various sources. They call this "emission." So, at this level of abuse, please communicate with Spamhaus carefully.
Good luck!
WADR. Just laugh it off because choosing that label is pointless against a state/nation. On what basis it earned the status as a terrorist? Specify the definition and all the nation except the nation with population below 10M qualifies ( technically, those smaller nations were part of larger empire).
So, just 😁. And there's better angle you could play
Just be patient with them.
Most of time they need ages to reply is because they review if issue persists.
I once waited weeks. But all well, solved.
On a slightly related note, what are the odds of a nat VPS provider dealing/responding to being listed on Spamhaus/eXploits Blocklist (XBL). Have any of you guys experienced this? I haven't had any issues until now.
Was thinking about making a new post and possibly mentioning the provider but currently waiting to see what happens as I havent got much knowledge on that process.
Facts spamhouse are dog, most blacklists, filters are dog and hurt as much as they solve (Slowly most of the time)
Sad it does affect outbound email as lot of dog services use it as default, that’s the one that hurts. Opensource communtiy likes to provide options, yet all rely on same dog.
Any cat filters and services?
@zGato property best cat
10/10 cat customer