Category
Threat Intelligence
Level
Intermediate
Number
102
UrlScan.io is a powerful, free tool designed for automatically scanning and analyzing websites → https://urlscan.io/
It captures crucial data such as domains, IP addresses, requested resources, page snapshots, and the technologies employed on a site.
The results are segmented into key areas:
Summaryprovides general info including IP address, domain details, page history, and screenshots;HTTPsection details the connections made, data fetched, and file types received;Redirectsoffer insights into both HTTP and client-side redirects;Linksshow outgoing links from the homepage;Behaviouridentifies variables and cookies, useful for pinpointing frameworks
Abuse.ch is a research initiative focused on tracking and identifying malware and botnets, featuring several operational platforms → https://abuse.ch/
Malware Bazaarallows analysts to upload and share malware samples, and set up alerts for specific tags and signatures. https://bazaar.abuse.ch/Feodo Trackermonitors botnet command and control (C2) infrastructures, particularly targeting notorious botnets like Dridex and Emotet, providing IP and IOC blocklists → https://feodotracker.abuse.ch/SSL Blacklistfocuses on identifying and blocking malicious SSL connections and botnet C2 communications, offering SSL certificates and JA3 fingerprints → https://sslbl.abuse.ch/URL Hausshares malicious URLs used for malware distribution, with search capabilities based on various criteria → https://urlhaus.abuse.ch/Threat Foxoffers a platform to share and export indicators of compromise (IOCs) in multiple formats such as JSON and Suricata IDS Ruleset → https://threatfox.abuse.ch/
Summary:
- UrlScan.io is a free tool for automatically scanning and analyzing websites, capturing data on domains, IP addresses, and site behavior.
- Abuse.ch is a research project that tracks malware and botnets through platforms like Malware Bazaar, Feodo Tracker, SSL Blacklist, URL Haus, and Threat Fox.