They are most certainly not the only ones, dailystormer and 8kun also experienced it.
Not that I support 8kun, they were getting booted because of CP hosted on their site.
DailyStormer now uses Yalishanda fastflux, and 8kun somehow stays up on OVH.
Already forgot about those, there has been way less noise around them compared to the bird, iirc.
Interesting to see all of the three still available on the 'clearnet', given how many of their domains were revoked over time.
@treesmokah said:
Aeza is moving from Datapacket/Datacamp/CDN77 "transit" to Aurologic/Combahton entirely, a mix of them was used in the past but now Aeza is dropping datapacket.
My Sweden VPS appears to be in Germany according to ICMP. Most Aeza's subnets are now singlehomed Aurologic, which only has presence in Germany, Netherlands and Finland.
So all "European" Aeza VPS are now either Germany, Netherlands or Finland(unlikely).
aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
@Encoders said: aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Spamhaus considers them "bulletproof", they largely have shit research, but they could be on to something.
Who knows. They were definitely not bulletproof in my experience, but maybe they treat malware differently.
@Encoders said: aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Spamhaus considers them "bulletproof", they largely have shit research, but they could be on to something.
Who knows. They were definitely not bulletproof in my experience, but maybe they treat malware differently.
As far as I can see, this forum thread is related specifically to aeza. I don’t know how appropriate it is to discuss their new providers here, especially since spamhaus, from my experience, can sometimes be biased towards a number of hosters.
@Encoders said: aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Spamhaus considers them "bulletproof", they largely have shit research, but they could be on to something.
Who knows. They were definitely not bulletproof in my experience, but maybe they treat malware differently.
As far as I can see, this forum thread is related specifically to aeza. I don’t know how appropriate it is to discuss their new providers here, especially since spamhaus, from my experience, can sometimes be biased towards a number of hosters.
You have made 2 posts here, one was trying to discredit research and the second one is this, basically telling us to not look in to this.
I have no idea who pays you for this, but its not gonna work.
Aurologic/Comhaton, owned by Joseph Hofmann is 100% relevant to Aeza. They are still using Hetzner servers and tunneling with Aurologic, which now serves 100% of their European locations.
I'm aware Spamhaus is not the best in terms of research, but how about checking AS30823 downstreams.
Out of 43 downstreams, 10 are confirmed to be "bulletproof". Don't make me look at downstreams of downstreams which get traffic from singlehomed Aurologic, because this number will skyrocket.
I wonder why was Tornado Datacenter raided this year and entire rack seized, could've been their downstream Pfcloud facing repercussions for their alleged spreading of Child porn, or maybe their notorious and retarded malware hosting operations. Either way, Joseph has welcomed them with open hands after Pfcloud operator got out of arrest.
Joseph Hofmann is no saint, he is very much aware of who he hosts and what purpose he serves in the "chain".
We will see how long it will work out for him. I know what is his line of "defense". and I also know that it hasn't worked for several other providers before, especially in Germany.
In case you are on Aeza's paycheck, I have something good for you then. Does Shelter.to ring a bell?
I have recovered old screenshots I took of their phishing panel, couldn't be run by Aeza and 4VPS
Along with this "specific" offering from 4VPS, I wonder where it was hosted
@Encoders said: aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Spamhaus considers them "bulletproof", they largely have shit research, but they could be on to something.
Who knows. They were definitely not bulletproof in my experience, but maybe they treat malware differently.
As far as I can see, this forum thread is related specifically to aeza. I don’t know how appropriate it is to discuss their new providers here, especially since spamhaus, from my experience, can sometimes be biased towards a number of hosters.
You have made 2 posts here, one was trying to discredit research and the second one is this, basically telling us to not look in to this.
I have no idea who pays you for this, but its not gonna work.
Aurologic/Comhaton, owned by Joseph Hofmann is 100% relevant to Aeza. They are still using Hetzner servers and tunneling with Aurologic, which now serves 100% of their European locations.
I'm aware Spamhaus is not the best in terms of research, but how about checking AS30823 downstreams.
Out of 43 downstreams, 10 are confirmed to be "bulletproof". Don't make me look at downstreams of downstreams which get traffic from singlehomed Aurologic, because this number will skyrocket.
I wonder why was Tornado Datacenter raided this year and entire rack seized, could've been their downstream Pfcloud facing repercussions for their alleged spreading of Child porn, or maybe their notorious and retarded malware hosting operations. Either way, Joseph has welcomed them with open hands after Pfcloud operator got out of arrest.
Joseph Hofmann is no saint, he is very much aware of who he hosts and what purpose he serves in the "chain".
We will see how long it will work out for him. I know what is his line of "defense". and I also know that it hasn't worked for several other providers before, especially in Germany.
In case you are on Aeza's paycheck, I have something good for you then. Does Shelter.to ring a bell?
I have recovered old screenshots I took of their phishing panel, couldn't be run by Aeza and 4VPS
Along with this "specific" offering from 4VPS, I wonder where it was hosted
The fact that I have left only two posts on the forum - says only that I am new here and the incentive to register was the desire to join the discussion, some sides of which contradict my speculations. You are even here looking from a rather formulaic point of view, thinking that I am paid something for it. Based on your own assumptions, which are based on personal experience, I can accurately mirror accuse you of the monetary motivation for this investigation. (Because purely ideologically, according to you, a person can't have a discussion? LOL)
So no need to apply your methodologies here just because my opinion contradicts yours.
And now to the main point: as you have already pointed out, spamhaus is really not a reliable source, because it just throws spam marks around as it pleases, without delving into the situation and is not very willing to remove them (for a very long time). Just look at the voluminous list - https://check.spamhaus.org/sbl/listings/retn.net/ and see for yourself.
Aurologic/Comhaton, owned by Joseph Hofmann is 100% relevant to Aeza.
which is quite logical, since aeza uses them, and created a publication about it in Telegram. Any major ISP in the history of existence will have customers with a black reputation, and that's fine. I'm not going to get into an argument about Pfcloud, as I don't know much about this topic, but let's be objective: if they are out of custody and legally their guilt is not proven, i.e. the security authorities have nothing to incriminate and prove about it, the hosting has an absolute right to resume cooperation with this company. The question of reputation is another matter, but legally everything is observed and there is nothing strange about it - it's business, friend.
@theflunker said: The fact that I have left only two posts on the forum - says only that I am new here and the incentive to register was the desire to join the discussion, some sides of which contradict my speculations. You are even here looking from a rather formulaic point of view, thinking that I am paid something for it. Based on your own assumptions, which are based on personal experience, I can accurately mirror accuse you of the monetary motivation for this investigation. (Because purely ideologically, according to you, a person can't have a discussion? LOL)
So no need to apply your methodologies here just because my opinion contradicts yours.
You are right I jumped in to conclusion about You too early. I only had suspicions.
@theflunker said: And now to the main point: as you have already pointed out, spamhaus is really not a reliable source, because it just throws spam marks around as it pleases, without delving into the situation and is not very willing to remove them (for a very long time). Just look at the voluminous list - https://check.spamhaus.org/sbl/listings/retn.net/ and see for yourself.
All these listings are Bearhost/Underground (AS208312, AS207566, AS59425, AS57523, AS57678, ...) and Yalishanda/Media Land (AS206728, and a bunch more thanks to Fastflux), perhaps 2 most "notorious" Russian bulletproof providers. RETN is very much aware of them and permits hosting of malware (but not mean words, for some reason), they have now switched to use an intermediary and get RETN transit through it, so I would expect these SBL's to disappear soon as apparently using another upstream to get transit is enough. Evading SBL's, or rather "redirecting" them where they don't matter is stupid easy.
I think in this case Spamhaus listings are justified, they won't have luck going after Bear or Yalishanda, and everyone involved can be considered "criminals", at least outside Russia
I'm pro-abolishing Spamhaus, but in this case they may be on to something (ethically and legally).
Not that it matters to (allegedly)Russian-state owned transit provider and cybercrime hosts, they couldn't care less.
I'm aware of someone who did, at even younger age. He is now locked up in psychward for life after getting caught and doxed several times, because they couldn't put him in prison. There are smarter uses for money, but of course that money has to be "clean", his wasn't.
Yeah, you are right. Name of the company went completely over my head somehow.
But what a weird front to their bulletproof hosting, they for sure don't buy or sell any exploits.
Just an update on the offer for which this thread was created, I've got 0 issues with it.
Its not in Sweden, and never been. Its currently in Finland, tunneled through Germany so latency isn't great.
But besides them being dishonest about the real location, performance and uptime been nothing but excellent.
Its still an amazing deal for 1 eur, despite everything that has been said in this thread. My only complaint is faking locations, besides that Aeza is a great hosting provider.
I have tried to find an "alternative" aka shit ton of ram and performance for little money, Xorek came up, but its inferior compared to Aeza.
@treesmokah said:
I have tried to find an "alternative" aka shit ton of ram and performance for little money, Xorek came up, but its inferior compared to Aeza.
@treesmokah said:
I have tried to find an "alternative" aka shit ton of ram and performance for little money, Xorek came up, but its inferior compared to Aeza.
@treesmokah said:
I have tried to find an "alternative" aka shit ton of ram and performance for little money, Xorek came up, but its inferior compared to Aeza.
But its garbage, worked fine for a few days, but its unusable right now.
It's still an old Xeon, AMS-PROMO has EPYC
but yeah, I've known about that offer for a while but never gave it a try since I kind of avoid these weird hosts that tunnel everything through some other location. Aéza was kind of my exception since it was the first one I've seen doing that xD.
Aéza has also been mostly rock solid for me, their support will always need to improve, but it's whatever since the servers just work and you don't need to contact them. Now I would love if they gave us more DC options for this PROMO plans (since at the end of the day, all servers are in Hetzner Germany/Finland, so why not also give PROMO plans in Helsinki?). PROMO in Moscow would be great for me, but unfortunately I don't think it will come anytime soon
Comments
This is the reason we were getting booted off every major provider, and transit providers were null-routing.
dm me
The page with the F̶r̶u̶i̶t̶ bird?
Can't think of another.
They are most certainly not the only ones, dailystormer and 8kun also experienced it.
Not that I support 8kun, they were getting booted because of CP hosted on their site.
DailyStormer now uses Yalishanda fastflux, and 8kun somehow stays up on OVH.
I dug up this phenomenal Tweet from Tor Project
https://x.com/torproject/status/898256109789687808
Comments under it are amazing.
Already forgot about those, there has been way less noise around them compared to the bird, iirc.
Interesting to see all of the three still available on the 'clearnet', given how many of their domains were revoked over time.
Apparently can't even see them without an account.
https://nitter.poast.org/torproject/status/898256109789687808
Uh, it still works. Nice.
Thought Twitter effectively killed Nitter by now.
Its very tricky to operate it, but it can be done.
aurologic is kind of interesting, a friend of mine in OGF been complaining that their hosting company sending abuse(malware) complaint to aurologic abuse\@ mail, but no action let alone a respond.
Fuck this 24/7 internet spew of trivia and celebrity bullshit.
Spamhaus considers them "bulletproof", they largely have shit research, but they could be on to something.
Who knows. They were definitely not bulletproof in my experience, but maybe they treat malware differently.
HTTP 500 on all Aeza order pages as of now.
Edit: and just like that, it's back to normal.
As far as I can see, this forum thread is related specifically to aeza. I don’t know how appropriate it is to discuss their new providers here, especially since spamhaus, from my experience, can sometimes be biased towards a number of hosters.
You have made 2 posts here, one was trying to discredit research and the second one is this, basically telling us to not look in to this.
I have no idea who pays you for this, but its not gonna work.
Aurologic/Comhaton, owned by Joseph Hofmann is 100% relevant to Aeza. They are still using Hetzner servers and tunneling with Aurologic, which now serves 100% of their European locations.
I'm aware Spamhaus is not the best in terms of research, but how about checking AS30823 downstreams.
Out of 43 downstreams, 10 are confirmed to be "bulletproof". Don't make me look at downstreams of downstreams which get traffic from singlehomed Aurologic, because this number will skyrocket.
I wonder why was Tornado Datacenter raided this year and entire rack seized, could've been their downstream Pfcloud facing repercussions for their alleged spreading of Child porn, or maybe their notorious and retarded malware hosting operations. Either way, Joseph has welcomed them with open hands after Pfcloud operator got out of arrest.
Joseph Hofmann is no saint, he is very much aware of who he hosts and what purpose he serves in the "chain".
We will see how long it will work out for him. I know what is his line of "defense". and I also know that it hasn't worked for several other providers before, especially in Germany.
In case you are on Aeza's paycheck, I have something good for you then. Does Shelter.to ring a bell?
I have recovered old screenshots I took of their phishing panel, couldn't be run by Aeza and 4VPS
Along with this "specific" offering from 4VPS, I wonder where it was hosted
Is there any connection to this lot?
https://bgp.tools/as/49418
They are doing the exact same thing, tunneling. I remember Qurium article mentioning them as having ties to Aeza, but I have not verified it.
Its also the upstream used by Xorek.
The fact that I have left only two posts on the forum - says only that I am new here and the incentive to register was the desire to join the discussion, some sides of which contradict my speculations. You are even here looking from a rather formulaic point of view, thinking that I am paid something for it. Based on your own assumptions, which are based on personal experience, I can accurately mirror accuse you of the monetary motivation for this investigation. (Because purely ideologically, according to you, a person can't have a discussion? LOL)
So no need to apply your methodologies here just because my opinion contradicts yours.
And now to the main point: as you have already pointed out, spamhaus is really not a reliable source, because it just throws spam marks around as it pleases, without delving into the situation and is not very willing to remove them (for a very long time). Just look at the voluminous list - https://check.spamhaus.org/sbl/listings/retn.net/ and see for yourself.
which is quite logical, since aeza uses them, and created a publication about it in Telegram. Any major ISP in the history of existence will have customers with a black reputation, and that's fine. I'm not going to get into an argument about Pfcloud, as I don't know much about this topic, but let's be objective: if they are out of custody and legally their guilt is not proven, i.e. the security authorities have nothing to incriminate and prove about it, the hosting has an absolute right to resume cooperation with this company. The question of reputation is another matter, but legally everything is observed and there is nothing strange about it - it's business, friend.
Nvm
https://microlxc.net/
You are right I jumped in to conclusion about You too early. I only had suspicions.
All these listings are Bearhost/Underground (AS208312, AS207566, AS59425, AS57523, AS57678, ...) and Yalishanda/Media Land (AS206728, and a bunch more thanks to Fastflux), perhaps 2 most "notorious" Russian bulletproof providers. RETN is very much aware of them and permits hosting of malware (but not mean words, for some reason), they have now switched to use an intermediary and get RETN transit through it, so I would expect these SBL's to disappear soon as apparently using another upstream to get transit is enough. Evading SBL's, or rather "redirecting" them where they don't matter is stupid easy.
I think in this case Spamhaus listings are justified, they won't have luck going after Bear or Yalishanda, and everyone involved can be considered "criminals", at least outside Russia
I'm pro-abolishing Spamhaus, but in this case they may be on to something (ethically and legally).
Not that it matters to (allegedly)Russian-state owned transit provider and cybercrime hosts, they couldn't care less.
i wish i had $50Mn to blow on vulns at 19
https://www.tn-sec.com/privacy-policy
(seems related to aeza)
How exactly is it related to Aeza? I couldn't find any ties.
I'm aware of someone who did, at even younger age. He is now locked up in psychward for life after getting caught and doxed several times, because they couldn't put him in prison. There are smarter uses for money, but of course that money has to be "clean", his wasn't.
It likely still is, but they removed all their announced subnets, though bgp.he.net still shows Aeza as a peer. Some screenshots:
From the Wayback Machine
Their subnets:
77.105.132.0/24
77.105.133.0/24
77.105.135.0/24
77.105.160.0/24
They also anycasted the same way Aeza does.
More Wayback Machine captures:
https://web.archive.org/web/20240727130647/https://ipinfo.io/AS216309
https://web.archive.org/web/20240507174628/https://ipinfo.io/AS216309
Yeah, you are right. Name of the company went completely over my head somehow.
But what a weird front to their bulletproof hosting, they for sure don't buy or sell any exploits.
Just an update on the offer for which this thread was created, I've got 0 issues with it.
Its not in Sweden, and never been. Its currently in Finland, tunneled through Germany so latency isn't great.
But besides them being dishonest about the real location, performance and uptime been nothing but excellent.
Its still an amazing deal for 1 eur, despite everything that has been said in this thread. My only complaint is faking locations, besides that Aeza is a great hosting provider.
I have tried to find an "alternative" aka shit ton of ram and performance for little money, Xorek came up, but its inferior compared to Aeza.
No one will ever be able to beat this
Xorek tried https://lowendspirit.com/discussion/8131/xorek-cloud-vps-germany-1-core-8gb-ram-for-1-7-eur-per-month-recurring
But its garbage, worked fine for a few days, but its unusable right now.
It's still an old Xeon, AMS-PROMO has EPYC
but yeah, I've known about that offer for a while but never gave it a try since I kind of avoid these weird hosts that tunnel everything through some other location. Aéza was kind of my exception since it was the first one I've seen doing that xD.
Aéza has also been mostly rock solid for me, their support will always need to improve, but it's whatever since the servers just work and you don't need to contact them. Now I would love if they gave us more DC options for this PROMO plans (since at the end of the day, all servers are in Hetzner Germany/Finland, so why not also give PROMO plans in Helsinki?). PROMO in Moscow would be great for me, but unfortunately I don't think it will come anytime soon
gotta give it to crooks they sure know how to run a stable pirate ship
That would be amazing, would be of even higher quality(network-wise) as they actually have servers there.