DNS Firewall Threat Feeds

Standard: Domains identified as hosting adware.
Edited: This feed is also available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives. The protection provided by an edited feed is lower than that of its standard feed.

The Standard and Edited feeds are both included in our subscription cost.

Standard: Domains that are being used as the host record for a nameserver, and are classified as having a bad reputation.

This feed is included in our subscription cost.

Standard: Nameserver IP addresses that are hosting domains, and are classified as having a bad reputation.

This feed is available in our subscription cost.

Standard: Uncategorized domains identified as having a bad reputation. This includes hosts owned by known spammers, payload URLs, malicious tracking domains and domains associated with low reputation networks, amongst other factors.

Hacked: A ‘hacked’ version of this feed is available. This feed contains host domains with a bad reputation which are usually considered legitimate, but are currently compromised.

The Standard and Edited feeds are both available in our subscription cost.

Standard: IP addresses that have not yet been assigned to an entity, and should not be generating any incoming or outgoing traffic.

This feed is included in our subscription cost.

Standard: IP addresses identified as hosting botnet command and controller (C&C) malware.
Hacked: A ‘hacked’ version of this feed is available. This feed contains host domains with a bad reputation which are usually considered legitimate, but are currently compromised.

The Standard and Edited feeds are both available in our subscription cost.

Standard: Domains identified as hosting a botnet command & controller (C2).
Edited: This feed is available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives.  The protection provided by an edited feed is lower than that of its standard feed.

Hacked: A ‘hacked’ version of this feed is available.  This feed contains botnet C&C host domains which are usually considered legitimate, but are currently compromised.

The Standard, Edited and Hacked feeds are all included in our subscription costs.

Standard: Domains identified as hosting a botnet resource that are not a botnet command and controller.
Edited: This feed is also available in an edited version, containing only the worst of the worst. This can be used where customers require a lower risk of false positives. The protection provided by an edited feed is lower than that of its standard feed.

The Standard and Edited feeds are both included in our subscription cost.

IPs that have been identified as being hijacked, belonging to bullet proof hosters, or are being leased by professional malicious organizations. The very worst of the worst.

This feed is available for free, to protect users from the most malicious IPs we are observing. It is also included in our subscription cost.

Domains created from multiple domain generated algorithms (DGA). These are automatically generated and usually associated with malware.

This feed is included in our subscription cost.

Standard: Domains identified as hosting malware.
Hacked: A ‘hacked’ version of this feed is available. This feed contains domains hosting malware which are usually considered legitimate, but are currently compromised.

The Standard and Hacked feeds are both included in our subscription cost.

Standard: Domains identified as hosting a phishing site(s).
Hacked: A ‘hacked’ version of this feed is available. This feed contains phishing host domains which are usually considered legitimate, but are currently compromised.

The Standard and Hacked feeds are both included in our subscription cost.

Domains identified as hosting adware, and are considered to be the worst of the worst.

This feed is included in our subscription cost.

Domains, listed for only 24 hours, that have been recently registered or have been identified as previously dormant.

This feed is a premium feed and available at an additional cost.

The following service zones can be accessed for free. Where required these zones can also be included in our paid subscription.

Please note: These service feeds are not curated by Spamhaus, and therefore may contain false positives, that cannot be remediated.

Tor Blocker – List of known Tor Exit Nodes.

Coinblocker – Lists of IP addresses and domains that are hosting cryptojacking scripts, which utilize the resources of an end user’s computer to mine cryptocurrency.

Porn Host – Hostnames and domains that are known to serve pornographic material.