IP/Domain/ Shared Domains on IP Address robtex.com IPs, Domains One of the best of breed tools to investigate Domains, IP addresses and more. IP/Domain Information centralops.net IPs, Domains Investigate Domains and IP addresses. Geolocate IPs/Domains iplocation.net IPs, Domains Quick way to find the most up-to-date location of a IP from several different vendors. Geolocate IPs/Domains infosniper.net IPs, Domains Shows location and provides a nice map. PassiveDNS, SSL Certificates, Shared Domains on IP address passivetotal.org IPs, Domains Research Domains, IPs, passive DNS sources, SSL certs, and more. Sign up for a free license. SSL Certificates censys.io SSL Certificate Hashes Scans the internet on a daily basis and allows researchers to search their library for information on SSL certs and more. Historical Whois information whoisology.com Domains, Emails, Keywords Search historical whois information. Passive DNS passivedns.mnemonic.no IPs, Domains, Look up domains and IPs and recent resolutions without performing an actual DNS query. Malware malwr.com File Hashes Free malware analysis service that allows you to submit files to an open source malware sandbox and search results with an account. Malware hybrid-analysis.com File Hashes Free malware analysis service that allows you to submit files to an open source malware sandbox and search results Malware (and more) virustotal.com File Hashes, IP addresses, Domains Best of breed free malware analysis service that allows you to submit files to an open source malware sandbox and search results. Users can submit URLs and files TO virustotal but this may result in tipping off adversaries to your action… Usually I recommend just passive research on VT. Domain threatcrowd.org File Hashes, IP address, Domains Search engine for threat data and open source intelligence reports and other cyber security sources URLs urlquery.net URLs Submit an URL and it will visit the site, take a snapshot, and analysis it to see if it is malicious. Beware of using this to analyze a link unless you are ok with tipping your hand to the adversary Search engine google.com Any field Google. No discussion needed. However, I’d recommend disabling pre-fetch https://www.technipages.com/google-chrome-prefetch Code github.com Any field Github is one of the largest code repositories on the internet. Often you can find interesting strings in the logs that may be in adversaries (or tool creators) Github repo. Domains, whois domaintools.com IPs, Domains, Best of breed for researching DNS history. For a fee, you can setup DNS branding detection and registration history of domains. BGP/ASN bgp.he.net IPs Often adversaries utilize the same ASN but different IP addresses. It can be worthwhile to find “malicious” ASNs and alert on them. PassiveDNS and more viewdns.info IPs, Domains, Names Provides several different DNS research tools. Can find out registrant histories of domains. Malware totalhash.cymru.com IPs, Domains, File Hashes One of the largest collections of malware on the internet. Great searching capabilities. APT reports threatminer.org Any IOC or key word Threatminer combines different threat feeds and a searchable repository of APT reports. IP ipinfo.io IPs Lightweight site that can quickly find out basic info regarding an IP address