Globally diverse data - We evaluate billions of data points every day, generated and processed at high speeds, from a wide range of sources across the attack chain. Get real-time insight to identify the most high-impact threats, attribute specific families, and make faster correlations to act with greater certainty.
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
Cyber
Threat
Intelligence
High-impact threat data from a globally diverse, knowledge-rich community. Access enriched malware indicators, with enterprise-grade reliability and scale, to hunt and track with clarity and confidence.
Business
Benefits
Increase your threat coverage and data fidelity with verified, enriched IOCs. Reduce reliance on commercially-led data providers by incorporating a trusted, mission-driven, established data source.
The Spamhaus-abuse.ch Alliance provides full comprehension of malware threats to increase visibility, enhance threat hunting and give confidence to other data sources. Reinforce your proactive defense strategy by integrating this data seamlessly into your tech stack and security workflows.
Independently owned - The Spamhaus-abuse.ch Alliance has no external funding or influence; no private equity, and no venture capital firms. We produce the most robust and reliable data, without commercial bias, to help security practitioners take the most precise action possible to make the Internet safer.
Stable intelligence source - We have decades of experience sharing actionable data against adversaries; trusted by law enforcement, analysts, defenders, and solution providers alike. Reduce operational risk and utilize data already relied on by billions of users globally.
Cyber Threat Intelligence Solutions
Solutions
Effective cyber security will never come from a stand-alone solution—we provide data with flexible usability options to integrate into your existing security stack. Increase your visibility and confidence, be that for hunting and tracking or detection and response.
Threat Hunting
Datasets built and maintained by threat hunters, for threat hunters. Expand your visibility with global coverage of malware and C2 infrastructure. Ideal for IOC-driven threat hunting and rapid technical validation. Broaden your understanding further with YARA rule sets (TLP:CLEAR) and historic DNS connections for more insight and trend identification.
Multiple datasets are made available and optimized for different threat-hunting purposes. Derived from billions of data points 24/7, we’ve got you covered with real-time, tracked data to support hypothesis definition, validation and expansion.
Access the Data
abuse.ch API
The abuse.ch-Spamhaus Alliance provides commercial use of abuse.ch’s APIs. The data, made available through Spamhaus, has been refactored on new infrastructure for robust and reliable usage, to make it suitable for large enterprises. This access includes additional benefits including Customer Support and an API playground.
abuse.ch Real-Time Feeds
Accessing the abuse.ch Malware Data via real-time feeds provides security teams with a high-value, low-friction source of threat intelligence. Easy to use and quick to deploy, these feeds directly enhance threat detection, triage, hunting, and enrichment workflows. Gain immediate access to fresh IOCs to proactively identify threats before they cause damage.
Passive DNS API
Access Spamhaus' passive DNS (pDNS) database through a simple API with historical context and rapid, actionable insight into DNS infrastructure — including capturing CNAMEs, nameservers, TXT, MX, and other query responses.
Enable analysts to trace malicious domains, track infrastructure changes, and investigate cyber threats by revealing how DNS records have evolved over time across the internet.
Passive DNS Real-Time Feed
Access Spamhaus' Passive DNS database via real-time feed and get immediate visibility into DNS activity worldwide. Gain a continuous stream of actionable DNS infrastructure insight, including CNAMEs, Nameservers, TXT, and MX records.
Trace malicious domains, monitor infrastructure changes, and investigate emerging threats by understanding how DNS records have changed over time — delivered directly to your systems.
Intelligence API
Spamhaus’ intelligence contains context-rich metadata relating to IP and domain reputation. Integrate this data via API with your applications to enhance existing data, or consume as an independent data source.
Threat Intelligence Enrichment
Get access to data that you won’t find from another single source to seamlessly integrate into your hunting workflows and enhance understanding of internal telemetry. Quickly determine the operational relevance of malware indicators of compromise (IOCs) by reducing noisy signals with clear, enriched IOCs.
With globally tracked signals from the largest, independently crowdsourced malware data to the industry with abuse.ch, increase data diversity, coverage and visibility. Efficiently detect threats that evaded traditional defense using this high-confidence, real-time data source.
Access the Data
abuse.ch API
The abuse.ch-Spamhaus Alliance provides commercial use of abuse.ch’s APIs. The data, made available through Spamhaus, has been refactored on new infrastructure for robust and reliable usage, to make it suitable for large enterprises. This access includes additional benefits including Customer Support and an API playground.
abuse.ch Real-Time Feeds
Accessing the abuse.ch Malware Data via real-time feeds provides security teams with a high-value, low-friction source of threat intelligence. Easy to use and quick to deploy, these feeds directly enhance threat detection, triage, hunting, and enrichment workflows. Gain immediate access to fresh IOCs to proactively identify threats before they cause damage.
Intelligence API
Spamhaus’ intelligence contains context-rich metadata relating to IP and domain reputation. Integrate this data via API with your applications to enhance existing data, or consume as an independent data source.
Passive DNS API
Access Spamhaus' passive DNS (pDNS) database through a simple API with historical context and rapid, actionable insight into DNS infrastructure — including capturing CNAMEs, nameservers, TXT, MX, and other query responses.
Enable analysts to trace malicious domains, track infrastructure changes, and investigate cyber threats by revealing how DNS records have evolved over time across the internet.
Passive DNS Real-Time Feed
Access Spamhaus' Passive DNS database via real-time feed and get immediate visibility into DNS activity worldwide. Gain a continuous stream of actionable DNS infrastructure insight, including CNAMEs, Nameservers, TXT, and MX records.
Trace malicious domains, monitor infrastructure changes, and investigate emerging threats by understanding how DNS records have changed over time — delivered directly to your systems.
Our system benefits from this additional data to provide more precise results…it’s enabled us to discover security issues that would have been left unnoticed without this [Passive DNS] service.
Heather Diaz
Senior Director, fTLD
FEATURED REPORT
See all resources
Need Help?
Get in touch
Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.
You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.
I agree to receive other communications from Spamhaus.