Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

All Data/

Historical Data

Historical
Data

Data with global visibility, enabling accurate mapping of domain-to-IP relationships over time, in addition to botnet controllers and other malicious operations, for hunting, infrastructure mapping, and uncovering hidden connections across malicious campaigns.

Uncover and
track

Access contextual metadata covering up to 12 months of history, from IPs that include active botnet C2s, devices compromised by C2s, malware infections, residential proxies, and IPs sending spam content.

Additionally utilize expansive Passive DNS data to understand real-time and historical connections between different internet records: IPs, domains, hosts, name servers, and canonical names to confirm knowns, identify unknowns and analyse patterns.

Security teams use this intelligence for incident response, retrospective hunting, and contextual analysis. With years of trusted, high-quality data, it supports proactive defense strategies and deeper threat tracking at scale.

Rapid query results

Optimized, global infrastructure ensures low-latency API queries, delivering results in near real-time. Benefit from a combination of both historical and real-time intelligence for current threat validation, live context, and prioritization.

Coverage and relevance

Vast data coverage from sensor networks and global contributor communities, including law enforcement, ISPs and ESPs, to S&P 500 businesses and beyond. From this, we expose simple and clear Passive DNS data, in addition to IP-based historic data.

Integration and usability

Our data is available via various data access methods - covering real-time feed and API - so you have the flexibility and control to utilize the data to best solve your unique business needs.

Datasets

Datasets with Historical Coverage

Our datasets are defined by policy. The policies are created with alignment and input from the wider industry. This is to avoid bias, and ensure sound rationale behind every detection made. Our datasets are grouped by area of concern - for example, highly malicious networks, low reputation resources, zero reputation domains. All datasets shown here have historical coverage, with binary and contextual data available, though may not exclusively cover historical data.

Botnet C2 IPs

Binary Data
Contextual Data

Botnet command and controller (C2) servers. The status of these single IPv4 addresses is re-evaluated several times a day to identify active botnet controllers only. Utilize for protection or threat intelligence requirements.

Compromised IPs

Binary Data
Contextual Data

IP addresses exhibiting signs of compromise, which can include downloaded malware, security vulnerabilities allowing unauthorized access, etc. Designed to protect networks from malware and spam by preventing connections from these IPs. Available in binary and contextual format.

Email Spam IPs

Binary Data
Contextual Data

Spam-emitting IPs that are direct spam sources or senders posing a risk. This includes emails showing indications of an unsolicited nature, sending malicious emails due to a compromise, and other indicators of low reputation or abuse.

Malware IoCs

Contextual Data

Retrieve IP addresses, domains, URLs, and file hashes linked to malware activities. Gain crucial context with confidence levels, first/last seen timestamps, threat type , reporter, and sightings - indicating trustworthiness, relevance over time, nature of the threat, source legitimacy, and frequency of observation.

Malware Samples

Contextual Data

A vast, continuously updated collection of malicious files enriched with metadata, offering a high-fidelity view of the evolving threat landscape for security analysis and research needs. Samples available to download.

Malware URLs

Contextual Data

Tracked URLs that are being used for malware distribution. Access real-time contextual details, including associated payloads, tags, malware families, and whether the URL status is offline or online, to hunt with and better understand adversarial TTPs.

Passive DNS

Contextual Data

A repository of DNS infrastructure connections, capturing CNAMEs, nameservers, TXT, MX, and other query responses over time. This dataset enables analysts and hunters to pivot, enrich indicators, track malicious infrastructure changes, and uncover related threats—critical for correlation, incident response, and proactive defense.

YARA Scan Results

Contextual Data

Metadata based on millions of suspicious malware sample scans. Enhance your retroactive or active hunting capabilities by matching known malware patterns, automating malware classification, and improving detection accuracy with this large, community-driven signal repository.

Related Solutions

All Solutions

Threat Hunting

Improve detection fidelity with data solely concentrated on malware-focused intrusions to drive hunting hypotheses, understand trends and correlations, and prioritize investigation paths.

Learn More

Threat Intelligence Enrichment

Increase detection rates and enrich alerting context with malware signals that will help you uncover and address attack behaviour faster.

Learn More

Email Compliance

Minimize risk, protect users, and maintain a clean, compliant email-sending environment with trusted data and expert insights from Spamhaus.

Learn More

Featured Blog

Supporting researchers: How Passive DNS enabled a study into abuse of newly registered domains for phishing

5 min read | March 18, 2025

We’re proud to support a global community of researchers, including Dr. Marie Vasek and Ph.D. Candidate Sharad Agarwal, at the University College London. In support of their research on the large-scale abuse of newly registered domains for phishing, we provided them with access to Spamhaus’ Passive DNS. Read on to learn how they used the tool and their findings.

Read Insight

Discover more

See all resources

Page

Malware Digest - monthly malware trends using abuse.ch's data
Learn More

Case Study

Context for anti data exfiltration pioneer, BlackFog, with Spamhaus Intelligence API
Learn More

Report

Botnet Threat Updates - covering the botnet C2s observed by Spamhaus
Learn More

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon