Campaign tracking: Increase visibility into evolving malware operations by uncovering attacker infrastructure, correlating activity patterns and logging TTP evolution over time; stay ahead of emerging threats and proactively hunt for signs of compromise.
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
Threat
Hunting
Improve detection fidelity with data solely concentrated on malware-focused intrusions to drive hunting hypotheses, understand trends and correlations, and prioritize investigation paths.
From hypothesis to
action
Datasets built and maintained by threat hunters, for threat hunters. Expand your visibility with global coverage of malware and C2 infrastructure. Ideal for IOC-driven threat hunting and rapid technical validation. Broaden your understanding further with YARA rule sets (TLP:CLEAR) and historic DNS connections for more insight and trend identification.
Multiple datasets are made available and optimized for different threat-hunting purposes. Derived from billions of data points 24/7, we’ve got you covered with real-time, tracked data to support hypothesis definition, validation and expansion.
Holistic view of malware: Gain a broad view of threats, including distribution, samples, observed payloads, related IoCs, active C2s, signals derived from executed malware, and a vast repository of YARA rules to expose more.
Increase data diversity and coverage: Globally tracked signals from the largest, independently crowdsourced malware data to the industry from widely reputed abuse.ch, further supplemented with vast signals and tooling from Spamhaus
DATA SOLUTIONS
Threat Hunting
Take control and access only the data that will support your hunting needs - no rigid tooling or surplus functionality. Through simplicity, we keep things as cost-effective as possible so you can get on with what matters - hunting.
Data access
Integrations
Data access
Data access
Integrations
abuse.ch API
High-impact data, dedicated to malware indicators, from a globally diverse, knowledge-rich community. Access enterprise-grade intelligence, with reliability and scale, to enrich, hunt and track with clarity and confidence.
Available Formats
JSON
abuse.ch Real-Time Feeds
Real-time stream of enriched indicators to enhance threat detection, triage, hunting, and enrichment workflows. Gain immediate access to fresh IOCs and dataset changes to proactively identify threats before they cause damage.
Available Formats
JSON
Passive DNS API
A simple API supporting a variety of query types to discover historical, and up-to-the-moment, DNS infrastructure connections from Spamhaus’ Passive DNS database with up to one year of historical data.
Available Formats
JSON
Passive DNS Real-Time Feed
A firehose of Passive DNS data, get updates as soon as they are generated with minimal or no delay. This provides immediate access for up-to-date information on DNS infrastructure connections.
Available Formats
JSON
Intelligence API
Integrate context-rich metadata relating to IP and domain reputation to enhance existing data feeds, or consume as an independent data source. Gain additional intelligence to monitor, assess and remediate as required.
Available Formats
JSON
Maltego Integration
With Maltego, streamline complex analysis by utilizing the Spamhaus-abuse.ch Alliance’s expansive malware, IP and domain reputation intelligence. Quickly understand whether entities should be considered high risk, why, and whether it is still perpetuating malicious behavior to confidently define and prioritise next steps.
Featured Report
Botnet Threat Update January to June 2025
1 min read | July 14, 2025
Botnet activity increased by 26% this reporting period; the first increase we've observed for over 18 months. Five new malware families entered the Top 20, and disappointing increases for a number of global networks hosting the most active botnet C&Cs. Read the full report.
Featured Content
See all resources
Need Help?
Get in touch
Spamhaus is committed to protecting and respecting your privacy. We’ll only use your personal information to respond to your enquiry, manage any accounts you may set-up, and to provide the products and services you request from us. From time to time, we would like to contact you about our products and services, as well as other security related content that may be of interest to you. If you consent to us contacting you for this purpose, please tick the box below.
You can unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.
By clicking submit below, you consent to allow Spamhaus to store and process the personal information submitted above to provide you the content requested.
I agree to receive other communications from Spamhaus.