Hi,
just for the sake of completeness: Since the Spamhaus DROP lists are publicly available here, you can just try to establish a connection to an IP address that is covered by a CIDR listed in any of the DROP lists.
A live phishing (and/or malware) domain being hosted in such networks would be my-authentication-x322s[.]com, tracing back to 45.9.148[.]44 at the time of writing, being covered by this SBL/DROP listing.
Thanks, and best regards,
Peter Müller