TotalHash.com
Check if a host/domain or IP is malicious according to TotalHash.com.
malwaredomainlist.com
Check if a host/domain, IP or netblock is malicious according to malwaredomainlist.com.
Amazon S3 Bucket Finder
Search for potential Amazon S3 buckets associated with the target and attempt to list their contents.
AlienVault IP Reputation
Check if an IP or netblock is malicious according to the AlienVault IP Reputation database.
abuse.ch
Check if a host/domain, IP or netblock is malicious according to abuse.ch.
Emerging Threats
Check if a netblock or IP is malicious according to emergingthreats.net.
Open Passive DNS Database
Obtain passive DNS information from pdns.daloo.de Open passive DNS database.
BuiltWith
Query BuiltWith.com's Domain API for information about your target's web technology stack, e-mail addresses and more.
CleanTalk Spam List
Check if a netblock or IP address is on CleanTalk.org's spam IP list.
HackerOne
Check external vulnerability scanning/reporting service h1.nobbd.de to see if the target is listed.
Bambenek C&C List
Check if a host/domain or IP appears on Bambenek Consulting's C&C tracker lists.
Hybrid Analysis
Search Hybrid Analysis for domains and URLs related to the target.
HaveIBeenPwned
Check HaveIBeenPwned.com for hacked e-mail addresses identified in breaches.
Azure Blob Finder
Search for potential Azure blobs associated with the target and attempt to list their contents.
Google Object Storage Finder
Search for potential Google Object Storage buckets associated with the target and attempt to list their contents.
spur.us
Obtain information about any malicious activities involving IP addresses found
IntelligenceX
Obtain information from IntelligenceX about identified IP addresses, domains, e-mail addresses and phone numbers.
ipstack
Identifies the physical location of IP addresses identified using ipstack.com.
BitcoinAbuse
Check Bitcoin addresses against the bitcoinabuse.com database of suspect/malicious addresses.
numverify
Lookup phone number location and carrier information from numverify.com.
VoIPBL OpenPBX IPs
Check if an IP or netblock is an open PBX according to VoIPBL OpenPBX IPs.
Onion.link
Search Tor 'Onion City' search engine for mentions of the target domain.
grep.app
Search grep.app API for links and emails related to the specified domain.
SpamCop
Query various spamcop databases for open relays, open proxies, vulnerable servers, etc.
XForce Exchange
Obtain IP reputation and passive DNS information from IBM X-Force Exchange
multiproxy.org Open Proxies
Check if an IP is an open proxy according to multiproxy.org' open proxy list.
Project Discovery Chaos
Search for hosts/subdomains using chaos.projectdiscovery.io
DNSGrep
Obtain Passive DNS information from Rapid7 Sonar Project using DNSGrep API.
Psbdmp
Check psbdmp.cc (PasteBin Dump) for potentially hacked e-mails and domains.
Flickr
Search Flickr for domains, URLs and emails related to the specified domain.
Clearbit
Check for names, addresses, domains and more based on lookups of e-mail addresses on clearbit.com.
Talos Intelligence
Check if a netblock or IP is malicious according to talosintelligence.com.
BotScout
Searches botscout.com's database of spam-bot IPs and e-mail addresses.
Zone-H Defacement Check
Check if a hostname/domain appears on the zone-h.org 'special defacements' RSS feed.
Digital Ocean Space Finder
Search for potential Digital Ocean Spaces associated with the target and attempt to list their contents.
Google SafeBrowsing
Check if the URL is included on any of the Safe Browsing lists.
AbuseIPDB
Check if an IP address is malicious according to AbuseIPDB.com blacklist.
BinaryEdge
Obtain information from BinaryEdge.io Internet scanning systems, including breaches, vulnerabilities, torrents and passive DNS.
Certificate Transparency
Gather hostnames from historical certificates in crt.sh.
C99
Queries the C99 API which offers various data (geo location, proxy detection, phone lookup, etc).
Greensnow
Check if a netblock or IP address is malicious according to greensnow.co.
CloudFlare Malware DNS
Check if a host would be blocked by CloudFlare Malware-blocking DNS
EmailCrawlr
Search EmailCrawlr for email addresses and phone numbers associated with a domain.
RiskIQ
Obtain information from RiskIQ's (formerly PassiveTotal) Passive DNS and Passive SSL databases.
malwaredomains.com
Check if a host/domain is malicious according to malwaredomains.com.
Darksearch
Search the Darksearch.io Tor search engine for mentions of the target domain.
SpyOnWeb
Search SpyOnWeb for hosts sharing the same IP address, Google Analytics code, or Google Adsense code.
Onyphe
Check Onyphe data (threat list, geo-location, pastries, vulnerabilities) about a given IP.
Blockchain
Queries blockchain.info to find the balance of identified bitcoin wallet addresses.
Google Maps
Identifies potential physical addresses and latitude/longitude coordinates.
Watchguard
Check if an IP is malicious according to Watchguard's reputationauthority.org.
Spamhaus
Query the Spamhaus databases for open relays, open proxies, vulnerable servers, etc.
Wikipedia Edits
Identify edits to Wikipedia articles made from a given IP address or username.
Twilio
Obtain information from Twilio about phone numbers. Ensure you have the Caller Name add-on installed in Twilio.
RIPE
Queries the RIPE registry (includes ARIN data) to identify netblocks and other info.
cybercrime-tracker.net
Check if a host/domain or IP is malicious according to cybercrime-tracker.net.
OpenStreetMap
Retrieves latitude/longitude coordinates for physical addresses from OpenStreetMap API.
Spyse
SpiderFoot plug-in to search Spyse API for IP address and domain information.
Social Media Profile Finder
Tries to discover the social media profiles for human names identified.
Bitcoin Who's Who
Check for Bitcoin addresses against the Bitcoin Who's Who database of suspect/malicious addresses.
Obtain information from the Google Custom Search API to identify sub-domains and links.
Open Bug Bounty
Check external vulnerability scanning/reporting service openbugbounty.org to see if the target is listed.
Onionsearchengine.com
Search Tor onionsearchengine.com for mentions of the target domain.
ThreatCrowd
Obtain information from ThreatCrowd about identified IP addresses, domains and e-mail addresses.
IPInfo.io
Identifies the physical location of IP addresses identified using ipinfo.io.
UCEPROTECT
Query the UCEPROTECT databases for open relays, open proxies, vulnerable servers, etc.
DroneBL
Query the DroneBL database for open relays, open proxies, vulnerable servers, etc.
CIRCL.LU
Obtain information from CIRCL.LU's Passive DNS and Passive SSL databases.
F-Secure Riddler.io
Obtain network information from F-Secure Riddler.io API.
iknowwhatyoudownload.com
Check iknowwhatyoudownload.com for IP addresses that have been using BitTorrent.
Maltiverse
Obtain information about any malicious activities involving IP addresses
Archive.org
Identifies historic versions of interesting files/pages from the Wayback Machine.
ThreatMiner
Obtain information from ThreatMiner's database for passive DNS and threat intelligence.
SORBS
Query the SORBS database for open relays, open proxies, vulnerable servers, etc.
Social Links
Queries mtg-bi.com (Social Links) to gather intelligence from social media platforms and dark web.
