Cyber Threat Hunting

Useful Links for “Hunting” for Details on Network and Endpoint Anomalies!

Below are a series of hotlinks and short descriptions of what the website offers.

The Spamhaus Project – A very large database used to store information on botnets, phishing attacks, and other types of spam. They have a searchable form that can be filled out. (Webteam, T. S. (n.d.). The Spamhaus Project. Retrieved December 26, 2016, from

Malware Traffic Analysis – This blog provides many entries regarding malware and exploit traffic. As stated on the site directly “Almost every post on this site has pcap files and/or malware samples.” ( (n.d.). Retrieved December 26, 2016, from

Domain Research Tools – This page gives its own list of tools that they have developed. These tools are very useful for IP and Domain tracking and research. (DomainTools. (2016). Retrieved December 26, 2016, from

Threat Miner – A control center for finding information on malware, domains, hosts, or addresses that may be involved in an attack, and allows an analyst to find information extremely fast. (Data Mining for Threat Intelligence. (n.d.). Retrieved December 26, 2016, from

PHP Decoder – An online service that gives the user the ability to upload PHP code that may be malicious and analyze it. (UnPHP – The Online PHP Decoder. (n.d.). Retrieved December 26, 2016, from

De-obfuscate JavaScript – A tool used to de-obfuscate JavaScript code. Note, the code must be just JavaScript, and cannot contain errors. (C:> deobfuscate javascript. (n.d.). Retrieved December 26, 2016, from

URL Decoder – Allows the encoding or decoding of URL’s to hide or reveal JavaScript URL’s into or from nonsense. (Meyer, E. A., & Meyer, K. S. (1995). Retrieved December 26, 2016, from

Regex Debugger – A program that helps you learn or understand regular expressions. As you type in the regular expression, a description of what your expression does is shown below. (Dib, F. (n.d.). Online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript. Retrieved December 26, 2016, from

JavaScript Beautifier – Gives the ability to Unpack, Obfuscate, or Butify JavaScript or HTML code, and can export to JSON or JSONP. (Lielmanis, E. (n.d.). Online JavaScript beautifier (L. Newman, Ed.). Retrieved December 26, 2016, from

HaveIBeenPwned –  An extremely useful site for checking if any of your accounts have been a part of recent leaks or attacks on larger companies. You simply type your username, or email, and you are given a list of attacks that your account has been a part of and what year the attack occurred. (Troy Hunt. (n.d.). Retrieved December 26, 2016, from

Threat Stop: CheckIP – Allows the user to check IP addresses or Domain names against their extensive database. An account can be created to gain additional information. (Check an IP address or domain name. (n.d.). Retrieved December 26, 2016, from

URL Security Checker – A tool that allows the user to check if the specified URL is categorized in Intel’s security database. (Customer URL Ticketing System. (n.d.). Retrieved December 26, 2016, from

Mailserver IP Checker – An aggregated blacklist check tool (Retrieved June 20, 2018, from

Useful tools!