feather

@banthisguy9349 no i mean 1337team

@featherwq AS48108 = hostway[.]ru ? This is a shell ASN you are saying?

New upstream provider AS48108 - VirtualDC (Dmitrii Vladimirovich Malkov) urlhaus.abuse.ch/asn/56873/

@troyhunt @stebets What is the stack for this holy shit

Today's problem: @stebets made the revised Pwned Passwords so damn fast that we now need to artificially slow it down so it doesn't feel weird 🤣 These are live searches through a billion records in <40ms 🤯

@banthisguy9349 chatgpt cant help someone not make stupid decisions it seems

Luls. what a dumbass

@packetbouncer @spamhaus @aurologiccom check.spamhaus.org/results?query=… ?, pretty sure they send abuse reports when such a listing is created

@spamhaus Hello! There is no considerable history of bulletproof hosting @aurologiccom. If you have proper proof, send us an abuse email including those to abuse@aurologic.com, employees react according to applicable law, thanks.

Some cybercriminal hosters go to great lengths to maintain a legitimate facade. Others, not so much. An example of the latter is 49.3 Networking LLC (AS399979), a Delaware-based 🇺🇲 shell corporation. When asked via Telegram for a service offering for malware distribution, the answer is a "why yes, sure!", as another researcher @banthisguy9349 found out: x.com/banthisguy9349… AS399979 surfaced on Spamhaus's radar in December 2023, 📡 and entered ASN-DROP shortly afterwards. The sole prefix it currently announces, 45.139.104[.]0/24, is loaded with phishing servers in particular - certainly not an internet vicinity Spamhaus recommends processing traffic to or from. If you are not using DROP and ASN-DROP, AS399979 is another reason why you should. 😉 👉spamhaus.org/blocklists/do-… Spamhaus has long emphasized that internet abuse doesn't occur out of the blue. In the case of AS399979, connectivity is provided by 🇩🇪 aurologic GmbH, an ISP with a considerable history of bulletproof hosting proliferation (see check.spamhaus.org/sbl/listings/a…). 45.139.104[.]0/24 is leased out by 🇧🇬 Neterra Ltd.

@banthisguy9349 The nootfloppa person has a french speedrun.com account which matches up with the amount of french pages and phishing on the asn. He also has a patched.to account where he looked for proxies which further makes this clear how involved he is.

@banthisguy9349 alphardp also has a post on crackingx.com but has been inactive for a while

Bulletproof 49.3 Networking LLC AS Number 399979 hxxps://493networking.cc/ Uses the same template website that was observed 1 time before 3 years ago! hxxp://proxies.black What are the odds? #Opsec mistake. OSINT challenge for both of them. Who can find more information?

@00cutegore @not_monkeninja @CraigHRowland let me try to explain, router level vpn means a vpn that is setup directly on your router at home, like openvpn, wireguard etc (whatever CAN be setup on yours), these will completely mask your ip for every device in the house, thus for a browser cant leak it

When I was making tactics to de-cloak VPN/Tor users for anti-fraud, I didn't try to trace you back through hops in the VPN provider, I attacked the browser/device and forced it to leak the IP to me. You could have 100 hops and it didn't matter. This is false security.

@BleepinComputer @serghei its .gov not .com

FBI seizes domains for Cracked.io, Nulled.to hacking forums - @serghei bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@DarkWebInformer no he isnt, read again

🚨A Threat Actor Claims to be Selling a RCE FortiOS Vulnerability darkwebinformer.com/a-threat-actor…

@banthisguy9349 "cio" and "cracked" are for the forum cracked.io, "tg" is for telegram. Its very probable this is a licensing system for a cracking tool published on the forum

who can help me figure out what this is? :)

3 urls on a #bulletproof host with suspucious keywords 'uuid' 'tg' 'cracked http://87.120.126.205/uuid-dwddw-124123edwdr4rewdf32.json http://87.120.126.205/uuid-decebal-cio-hdf84w9rzfh489rr342w.json http://87.120.126.205/uuid-redsauer-tg-cracked-ewu278e9h312r83373495r.json

27 ddos sites taken down by law enforcement 3 suspects arrested 🔥🔥 (mainly dutch police doing work)

@banthisguy9349 so fake

http://93.123.85.28/ Lulz Real or Fake is the question now

@banthisguy9349 the guys behind it got arrested, so imo very funny

@featherwq Unfunny skid behaviour song

Trying to understand Russian hackers more by listening to Russian Music