These are IP netblocks that shouldn’t be trusted ❌
If you’re not automatically ingesting DROP and/or ASN-DROP, now’s the time to fix that:
👉 https://www.spamhaus.org/blocklists/do-not-route-or-peer/
Be proactive. Block the worst of the worst IP traffic.
#ThreatIntel #SOC #ThreatHunting #BGP #NetworkSecurity #BulletproofHosting #Infosec
Its current uplink is a familiar name, seen in conjunction with bulletproof hosting and IP hijacking before: 🇩🇪 Pfcloud UG (AS51396) - You always meet twice in life, indeed.
Corporate register data suggest the legitimate owners of 160.65.0.0/16 and 143.222.0.0/16 seem still active. We ask them to investigate, and secure their networks.
🥰 Show your network some love: Get Spamhaus’ free DROP lists to block known malicious IP ranges before they reach your network - access the lists here 👉 https://www.spamhaus.org/blocklists/do-not-route-or-peer/
🎯 New Year’s resolution: Get Spamhaus’ free DROP lists to block known malicious IP ranges before they ever reach your network.
Start the year protected - access the list here 👇
https://www.spamhaus.org/blocklists/do-not-route-or-peer/
🔥 Want an easy, free way to block this traffic? Grab the DROP list here: ⬇️ ⬇️
https://www.spamhaus.org/blocklists/do-not-route-or-peer/
Kosten, naar verluidt: € 1,17. Resultaat: de bankrekening achter uw creditcard maximaal in het rood.
Geen dank aan Let's Encrypt voor het certificaat.
En de hele IP-reeks is crimineel (158.94.208.0 - 158.94.211.255, servers waarschijnlijk in Nederland). De nep KPN-inlog website aldaar gehost is ook nog steeds live (screenshots in https://todon.nl/@ErikvanStraten/115462433239010045).
#Phishing #CyberCrime #BulletProofHosting #LANEDONET #LetsEncryptIsEvil
CISA and international partners have issued guidance to help ISPs and defenders mitigate cyber risks linked to Bulletproof Hosting Providers.
These infrastructures continue to support ransomware, phishing, and malware distribution at scale.
Key theme: reduce BPH effectiveness so adversaries are pushed toward compliant, legitimate hosting.
What technical controls would you prioritize?
Follow @technadu for more actionable threat updates.
#infosec #CISA #ThreatIntel #BulletproofHosting #CyberDefense #BlueTeam #NetworkSecurity
This week, everywhere you look, bulletproof hosting (BPH) is in cyber news headlines. From the CrazyRDP takedown, to sanctions against entities adjacent to Aeza, and most recently Media Land LLC and ML[.]Cloud] LLC (do these measures actually move the needle?), to new CISA guidance on mitigating BPH activities.🛡️
It’s clear the spotlight is firmly on one of cybercrime’s most persistent enablers. And for a good reason. Few infrastructures have enabled so much criminal activity, for so long, with such resilience.
Spamhaus has tracked BPH operators and their evolving tactics for decades. 🕵️ We've watched the ecosystem shift from monolithic BPHs to layered and complex business structures.
So, amid the sensational headlines, we’ve compiled a grounded look at the topic, covering: the history, the current landscape, and where the threat landscape is likely to head next.
Read it in full here 👉 https://www.spamhaus.org/resource-hub/bulletproof-hosting/the-anatomy-of-bulletproof-hosting-past-present-future-/
The Spamhaus Project
Emanuele Balla
Erik van Straten
TechNadu
Tarnkappe.info