Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Frequently
Asked
Questions

Frequently asked questions about our solutions and data. If you can’t find what you’re looking for, get in touch below - we’re happy to help.

Categories

abuse.chBorder Gateway Protocol (BGP)Botnet C2 IPsBotnet Controller ListData Query ServiceDNS BlocklistsDNS FirewallDo Not Route or Peer (DROP)General account questions
General terminologyHighly malicious networksListing removalsPassive DNSReputation PortalResponse Policy Zones (RPZ)Sharing data with SpamhausSpamhaus Intelligence APISpamhaus Intelligence API - Developer License

FAQs | General terminology

General terminology

  • What is a botnet command and controller (C&C)?

    A ‘botnet controller,’ ‘botnet C2,’ or ‘botnet command & control’ server is commonly abbreviated to ‘botnet C&C.’ Fraudsters use these to control malware-infected machines (bots) and extract personal and valuable data from malware-infected victims.

    Botnet C&Cs play a vital role in operations conducted by cybercriminals who are using infected machines to send out spam or ransomware, launch DDoS attacks, commit e-banking fraud or click fraud, or mine cryptocurrencies such as Bitcoin.

    Desktop computers and mobile devices, like smartphones, aren’t the only machines that can become infected. There is an increasing number of devices connected to the internet, for example, the Internet of Things (IoT), devices like webcams, network attached storage (NAS), and many more items. These are also at risk of becoming infected.

  • What is an Initial Access Broker?

    The term “Initial Access Brokers” (IABs) refers to threat actors who operate in groups trying to breach corporate networks. They use various tactics, techniques, and procedures (TTPs) to achieve their goals.

    Once they have penetrated a network, they will ascertain key facts relating to the breached network, for example, location, size, and industry. This enables them to place a value on an asset. The broker will then negotiate with potential buyers who want to purchase access to the victim’s network.

  • What is DROP/EDROP?

    DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list.

    • The DROP list will not include any IP space allocated to a legitimate network and reassigned.
    • DROP does include netblocks that are hijacked or leased by professional spam or cybercrime operations (used for dissemination of malware, trojan downloaders, botnet controllers, etc).
    • These are direct allocations from ARIN, RIPE, APNIC, LACNIC, or other Regional Internet Registries and “portable allocations” (known as “PI”) from RIPE.

    The EDROP list includes net blocks controlled by professional spammers and cyber criminals that are not directly allocated, thus it will contain only netblocks that are sub-allocations.

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon