Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Maltego
Integration

Maltego, provides a trusted and convenient single access point to data from a wide range of reputable providers. Gain additional context and validation by utilizing Spamhaus’ expansive domain and IP threat intelligence, with Maltego Data Pass.

This integration allows users to understand not only whether a resource should be considered high risk, but why, and whether it is still perpetuating malicious behavior.

Sign up via Maltego

Breadth of insight

Access to abundant metadata points returning actionable signals.

Tracked signal

With botnet IPs and exploited IPs frequently reassessed for activity.

Real-time updates

As soon as Spamhaus identifies an update, the data is published.

Spamhaus Intelligence via Maltego

Effortlessly enrich your threat intelligence with comprehensive reputation data on a wide range of internet identifiers — all through Maltego’s all-in-one investigation platform. Empower threat hunters with real-time, reputation data to enhance proactive threat detection and investigation.

Investigators can seamlessly pivot across context-rich metadata points, from active botnet C2 IPs, to exploited and exploiting IPs, suspicious email traffic, and all domains observed by Spamhaus.

Threat context and validation

Better understand the behavior, properties and relationships of potential threats, to assess and prioritize the next course of action.

Conclusions with confidence

Build a more detailed understanding of malicious activity, improving confidence and reducing the effort needed to make accurate and informed decisions.

Enrich Threat Intelligence

Understand the risks associated with IPs and domains by combining Spamhaus data with other data sources available on Maltego and enhance investigations.

Integration details

  • Suitable users

    Any Maltego customer, accessible via the Cyber Threat Intelligence module with Maltego Data Pass access. The data is relevant for:

    • Threat Intelligence Teams
    • Incident Response Teams
    • Cyber and Digital Forensics Teams
    • Trust and Safety
    • Penetration Testers
    • CERTs
    • SOCs

  • Accessing the integration

    Setup is quick and easy, managed via Maltego. Spamhaus Intelligence transforms can be accessed via Maltego Data Pass, connecting directly to the Spamhaus Intelligence API.

    A Maltego Data Pass is available on purchase with all Maltego Plans. For more information, visit the Maltego website and select the plan most relevant for your needs.

  • How the integration works

    The Maltego–Spamhaus integration allows users to query Spamhaus’ IP and domain threat intelligence via API directly within the Maltego interface, without the hassle of managing individual contracts, API keys, or integrations.

    With the integration, run Spamhaus Intelligence transforms (modular queries) in Maltego. Run transforms on Spamhaus’ IP data to provide signal on both malicious, and compromised IP’s, showing indication of:

    • Malware
    • Worm infections
    • Botnet command and controllers
    • Devices controlled by botnets command and controllers
    • Third party exploits
    • Spam
    • Phishing

    Run transforms on Spamhaus’ domain data to provide signal on every domain Spamhaus observes.

    Requests are sent securely to the Spamhaus Intelligence API, returning structured threat intelligence data.

  • Included datasets

    The following datasets are included via the integration:

    • Botnet C2 IPs (Botnet Controller List)

    Botnet command and controller (C2) servers. The status of these single IPv4 addresses is re-evaluated several times a day to identify active botnet controllers only. Utilize for protection or threat intelligence requirements.

    • Compromised IPs (Exploits Blocklist)

    IP addresses exhibiting signs of compromise, which can include downloaded malware, security vulnerabilities allowing unauthorized access, etc. Designed to protect networks from malware and spam by preventing connections from these IPs. Available in binary and contextual format.

    • Domain Intel (Domain Blocklist (Context))

    Contextual metadata on every domain observed and analyzed by our researchers. This includes reputation areas to strengthen, domain contexts, senders data, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.

    • Email Spam IPs (Combined Spam Sources Blocklist)

    Spam-emitting IPs that are direct snowshoe spam sources or senders posing a risk. This includes emails showing indications of an unsolicited nature, sending malicious emails due to a compromise, and other indicators of low reputation or abuse.

    • Zero reputation domains (Zero Reputation Domains)

    Newly registered or newly observed domains. These domains are included in this dataset for 24 hours; newly created domains are rarely used for legitimate purposes within 24 hours of registration, which provides a strong indicator of potential malicious behavior.


    Why does the data have two labels?

    We are moving to more transparent naming conventions. However, some organizations have been consuming these datasets for decades. To save any confusion, for old or new users, we’re currently documenting both names.

Ready to
get started?

Access context and validation for every domain observed by Spamhaus and malicious IP's, with the Maltego Data Pass, included in all Maltego Plans. Setup is quick and easy.

Sign up via Maltego Data Pass
Speechmarks
Speechmarks

Our Virtual CISO customers have really appreciated the extra insights and details relating to why we’re blocking a specific resource or activity.

Dr. Darren Williams

Founder and CEO, BlackFog

Trial more data

Data Access

abuse.ch API

High-impact data, dedicated to malware indicators, from a globally diverse, knowledge-rich community. Access enterprise-grade intelligence, with reliability and scale, to enrich, hunt and track with clarity and confidence.

Learn More

Data Access

Passive DNS API

A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.

Learn More

Data Access

Rsync

Incremental synchronization of binary and contextual datasets to local servers, including access to our entire binary DNS blocklist data. Efficiently transfer data by only copying changes between the source and destination.

Learn More
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon