CyberHunter CyberHunter

OSINT Hub - IOC, DNS, HTTP/TLS & Reputation Analysis

Investigate IOCs quickly with DNS, PTR, and HTTP/TLS probes plus direct pivots to public threat intelligence services. Designed for SOC triage and practical OSINT workflows.

Run your OSINT investigation

TypeUnknown

External services

Open the indicator in other public tools (reputation, WHOIS, etc.).

Reputation & intel

  • VirusTotal

    Site

    AV scans / reputation (file, domain, IP, search). Free account recommended.

    Enter an indicator above.

  • AbuseIPDB

    Site

    Abuse reports and confidence score for IP addresses.

    Enter an indicator above.

  • AlienVault OTX

    Site

    Open Threat Exchange - IOCs and community pulses.

    Enter an indicator above.

  • Cisco Talos Intelligence

    Site

    IP and domain reputation (Talos).

    Enter an indicator above.

  • GreyNoise

    Site

    Internet background noise context (known scanners).

    Enter an indicator above.

  • SANS ISC

    Site

    IP details (Internet Storm Center).

    Enter an indicator above.

  • IBM X-Force Exchange

    Site

    IOC records (IP, URL/domain, hash) - IBM id account.

    Enter an indicator above.

WHOIS & DNS

  • WHOIS (who.is)

    Site

    WHOIS for domain / IP (public UI).

    Enter an indicator above.

Exposure & scans

  • Shodan

    Docs

    Exposed host and services (free account for details).

    Enter an indicator above.

  • Censys

    Site

    Host and certificate search (free account).

    Enter an indicator above.

Malware & phishing

  • URLhaus (abuse.ch)

    Site

    Malware distribution URLs (search).

    Enter an indicator above.

  • Malware Bazaar

    Site

    Malware samples (hash).

    Enter an indicator above.

  • PhishTank

    Site

    Phishing database (web search).

    Enter an indicator above.

  • Hybrid Analysis

    Site

    File analysis / sandbox (hash).

    Enter an indicator above.

Built-in probes work without API keys; optional VirusTotal enrichment depends on server configuration.

Why use an OSINT hub?

During incident triage, analysts often jump between many tabs and services. An OSINT hub centralizes IOC handling so you can pivot faster between DNS, HTTP/TLS checks, and reputation sources.

This helps reduce context switching during threat intelligence and security investigations.

Features of the OSINT hub

  • IOC handling for IPs, domains, URLs, and hashes
  • DNS and PTR lookups for infrastructure context
  • HTTP/TLS probe with headers, redirects, and cert fingerprints
  • Quick pivots to VirusTotal, AbuseIPDB, and WHOIS
  • Browser-first workflow with optional enrichment APIs

How to use the OSINT hub?

  1. Enter an IOC (IP, domain, URL, or hash)
  2. Run built-in probes and inspect technical output
  3. Pivot to external intelligence services for deeper context

What can you analyze with this tool?

  • Suspicious domains and URLs from alerts
  • IP indicators with reverse DNS context
  • TLS fingerprints and redirect chains
  • Hashes and IOC pivots to reputation platforms
  • Initial enrichment for SOC and IR workflows

FAQ

Do I need API keys for DNS, PTR, or HTTP/TLS probes?

No. Built-in DNS resolution, reverse DNS (PTR), and HTTP/TLS probing on this server work without you supplying keys. Optional VirusTotal enrichment only applies when the server is configured with VIRUSTOTAL_API_KEY.

What do the external links do?

They open public services such as VirusTotal, AbuseIPDB, or WHOIS in a new context so you can pivot quickly from the same IOC.

What data does the HTTP/TLS probe return?

It shows response headers, redirects, and TLS certificate fingerprints to help you reason about the endpoint without replacing a full scanner.

Is this legal for any target?

Only use these capabilities on systems and indicators you are authorized to investigate. Unauthorized probing may violate law or policy.

Related cybersecurity tools