Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#bulletproofhosting

0 posts0 participants0 posts today
Public
The Spamhaus Project

❗Latest Spamhaus DROP Listings, from the worst of the worst IP traffic:

SBL395345 ➡️ check.spamhaus.org/results?que
SBL395331 ➡️ check.spamhaus.org/results?que
SBL395335 ➡️ check.spamhaus.org/results?que
SBL304782 ➡️ check.spamhaus.org/results?que
SBL675607 ➡️ check.spamhaus.org/results?que

⛔️This is traffic you DO NOT want to connect with.

Did you know you can use Spamhaus' DROP lists for free?
Access the list here 👉 spamhaus.org/blocklists/do-not

#DROP#IPs#BulletproofHosting
Public
LavX News

Dutch Police Dismantles Major Bulletproof Hosting Operation: What It Means for Cybersecurity

In a significant crackdown on cybercrime, the Dutch Police have seized 127 servers from the notorious ZServers/XHost bulletproof hosting provider. This operation highlights the ongoing battle against ...

news.lavx.hu/article/dutch-pol

Dutch Police Dismantles Major Bulletproof Hosting Operation: What It Means for Cybersecurity
#news#tech#Cybercrime
Public *
The Spamhaus Project

Good news (at first glance): Silent Connection Ltd and Dolphin 1337 Limited, two UK-based corporations flagged by Spamhaus as being used for bulletproof hosting, were compulsory dissolved on January 28th and January 14th, respectively. 🙌

Unfortunately, their networks (AS215240 and AS215208) remain active...

Silent Connection quickly secured fresh IP blocks on January 26th through ZeXoTeK IT-Services (whose website, zexotek.de, oddly redirects to Google 🤔). Similarly, Dolphin 1337 Limited acquired new IP space on February 4th.

Even after both companies' were dissolved, these IPs are still operational - effectively making them digital no man’s land.

Luckily, Spamhaus DROP users are protected by the following listings:

⬇️ DROP 176.65.134.0/24 -> check.spamhaus.org/results?que

⬇️ DROP 176.65.139.0/24 -> check.spamhaus.org/results?que

⬇️ DROP 176.65.140.0/23 -> check.spamhaus.org/results?que

⬇️ DROP 176.65.142.0/24 -> check.spamhaus.org/results?que

⬇️ DROP 176.65.144.0/24 -> check.spamhaus.org/results?que

⬇️ DROP 176.65.143.0/24 -> check.spamhaus.org/results?que

This incident highlights why robust customer vetting is a necessity. Silent Connection's imminent dissolution was already visible on the UK company register as of November 5th - a clear red flag. 🚩

Spamhaus recommends always vetting new customers, and checking their commercial registry data before providing services. 🕵

Find a link to the DROP Lists in the comments 👇

#KYC#AbusePrevention#BulletproofHosting
Public
The Spamhaus Project

🎉 Here's to kicking off the new year with the latest Spamhaus DROP Listings:

SBL657508 ➡️ check.spamhaus.org/results?que
SBL664308 ➡️ check.spamhaus.org/results?que
SBL671794 ➡️ check.spamhaus.org/results?que
SBL669058 ➡️ check.spamhaus.org/results?que
SBL669059 ➡️ check.spamhaus.org/results?que
SBL671788 ​​➡️ check.spamhaus.org/results?que
SBL671786 ➡️ check.spamhaus.org/results?que
SBL671785 ➡️ check.spamhaus.org/results?que
SBL671784 ➡️ check.spamhaus.org/results?que
SBL671783 ➡️ check.spamhaus.org/results?que
SBL654211 ➡️ check.spamhaus.org/results?que
SBL671782 ➡️ check.spamhaus.org/results?que

Remember, this is traffic you DO NOT want to connect with.

Did you know you can use Spamhaus' DROP lists for free? Gain protection from the worst of the worst IP traffic now - access the list here 👇
spamhaus.org/blocklists/do-not

#cybersecurity#infosec#DROP
Public *
The Spamhaus Project

❗Latest Spamhaus DROP Listings, from the worst of the worst IP traffic: 

👉 SBL665844
👉 SBL664842
👉 SBL664739
👉 SBL664738
👉 SBL664736
👉 SBL664735
👉 SBL635791
👉 SBL664729

Learn about these resources and why they have been listed by searching for them in the IP and domain checker: check.spamhaus.org

Spamhaus provides FREE access to DROP - access it here:
spamhaus.org/blocklists/do-not

Remember, this is traffic you do not want to connect with.

#IPs#BulletproofHosting
Public
The Spamhaus Project

❗Latest Spamhaus DROP Listings, from the worst of the worst IP traffic: 

👉 SBL657478
👉 SBL657479
👉 SBL654731
👉 SBL657338 
👉 SBL649986 
👉 SBL657618
👉 SBL657661
👉 SBL567620

Learn more about why they have been listed by searching for them in the IP and domain checker: check.spamhaus.org

This is traffic you DO NOT want to connect with.

Use Spamhaus' DROP lists for free and gain protection from the worst of the worst IP traffic - access it here👇
spamhaus.org/blocklists/do-not

#DROP#IPs#BulletproofHosting
Public
The Spamhaus Project

❗Latest Spamhaus #DROP Listings, from the worst of the worst IP traffic: 

👉 SBL656504
👉 SBL657026
👉 SBL657027
👉 SBL657028
👉 SBL656496
👉 SBL641949
👉 SBL648581
👉 SBL657052

Learn about these resources and why they have been listed by searching for them in the IP and domain checker: check.spamhaus.org

🔥 Spamhaus provides FREE access to anyone who wants to add this layer of protection. Access it here:
spamhaus.org/blocklists/do-not

#IPs#BulletproofHosting#ThreatIntel
Replied in thread
Public *
Erik van Straten

@SpaceLifeForm wrote:
<<< Why should a CDN have to police websites? >>>

They don't. However, because Cloudflare abuses the knowledge that cybercriminals know that blocking Cloudflare's IP-address ranges will result in lots if false positives (for decent websites), this doesn't imply that Cloudflare should be able to get away with this. They DO have a responsibility.

The only things they have to do, instead if trying to fool us with the usual "freedom of speech" rubbish:

(1) Refuse anonymous or obviously identity-spoofing customers, such as:

  • complaints-booking[.]info
  • defi-chainfix.pages[.]de
  • evri.mylocal-parcel-gb[.]com
  • loginmicrosoftonlinecom.pages[.]dev
  • ing.es-areacliente[.]com

See also trustwave.com/en-us/resources/ for abuse of Cloudflare's free workers.dev and pages.dev domains (the article is 1 year old but still very to the point);

(2) Refuse customers using known malicious IP-addresses and/or registrars;

(3) Treat complaints seriously - and listen to those who know, such as Mandiant (as can be seen in for example virustotal.com/gui/ip-address/: tap ••• a couple of times until you see Mandiant in the third column);

(4) Always first show a warning page (shown before proceeding to actual site) for new customers, and more often show such a page after receiving complaints and/or when in doubt regarding the customer's intentions.

Cloudflare is complicit to cybercrime if they continue to facilitate it for their own profit - which is exactly what they and other Big Tech firms are doing right now (I call that #internetCancer ).

It is simply unfair that, on the current internet, everybody says that nobody is to blame (except the victims) if innocent individuals have their bank accounts drained, or companies file bankrupcy after ransomware gangs managed to penetrate their network perimeters via phishing attacks and/or hosted malware.

See also infosec.exchange/@ErikvanStrat.

@dangoodin : thanks for the article: arstechnica.com/security/2024/

#DontBeEvil #LackOfAuthentication #ShortSightedness #Cybercrime #BulletProofHosting
#AllowingAnonymousBusinesses #Cloudflare #Google #Microsoft #Amazon #Fastly

www.trustwave.comIt’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get AbusedIn today's world, more and more devices are connected to the Internet for on-the-go connectivity. Huawei has a mobile broadband service that allows Internet connectivity via cellular networks by using a small USB dongle.
Replied in thread
Public *
Erik van Straten

@eb :

It's #InternetCancer .

Cloudflare, with a couple of other Big Techs (including Google), increasingly profit from cybercrime. They have turned into criminal organizations themselves. Short sighted, because they're destroying the internet.

From blog.cloudflare.com/why-we-ter:
<<< There are a number of different organizations that work in concert to bring you the Internet. They include:
[...]
Any of the above could regulate content online. The question is: which of them should? >>>

EACH of them says it's NOT THEM who should.

But EACH of them SHOULD if they are complicit to cybercrime.

ALL of them, either directly or indirectly, earn an increasing part of their income by, at the very least condoning, the robbing of innocent individuals. But also of companies, NGO's and govermental organizations.

THEY HAVE BECOME CRIMINALS THEMSELVES.

If they'd claim "Wir haben es nicht gewußt" (that a customer is a criminal) then it is the RESPONSIBILITY of each of them in the chain to find out.

It's fixed by performing thorough authentication (decently verified and proven identities) from the start to the end.

Anonymous web presences (in particular related to making money), without ANYONE FEELING RESPONSIBLE - and eventually nobody BEING HELD ACCOUNTABLE, will wreak havoc.

WHOIS it, is where it all starts:
————
Registrant Contact Information:
Name
REDACTED FOR PRIVACY
Organization
REDACTED FOR PRIVACY
Address
REDACTED FOR PRIVACY
Address
REDACTED FOR PRIVACY
City
REDACTED FOR PRIVACY
————

Big Tech facilitates cybercriminals using suggestive pseudonyms (aka domain names) like can be seen here: crt.sh/?q=payments-2-myrogers-
Note the BS: " Domain Validation SECURE SERVER" and "Google TRUST Services".

It should have been: Let's AUTHENTICATE (see also infosec.exchange/@ErikvanStrat).

Also from blog.cloudflare.com/why-we-ter (written in 2017):
<<< For context, Cloudflare currently handles around 10% of Internet requests. >>>

Cloudflare has become the biggest ever bullet-proof hoster (see virustotal.com/gui/ip-address/ and tap ••• a couple of times).

OTOH, the FISA section 702 guys still love them.

@dangoodin

#DontBeEvil #LackOfAuthentication #ShortSightedness #Cybercrime #BulletProofHosting
#AllowingAnonymousBusinesses #Cloudflare #Google #Microsoft #Amazon #Fastly

The Cloudflare Blog · Why We Terminated Daily StormerEarlier today, Cloudflare terminated the account of the Daily Stormer. We've stopped proxying their traffic and stopped answering DNS requests for their sites. We've taken measures to ensure that they cannot sign up for Cloudflare's services ever again.
Public
The Spamhaus Project

There’s been a downpour of DROP listings lately—check out the latest ones below! 💦

1️⃣ SBL655491 ➡ check.spamhaus.org/results?que
2️⃣ SBL259697 ➡ check.spamhaus.org/results?que
3️⃣ SBL635790 ➡ check.spamhaus.org/results?que
4️⃣ SBL635788 ➡ check.spamhaus.org/results?que
5️⃣ SBL640405 ➡ check.spamhaus.org/results?que
6️⃣ SBL653249 ➡ check.spamhaus.org/results?que
7️⃣ SBL655370 ➡ check.spamhaus.org/results?que
8️⃣ SBL655369 ➡ check.spamhaus.org/results?que
9️⃣ SBL648240 ➡ check.spamhaus.org/results?que
🔟 SBL642395 ➡ check.spamhaus.org/results?que

❗DROP lists the worst of the worst IP traffic, including netblocks, that are "hijacked" or leased by professional spam, cyber-crime operations, or bulletproof hosters. You do not want to connect with this traffic.

Learn more about the DROP lists and access this data for free here 👇
spamhaus.org/blocklists/do-not

#DROP #IPs #BulletproofHosting #ThreatIntel

check.spamhaus.orgThe Spamhaus Project
Public
The Spamhaus Project

❗DROP lists the worst of the worst IP traffic, including netblocks, that are "hijacked" or leased by professional spam, cyber-crime operations, or bulletproof hosters. You do not want to connect with this traffic.

Here are the latest Spamhaus DROP Listings:

1️⃣ SBL654392 -> check.spamhaus.org/results?que
2️⃣ SBL649990 -> check.spamhaus.org/results?que
3️⃣ SBL258918 -> check.spamhaus.org/results?que
4️⃣ SBL654714 -> check.spamhaus.org/results?que
5️⃣ SBL639358 -> check.spamhaus.org/results?que
6️⃣ SBL654769 -> check.spamhaus.org/results?que
7️⃣ SBL654770 -> check.spamhaus.org/results?que
8️⃣ SBL654771 -> check.spamhaus.org/results?que
9️⃣ SBL654772 -> check.spamhaus.org/results?que
🔟 SBL654773 -> check.spamhaus.org/results?que

Learn more about the DROP lists and access this data for free here:
spamhaus.org/blocklists/do-not

#DROP#IPs#BulletproofHosting
Public *
The Spamhaus Project

❗Find the latest "DROP'd" Spamhaus Listings:

SBL649947
SBL654190
SBL628752
SBL654081
SBL654080
SBL647149
SBL654067
SBL654066
SBL639261
SBL654037

Learn about these resources and why they have been listed by searching for them in the IP and domain checker:
👉 check.spamhaus.org

Unfamiliar with DROP? DROP “Do Not Route Or Peer” lists the worst of the worst IP traffic, including netblocks, that are "hijacked" or leased by professional spam, cyber-crime operations, or bulletproof hosters.

You do not want to connect with this traffic ⛔

Learn more about the DROP lists and access this data for free here:
spamhaus.org/blocklists/do-not

check.spamhaus.orgReputation Checker - Spamhaus
#DROP#IPs#BulletproofHosting
ExploreLive feeds
About