Product Details

What is the Spamhaus Intelligence API?

The Spamhaus Intelligence API (SIA) is an API that allows you to easily access our IP reputation datasets for integration into your existing infrastructure, including threat intelligence platforms, websites, analysis and reporting mechanisms.

Who can use SIA?

Anyone who needs to provide context around compromised IP addresses can use SIA.

How to deploy

Visit our technical documentation for access details and additional technical information regarding SIA.


Based on the number of queries per month and second, prices start at $5,000 per year. Contact our sales team for further details.

Developer License

Developers wishing to take the time to explore, build and test with the data can sign-up for free access to SIA via our Developer License, with up to 5,000 queries per month.

What data is included?

SIA provides access to live and historical metadata relating to IP addresses that are exhibiting compromised behavior.  All these IPs are listed on the Spamhaus eXploits Blocklist. The following indicates the size of the dataset:

  • 10 million listings in total (approx.)
  • 75,000 (up to) newly observed IPs added every 24 hours
  • 1 million (average) “refreshed” listings added every 24 hours

Our research team list IP addresses on this dataset if they are showing indications of:

  • Malware infections
  • Worm infections
  • Trojan infections
  • Devices controlled by botnet command and controllers (C&Cs)
  • Third-party exploits, such as open proxies

Every IP address has various metadata relating to it, including bot names, first seen date, and valid until date.