Product Details

What is the Spamhaus Intelligence API?

The Spamhaus Intelligence API (SIA) allows you to easily access numerous signals that contribute to the reputation of IPs and domains. Derived from the 24/7 analysis of billions of datapoints, this data feed has multiple applications. Integrate into your existing infrastructure, including threat intelligence platforms, customer vetting operations, websites, analysis, and reporting mechanisms.

Who can use SIA?

  • Threat analysts – increase your understanding of security events and alerts relating to IPs and domains to more effectively prioritize and report.
  • Product Managers – enhance existing data pools to provide additional validation points to increase customer confidence in vulnerabilities and threats.
  • Email Service Providers – keep your network clean by using this data to perform in-depth vetting of potential customers. Build a comprehensive picture with a vast number of domain and IP signals.

How to deploy

To gain a better understanding of access methods and datasets available, please see here. For the detail on the anatomy of the data and the REST API, see here.

Pricing

Based on the number of queries per month and second, you gain access to both the IP and domain data. Prices start at $5,000 per year. Contact our sales team for further details.

Developer License

If you’re looking to take the time to explore, build and test with the data can sign-up for free access to SIA via our Developer License, with up to 5,000 queries per month.

What data is included?

URLhaus dataset (beta release)

Gain access to live and historical metadata relating to malicious URLs that are being used for malware distribution. This open source intelligence supports the identification and exploration of various internet identifiers: URLs, domains, IPv4 addresses, DNS names and hashes. Some of the values you’ll gain visibility of are: online/offline, payload details, tags and report. Find more in the technical documentation here.

This dataset, on average, tracks 2.5 million malicious URLs, with 1.2k new detections every 24 hours.

Domain-based dataset

This dataset provides metadata on every domain observed and analyzed by our researchers.

Metadata relating to each domain is provided via various API calls. This includes reputation areas to strengthen, domain contexts, senders data, nameserver reputation, A Record reputation, correlated related domains, listed Hostnames, and malware.

IP-based datasets

Gain access to live and historical metadata relating to IP addresses that indicate compromise, are emitting spam, or are dedicated botnet command and control servers. These IPs are listed on the Spamhaus eXploits Dataset (XBL), the CSS Dataset (CSS), or the Botnet Controller List (BCL).

All IP datasets available via SIA are also available to download.

eXploits Dataset

Focuses on compromised devices. Our research team lists IP addresses showing indications of malware, Trojan or worm infections, devices controlled by botnets command and controllers (C&Cs), along with third-party exploits, such as open proxies.

This dataset, on average, contains 2 million entries, with 650,000 new detections relating to exploit IPs every 24 hours.

Botnet Controller List

Contains single IPv4 addresses which are being used to host active botnet command and controller servers (C&Cs). The status of these botnet controllers is re-evaluated several times a day to identify active botnet controllers only. No inbound or outbound network connections should be made to these IP addresses under any circumstances.

This dataset contains approximately 800 – 1,500 entries, with up to 50 new detections every 24 hours. For downloads of this dataset, live updates are made every minute.

Combined Spam Sources Dataset

Specific to SMTP traffic, only listing port-25 based detections. Potential triggers for a listing include unsolicited emails, having poor email marketing list hygiene, or sending out malicious emails due to compromised accounts or content management systems (CMS).

This dataset contains between 300,000 – 1.5 million entries, with up to 285,000 new detections added every 24 hours.