New – Spamhaus Intelligence API (SIA)


Spamhaus Intelligence API

Spamhaus is a global leader of threat intelligence.  Actively protecting over 3 Billion mailboxes globally, with our 24 years of of cyber threat hunting and research experience.   Offering a wealth of (Realtime) threat data-sets designed to be enhanced your network security posture, and threat research.

This API is easy-to-consume, and easily delivers Spamhaus Threat Intelligence …  data for integration, incident response, online real time risk assessment, monitoring trends and more.



Key Features

Access to over 20 different fields per infected IP.
Historical and real-time data is available.

Query a single IP or networks up to /24, removing the need for large file downloads.

Investigate with world-class intelligence that’s reliable and actionable.

The API format makes this data easy to access and consume.

Our API technology makes the data simple to integrate across multiple applications, without downloading the entire data set.

*API ‘GET response’ (download) now available*

Data-sets available via SIA:

Extended eXploits Blocklist (eXBL) – This dataset lists IP addresses belonging to devices that are showing signs of compromise. This can include traffic from the Internet of Things (IoT) devices alongside more traditional spam. Potential reasons for our research team to list IPs on the eXBL include:
Malware infections, Trojan infections,  Worm infections, Devices controlled by botnets command and controllers (C&Cs), and Third-party exploits, such as open proxies.

Metadata in the eXBL includes; timestamp of the last connection, the botnet’s name controlling infected nodes, the IP address and port number of the command and control server for some connections, the countries where compromised devices are located, and the type of malware used to exploit devices.

Extended Botnet Controller List (eBCL) – This dataset only contains single IPv4 addresses used to host botnet command and controller servers (C&Cs). These botnet C&Cs are used by cybercriminals to control infected computers (bots).
* No inbound or outbound network connections should be made to these IP addresses under any circumstances*

Metadata in the eBCL includes; the bot name associated with the detected activity, the destination port of the traffic that triggered the detection or where the identified C2 service has been observed running, and an array providing information about the binary files observed referring to the specific C2 instance.
* historical data is also available*

Extended CSS Blocklist (eCSS) – This dataset only focuses on SMTP traffic i.e. port-25 based detections. These target spam and other low-reputation sources. Triggers for listing on the CSS include: Sending bulk unsolicited email, Having poor email marketing list hygiene, and Sending out malicious emails due to compromised accounts, webforms or content management systems (CMS).

Metadata in the eXBL includes; timestamp of the first seen date and last connection, the HELO string used in the SMTP session triggering the detection, the geolocation of the IP address.

Increased protection for SonicWall, Palo Alto, and other firewall and network layer devises.

Click HERE for further information, and no-obligation trial.