Regular Reputation Feeds

Full strength feeds that contain identified bad reputation and maliciousness.

Bad Reputation Hosts

(badrep.host.dtq)

Uncategorized Domains identified as having a bad reputation. This includes hosts owned by known spammers, payload URLs, malicious tracking domains and domains associated with low reputation networks, amongst other factors.

Botnet Command and Control IPs

(botnetcc.ip.dtq)

IP addresses identified as hosting botnet C&C malware.

Botnet Command and Control Hosts

(botnetcc.host.dtq)

Domains identified as hosting a botnet C&C.

Adware Hosts

(adware.host.dtq)

Domains identified as hosting adware.

Phishing Hosts

(phish.host.dtq)

Domains identified as hosting a phishing site(s).

Malware Hosts

(malware.host.dtq)

Domains identified as hosting malware.

Botnet Hosts

(botnet.host.dtq)

Domains identified as hosting a botnet resource (not a botnet C&C).

Bad Nameserver Hosts

(bad-nameservers.host.dtq)

Domains that are being used as the host record for a Nameserver and classified as having a bad reputation.

Bad Nameserver IPs

(bad-nameservers.ip.dtq)

Nameserver IP addresses that are hosting domains and considered as having a bad reputation.

Bogons IPs

(bogons.ip.dtq)

IP addresses that have not yet been assigned to an entity and should not be generating any incoming or outgoing traffic.

Domain Generated Algorithm (DGA)

(dga.host.dtq)

Domains created from multiple domain generated algorithms (DGA). Domains that are automatically generated and usually associated with malware.

Do Not Route or Peer (DROP)

(drop.ip.dtq)

“Do Not Route or Peer” list. IPs that have been identified as being hijacked, belonging to either bullet proof hosters, or are being leased by professional malicious organizations. The very worst of the worst.

Coinblocker*

(coinblocker.srv)

Multiple lists of IP addresses and domains that are hosting crypto-jacking scripts, which utilize the resources of an end user’s computer to mine crypto-currency.

Torblocker*

(torblock.srv)

List of known Tor Exit Nodes.

*This zone is a service feed that contains data that is curated outside of Spamhaus’ network. Note that there may be false positives in this data and remediation of false positives from these zones may take longer.