treesmokah

Back to Profile

treesmokah

About

Username: treesmokah
Email: s7ven@keemail.me
Joined: January 2023
Visits: 1,033
Last Active: November 20
Roles: Member
Thanked: 744

The list of IOCs/C2's taken down by Endgame 3.0
https://threatfox.abuse.ch/browse/tag/OpEndgame/

Hits sorted by provider:
82 51396|PFCLOUD, DE
81 24940|HETZNER-AS,…

Thanked by (2)atomi Not_Oles
CrazyRDP seizure confirmed, they were indeed located in The Hague. Looks like besides malware, they also had copious amount of CSAM.

![](https://i.postimg.cc/JzLvNdQK/image.png "")

Thanked by (1)Not_Oles
I have found the ASN that used to host CrazyRDP nodes, which is also down and of course also operated by Serverion. It used InterEdge upstream which is Serverion's "transit network", operating in sim…

Thanked by (2)someTom Not_Oles
Europol and Shadowserver have announced today they have completed "third phase" of Endgame operation targeting infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium.
…

Thanked by (11)Freek jmaxwell Decicus tototo someTom sh97 gremeyer Dazzle atomi imok Not_Oles
> [@bikegremlin said](/discussion/comment/221832/#Comment_221832): I suppose I would need a VPS for it (won't run in a shared hosting account), correct?

You don't need anything, it …

Thanked by (1)bikegremlin
Datapacket has introduced new policies, they now have [AUP](https://www.datapacket.com/acceptable-use-policy "AUP"), [DMCA](https://www.datapacket.com/dmca-policy "DMCA"), and [DSA](https://www.data…

Thanked by (1)sh97
> @JoeMerit said:
> Bad news for all other DDOS protection providers that use CDN77/DP ?

Yup, looks like it. I've heard of other providers also getting a boot from CDN77/D…

Thanked by (1)bikegremlin
> @sh97 said:
> Latest update: they've been completed booted by CDN77.
>
> https://status.neoprotect.net/incidents/kdmtx0wk3h1l

Sucks, we all benefit …

Thanked by (1)sh97
> [@MikeA said](/discussion/comment/221282/#Comment_221282): I've never used Neoprotect or any services like them so excuse my ignorance, but do they just rely on CDN77/DP for volumetric mitigatio…

Thanked by (1)MikeA
https://rustdesk.com/ is amazing, its foss, you can self-host the relaying server, and even allows you to "brand" the end user application.
I have used it many times, no complaints. Works as g…

Thanked by (5)sh97 Otus9051 wankel Decicus Wonder_Woman
What is your relation to ITM Nord/NordicVM, the known scammers that have been banned here before under different names?
I suspect you will be utilizing their ASN for this location, as you don'…

Thanked by (2)Not_Oles zgato
> @xvps said:
> You might be interested in reading this:
> https://lowendtalk.com/discussion/209752/dedirocks-website-seemingly-got-hacked-and-is-showing-a-phishing-page
…

Thanked by (1)xvps
> @MichaelCee said:
> > @treesmokah said:
> > "[redacted email]" appears to be Dmitrii Aleksandrovich Miasnikov(Мясников Дмитрий Александрович) aka "jimboframe", accordin…

Thanked by (1)MichaelCee
> @treesmokah said:
> > [@skhron said](/discussion/comment/216980/#Comment_216980): VPN as usually?
>
> yup. We'll see if there is a way out of it that doesn't in…

Thanked by (1)Alexhostcom
> [@skhron said](/discussion/comment/216980/#Comment_216980): VPN as usually?

yup. We'll see if there is a way out of it that doesn't involve me sending ID, because I won't do that.

Thanked by (1)Alexhostcom
welcome

Thanked by (1)servers_guru
good stuff

edit:
![](https://i.postimg.cc/L5YfpYjQ/image.png "")
lol

Thanked by (1)burntascii
> @Wonder_Woman said:
> > [IMPORTANT]: Change in the cost of SWE-PROMO
> > Dear customer!
> >
> > Unfortunately, due to increased costs from ou…

Thanked by (1)Wonder_Woman
> @ReadyDedis said:
> https://www.iafcertsearch.org/certification/nnDFYragHKoIA8YzkUSy2o57
>
> @chris @treesmokah @webz we managed to chargeback and get the actual c…

Thanked by (3)Marx burntascii ReadyDedis
10/10 MJJ

First thing, initiated dispute. Then submitted the ticket and tried to actually resolve the issue. Peak Chinese.

![](https://i.postimg.cc/x1cCtRmd/image.png "")

Thanked by (2)Marx skhron
Indians ain't getting rid off fake certificate "stereotype" anytime soon.

Thanked by (1)adly
> @hostkoala said:
> > @terrorgen said:
> > I am sure you have an actual job that pays for your food, rent/mortgage, outings, etc.
> >
> > Curi…

Thanked by (1)hostkoala
> @hornet said:
> Is "ponies" industry slang?

https://www.dictionary.com/e/slang/brony/
Its a rabbit hole I do not recommend digging in, tbh.

Basica…

Thanked by (1)skhron
> [@eeee1111 said](/discussion/comment/214759/#Comment_214759): Judeo-nazies and both by Neo-naziez (they joined forces together), and if both of those two groups are joining forces together again…

Thanked by (1)skhron
Oy vey, is it the IPv4+ Elad Cohen?
Also looks like the addresses you totally didn't obtain with fraud, are now being used by other company you are involved with, Kape Technologies. The owner…

Thanked by (1)skhron
It sounds like they want cheaper employees, with no certifications to work with high voltage equipment.
It is the case in my country (also in EU), so I assume its a thing in Netherlands too. T…

Thanked by (2)skorupion dfroe
Upon taking a closer look at "the.hosting" ORG on RIPE, I have found a someones personal email attached as a contact on MNT.
https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=THE-H…

Thanked by (1)someTom
Use pretty much any cloud storage provider with https://cryptomator.org/
Security of files will be great, you will only have to care about privacy(what the cloud provider has about you other t…

Thanked by (1)root
> [@zgato said](/discussion/comment/208394/#Comment_208394): idk, they seem to be all related to a certain entity. Using the same network upstream, similar websites, ...

yeah, I'm a…

Thanked by (1)reyokh