The Spamhaus Project

Strengthening trust and safety across the internet

Spamhaus Project is the authority on IP and domain reputation. This intelligence enables us to shine a light on malicious activity, educate and support those who want to change for the better and hold those who don't to account. We do this together with a like-minded community.

7,500,000IPs analyzed every 24 hours
3,000,000Domains processed every 24 hours
4,500,000,0004.5 billionProtected User Mailboxes
1,500Active botnet command and controllers detected
Global internet traffic changes daily, as do the activities of adversaries. These statistics are indicators based on daily averages; actual daily figures will fluctuate.

Are you listed in one of Spamhaus' blocklists?

Do you have problems sending email? Do you need to check if an IP address or domain name is on one of our blocklists?

Submit malicious activity to the Threat Intel Community Portal

Be part of our community; share IPs, domains, URLs or raw source of potentially malicious activity or threats.

Submit

Spotlight on Spamhaus data reputation statistics

Last updated: 12th March 2025

Countries

Best
Turkmenistan-75%Hosting botnet command and controllers
Worst
South Africa+400%Hosting botnet command and controllers
March 2025
Robot with countries

Networks

Best
laceibanetsociety....-52%Largest decrease in exploited IPs
Worst
bytedance.com+12,985%Largest increase in exploited IPs
March 2025
Robot with countries

gTLDs

Best
.today0%Largest % decrease in spam-related domains
Worst
.biz+1,189%Largest % increase in spam-related domains
March 2025
Robot with countries

ccTLDs

Best
.de-15%Largest % decrease in malicious domains
Worst
.pm+2,468%Largest % increase in malicious domains
March 2025
Robot with countries

Registrars

Best
Ultahost, Inc .-74%Largest % decrease in phishing domains
Worst
RegRU+674%Largest % increase in phishing domains
March 2025
Robot with countries

Malware

Best
StrelaStealer-100%Associated with malware samples
Worst
Grandoreiro+5,700%Associated with malware samples
March 2025
Robot with countries

Countries

Best
Turkmenistan-75%Hosting botnet command and controllers
Worst
South Africa+400%Hosting botnet command and controllers
March 2025
Robot with countries

News feed

about 4 hours ago
 
1 day ago

Over the past 30 days, domains associated with malicious activity on ccTLD ".sx" has ⬆️ by +1,462% with a bad rep score of 90.3!

.sx is the ccTLD for Sint Maarten 🇸🇽, a Caribbean nation within the Kingdom of the Netherlands. A portion of these domains appear to be linked to Chinese casinos!

Perhaps m ore concerning, is that .sx's registry lacks a functioning WHOIS service 😑

👀 And the ccTLD with the #2 highest increase? Brace yourself for a +2,373% increase!

spamhaus.org/reputation-statis...

11 Mar 2025, 16:41
10 boosts·7 favourites
1 day ago
 
5 days ago

Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.

Here's what we know:

1️⃣ Subject lines used include:

Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens

2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias[.]com/

3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.

4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.

5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.

07 Mar 2025, 11:18
9 boosts·6 favourites
7 days ago
 
about 4 hours ago
 
1 day ago

Over the past 30 days, domains associated with malicious activity on ccTLD ".sx" has ⬆️ by +1,462% with a bad rep score of 90.3!

.sx is the ccTLD for Sint Maarten 🇸🇽, a Caribbean nation within the Kingdom of the Netherlands. A portion of these domains appear to be linked to Chinese casinos!

Perhaps m ore concerning, is that .sx's registry lacks a functioning WHOIS service 😑

👀 And the ccTLD with the #2 highest increase? Brace yourself for a +2,373% increase!

spamhaus.org/reputation-statis...

11 Mar 2025, 16:41
10 boosts·7 favourites
1 day ago
 
5 days ago

Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.

Here's what we know:

1️⃣ Subject lines used include:

Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens

2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias[.]com/

3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.

4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.

5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.

07 Mar 2025, 11:18
9 boosts·6 favourites
7 days ago