FIGHTING MALWARE AND BOTNETS is providing community driven threat intelligence on cyber threats. It is the home of a couple of projects that are helping internet service providers and network operators protecting their infrastructure from malware. IT-Security researchers, vendors and law enforcement agencies rely on data from, trying to make the internet a safer place.

Learn more »


Initially launched as a private initiative of a random Swiss guy that wanted to fight cyber crime for the good of the internet, is nowadays providing community driven threat intelligence on cyber threats.'s main goal is to identify and track cyber threats, with a strong focus on malware and botnets. We not only publish actionable threat intelligence data on cyber threats but also develop and operate platforms for IT security researchers and experts enabling them sharing relevant threat intel data with the community.

Today, data from is already integrated in many commercial and open source security products. Vendors of security software and services rely on our data to protect their customers. But it doesn't stop there: organizations, internet service providers (ISPs), law enforcement and government entities consume data from to fight cyber threats targeting their constituency.

Follow us on social media:

OUR PLATFORMS operates the following public platforms:


Sharing malware samples with the community, AV vendors and threat intelligence providers

Feodo Tracker

Tracking botnet C&C infrastructure associated with Emotet, Dridex and TrickBot

SSL Blacklist (SSLBL)

Collecting and providing a blocklist for malicious SSL certificates and JA3/JA3s fingerprints


Sharing malware distribution sites with the community, AV vendors and threat intelligence providers


Sharing indicators of compromise (IOCs) the community and threat intelligence providers


Hunt for suspicious files using YARA. Sharing your own YARA rules with the community

BLOG appoints Spamhaus as a licensee to secure its future

Published on 8th Aug 2022, 13:00:00 UTC

On Monday, August 1st, 2022, Spamhaus Technology became the primary licensee of data produced by Here's an outline of why this partnership was conceived and what it hopes to achieve in the future. In 2008, a sole researcher founded – a project committed to fighting abuse on the internet.

Read on >

Introducing YARAify

Published on 13th June 2022, 11:23:48 UTC

About a year ago, we have launched ThreatFox - a community driven platform to share indicators of compromise (IOCs). Today, I'm very excited to announce the launch of our most recent project: YARAify! YARAify is your central hub for scanning and hunting files using YARA.

Read on > gets a new home at BFH

Published on 1st June 2021, 07:25:31 UTC

In October 2020, I've described the challenges I'm facing with operating as a non-profit project. I've also draw a plan for the future of that was collecting sufficient funds to turn into a research project. Today, I'm very excited to announce that the fund raising was successful and that as of April 15th 2021, became a research project at Institute for Cybersecurity and Engineering ICE hosted at the Bern University of Applied Sciences (BFH) in Switzerland.

Read on >

Introducing ThreatFox

Published on 8th March 2021, 12:41:55 UTC

In 2018, I've launched URLhaus - a platform where security researchers and threat analysts can share malware distribution sites with the community. A year ago, in March 2020, the launch of MalwareBazaar enabled the community to share malware samples with others and hunt for such by e.g. using YARA rules. The goal of always was to make threat intelligence easy accessible for everyone - for free, and without the need of a registration on a platform.

Read on >

Moving Forward

Published on 26th October 2020, 13:45:09 UTC

13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.

Read on >

Introducing MalwareBazaar

Published on 17th March 2020, 12:29:31 UTC

Almost two years ago, I've launched URLhaus with the goal of collecting malware distribution sites. With more than 300,000 malware distribution sites tracked, the project still is a great success. However, over the past weeks, I've been focusing my efforts on a new project. And here' it is: MalwareBazaar! MalwareBazaar collects known malicious malware sample, enriches them with additional intelligence and provides them back to the community - for free!

Read on >

Blog Archive


Most seen Malware

# Malware
1 StrelaStealer
2 RedCap
3 Worm.Padodor
4 Expiro
5 CoinMiner
6 Worm.m0yv
7 Ganelp
8 Downloader.Upatre
9 Cosmu
10 Formbook

Analysed File Types

Malware Samples File Type
16125 bat
3317 dll
370 exe
169 xlsm
147 xlsb
131 xls
46 doc
25 rtf
23 js
18 xlsx

Processed Malware Samples per Day

Spam Statistics