digitalocean[.]com is currently the #1 network hosting #botnetCCs, with 153 detections over the last 30 days. It’s disappointing to see so many major global networks still appearing in this Top10. But why does this keep happening? 🤔 Earlier this year, we explored the root causes behind this ongoing issue and what networks must do to break the cycle - learn more here ⤵️

Botnet Spotlight | Networks Hosting Botnet C&Cs: Same Players, Same Problems | Blog

Spamhaus #ReputationStatistics 👉 https://www.spamhaus.org/reputation-statistics/networks/botnet/

Meet the 🔝 5 URL leaderboard contributors (last 30 days)! 🏆 🏅Contributor: N147 - over 100,000 URLs! 🏅Contributor: LP31 🏅Contributor GF24 🏅Contributor: EL67 🏅Contributor: MM89 Amazing efforts - THANK YOU to all our amazing contributors for your continuous support and submissions! 🙌✨ Did you know you can change your name on the leaderboard? It only takes a minute to review your 'Display Name' and give consent to share it on the leaderboard. Login here: 👉

The Spamhaus Project

This week, everywhere you look, bulletproof hosting (BPH) is in cyber news headlines. From the CrazyRDP takedown, to sanctions against entities adjacent to Aeza, and most recently Media Land LLC and ML[.]Cloud] LLC (do these measures actually move the needle?), to new CISA guidance on mitigating BPH activities.🛡️ It’s clear the spotlight is firmly on one of cybercrime’s most persistent enablers. And for a good reason. Few infrastructures have enabled so much criminal activity, for so long, with such resilience. Spamhaus has tracked BPH operators and their evolving tactics for decades. 🕵️ We've watched the ecosystem shift from monolithic BPHs to layered and complex business structures. So, amid the sensational headlines, we’ve compiled a grounded look at the topic, covering: the history, the current landscape, and where the threat landscape is likely to head next. Read it in full here 👉

Resources | The anatomy of bulletproof hosting – past, present, future | Spamhaus Project

#Bulletproofhosting #Cybercrime

ENDGAME 3.0 REMEDIATION | Following on from the 📢 announcement last week Spamhaus is now sending notification emails 📩 to ISPs associated with infected machines. Here's what to do if you receive one: ⤵️

📣 NEW FROM CISA: 'Mitigating Risks From Bulletproof Hosting Providers' In CISA’s latest publication they give networks practical steps to mitigate and protect themselves from the activities coming from bulletproof hosts. Publication:

Cybersecurity and Infrastructure Security Agency CISA

Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers | CISA

CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers.

We love the shoutout to Spamhaus' DROP list. Access is free for a reason: to protect everyone from the worst of the worst… and from networks that have fallen asleep at the wheel while their resources get hijacked for malicious purposes.

📣 In case you missed it: resharing a recent blog post on the rise of malicious activity and abuse reports linked to Traffic Distribution Systems (TDS) — infrastructure increasingly exploited for phishing and other malicious campaigns. 🎣 You'll learn: - How TDS are being abused - Why they’re so hard to take down - What we can do together to fight back 📖 Read the full blog here 👉

Blog | TDS Abuse - What’s hiding behind the veil? | Spamhaus Project

On November 12, around 250 physical servers were seized by the Dutch police at two datacenters in the Netherlands 👉

Duizenden servers in beslaggenomen in omvangrijk cybercrime onderzoek

In een onderzoek naar een malafide hostingbedrijf zijn door het team cybercrime Oost-Nederland duizenden servers in beslaggenomen. Het hostingbedri...

We assess the unnamed #bulletproofhosting provider (BPH) is CrazyRDP, a major #cybercrime hub previously operating front companies such as 🇺🇸 Delis LLC (AS211252), 🇺🇸 Limenet LLC (AS394711) and, most recently, 🇺🇸 Sovy Cloud Services (AS401110) and its downstreams (all incorporated in 🇺🇸 as well): ... ⤵️ 1/2

Operation Endgame 3.0 is here! This phase targets the notorious information and credential stealer #Rhadamanthys. It's another major international effort that’s seen 1,025 servers taken down and 20 domains seized. 💪 👏 Excellent work by @npub1fg22...yfva and all partners involved — the takedown of Rhadamanthys marks a significant win for the global cybersecurity community. As with earlier phases of #OperationEndgame, Spamhaus is providing remediation support. Those affected will be contacted in due course with guidance on next steps. Operation Endgame website 👉

Operation Endgame

Operation endgame

Europol press release ⤵️

Europol

End of the game for cybercrime infrastructure: 1025 servers taken down – Operation Endgame’s latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium | Europol

Between 10 and 14 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions ...

Got a new IP or domain? You'll want to make sure it’s nice and warm before sending! 📨 Get the details on: - When an IP is considered “new” ✨ - What it means to warm up your IP and domain, how to do it, and how it impacts your sending reputation - Why we strongly discourage using warm-up services 🙅 Read the full FAQ here ➡️

FAQs | Sending marketing emails - advice for marketers

#Email #Sender #WarmUp

my-oh-MYNIC it's not been a great six months…since loosening restrictions for the 🇲🇾 .my ccTLD in late 2024, new domain registrations have sky-rocketed - and so have listings… Between April and September 🇲🇾 .my saw a +543% increase, ranking #3 in the Top 20 ccTLDs! 😱 Get the full story the latest Domain Report here 👇

Report | Domain Reputation Update Apr - Sept 2025 | Spamhaus Project

#ccTLD #DomainReputation