Resources
[Resource Hub](/resource-hub/)
[DNS Blocklists](/resource-hub/dnsbl/)
[IP & domain reputation](/resource-hub/ip-domain-reputation/)
[Malware](/resource-hub/malware/)
[Service providers](/resource-hub/service-providers/)
[Threat intelligence](/resource-hub/threat-intelligence/)
[Restrict Port 25](/restrict-port-25/)
More Resources
[Events](/events/)
[FAQs](/faqs/)
[Glossary](/glossary/)
Reputation Data
[About the Research](/about-the-research/)
[Domain Reputation](/domain-reputation/)
[IP Reputation](/ip-reputation/)
Reputation Statistics
Countries
Country code top-level domains (ccTLD)
General top-level domains (gTLD)
Networks
Registrars
Malware Digest
URLHaus
MalwareBazaar
ThreatFox
YARAify
About Us
[Who Is Spamhaus?](/who-is-spamhaus/)
[History](/history/)
[Media Centre](/media-centre/)
[Affiliates](/affiliates/)
Threat Intel Community
[Community Home](https://submit.spamhaus.org)
[Guest Submission](https://submit.spamhaus.org/submit)
[Login](https://auth.spamhaus.org)
Free Datasets and Tools
[Blocklists](/blocklists/)
[Combined Spam Sources (CSS)](/blocklists/combined-spam-sources/)
[Domain Blocklist (DBL)](/blocklists/domain-blocklist/)
[Exploits Blocklist (XBL)](/blocklists/exploits-blocklist/)
[Policy Blocklist (PBL)](/blocklists/policy-blocklist/)
[Spamhaus Blocklist (SBL)](/blocklists/spamhaus-blocklist/)
[ZEN Blocklist](/blocklists/zen-blocklist/)
[DNSBL Fair Use Policy](/blocklists/dnsbl-fair-use-policy/)
[Commercial Datasets](/blocklists/commercial/)
[DNSBLs (Data Query Service) | Commercial](https://www.spamhaus.com/product/data-query-service/)
[DNSBLs (Data Query Service) | Free](https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/)
[DNS Firewall Threat Feeds | Commercial](https://www.spamhaus.com/dataset/dns-firewall-threat-feeds/)
[DNS Firewall Threat Feeds | Free](https://www.spamhaus.com/free-trial/sign-up-for-free-dns-firewall-threat-feeds/)
[IP & Reputation Data API | Commercial](https://www.spamhaus.com/product/intelligence-api/)
[IP & Reputation Data API | Free](https://www.spamhaus.com/developer/sia/)
[Network Protection](/blocklists/network-protection/)
[Botnet Controller List (BCL)](/blocklists/botnet-controller-list/)
[Do Not Route or Peer (DROP)](/blocklists/do-not-route-or-peer/)
[DROP Fair Use Policy](/blocklists/drop-fair-use-policy/)
Tools & Portals
[Blocklist Tester](https://blt.spamhaus.com)
[CERT Portal](https://portal.spamhaus.org/cert/login/)
[ISP Portal](https://portal.spamhaus.org/isp/start/)
[Reputation Checker](https://check.spamhaus.org/)
Strengthening trust and safety across the internet
==================================================
Spamhaus Project is the authority on IP and domain reputation. This intelligence enables us to shine a light on malicious activity, educate and support those who want to change for the better and hold those who don't to account. We do this together with a like-minded community.
7,500,000IPs analyzed every 24 hours
3,000,000Domains processed every 24 hours
4,500,000,0004.5 billionProtected User Mailboxes
1,500Active botnet command and controllers detected
Global internet traffic changes daily, as do the activities of adversaries. These statistics are indicators based on daily averages; actual daily figures will fluctuate.
Are you listed in one of Spamhaus' blocklists?
----------------------------------------------
Do you have problems sending email? Do you need to check if an IP address or domain name is on one of our blocklists?
Submit malicious activity to the Threat Intel Community Portal
--------------------------------------------------------------
Be part of our community; share IPs, domains, URLs or raw source of potentially malicious activity or threats.
[Submit](https://submit.spamhaus.org)
Spotlight on Spamhaus data reputation statistics
------------------------------------------------
Last updated: 7th March 2025
### Registrars
Most improved
Ultahost, Inc .\-80%Largest % decrease in phishing domains
Least improved
RegRU+760%Largest % increase in phishing domains
March 2025
### Malware
Most improved
WannaCry\-99%Associated with malware samples
Least improved
Kaiji+3,050%Associated with malware samples
March 2025
### Countries
Most improved
Bulgaria\-80%Hosting botnet command and controllers
Least improved
South Africa+350%Hosting botnet command and controllers
March 2025
### Networks
Most improved
laceibanetsociety....\-62%Largest decrease in exploited IPs
Least improved
fiberopticalnetwor...+210,350%Largest increase in exploited IPs
March 2025
### gTLDs
Most improved
.today0%Largest % decrease in spam-related domains
Least improved
.biz+998%Largest % increase in spam-related domains
March 2025
### ccTLDs
Most improved
.fi\-26%Largest % decrease in malicious domains
Least improved
.pm+1,706%Largest % increase in malicious domains
March 2025
### Countries
Most improved
Bulgaria\-80%Hosting botnet command and controllers
Least improved
South Africa+350%Hosting botnet command and controllers
March 2025
[View ranking charts](/reputation-statistics/)
News feed
---------
1 day ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114120871463009522)
Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.
Here's what we know:
1️⃣ Subject lines used include:
Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens
2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias\[.\]com/
3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.
4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.
5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.
[#Phishing](https://infosec.exchange/tags/phishing)[#Botnet](https://infosec.exchange/tags/botnet)[#ResidentialProxies](https://infosec.exchange/tags/residentialproxies)[#ThreatIntel](https://infosec.exchange/tags/threatintel)[#CyberSecurity](https://infosec.exchange/tags/cybersecurity)
[07 Mar 2025, 11:18](https://infosec.exchange/@spamhaus/114120871463009522)
**6** boosts·**1** favourite
3 days ago
4 days ago
9 days ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114076271424095659)
👨 Meet [@jeroengui](https://infosec.exchange/@jeroengui): student, founder of JustGuard, and a 🥇 top contributor to Spamhaus’ Threat Intel Community Portal!
Every month, he submits thousands of malicious domains, URLs, and email sources - all to make the internet a safer place. 🌍🔒
But what drives him to do it, and how can you get involved too? Read his story here 👇
[https://www.spamhaus.org/resource-hub/thre...at-intelligence/how-i-m-fighting-cybercrime-with-spamhaus-and-how-you-can-too/](https://www.spamhaus.org/resource-hub/threat-intelligence/how-i-m-fighting-cybercrime-with-spamhaus-and-how-you-can-too/)
[#SharingIsCaring](https://infosec.exchange/tags/sharingiscaring)[#CyberSecurity](https://infosec.exchange/tags/cybersecurity)[#ThreatIntel](https://infosec.exchange/tags/threatintel)[#Infosec](https://infosec.exchange/tags/infosec)
[27 Feb 2025, 14:16](https://infosec.exchange/@spamhaus/114076271424095659)
**4** boosts·**3** favourites
10 days ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114070636709034504)
When a resident’s device in a long-term care home triggers a residential proxy infection on the corporate network 👾 - what a nightmare! Third-party proxies roaming inside a care home? It gives you the chills. 😨
Thankfully, the issue was resolved! And with some lovely feedback for our TicketDesk team. The kind words mean a great deal, thank you! 💛
[#TicketDeskTales](https://infosec.exchange/tags/ticketdesktales)[#CareHomeChaos](https://infosec.exchange/tags/carehomechaos)[#ResidentialProxies](https://infosec.exchange/tags/residentialproxies)
[26 Feb 2025, 14:23](https://infosec.exchange/@spamhaus/114070636709034504)
**0** boosts·**3** favourites
1 day ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114120871463009522)
Starting around 2:00 AM UTC on March 4th, we've been observing a vast botnet operation attempting to use SMTP-AUTH credentials from nearly 500K distinct IPs - to perform what looks like a large scale phishing campaign targeting Brazilian users.
Here's what we know:
1️⃣ Subject lines used include:
Evite a Suspensão da Sua Caixa de Entrada
Saiba Como-XXXXXX
Sua Capacidade de E-mail Está no Máximo
Solução Disponível-XXXXXX
Atualize Sua Conta para Continuar Recebendo Novas Mensagens
2️⃣ Phishing payload is located at: hXXps://acessoclientevalidar.dnsalias\[.\]com/
3️⃣ Of particular interest is the fact that the IPs involved in this campaign are overwhelmingly located in Brazil too.
4️⃣ Based on what we and others know about the systems performing this phishing campaign, there appears to be a strict correlation with IPs associated with residential proxy networks.
5️⃣ Out of 373K Brazilian IPs involved, over 90% are associated with residential proxy networks.
[#Phishing](https://infosec.exchange/tags/phishing)[#Botnet](https://infosec.exchange/tags/botnet)[#ResidentialProxies](https://infosec.exchange/tags/residentialproxies)[#ThreatIntel](https://infosec.exchange/tags/threatintel)[#CyberSecurity](https://infosec.exchange/tags/cybersecurity)
[07 Mar 2025, 11:18](https://infosec.exchange/@spamhaus/114120871463009522)
**6** boosts·**1** favourite
3 days ago
4 days ago
9 days ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114076271424095659)
👨 Meet [@jeroengui](https://infosec.exchange/@jeroengui): student, founder of JustGuard, and a 🥇 top contributor to Spamhaus’ Threat Intel Community Portal!
Every month, he submits thousands of malicious domains, URLs, and email sources - all to make the internet a safer place. 🌍🔒
But what drives him to do it, and how can you get involved too? Read his story here 👇
[https://www.spamhaus.org/resource-hub/thre...at-intelligence/how-i-m-fighting-cybercrime-with-spamhaus-and-how-you-can-too/](https://www.spamhaus.org/resource-hub/threat-intelligence/how-i-m-fighting-cybercrime-with-spamhaus-and-how-you-can-too/)
[#SharingIsCaring](https://infosec.exchange/tags/sharingiscaring)[#CyberSecurity](https://infosec.exchange/tags/cybersecurity)[#ThreatIntel](https://infosec.exchange/tags/threatintel)[#Infosec](https://infosec.exchange/tags/infosec)
[27 Feb 2025, 14:16](https://infosec.exchange/@spamhaus/114076271424095659)
**4** boosts·**3** favourites
10 days ago
[The Spamhaus Project
@[email protected]
](https://infosec.exchange/@spamhaus)
[](https://infosec.exchange/@spamhaus/114070636709034504)
When a resident’s device in a long-term care home triggers a residential proxy infection on the corporate network 👾 - what a nightmare! Third-party proxies roaming inside a care home? It gives you the chills. 😨
Thankfully, the issue was resolved! And with some lovely feedback for our TicketDesk team. The kind words mean a great deal, thank you! 💛
[#TicketDeskTales](https://infosec.exchange/tags/ticketdesktales)[#CareHomeChaos](https://infosec.exchange/tags/carehomechaos)[#ResidentialProxies](https://infosec.exchange/tags/residentialproxies)
[26 Feb 2025, 14:23](https://infosec.exchange/@spamhaus/114070636709034504)
**0** boosts·**3** favourites
View more