The Spamhaus Project

If your IP, domain, or hash is listed on a Spamhaus dataset and you want to request removal, please go to https://check.spamhaus.org. Look up the IP or Domain name, and follow the step-by-step process. Unfortunately, we cannot deal with any requests via LinkedIn. Thank you.

Ever heard of attackers mimicking your device's profile to bypass security? It’s happening right now. Modern phishing attacks gather detailed device info to impersonate victims, making detection harder than ever. Learn more about these advanced techniques: https://lnkd.in/gvCFugyx #infosec

?Latest?Spamhaus DROP Listings, from the worst of the worst IP traffic:? ?? SBL665844 ?? SBL664842 ?? SBL664739 ?? SBL664738 ?? SBL664736 ?? SBL664735 ?? SBL635791 ?? SBL664729 Learn about these resources and why they have been listed by searching for them in the IP and domain checker: https://check.spamhaus.org The good news?is?that Spamhaus provides FREE access to anyone who wants to add this layer of protection. Access it here: https://lnkd.in/eGnhqCud Remember, this is traffic you?do not?want to?connect?with. #DROP #IPs #BulletproofHosting #ThreatIntel

Attn. RETN action is required from you - please read on. We are observing five ASNs you are connecting to the internet display signals that they are being used for bulletproof hosting. Details of the ASNs and allocated networks can be found below: AS198953 (Proton66 OOO) AS200593 (PROSPERO OOO) AS214961 (Stellar Group SAS) AS215208 (Dolphin 1337 Limited) AS401110 (Sovy Cloud Services) As a result, all IP ranges announced by these ASNs are listed in one of our protective datasets: DROP (https://lnkd.in/eGnhqCud). This has serious implications, as a number of global mail exchanges, DNS resolvers, routers and firewalls will drop all connections associated with any of these IPs. We have sent notifications of this issue to your trust and safety desk. While they are promptly handling isolated abuse incidents at such customers, it doesn't address the bigger issue, making bulletproof hosting an ongoing, systematic issue. Details of all live listings can be found here: https://lnkd.in/eDzzPjus Please can you have someone from your team reach out to us so we can work together to resolve this growing issue and ensure escalations don’t occur, which would result in further RETN network space being listed. We’re here to help you. #Getintouch #TrustandSafety #PreventingNetworkAbuse

Welcome to the shady world of ASNs... Meet AS215551, aka the "Sweden_Internet_Exchange" Here's their homepage ?? https://ix.se/ Looking at the website, it's hard to take this operation seriously. They even describe an internet exchange as "basically a bunch of switches." ?? But the plot thickens.... Enter "Keff Networks Ltd" the shady organization behind the so-called "Sweden_Internet_Exchange." Turns out they've set up a UK 'paper' corporation also related with AS41281, a VPS hosting provider. Let's take a look at the website ?? https://vps.keff.org/ ?? We only accept Monero or Bitcoin (BTC/LN-BTC) ?? No contact info except email or telegram-id needed ?? Abuse/DMCA ignored except when from Swedish government authority And we even see them sending "messages" to Cogent through the whois record! A legitimate internet exchange would not operate this way. What do you think?

?? Shout out to the team at Archer Security! Over the last 30?days?they reported 6000?#IPv4's?relating to unauthorized attempted logins with 3,292 matched threats - WOW!! Thank you for being a part of the Threat Intel Community and for sharing your valuable data with us??? Interested?in joining our community like Archer Security? Learn more and how to submit suspicious activity here: ?? https://lnkd.in/dWSBdGzC

Our 2024 Cybercrime Supply Chain study is now available. Our analyses of 16M cybercrime events exposed a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains.

???Kudos to?CORRECTIV,?for excellent investigative work by reporters Max Bernhard, Alexej Hock, and Sarah Thust on uncovering the “Doppelganger” campaign. After tracing its use of a Ukrainian service provider, CORRECTIV’s inquiry led to the blocking of the Russian customer. As a result, the spread of fake websites by the Russian disinformation campaign has largely stopped. We’re thrilled to have supported CORRECTIV earlier in their journey -? what a fantastic outcome! Read the full report here ?? https://lnkd.in/eMX3PeiP

Look who’s back for Part 3 of Lauren Meyer's top strategies to avoid blocklisting?! ? You understand your customer's business ? You've educated them on the dos and don'ts ? You're monitoring their performance And yet…some senders just aren’t getting the message? Well, it's time to take matters into your own hands to protect your senders... Ready for Part 3? ?? https://lnkd.in/e-zRKXcX (P.S. If you missed Part 1 or Part 2, links are in the comments!)

Yesterday, at #ICANN81, the INFERMAL project shared its analysis of what makes certain domain registrars and TLDs prime targets for attackers. ??Key finding: There's a clear link between domain registration pricing (and discounts) and abuse. No shock here. While Spamhaus researchers have long had solid indications of this (as seen in Spamhaus' Domain Reputation Reports - see comments for link) - this research now CONFIRMS it. But that's not all. An even stronger correlation was identified between API access and abuse, enabling the rapid setup of malicious infrastructures. Spamhaus would like to thank the INFERMAL group funded by ICANN for their contribution and we look forward to seeing the published results! https://lnkd.in/edDJRy2B