Hunting
What is URLhaus?
URLhaus is a platform from abuse.ch and Spamhaus enabling Cyber Security Experts and Threat Researchers to share malicious URLs being used for malware distribution.
What is MalwareBazaar?
MalwareBazaar is a platform from abuse.ch and Spamhaus dedicated to sharing malware samples with the InfoSec Community, Anti Virus Vendors, and Threat Intelligence Providers.
What is ThreatFox?
ThreatFox is a platform from abuse.ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware with the InfoSec Community and Cyber Threat Intelligence Providers.
What is YARAify?
YARAify is a platform from abuse.ch and Spamhaus that allows anyone to scan suspicious files against an extensive repository of YARA rules to detect malware.
What is Sandnet?
Sandnet is a platform from abuse.ch and Spamhaus that detonates suspicious files in a controlled environment to identify malicious files. While the platform is not freely available to the general public, specifically selected information from Sandnet is shared on this platform.
Network Connections
The following table shows network connections observed during malware execution in a Sandbox.
| Timestamp UTC | Malware sample (MD5 hash) | Signature | Port | Proto |
|---|
DNS resolutions
The following table shows DNS resolutions observed during malware execution in a Sandbox.
| Timestamp UTC | Malware sample (MD5 hash) | Signature | DNS query | DNS Type | DNS answer |
|---|
SSL certificates
The following table shows SSL certificates observed during malware execution in a Sandbox.
| Firstseen (UTC) | SSL certificate hash (SHA1) | Host | Subject CN | Issuer org |
|---|
IDS alerts
The following table shows alerts from the Intrusion Detection System (IDS) observed during malware execution in a Sandbox.
| Samples | IDS Alert | Source | Destination | Protocol |
|---|
What is IPintel?
IPintel is a platform from abuse.ch and Spamhaus that collects signals from IP addresses. While the platform is not available to the general public, specifically selected information from IPintel is shared on this platform.
| Timestamp UTC | Event Type | Event Data |
|---|
What is SIA?
Spamhaus Intelligence API (SIA) is a commercial API offered by Spamhaus, providing insights on IP address and domain intelligence.
Observations
The following table shows the observations made in context with this domain name.
| Context | Description | Last seen UTC |
|---|
DNS A Records
The following table shows the DNS A records observed for this domain name along with the corresponding A record's reputation.
| Last seen UTC | DNS A Record | IP Reputation |
|---|
DNS Nameservers
The following table shows the DNS nameservers observed for this domain name along with the corresponding nameservers' reputation.
| Last seen UTC | DNS Nameserver | NS Reputation |
|---|
SMTP Senders
The following table shows the SMTP senders observed for this domain name along with the senders' IP address reputation.
| Last seen UTC | Sending IP address | SMTP HELO | IP Reputation |
|---|
What is ProxyCheck?
ProxyCheck is a database of IP addresses participating in residential proxy networks. While the dataset is unavailable to the general public, specifically selected information is shared on this platform.
What is the False Positive List?
All our platforms are community-driven, meaning false positives periodically happen. False positives are always acted on promptly, and we provide additional transparency of what data has been removed here.