Spamhaus Under Hack Attack for Outing Fake Wikileaks Site

Recently, blocklist provider Spamhaus warned that an unofficial wikileaks mirror site may be serving up malware. The site is hosted in an IP range with a long history of criminal activity, and appears on one or more Spamhaus block lists. Spamhaus had been concerned that this block might be taken as a sign by observers that Spamhaus was being coerced into blocking the redistribution of information contained on the wikileaks site.

To be clear, this wikileaks mirror has nothing to do with Julian Assange or the operators of the original wikileaks site. It may, in fact, be distributing malware to visitors to the web site. Spamhaus’ only interest is to block the distribution of malware.

Spamhaus now appears to be under a sustained distributed denial of service attack as a consequence of those warnings. Spamhaus operator Steve Linford recently posted this statement for redistribution:

For speaking out about the crime gangs located at the mirror IP, Spamhaus is now under ddos by AnonOps.

As our site can’t be reached now, we can not continue to warn Wikileaks users not to load things from the Heihachi IP. If you know journalists who would get this message out, please forward this message (entire) to them.

AnonOps did not like our article update, here’s what we said and what brought the ddos on us:


In a statement released today on entitled “Spamhaus’ False Allegations Against“, the person running the site (which is not connected with Julian Assange or the real Wikileaks organization) called Spamhaus’s information on his infamous cybercrime host “false” and “none of our business” and called on people to contact Spamhaus and “voice your opinion”. Consequently Spamhaus has now received a number of emails some asking if we “want to be next”, some telling us to stop blacklisting Wikileaks (obviously they don’t understand that we never did) and others claiming we are “a pawn of US Government Agencies”.

None of the people who contacted us realised that the “Wikileaks press release” published on was not written by Wikileaks and not issued by Wikileaks – but by the person running the site only – the very site we are warning about. The site data, disks, connections and visitor traffic, are all under the control of the Heihachi cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address as, including,,, and bank phishes and

Because they are using a Wikileaks logo, many people thought that the “press release” was issued “by Wikileaks”. In fact there has been no press release about this by Wikileaks and none of the official Wikileaks mirrors sites even recognise the mirror. We wonder how long it will be before Wikileaks supporters wake up and start to question why is not on the list of real Wikileaks mirrors a


Currently is serving highly sensitive leaked documents to the world, from a server fully controlled by Russian malware cybercriminals, to an audience that faithfully believes anything with a ‘Wikileaks’ logo on it.

Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying “don’t go to Wikileaks” we’re saying “Use the server instead”.


Steve Linford
The Spamhaus Project

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s