Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About

Frequently
Asked
Questions

Frequently asked questions about our solutions and data. If you can’t find what you’re looking for, get in touch below - we’re happy to help.

Categories

abuse.chBorder Gateway Protocol (BGP)Botnet C2 IPsBotnet Controller ListData Query ServiceDNS BlocklistsDNS FirewallDo Not Route or Peer (DROP)General account questionsGeneral terminologyHighly malicious networksListing removalsPassive DNSReputation PortalResponse Policy Zones (RPZ)Sharing data with SpamhausSpamhaus Intelligence APISpamhaus Intelligence API - Developer License

FAQs | abuse.ch

abuse.ch

  • Are tags included in the MalwareBazaar historical malware sample data (full.csv)?

    No, tags are not included in the MalwareBazaar historical malware sample data (full.csv).

  • Can a PUA/PUP (or benign file) be uploaded to MalwareBazaar data?

    MalwareBazaar only tracks malware samples. No adware (PUA/PUP). No benign files. Samples older than 10 days, PUAs/PUPs and benign files should not be uploaded to the repository.

    There are some mechanisms in place to flag PUA/PUP files, where files are reviewed and removed manually by the admin. However, it is important to note that there is no automatic enforcement of the PUA/PUP policy.

    Submission vetting is manual and relies on researchers and users reporting such submissions. Where unacceptable files are reported by the community, files are removed promptly, and the responsible user banned.

  • Help! I've been blocked from making submissions to abuse.ch's platforms

    If you are blocked from making submissions via any of abuse.ch’s platforms, you have likely violated the relevant submission policy. All policies are detailed below:

    • URLhaus (malware URLs only): https://urlhaus.abuse.ch/api/#policy
    • MalwareBazaar (confirmed malware files only): https://bazaar.abuse.ch/api/#policy
    • ThreatFox (confirmed indicators of compromise only): https://threatfox.abuse.ch/faq/#policy

    To reinstate access, please get in touch with abuse.ch using the above form, confirming you have read and agreed to the applicable policy.

  • How do I make a submission to any of abuse.ch's platforms?

    To make a submission to abuse.ch, you will need to authenticate using this platform https://auth.abuse.ch/.

    Full details on the process for submissions are detailed below:

  • How do I report a false positive in URLhaus?

    If you believe a listing may be a false positive or should be removed from the URLhaus database, you can report this to abuse.ch in the URLhaus web interface.

    Please follow the below steps:

    1. Search for the URL or Domain here: https://urlhaus.abuse.ch/browse/
    2. Select the entry.
    3. Select the “Actions” dropdown.
    4. Select “Report a False Positive”.

  • How is the signature of a malware file identified by MalwareBazaar?

    The signature of a malware file mostly programmatically determined by MalwareBazaar using dynamic and static analysis.

  • Is it possible for MalwareBazaar to host two copies of the same sample?

    A file can only be present once on MalwareBazaar, therefore it is not technically possible to upload two copies of the same sample.

  • What are the submission policies for abuse.ch's platforms?

    Each of abuse.ch’s platforms has its submission policy, detailed below. If your submissions are outside the policy, your access to submit data will be revoked.

    • URLhaus (malware URLs): https://urlhaus.abuse.ch/api/#policy
    • MalwareBazaar (confirmed malware files): https://bazaar.abuse.ch/api/#policy
    • ThreatFox (confirmed indicators of compromise): https://threatfox.abuse.ch/faq/#policy

  • What data is available from abuse.ch via Spamhaus’ Intelligence API?

    URLhaus data is available as of June 6, 2024. You can utilize the data through the Developer License, free for six months, which also enables you to provide feedback on the data and usability. More datasets from abuse.ch will become available in API format as part of our broader partnership with abuse.ch.

  • Who should use abuse.ch Malware Data via Real-Time Feeds?

    There are many ways to use this data across the cyber threat intelligence disciple, including, but not limited to:

    • SOC Analysts - To enrich alerts, accelerate triage, and improve detection accuracy using up-to-date, verified IOCs.
    • Threat Hunters - To proactively identify emerging threats, uncover attacker infrastructure, and pivot across indicators for deeper investigations.
    • Threat Intelligence Teams - To feed reliable, real-time IOCs into threat intelligence platforms (TIPs) and correlate internal data with global threat trends.
    • Incident Responders - To rapidly validate and scope incidents, identify related indicators, and guide containment efforts with high-confidence data.
    • MDR/MSSP Providers - To enhance managed services by incorporating high-impact, trusted intel into monitoring, detection, and response pipelines for clients.

Need Help?
Get in touch

0

Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.

You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.

I agree to receive other communications from Spamhaus.

Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy PolicyCookie PolicyTerms and Conditions
Uicons by Flaticon