📢 SERVICE UPDATE | We’ve added a new troubleshooting feature to the IP & Domain Reputation Checker, built specifically for senders whose IP addresses appear on the Combined Spam Sources (CSS) Blocklist.

If your IP is listed, this enhanced support feature helps you quickly identify the root cause of the issue and provides actionable guidance on how to resolve it.

Learn more here ⤵️
https://www.spamhaus.org/resource-hub/ip-and-domain-reputation-checker/spamhaus-reputation-checker-troubleshoot-your-listing/

#IPChecker #RemovalRequest

Over the last 30 days, we’ve seen increases in nine out of ten countries in the Top 10 hosting IPs associated with exploited devices. The most significant increase was in 🇬🇧 The United Kingdom (#5), with a +41% ⬆️ and 299,284 detections.

Meanwhile, the only country in the Top 10 that decreased was 🇷🇺 Russia (#9), with a negligible -2% ⬇️ and 95,950 detections.

Find the full list and more #ReputationStatistics here:
👉 https://www.spamhaus.org/reputation-statistics/countries/exploit/

#IPs #Countries #ThreatIntel

We’d like to shout out a new entry on the IP leaderboard: “Sin Piedad” 📣🤩

Over the last 30 days, they’ve submitted a massive 132,945 IPs, placing them at #3 in the Top 10 - thank you for your support and contributions. 🙏

Whether you have just one IP or a regular stream of hundreds, you can make a difference.

Share your IPs, domains, URLs, or raw source data with the Spamhaus Threat Intel Portal here 👉 https://submit.spamhaus.org/submit

Your IP is clean… until suddenly it isn’t. You've unknowingly been pulled into a residential proxy network. 😱 These networks continue to pull in unsuspecting IPs, and the repercussions can be messy - degraded reputation, service disruption, and the risk of landing on a blocklist.

If you’ve just discovered your IP was listed because of residential proxy abuse, you’re not alone. To help, we’ve put together a simple FAQ explaining what happened and how to fix it.

First, let's start with how this happened:
➡️ https://www.spamhaus.org/faqs/residential-proxies/#residential-proxy-recommendations

Then follow the steps to fix it:
➡️ https://www.spamhaus.org/faqs/residential-proxies/#what-steps-can-i-take-to-fix-the-issue

#ResidentialProxies #Support #TicketDesk

❄️ As winter settles in and the temperatures drop, we’re seeing a rise in a UK-based “winter heating allowance” phishing scam. First spotted earlier this year, this campaign sends text messages posing as the Department for Work and Pensions (DWP), claiming the recipient has not yet submitted applied for this year’s allowance.

📄 See article - https://www.theguardian.com/money/2025/jul/27/scam-watch-winter-fuel-allowance-u-turn-news-scammers

Recently, we’ve observed a surge in related domains appearing on the Spamhaus Domain Blocklist, suggesting the campaign is resurfacing. Many of these domains begin with “uk-” and containing keywords like “winterfuelling,” “fuelgrant,” “fuelhelp,” “energyassist,” or similar terms.

Have you received a phishing attempt? Share it with us here 👉 https://submit.spamhaus.org

Keep an eye out for suspicious messages this winter 🕵️

Wishing you a warm and cozy Christmas from all of us at Spamhaus 🎄✨

📢 ISPs & Hosts | Following last month's Endgame 3.0 announcement, if you've received a notification, and are yet to take action, here's what you need to do:

👉 Go to this remediation webpage: https://www.spamhaus.org/endgame-3
👉 Enter the access code included in the email.
👉 Download the list of infected machines
👉 Verify each infected machine, and where necessary, contact the owner and ask them to run antivirus and malware removals tools, and reset their passwords for any online services they may have accessed from them (there's a ready-made email template for you to use on the remediation webpage 😀)

Thank you again to everyone who is part of this important effort 🙏

#Trustandsafety #Endgame3 #Takedown

📢 In case you missed it….we recently published a detailed piece on the 'Anatomy of Bulletproof Hosts' - exploring how these services are evolving and what it means for the threat landscape.

In this blog, we cover:

- The decline of monolithic bulletproof hosts
- The shift toward separation of liabilities
- The growing abuse of trusted services
- And what’s next for the threat ecosystem

👉 Read the full post here: https://www.spamhaus.org/resource-hub/bulletproof-hosting/the-anatomy-of-bulletproof-hosting-past-present-future-/