Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

abuse.ch
API

The abuse.ch-Spamhaus Alliance provides commercial use of abuse.ch’s APIs. The data, made available through Spamhaus, has been refactored on new infrastructure for robust and reliable usage, to make it suitable for large enterprises. This access includes additional benefits including Customer Support and an API playground.

Sign up for a free trial

Data reliability

Enterprise-grade data reliability and scale for robust, always-on intelligence.

Simple set up

Upgrade your set up with quick and simple steps, guided through user-friendly, intuitive technical documentation.

On-going support

Access both commercial and technical support, for technical issues, feature requests, help, suggestions, false positive reports etc.

abuse.ch Malware Data via API

With dedicated focus on technical malware data and enriched IOCs, hunters, analysts and reverse malware engineers get clear, in-depth insight to act more efficiently. Access different perspective of malware from a single source, with valuable data points to pivot from ready-to-go YARA rules to expand or validate your hunt, and malware samples to dive deeper.

Please note: Separate APIs are available to access botnet C2 insight, and Passive DNS data to gain historical records of DNS resolution data.

Why are there two different names for the data?

Our datasets have been supporting users for a very long time. With new users requesting our support, the dataset names are being updated for clearer understanding. We’re documenting two names, for now, to best support all users.

Datasets Included

Malware Samples

(Malware Bazaar)

Sample download, hash-based lookups (MD5, SHA1, or SHA256), associated metadata and file info, YARA rule matching, family attribution, delivery method, upload country, submitter, timestamp

Malware IoCs

(Threatfox)

Malware URLs

(URLhaus)

YARA Scan Results

(YARAify)

transition

Use cases for abuse.ch Malware Data via API

Improve confidence and efficiency for detection and response. Notably, this data will best support users to understand threats and IOCs of a real-time nature.

Threat Hunting
Threat Intelligence Enrichment
Threat Hunting
Transition

abuse.ch Malware Data via API for Threat Hunting

With global signals from the largest, independently crowdsourced malware data to the industry through abuse.ch, broaden your coverage with enriched IOCs. This can include significant parts of the infection chain, in addition to different perspectives of malware, from a single source.

Through these APIs users can download samples, binaries, and unpacked files to perform your own reverse engineering. Or utilize essential metadata points to pivot from, such as from what country something was uploaded, from which user (verified users in the community have a strong confidence), and the time of upload - all providing signals to help define and validate your hypothesis, or further expand your hunt.

Minimize dwell time

This data will support lower mean time to detect (MTTD) and respond (MTTR), reducing dwell time and minimizing potential breach costs.

Act efficiently

This data is focussed on malware IOCs alone, enriched through various means. Access clear signals to support technical threat hunting needs.

Flexibile

Access only the data you need, from across multiple datasets, or just one, giving you the control to achieve your goals without unnecessary costs.

Getting started

  • What are the additional benefits compared with the community APIs?

    As a commercial subscriber you will gain access to new and reliable APIs, developed by Spamhaus, for robust, commercial-grade usage.

    Additional benefits, beyond the continued value of the data itself, include:

    • Faster integration | Onboard rapidly by auto-generating code snippets in all modern dev languages
    • API playground | Execute requests from your browser to experiment and utilize the data with ease
    • Direct contact with technical support
    • Expedited handling of inaccurate threat reports

  • How to start a free 30-day trial

    Simply complete this form and submit. No credit card or payment details are required for the free trial.

    What happens next?

    You’ll receive an email asking you to verify your address. Once verified, a member of the team will be in contact to provide you with access.

  • Technical documentation

    New usage documentation is available once you have access set up, via our Customer Portal. This documentation is clear and interactive, with the following capabilities:

    • Generated code examples - for each endpoint across many languages/tools - again, making it easier to get up and running through examples
    • API playground - you can execute requests from your browser making it easy to test and get up and running
    • Driven by OpenAPI specification - this can be downloaded and imported into HTTP client tools (like Postman/Insomnia) or used to generate your own client code using any language/tooling of your choice. This provides great flexibility as you can use it with whatever tooling your business has implemented.

  • Pricing

    During your free trial, you can request a quote in the Customer Portal to get the subscription cost based on your setup.

    At any point, contact our Sales team who can further advise you.

Ready to start
your free trial?

Trial the commercial abuse.ch APIs, free for 30 days. No credit card details required.

Sign up

Explore more

Data Access

Passive DNS API

A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.

Learn More

Data Access

Intelligence API

Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.

Learn More

Data Access

Rsync

Incremental synchronization of binary and contextual datasets to local servers, including access to our entire binary DNS blocklist data. Efficiently transfer data by only copying changes between the source and destination.

Learn More

Integration

Maltego Integration

With Maltego, streamline complex analysis by utilizing the Spamhaus-abuse.ch Alliance’s expansive malware, IP and domain reputation intelligence. Quickly understand whether entities should be considered high risk, why, and whether it is still perpetuating malicious behavior to confidently define and prioritise next steps.

Learn More
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon