| Name | URL | Purpose |
|---|
| VirusTotal | https://virustotal.com | File and URL analysis |
| AlienVault OTX | https://otx.alienvault.com | Threat exchange platform |
| MalwareBazaar | https://bazaar.abuse.ch | Malware samples database |
| Malware Domain List | https://www.malwarepatrol.net | Malicious domains list |
| PhishTank | https://www.phishtank.com | Phishing URL verification |
| URLhaus | https://urlhaus.abuse.ch | Malware distribution URLs |
| ThreatMiner | https://www.threatminer.org | Threat intelligence context |
| YARAify | https://yaraify.abuse.ch | YARA rules and scanning |
| PulseDive | https://pulsedive.com | IOC search and enrichment |
| ThreatFox | https://threatfox.abuse.ch | Malware IOC sharing |
| Breach Directory | https://breachdirectory.org | Breach searches |
| Have I Been Pwned | https://haveibeenpwned.com | Breach verification |
| DNSViz | https://dnsviz.net | DNSSEC visualization |
| DNS Twister | https://dnstrails.report | Similar domain detection |
| DNSdumpster | https://dnsdumpster.com | DNS enumeration |
| SpyOnWeb | https://spyonweb.com | Related sites via analytics IDs |
| XFE | https://exchange.xforce.ibmcloud.com | IBM X-Force exchange |
| Scumware | https://www.scumware.org | Malware research |
| InTheWild | https://inthewild.io | Exploits actively in use |
| ZeroDay | https://www.zero-day.cz | Zero-day vulnerability tracking |
| OSV | https://osv.dev | Open source vulnerability database |
| PolySwarm | https://polyswarm.network | Threat scanning via crowdsource |
| HackerOne Hacktivity | https://hackerone.com/hacktivity | Public vulnerability disclosures |
| Talos Reports | https://talosintelligence.com/vulnerability_reports | Vulnerability reports |
| MalAPI | https://malapi.io | Malware API documentation |
| DigitalSide TI | https://osint.digitalside.it | Threat intelligence feeds |
| CIRCL PDNS | https://www.circl.lu/services/passive-dns | Passive DNS data |
| Coalition ESS | https://ess.coalitioninc.com | Exploit scoring system |
| Certs | https://certs.io | Certificate information |
Always verify threat intelligence data across multiple platforms before taking action. A single source may have false positives.
Archives and Snapshots
| Name | URL | Purpose |
|---|
| Wayback Machine | https://archive.org/web | Historical page snapshots |
| CachedView | https://cachedview.com | Google + Archive.is cache |
| URLScan | https://urlscan.io | Capture + DOM + request analysis |
| Ubikron | https://ubikron.com | AI-powered evidence collection and entity extraction |
| Screenshot Guru | https://screenshot.guru | Screen capture testing |
| Stored Website | https://stored.website | Cached page archive |
| Yark | https://github.com/Owez/yark | Archive YouTube channels |
| DocumentCloud | https://www.documentcloud.org/documents/ | Document management and search |
| WikiLeaks | https://wikileaks.org | Leaked document archive |
| NewspaperArchive | https://newspaperarchive.com | Historical newspaper archive |
When collecting evidence, always archive source pages immediately. URLs can disappear or be modified. Use URLScan for capturing DOM structure alongside the visual snapshot.
