Hunting
What is URLhaus?
URLhaus is a platform from abuse.ch and Spamhaus enabling Cyber Security Experts and Threat Researchers to share malicious URLs being used for malware distribution.
What is MalwareBazaar?
MalwareBazaar is a platform from abuse.ch and Spamhaus dedicated to sharing malware samples with the InfoSec Community, Anti Virus Vendors, and Threat Intelligence Providers.
What is ThreatFox?
ThreatFox is a platform from abuse.ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware with the InfoSec Community and Cyber Threat Intelligence Providers.
What is YARAify?
YARAify is a platform from abuse.ch and Spamhaus that allows anyone to scan suspicious files against an extensive repository of YARA rules to detect malware.
What is Sandnet?
Sandnet is a platform from abuse.ch and Spamhaus that detonates suspicious files in a controlled environment to identify malicious files. While the platform is not freely available to the general public, specifically selected information from Sandnet is shared on this platform.
Network Connections
| Timestamp UTC | Malware sample (MD5 hash) | Signature | Port | Proto |
|---|
DNS resolutions
| Timestamp UTC | Malware sample (MD5 hash) | Signature | DNS query | DNS Type | DNS answer |
|---|
SSL certificates
| Firstseen (UTC) | SSL certificate hash (SHA1) | Host | Subject CN | Issuer org |
|---|
IDS alerts
| Samples | IDS Alert | Source | Destination | Protocol |
|---|
What is IPintel?
IPintel is a platform from abuse.ch and Spamhaus that collects signals from IP addresses. While the platform is not available to the general public, specifically selected information from IPintel is shared on this platform.
| Timestamp UTC | Event Type | Event Data |
|---|
What is ProxyCheck?
ProxyCheck is a database of IP addresses participating in residential proxy networks. While the dataset is unavailable to the general public, specifically selected information is shared on this platform.
What is the False Positive List?
All our platforms are community-driven, meaning false positives periodically happen. False positives are always acted on promptly, and we provide additional transparency of what data has been removed here.