Spamhaus

1.6K posts

Spamhaus

@spamhaus

Strengthening trust and safety across the Internet, by being the authority on IP and domain reputation. Mastodon: @[email protected]

Global Katılım Aralık 2010

137 Takip Edilen10.5K Takipçiler

Spamhaus@spamhaus·2d

✅ Be cautious of urgency or pressure in booking-related emails ✅ Avoid clicking shortened or unfamiliar links ✅ Verify requests by logging into the platform directly ✅ Report suspicious emails internally or to the platform provider #CyberSecurity #Phishing #ThreatIntel #InfoSec #BookingCom

English

341

Spamhaus@spamhaus·2d

➡️ Emails appear to target actual 'Booking.com' host email addresses, which may indicate that recipient data was obtained from a previous breach - the timing is particularly relevant given the 'Booking.com' data breach last month ( see article - bbc.co.uk/news/articles/…). ➡️ While the emails appear to come from 'Booking.com', they are actually sent via compromised accounts. ➡️ Messages typically reference a “complaint” or “special request” requiring urgent action. ➡️ Links often use URL shorteners or services like 'share.google' to hide phishing pages ➡️ Goal is to steal login credentials or payment details through fake portals These phishing emails are very convincing, so extra caution is prudent - here are some steps you can take to reduce risk⤵️

English

575

Spamhaus@spamhaus·2d

⚠️ 🎣 We’re seeing an ongoing phishing campaign targeting hotels and hosts, impersonating messages from @bookingcom - see sample image below. Here’s what we know so far⤵️

English

949

Spamhaus@spamhaus·2d

@NSAGov shares 4 simple steps to secure your router ⤵️ 1⃣ Update your router 2⃣ Change the default username & password 3⃣ Disable remote management 4⃣ Replace outdated routers Read full guidance via the National Cybersecurity Alliance below👇

National Cybersecurity Alliance@StaySafeOnline

Reboot your router! A new memo from the United States government now suggests it’s a prime target for hackers. Here’s what to do right now to stay secure: hubs.la/Q04fcxdw0

English

549

Spamhaus@spamhaus·4d

❗ New additions to Spamhaus DROP (Do Not Route or Peer) lists - including hijacked IPs, suspected snowshoe spam and cybercrime hosting: 198.195.238.0/23 198.195.237.0/24 198.195.255.0/24 93.114.187.0/24 69.40.207.0/24 45.197.176.0/24 45.197.179.0/24 45.197.177.0/24 45.197.178.0/24 167.31.0.0/16 Full SBL details available via Spamhaus lookup ➡️ check.spamhaus.org 🤔 Not using Spamhaus' DROP lists? They're FREE to use and provide protection against the worst of the worst IP traffic at the routing level. Available for IPv4, IPv6 and ASN filtering: ➡️ spamhaus.org/blocklists/do-… #CyberSecurity #ThreatIntel #NetworkSecurity #Infosec

English

3.8K

Spamhaus@spamhaus·4d

@julis555 Please go to the checker below: check.spamhaus.org

English

Tracy l Davis@julis555·4d

@spamhaus I am a home internet user and my IP address has been added by SpamHaus to the PBL. Please let me know how to remove my IP address from this blacklist as it is preventing me from completing a form on a website.

English

Spamhaus@spamhaus·1 May

You can view the Threat Intel Community IP, domain, URL and raw source leaderboards here: 👉 submit.spamhaus.org/leaderboards/

English

273

Spamhaus@spamhaus·1 May

📣 Shoutout to new entry on the Raw Source leaderboard: “TonyTiger” 🐯 Over the last 30 days, they’ve submitted 11,187 raw source files, securing the #1 spot in the Top 10 - a fantastic effort! Also making big moves is “Contributor: AZ94” with a +1,282% ⬆️ increase, now ranking #3 with 2,501 submissions. Don’t forget to claim your display name...it only takes a few minutes. Log in here to review or update your Display Name: 👉 auth.spamhaus.org

English

505

Spamhaus@spamhaus·30 Nis

All of the below routes appear to be down as of today: 198.193.12.0/24 (AS2702, AS215828) 198.193.32.0/20 (AS2702, AS215828) 198.195.144.0/24 (AS2702, AS215828) 198.196.199.0/24 (AS2702, AS215828) 167.31.32.0/20 (AS7857, AS2702, AS215828)

English

400

Spamhaus@spamhaus·29 Nis

Quick update - new activity from the same actor: 167.31.32.0/20 AS7857 AS2702 AS215828 ➡️Newly inserted hijacked ASN: AS7857 (Empire Communications, Inc., Portland, OR — defunct) ➡️IP range identified as part of the MCI/SAE family

English

10.2K

Spamhaus@spamhaus·29 Nis

A series of new routes has caught our attention: 198.193.12.0/24 AS2702 AS215828 198.193.32.0/20 AS2702 AS215828 198.195.144.0/24 AS2702 AS215828 198.196.199.0/24 AS2702 AS215828 Here’s why… ⤵️

English

365

81.3K

Spamhaus@spamhaus·30 Nis

Suspect "Orange" route of today with a colorful intercontinental mix of upstreams: 90.96.0.0/16 AS28708 AS134176 AS38047 AS49418 AS62255 AS28708: Orange S.A.🇫🇷 AS134176: Cloudie Limited🇨🇳 AS38047: Taiwan Telecom🇺🇸(yes, they are a Delaware corporation!) AS49418: Netshield Ltd🇬🇧(controlled by a Russian resident with the mythical 71-75, Shelton Street, London correspondence address) AS62255: BiMajLink d.o.o.🇸🇮 The network is located in Frankfurt, Germany 🇩🇪

English

187

Spamhaus@spamhaus·23 Nis

151.217.0.0/16 AS62016 AS198198 AS42987 AS22879 AS199524 AS62016: Virgin Media 🇬🇧 AS198198: Telefonica Global Solutions 🇪🇸 AS42987: Virgin Media 🇬🇧 AS22879: Sirus, Inc 🇺🇸 AS199524: Gcore 🇳🇱 Location is Chicago. However, this case is slightly different. 151.217.0.0/16 is a "bogon", which means the network is not assigned to anyone at this time (and so nobody should be using it). After the first announcement, new (presumably fake) carriers were inserted into the BGP path as a decoy. The general modus operandi suggests that this is the same gang in action

English

809

Spamhaus@spamhaus·23 Nis

Earlier this week @orange announced new routes taking precedence over its hijacked path, forcing the bad actors to withdraw the route: 90.98.0.0/15 AS41128 AS22541 AS29802 Bad actors (WITHDRAWN) 90.98.0.0/16 AS3215 AS5511 Orange 🇫🇷 90.99.0.0/16 AS3215 AS5511 Orange 🇫🇷 (see post from @DougMadory x.com/DougMadory/sta…) Meanwhile, the @VerizonBusiness hijacks out of AS29802 remain active. And, we’ve observed an additional suspicious route ⤵️⤵️

Spamhaus@spamhaus

Over the past 48 hours there have been some very interesting developments... The "@chartercomms" announcements for 47.1.0.0/16 and 47.2.0.0/16 have disappeared, implicitly confirming that they were hijacked. The "@Orange" announcement for AS41128 has changed - the path is now: 90.98.0.0/15 AS41128 AS22541 AS29802 AS41128: @orange 🇫🇷 AS22541: MEGALINK S.R.L.🇧🇴 AS29802: @HIVELOCITY 🇺🇸 The entire network has relocated from Chicago to Dallas (likely to the Prime Dallas Campus DFW01 datacenter). Once more the inclusion of a South-American ISP appears completely unrealistic, with the traffic between the AS29802 router (de-cix[.]dfw[.]hivelocity[.]net) and the final destination seemingly within the Dallas datacenter. But there's more....⬇️

English

6.3K

Spamhaus@spamhaus·30 Nis

🎰 “casino” (+78%) is the #1 trending term for new domain registrations this reporting period. Perhaps unsurprisingly, the term “casino” also saw a +122% ⬆️ increase in phishing domains observed by Spamhaus, ranking #2 in the Top 10. 🎣 Plus, a flurry of new Turkish casino-related entries: jojobet (#15), casibom (#17), and holiganbet (#19). Find out which phishing term ranks #1 in the latest Spamhaus Domain Report (Oct 2025 – March 2026): 👉 spamhaus.org/resource-hub/d… #Infosec #ThreatIntel

English

348

Spamhaus@spamhaus·29 Nis

The lack of proper vetting of UK corporations' officers details has long been exploited by miscreants (and criticized by investigators). Thanks to recently strengthened regulation, …te.company-information.service.gov.uk/company/170221… proudly notes Davletshin's identity has been verified successfully. What remains to be sorted is the ability of bulletproof hosting operators to successfully establish shell corporations in the UK at all. 🧐 #OSINT #BulletproofHosting #Cybercrime #UK

English

858

Spamhaus@spamhaus·29 Nis

However, it didn't take long for comeback attempts -- at this time, we link active 🇷🇺 Galeon LLC (AS211663) and aforementioned UFO TECHNOLOGIES LIMITED (AS201738) to this threat actor. Both networks trace back to St. Petersburg, Russia (and are included in our DROP and ASN-DROP lists). 👉 spamhaus.org/blocklists/do-… ⤵️

English

Spamhaus@spamhaus·29 Nis

Another day, another 🇬🇧 UK-based shell corporation utilized for nefarious purposes: UFO TECHNOLOGIES LIMITED, registered to the pictured address in Ipswich (which houses a co-working space) in February. Its director, 🇷🇺 Russian national Lenar I. Davletshin, is no stranger to cybercrime investigators; related internet infrastructure and corporate entities have repeatedly been linked to bulletproof hosting. Particularly noteworthy is "Bearhost", a related, long-standing service offering, which shut down on May 9, 2025. ⤵️

English

6.7K

Spamhaus@spamhaus·28 Nis

UPDATE: Commencing April 19, 🇯🇵 victims came under siege from a botnet spam campaign advertising erectile dysfunction medication to them. 💊 The vast majority of these spam emitters are behind dial-up IPs at 🇨🇳 Chinese ISPs, causing a +268% XBL listing increase at China Mobile Communications Corporation's networks in particular, pushing this ISP to rank #1 of our top 10: 👉 spamhaus.org/reputation-sta… Interestingly, some emissions are also seen out of 🇹🇷 turkcell[.]com[.]tr's networks. The quality of these pills (should they be delivered at all) is anyone's guess -- from our perspective however, should they be as low-quality as the spam campaign advertising them, we'd strongly recommend against taking them. ;-) #Spam #Botnet #ReputationStatistics

Spamhaus@spamhaus

With a +338% ⬆️ increase, 🇨🇳 China-based telecoms provider “chinamobile[.]com” ranks #1 for hosting IP space associated with exploited devices, with 277,765 detections over the last 30 days. Detections on the Exploits Blocklist began rising on April 19th, with a sharp spike between April 23rd and April 24th, increasing by over 40,000 detections (from 71,377 to 111,514). 👉 spamhaus.org/reputation-sta… The network also currently has 14 Spamhaus Blocklist (SBL) listings for IPs under its responsibility. 👉 check.spamhaus.org/sbl/listings/c… #IPs #Exploits #Spamhaus #ReputationStatistics #ThreatIntel

English

1.2K

Keşfet

@bookingcom @NSAGov @julis555 @orange @DougMadory @VerizonBusiness @elonmusk @BarackObama