If your IP, domain, or hash is listed on a Spamhaus dataset and you want to request removal, please go to https://check.spamhaus.org. Look up the IP or Domain name, and follow the step-by-step process. Unfortunately, we cannot deal with any requests via LinkedIn. Thank you.
The Spamhaus Project
Computer and Network Security
Changing behaviors for the good of the internet.
About us
Spamhaus strengthens trust and safety for the Internet. Advocating for change through sharing reliable intelligence and expertise. As the authority on IP and domain reputation data, we are trusted across the industry because of its strong ethics, impartiality, and quality of actionable data. This data not only protects but also provides signal and insight across networks and email worldwide. With over two decades of experience, our researchers and threat hunters focus on exposing malicious activity to make the internet a better place for everyone. A wide range of industries, including leading global technology companies, use Spamhaus' data; currently protecting over 4.5 billion mailboxes worldwide.
- Website
-
www.spamhaus.org
External link for The Spamhaus Project
- Industry
- Computer and Network Security
- Company size
- 1 employee
- Type
- Nonprofit
- Founded
- 1998
- Specialties
- Cybersecurity, Threat Intelligence Data, Threat Hunting, Domain Reputation, IP Reputation, Malware, Spam, Botnets, Internet community, and Phishing
Updates
-
❗ Attn. RETN, AS198953 (Proton66 OOO), AS214961 (Stellar Group SAS), and AS215208 (Dolphin 1337 Limited), which you are connecting to the internet, continue to display signals that they are being used for bulletproof hosting. If we do not hear from you within 24 hours with a plan to address the bulletproof hosting issue on these ASNs, we will take further action. It’s not too late - please have someone from your team contact us so we can work together to prevent further escalations. #ReachOut #TrustandSafety #PreventingNetworkAbuse
-
🇪🇺 EU business owners | Cybercriminals are increasingly targeting PEC and certified email services, used for sending legally binding emails in many EU countries. ❗ If you’re an EU-based business owner using PEC or certified email services, this is a must-read. In this blog, we highlight a real-life “invoice scam” in which criminals steal PEC credentials to send malicious emails. We also examine the risks linked to the proposed implementation of a European PEC system. 👇 Read on to stay informed and reshare with your networks: https://lnkd.in/dEwuD-ay Let's use social media for good and raise awareness about this email abuse!! #EUBusiness #EuropeanBusiness #CyberSecurity
-
-
Over the past 30 days the countries hosting the most Botnet C&C's are : #1 🇨🇳 China - 348 detections #2 🇺🇲 United States - 186 detections #3 🇨🇳 Hong Kong - 109 detections Top 3 Meanwhile the countries with the most active distribution sites as tracked on abuse.ch's URLhaus are: #1 🇨🇳 China - 17,790 of sites #2 🇧🇬 Bulgaria - 11,464 of sites (+716!!) #3 🇮🇳 India - 9,870 of sites Spamhaus reputation statistics🌟: 👉 https://lnkd.in/eyJnGTYK Malware Digest | URLHaus 🔗: 👉 https://lnkd.in/e2ej_9_n #urlhaus #IPs #Countries #BotnetCC #Spamhaus #ReputationStatistics
-
-
First, it was a doorbell 🔔. Now, it’s your thermostat. ❄️🔥 Yes, another smart device compromised... Likely infected by a variant of the notorious Mirai botnet, the device was running malicious code, to try and replicate the infection to other systems, and randomly try known vulnerabilities against random IPs it can reach over the internet. ⚠️ Once again, this is a reminder that even devices we don’t typically think of as “computers” can become tools of network abuse. Missed the doorbell story? Find out how one retired man 👴 and his doorbell helped uncover the mystery of swathes of residential and small enterprise IPs emitting an avalanche of spam - read it here 👇 https://lnkd.in/dibqATw7
-
-
Attn. RETN, we are still observing three ASNs you are connecting to the internet display signals that they are being used for bulletproof hosting. Details of the ASNs and allocated networks can be found below: AS198953 (Proton66 OOO) AS214961 (Stellar Group SAS) AS215208 (Dolphin 1337 Limited) For full details relating to this issue, please refer to our previous communication: ➡️https://lnkd.in/dhgDEs7e Please can a member of your team contact us within the next 7 days to collaborate on resolving the remaining problem ASNs. Failure to do so may result in Spamhaus taking further action. #Getintouch #TrustandSafety #PreventingNetworkAbuse
Attn. RETN action is required from you - please read on. We are observing five ASNs you are connecting to the internet display signals that they are being used for bulletproof hosting. Details of the ASNs and allocated networks can be found below: AS198953 (Proton66 OOO) AS200593 (PROSPERO OOO) AS214961 (Stellar Group SAS) AS215208 (Dolphin 1337 Limited) AS401110 (Sovy Cloud Services) As a result, all IP ranges announced by these ASNs are listed in one of our protective datasets: DROP (https://lnkd.in/eGnhqCud). This has serious implications, as a number of global mail exchanges, DNS resolvers, routers and firewalls will drop all connections associated with any of these IPs. We have sent notifications of this issue to your trust and safety desk. While they are promptly handling isolated abuse incidents at such customers, it doesn't address the bigger issue, making bulletproof hosting an ongoing, systematic issue. Details of all live listings can be found here: https://lnkd.in/eDzzPjus Please can you have someone from your team reach out to us so we can work together to resolve this growing issue and ensure escalations don’t occur, which would result in further RETN network space being listed. We’re here to help you. #Getintouch #TrustandSafety #PreventingNetworkAbuse
-
🎉 Make some noise for new Contributor B139, who has entered the Threat Intel Community IP leaderboard with an impressive 83,643 submissions over the last 30 days!! 🤩 A HUGE thank you for your support and contributions 🙏 Are you Contributor B139? You’re just a step away from claiming your name on the leaderboard. It only takes a minute to review your ‘Display Name’ and give consent to share it on the leaderboard. Login here: 👉 auth.spamhaus.org #MaliciousURLs #ClaimYourName
-
-
🇨🇳 Chinese network chinanet-zj ranks #1 for hosting IPs associated with exploited devices after a +352% increase in detections. That’s 197,138 detections over the last 30 days... ...as well as 1510 Spamhaus Blocklist (SBL) listings!!! 👉 SBL listings: https://lnkd.in/e-fiXFxv #IPs #Exploits #Spamhaus #ReputationStatistics #ThreatIntel
-
-
🦣 Did you know we are on mastodon? Come find us at 👉 @[email protected]
-
-
".top" and ".shop" feature repeatedly in Spamhaus' gTLD Reputation Statistics, with ".top" currently ranking #2 for gTLDs associated with phishing activities 🎣 But why is .top such bait for phishers? Brian Krebs, explains all, in his recent piece, "Why Phishers Love New TLDs Like .shop, .top and .xyz" - read it here 👇
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs. https://lnkd.in/e6jgmwnT
Why Phishers Love New TLDs Like .shop, .top and .xyz
krebsonsecurity.com