Strengthening trust and safety across the internet
Spamhaus Project is the authority on IP and domain reputation. This intelligence enables us to shine a light on malicious activity, educate and support those who want to change for the better and hold those who don't to account. We do this together with a like-minded community.
Are you listed in one of Spamhaus' blocklists?
Do you have problems sending email? Do you need to check if an IP address or domain name is on one of our blocklists?
Submit malicious activity to the Threat Intel Community Portal
Be part of our community; share IPs, domains, URLs or raw source of potentially malicious activity or threats.
SubmitSpotlight on Spamhaus data reputation statistics
Last updated: 12th March 2025Countries
Networks
gTLDs
ccTLDs
Registrars
Malware
Countries
News feed
Over the past 30 days, domains associated with malicious activity on ccTLD ".sx" has ⬆️ by +1,462% with a bad rep score of 90.3!
.sx is the ccTLD for Sint Maarten 🇸🇽, a Caribbean nation within the Kingdom of the Netherlands. A portion of these domains appear to be linked to Chinese casinos!
Perhaps m ore concerning, is that .sx's registry lacks a functioning WHOIS service 😑
👀 And the ccTLD with the #2 highest increase? Brace yourself for a +2,373% increase!
https://www.spamhaus.org/reputation-statis...tics/cctlds/domains/
Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.
Here's what we know:
1️⃣ Subject lines used include:
Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens
2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias[.]com/
3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.
4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.
5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.
Over the past 30 days, domains associated with malicious activity on ccTLD ".sx" has ⬆️ by +1,462% with a bad rep score of 90.3!
.sx is the ccTLD for Sint Maarten 🇸🇽, a Caribbean nation within the Kingdom of the Netherlands. A portion of these domains appear to be linked to Chinese casinos!
Perhaps m ore concerning, is that .sx's registry lacks a functioning WHOIS service 😑
👀 And the ccTLD with the #2 highest increase? Brace yourself for a +2,373% increase!
https://www.spamhaus.org/reputation-statis...tics/cctlds/domains/
Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.
Here's what we know:
1️⃣ Subject lines used include:
Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens
2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias[.]com/
3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.
4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.
5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.