A newly observed domain might be suspicious but not yet malicious — labeling it “new/unclassified”, rather than “malicious” vs. “clean,” allows your security stack to treat it with caution, not necessarily outright block it.
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
Insight and
Classification
Classifications and reputation data provide the gray between safe and malicious; crucial for context, early warning, nuanced responses, and smarter automation. Without it, cybersecurity becomes reactive and binary — which attackers can easily evade.
Insight
Data
Reputation insight provides a more nuanced understanding of events, offering suspicious or gray signals - like new domains, attempted access from never before seen IPs, or unusual signups and logins. These provide early warnings, allowing cautious, graduated responses instead of binary blocking.
By incorporating reputation and classification data, security and administration teams gain richer context, reduce false positives, and proactively detect evolving attacks before they escalate into legitimate compromises.
Reducing false positives
Rapid query results
Optimized, global infrastructure ensures low-latency API queries, delivering results in near real-time. Benefit from a combination of both historical and real-time intelligence for current threat validation, live context, and prioritization.
Data accuracy and timeliness
Our data is updated within seconds of detection, and validated as offering one of the lowest false positive rates in the industry. When used for protection, it serves high catch rates to keep users away from risk.
Datasets
Datasets
All our datasets are defined by policy. The policies are created with alignment and input from the wider industry. This is to avoid bias, and ensure sound rationale behind every detection made. Our datasets are grouped by area of focus - for example, highly malicious networks, low reputation resources, zero reputation domains. All datasets shown here provide insights or classification data related to a specific area of focus.
Compromised IPs
Binary Data
Contextual Data
IP addresses exhibiting signs of compromise, which can include downloaded malware, security vulnerabilities allowing unauthorized access, etc. Designed to protect networks from malware and spam by preventing connections from these IPs. Available in binary and contextual format.
Domain Intel
Contextual Data
Contextual metadata on every domain observed and analyzed by our researchers. This includes reputation areas to strengthen, domain contexts, senders data, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.
Access Methods
Highly Malicious ASNs
Binary Data
A list of autonomous system numbers (ASNs) that are hijacked or leased by professional spam or cyber-crime operations and used for dissemination of malware, trojan downloaders, botnet controllers, etc, and send no legitimate traffic.
Access Methods
Highly Malicious Networks
Binary Data
The worst of the worst malicious traffic IPs - an advisory to “drop all traffic” - with activity directly originating from rogue networks, such as encryption via ransomware, DNS-hijacking, authentication attacks, harvesting, DDoS attacks, and spam campaigns.
Non-mail emitting IPs
Binary Data
IPs that should never send email directly to the MX servers of third parties. Networks add and maintain many of these ranges, resulting in strong data efficacy. Spamhaus supplements by identifying end-user IP space that is observed as having high concentrations of botnet zombies.
Access Methods
Zero reputation domains
Binary Data
Contextual Data
Newly registered or newly observed domains. These domains are included in this dataset for 24 hours; newly created domains are rarely used for legitimate purposes within 24 hours of registration, which provides a strong indicator of potential malicious behavior.
Related Solutions
Email Compliance
Minimize risk, protect users, and maintain a clean, compliant email-sending environment with trusted data and expert insights from Spamhaus.
Threat Hunting
Improve detection fidelity with data solely concentrated on malware-focused intrusions to drive hunting hypotheses, understand trends and correlations, and prioritize investigation paths.
Threat Intelligence Enrichment
Increase detection rates and enrich alerting context with malware signals that will help you uncover and address attack behaviour faster.
Discover more
See all resources
Need Help?
Get in touch
Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.
You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.
I agree to receive other communications from Spamhaus.