Spamhaus Intelligence API

Business Benefits

Spamhaus Intelligence API (SIA) contains enhanced IP reputation data that integrates with your applications. This provides you with increased visibility on where issues have occurred and accelerates reporting.

In this easy-to-consume format, SIA can be used for incident response, online real time risk assessment, monitoring trends and more.

Save valuable time investigating and reporting
The additional context this data provides enables you to answer "why" quickly, pinpoint issues and rapidly respond.
Simple and quick to access
API access makes the data simple to integrate across multiple applications, without downloading the entire data set.
Data you can trust in
Our industry-leading researchers immediately list compromised and malicious IPs along with related metadata.

Features

Breadth of intelligence

Access to over 20 different fields per infected IP. Historical and live data is available.

Control your data requests

Query a single IP or networks up to /24, removing the need for large file downloads.

Convenience

The API format makes this data easy to access and consume.

Reliable and trusted

Investigate with world-class intelligence that's reliable and actionable.

Product Details

What is the Spamhaus Intelligence API?

The Spamhaus Intelligence API (SIA) is an API that allows you to easily access our IP reputation datasets for integration into your existing infrastructure, including threat intelligence platforms, websites, analysis, and reporting mechanisms.

Who can use SIA?

Anyone who needs to provide context around IP addresses that are compromised or sending spam.

How to deploy

Visit our technical documentation for access details and additional technical information regarding SIA.

Pricing

Based on the number of queries per month and second, prices start at $5,000 per year. Contact our sales team for further details.

Developer License

Developers wishing to take the time to explore, build and test with the data can sign-up for free access to SIA via our Developer License, with up to 5,000 queries per month.

What data is included?

SIA provides access to live and historical metadata relating to IP addresses that indicate compromise, are emitting spam, or are dedicated botnet command and control servers. These IPs are listed on the Spamhaus extended eXploits Blocklist (eXBL), the extended CSS Blocklist (eCSS), or the extended Botnet Controller List (eBCL).

eXBL

This dataset focuses on compromised devices. Our research team lists IP addresses showing indications of malware, Trojan or worm infections, devices controlled by botnets command and controllers (C&Cs), along with third-party exploits, such as open proxies.

This dataset on average contains 4 million listings, with up to 75,000 newly observed IPs added every 24 hours.

eCSS

This dataset is specific to SMTP traffic, only listing port-25 based detections. Potential triggers for a listing include unsolicited emails, having poor email marketing list hygiene, or sending out malicious emails due to compromised accounts or content management systems (CMS).

This dataset contains between 300,000 – 1.5 million listings, with up to 285,000 new listings added every 24 hours.

eBCL

This dataset only contains single IPv4 addresses which are being used to host botnet command and controller servers (C&Cs). No inbound or outbound network connections should be made to these IP addresses under any circumstances.

This dataset contains approximately 300 – 1,500 listings, with up to 50 new entries every 24 hours.

Investigation Focused Datasets

Data for Investigation

Datasets to reduce investigation times and provide additional insights for security professionals. These include enhanced eXploits blocklist and Passive DNS data.

Learn more

Resources

Best practice for owners of a newly registered domain: PART 3

11 March 2023

Best practice

Nurture your new domain and successfully build its reputation to ensure it’s an asset for the long term, not just the next 10 minutes. Learn how in this best practice.

Learn more

Second beta release of domain reputation via API – increased actionable data

10 March 2023

Blog News

Beta users tested. They provided feedback. Our product development team listened and then moved heaven and earth to produce a much-improved API.

Learn more

Best practice for newly registered domains: PART 2 – Key considerations for purchasing

14 February 2023

Best practice

if you're confident you must buy a new domain, here are some key considerations to make before and immediately after the domain purchase.

Learn more

Business Benefits

Save valuable time investigating and reporting

Simple and quick to access

Data you can trust in

Features

Breadth of intelligence

Control your data requests

Convenience

Reliable and trusted

Product Details

What is the Spamhaus Intelligence API?

Who can use SIA?

How to deploy

Pricing

Developer License

What data is included?

Investigation Focused Datasets

Data for Investigation

Sign up for your free trial

Resources

Best practice for owners of a newly registered domain: PART 3

Second beta release of domain reputation via API – increased actionable data

Best practice for newly registered domains: PART 2 – Key considerations for purchasing

Access this data with the Spamhaus Developer License