Cyber Security Threat Intelligence Lookup

A list of Cyber Security threat intelligence tools that can be used to lookup domains, IP’s and file hash to gather additional detail around a potential threat.

URL/Domain Analysis

Intelligence Lookup Tool	Description
AlienVault OTX	Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today’s latest threats.
Cisco Talos	Search by IP, domain, or network owner for real-time threat data.
IBM XForce Exchange	Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed.
WhoIs	Investigate the WhoIs records of a domain to identify the owners as well discovery when the domain was first registered and when it was last updated.
OPSWAT MetaDefender Cloud	Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s
Palo Alto URL Categorie s	Test a site to identify the Palo Alto categorisation.
PhishTanks	PhishTank is a collaborative database for data and information about phishing on the Internet.
URL Void	Website reputation checker.
VirusTotal	Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
MX Toolbox	This tool can be used to investigate the MX Records of any domain.
URLScan.io	An extremely useful tool to investigate a domain/URL which provides a screenshot, similar websites and much more.
Hybrid Analysis	A free online sandbox (Falcon Sandbox) to investigate URL’s & Files.
Cyber Gordon	Investigate Domains/IP’s with a tool that collates information from many sources, similar to VirusTotal.
Redirect Detective	A tool which can be used to investigate where URL’s redirect to.
DNS Dumpster	A free domain research tool that can discover hosts related to a domain.

IP Analysis

Intelligence Lookup Tool	Description
AlienVault OTX	Learn about the latest online threats. Share and collaborate in developing threat intelligence. Protect yourself and the community against today’s latest threats.
Cisco Talos	Search by IP, domain, or network owner for real-time threat data.
IBM XForce Exchange	Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed.
IP Void	Vast range of IP address tools to discover details about IP addresses. IP blacklist check, whois lookup, dns lookup, ping, and more!
OPSWAT MetaDefender Cloud	Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s
TOR Checker	Check if an IP was used in the TOR network on particular dates.
AbuseIPDB	Check an IP, Domain or Subnets reputation.
Shodan	A search engine which crawls the internet. This can be used to discover information on IP’s and domains.
VirusTotal	Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
GreyNoise	Investigate an IP’s reputation in the GreyNoise database.
Feodo Tracker	Investigate an IP in a database which tracks active Botnet and C2C channels.

File Analysis

Intelligence Lookup Tool	Description
AlienVault OTX	Learn about the latest online threats. Share and collaborate in developing threat
VirusTotal	Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.
IBM XForce Exchange	Search or submit a file to scan. Check for IOCs, keywords, malware intelligence, or even Collections that other users have contributed.
MalwareBazaar	Investigate a file hash for known malicious files.
OPSWAT MetaDefender Cloud	Submit and analyse files, URL’S, IP’s, Domains, Hash and CVE’s

Email Analysis

Intelligence Lookup Tool	Description
Hunter.io	This tool lets you find email addresses for domains which have been published online. This is particularly helpful to add additional protection mechanisms and identify areas of heightened risk.
DNSTwist & DNSTwister	Enumerate a list of potential domains similar to the one entered which can be used to either setup detection rules or to actively block or even buy.
Dehashed	Query a database of assets compromised in attacks.
HaveIbeenpwned	Easy tool to check as well as monitor if your email or phone has been breached. Note notifications can be setup for your personal email address/addresses as well as company corporate domai
MX Toolbox	This tool can be used to investigate the MX Records of any domain.

For a list of Cyber Security threat intelligence sources check out here.

Detecting Gootkit banking Trojan

By Alex Wheelhouse / April 3, 2022

Description To assist SOC's (Security Operation Teams) and detection engineers I have pulled together a few examples for detection analytics...

Azure Useful Documents

By Alex Wheelhouse / January 23, 2022

A collated list of the most useful documented reference material on all things Azure. Azure Sentinel ☁️ Deploy Sentinel as...

Azure Sentinel Agents

By Alex Wheelhouse / August 2, 2021

Azure comes with a few different Azure Sentinel agents for data ingestion to Azure log analytics. The agents are built...

Agent Tesla now beats Microsoft Defender Detection

By Alex Wheelhouse / June 21, 2021

Agent Tesla, a malware as a service tool used by hackers and APT's (advanced persistent threats) has recently been under...

Getting Started with SOAR (Security Orchestration, Automation and Response)

By Alex Wheelhouse / June 20, 2021

SOAR Overview Security Orchestration, Automation and Response abbreviated to SOAR is a Security focused platform design to automate many of...

Information Security Qualifications

By Alex Wheelhouse / April 6, 2021

Starting out in Information Security There are many avenues to get your foot in the door into and gain Cyber...

What is Cyber Security/Information Security?

By Alex Wheelhouse / January 19, 2021

Cyber security or otherwise known as Information Security is the act of individuals and organisations reducing the risk of cyber...

Why is the Cyber Security Budget so hard to get?

By Alex Wheelhouse / January 5, 2021

Now I know this is a vastly complicated issue that nearly all Security teams face in their organisation for one...

Azure Sentinel Threat Hunting

By Alex Wheelhouse / January 1, 2021

Overview Azure Sentinel Threat Hunting allows Security professionals to proactively identify potential threats that have gone unnoticed through analytics rules....