Spamhaus (@spamhaus) / X

Spamhaus

1,640 posts

Spamhaus

@spamhaus

Strengthening trust and safety across the Internet, by being the authority on IP and domain reputation. Mastodon: @[email protected]

Global

Joined December 2010

Spamhaus
@spamhaus
Nov 13, 2021
We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake.
Spamhaus
@spamhaus
Nov 13, 2021
Replying to @spamhaus
These emails look like this: Sending IP: 153.31.119.142 (mx-east-ic.fbi.gov) From: [email protected] Subject: Urgent: Threat actor in systems
Spamhaus
@spamhaus
Nov 13, 2021
Replying to @spamhaus
These fake warning emails are apparently being sent to addresses scraped from ARIN database. They are causing a lot of disruption because the headers are real, they really are coming from FBI infrastructure. They have no name or contact information in the .sig. Please beware!
Spamhaus
@spamhaus
Jul 26, 2024
21K
Spamhaus
@spamhaus
Jul 17, 2020
EMOTET UPDATE | We are observing more activity coming from the #Emotet #Botnet today. We are seeing email traffic from this botnet again. Both URLs and Attachments are being utilized for distribution. #malspam #threatintel
Spamhaus
@spamhaus
Nov 13, 2021
Our telemetry indicates that there were two "spam" waves, one shortly before 5 AM (UTC) and another one shortly after 7 AM (UTC). The FBI has been getting many calls about it. We are therefore refraining from further actions against the sending IP addresses.
Spamhaus
@spamhaus
Nov 13, 2021
The following chart shows email traffic originating from the FBI mailserver (mx-east-ic.fbi.gov | 153.31.119.142) involved. You can clearly see the two spikes caused by the fake warning last night. Timestamps are in UTC.
Spamhaus
@spamhaus
Apr 23, 2019
Replying to @MalwareTechBlog and @RichHickson
Human error. Faulty human has been replaced by a small shell script.
Spamhaus
@spamhaus
May 30, 2024
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies👏👏 As with
Europol
@Europol
May 30, 2024
🚨Largest ever operation against botnets hits dropper malware ecosystem. Operation Endgame, coordinated from Europol headquarters, has led to four arrests and the takedown of over 100 servers worldwide. More information in our press release⤵️ europol.europa.eu/media-press/ne…
17K
Spamhaus
@spamhaus
Sep 2, 2024
6.6K
Spamhaus
@spamhaus
Aug 29, 2023
Qakbot 🦆🤖 takedown!!! Qakbot has been disrupted and dismantled by the FBI following a multinational effort. We will be assisting with the remediation - more info to follow... #malware #takedown #qakbot
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown | Federal Bureau of...
From fbi.gov
58K
Spamhaus
@spamhaus
Apr 7, 2025
Some cybercriminal hosters go to great lengths to maintain a legitimate facade. Others, not so much. An example of the latter is 49.3 Networking LLC (AS399979), a Delaware-based 🇺🇲 shell corporation. When asked via Telegram for a service offering for malware distribution, the
Fox_threatintel
@banthisguy9349
Apr 6, 2025
It is just laughable how comfortable these bulletproof hosters are... Below AS 399979 that is provided upstream by @aurologiccom cc: @spamhaus @abuse_ch 'hot swapping ip's when listed allowed 🤡'
13K
Spamhaus
@spamhaus
Jun 7, 2023
Whilst Google Registry adding .zip is INSANE 🤯, it highlights a much BIGGER problem….the ability to craft internationalized domain names (IDNs) to deliberately trick users. Check out this example we created: irs.gov⧸tax.form1[.]zip - notice the weird slash? ⏬
16K
Spamhaus
@spamhaus
Nov 13, 2021
Replying to @WaldoTJ
Triple action: Convince people to shut things down just in case, while veracity is determined, character assassination of Vinny Troia who was mentioned in it, and flooding the FBI with calls. Or, as someone else said, "for the lulz". Maybe all of the above. Maybe something else!