OpenTAXII is a robust Python implementation of TAXII Services with a rich feature set and extensible, code-level APIs.

Use the IBM® QRadar® Threat Intelligence app to configure and manage threat intelligence feeds in QRadar.

When you install the app, a Threat Intelligence icon is added to the QRadar Admin tab. Click this icon to open the Threat Intelligence window.

Scan an IP address through multiple DNS-based blacklists (DNSBL) and IP reputation services, to facilitate the detection of IP addresses involved in malware incidents and spamming activities. This service checks in real-time an IP address through more than 80 IP reputation and DNSBL services.

URLVoid is a free service developed by NoVirusThanks on the late 2010 that allows users to scan a website with multiple website reputation engines and domain blacklisting services, to facilitate the detection of dangerous websites related to malware, phishing, scam and fraudulent activities. Please take in mind that even if a website is classified as safe by all the scanning engines, URLVoid can not guarantee the harmlessness of the website analyzed. You should re-scan a website if the report is too old, so that you have up-to-date results.

The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis. STIX and TAXII.

Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.

We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet.

Our database now contains billions of documents of internet data collected over more than a decade.

A Search Engine for Threats

Threat Hunting: Beyond Alerts & IOCs

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
This free malware analysis service is running VxStream Sandbox v6.70 in the backend. Supporting PE, Office, PDF, APK files and more (e.g. EML). Maximum upload size is 100 MB.

Learn about the latest online threats.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.

At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.

Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.

IBM X-Force Exchange Threat Feed Manager

Introducing threat feed manager: you can now view external sources of threat intelligence within XFE.

Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites.
Ransomware Tracker provides a short guideline for both home users and enterprises on how to avoid becoming a victim of Ransomware.
Ransomware Tracker offers various blocklists. These blocklists allows enterprises to block malicious traffic towards known Ransomware infrastructure at the network edge, e.g. by blocking them on the corporate firewall, web proxy or in the local DNS server.