INTERNET WEATHER REPORT ☁️☀️ AS399979 (49.3 Networking LLC) has just been added to ASN watchlist. This autonomous system currently originates one IPv4 prefix: 45.139.104.0/24 That sole prefix, 45.139.104.0/24, currently shows 95 reported IPs and 18,639 total reports on AbuseIPDB. A review of passive DNS tied to this /24 suggests what appears to be large-scale phishing-themed infrastructure spanning financial accounts, streaming subscriptions, health portals, tolling, government services, and parcel/logistics impersonation. After filtering out obvious Plesk placeholder hostnames, wildcard junk, duplicate www…

On 12/17/2025, I received a “Verify your email address” message that appeared to be a legitimate Fedora Accounts verification email. The sender authenticated cleanly (SPF pass, DKIM pass, DMARC pass) and originated from Fedora infrastructure (fas@fedoraproject.org, via bastion.fedoraproject.org). But the HTML body contained a cryptocurrency-themed phishing payload that had nothing to do with Fedora. What the email looked like (the tell) The plain-text part was normal Fedora account verification copy: “This email address has been used to sign up for…

INTERNET WEATHER REPORT 🌧☁️☀️   AS215476 (Inside Network LTD) has just been added to ASN watchlist. This autonomous system announces only one BGP prefixes: 77.90.185.0/24   High concentration of phishing websites targeting government and banking entities – and a metric shit-ton of unsolicited port scanning detected.   Drop It Like It’s Hot. 🔥   Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/  

INTERNET WEATHER REPORT 🌧☁️☀️   AS211736 (FOP Dmytro Nedilskyi) has just been added to ASN watchlist. This autonomous system announces three BGP prefixes: 88.210.63.0/24 92.63.197.0/24 185.156.73.0/24   High concentration of brute-force attack (large scale) and some phishing sites – plus a few bonus illegal marketplace sites. Check out this corroborating report as well:  https://thehackernews.com/2025/09/ukrainian-network-fdn3-launches-massive.html   Drop It Like It’s Hot. 🔥   Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/  

So I was researching a rarely seen threat vector of ESP (IP protocol 50) packets and stumbled upon VMISS Inc. (AS967) – a boy what a surprise this was!   A quick look a their announced IP space (BGP prefixes) was a big red flag by itself, then I discovered their “our team” page: https://www.vmiss.com/our-team/   None of the people shown on the page exist, and the images themselves are stolen. This “Max Gray” guy is an image stolen (or…

INTERNET WEATHER REPORT 🌧☁️☀️   AS215925 (VPSVAULT.HOST LTD) has just been added to ASN watchlist. This autonomous system announces two BGP prefixes: 108.165.153.0/24 87.121.84.0/24   High concentration of malware hosting (infostealer, DDoS, etc.) and other illegal content.   Drop It Like It’s Hot. 🔥   Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/  

INTERNET WEATHER REPORT 🌧☁️☀️   AS42624 (Global-Data System IT Corporation) has just been added to ASN watchlist. This autonomous system announces nine BGP prefixes: 185.196.8.0/24 185.196.9.0/24 185.196.10.0/24 185.196.11.0/24 185.208.156.0/24 185.208.157.0/24 185.208.158.0/24 185.208.159.0/24   Nothing but phishing sites, various malware hosting (infostealer, DDoS, etc.) and other illegal content. Global-Data System IT Corporation (nice-sounding generic bullshit name) was previously registered in the Seychelles as AS34888 – but has not been seen in the global routing table using that ASN since February 1, 2022.…

INTERNET WEATHER REPORT 🌧☁️☀️   AS214295 (SKYNET NETWORK LTD) has just been added to ASN watchlist. This autonomous system announces only three BGP prefixes: 45.142.193.0/24 87.120.93.0/24 194.0.234.0/24   Abuse reports sent to murraycharles988@gmail.com go unanswered. AbuseIPDB has logged nearly 250,000 abuse reports for the first netblock alone.   Drop It Like It’s Hot.   Latest updates to the ASN watchlist posted here: https://internetweather.net/asn-watchlist/  

Neiman Marcus email servers (SendGrid) have been hacked to send a phishing attack targeting OpenSea users. Here’s the full headers and body of the message for your perusement:   Delivered-To: <redacted>@gmail.com Received: by 2002:a05:612c:b8c:b0:4bc:e613:22f0 with SMTP id iq12csp925103vqb; Fri, 28 Feb 2025 04:46:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IELOLo2I/Tjn/2ETiQppo+XlEYA9Wer7wVFiljwVnpJhIVFHobU8EAS3iHe1IIyq4HiNfmd X-Received: by 2002:a05:6602:3fc1:b0:855:a4a4:a938 with SMTP id ca18e2360f4ac-85881f044f0mr239496739f.2.1740746763022; Fri, 28 Feb 2025 04:46:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1740746763; cv=none; d=google.com; s=arc-20240605; b=jBx/BSRBsm4LaPlA8Mve3TyEslqYlMJd3Ool1Z5cmSe6luukjQKZx9lBgJx9Vvr9E4 JiagGyRLnxNWSq420x2uwe4ST4D+DYFcM+jcFWx6NpKr8AcPEH2thwSGbZ7AlyhlmMFL cqgXheLcLcE+BL2P3Ed1+9Nd26WsCYx+6/0hVvhn8deCggXgMH3PK+gKRShYSJVONoHo bvNQG0BEDSImOiHgR3H4OM6MFjtK/N91hKFCZ6rR1lT42HPdxd9hhS9BeLirkVcTA1xN mSSORPBrklUu+ICdbkhq1+ZxpX3wWGN1YXSZ4fujXFdqVZuaA7QJnFYzjeMgX//l9KYZ 9S6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;…