A list of sites that analysts may find useful in their day-to-day analysis of indicators and threats. While verifying and searching for new sources, I came across Links and resources for malware samples, Malware Analysis and Incident Response Tools for the Frugal and Lazy, and Free Online Tools for Looking Up Potentially Malicious Websites which may also be helpful. Please let me know if you feel something is missing or broken by leaving a comment or contacting me.

IP/ISP/Domain, and WHOIS look-ups

• https://www.robtex.com - IP/DNS/WHOIS look-ups
• http://centralops.net/co/ - IP/DNS/WHOIS look-ups
• http://www.yougetsignal.com/tools/web-sites-on-web-server/ - Reverse lookup
• http://www.dshield.org/ipinfo.html?ip=8.8.8.8 - Internet Storm Center DShield
• http://www.ipchecking.com - IP/DNS/WHO-IS GEOGRAPHIC IP look-up
• http://www.isup.me - Check to see if site is up
• https://isc.sans.edu/port.html?port=8080 - Port details and usage statistics
• http://www.traceroute.org/#USA
• https://www.net.princeton.edu/tools - Traceroute
• http://www.projecthoneypot.org/list_of_ips.php - IPs obtained from honeypots
• http://whois.arin.net - IP Whois lookup
• http://whois.domaintools.com - Reverse Whois and Whois History
• http://www.webconfs.com/domain-age.php - Domain age
• http://www.dnsstuff.com - IP/DNS/WHO-IS look-ups
• http://www.dnscolos.com/free-dns-report.html - DNS Report
• https://dnshistory.org - The history of IP/DNS Records for domains
• http://www.dnsdigger.com
• http://www.bfk.de/bfk_dnslogger_en.html - Passive DNS
• https://www.dnsdb.info - IP/DNS/Passive look-ups

IP and Domain analysis for malware or web-based threats

• http://www.mcafee.com/us/threat-center.aspx - IP and Domain threat intel
• http://www.siteadvisor.com/sites/rsreese.com - McAfee Site Advisor
• https://safeweb.norton.com - Norton Safe Web
• https://www.virustotal.com/#url - Analyzes suspicious files and URLs/detects malware
• http://www.projecthoneypot.org/search_ip.php - Inspect an IP by Project Honey Pot
• http://urlquery.net - Detailed information about actions a browser takes while visiting a site
• http://www.dtrackr.com - Domain activity tracking
• http://www.ipvoid.com - Scans an IP address against IP blacklists
• http://www.urlvoid.com - Scans a domain address for its reputation
• http://minotauranalysis.com - Check against secure DNS providers and determine whether they block/redirect a hostname
• http://www.malwareurl.com/listing-urls.php - Scans a domain address for its reputation
• https://sitecheck.sucuri.net - Check the site for malware, blacklisting status, and out-of-date software
• http://www.avgthreatlabs.com/ww-en/website-safety-reportsk - Check the safety of a URL or web page by scanning it for threats
• http://global.sitesafety.trendmicro.com - Latest tests indicate that this website contains no malicious software and shows no signs of fraud
• http://urlblacklist.com/?sec=search - Find out if a URL is in the blacklist
• http://www.senderbase.org - Cisco IP and domain blacklist check

Open-source Threat Reports, IP and Domain Blacklists

• http://www.sophos.com/en-us/threat-center.aspx - Malware reports
• http://www.symantec.com/security_response/ - Threats, risks, and vulnerabilities
• http://www.spamhaus.org/lookup/ - Database of IPs reporting email spam abuse
• http://hosts-file.net - Community managed host file to protect against malicious
• http://www.phishtank.com - PhishTank
• http://www.malwaredomainlist.com/mdl.php - Malicious domains/IPs and malware
• http://malc0de.com/database/ - Database of malicious domains/IPs and malware
• http://www.malwaregroup.com - Feed of malware reports from multiple sites
• http://www.mywot.com - Tells you reputation of a website from public reports
• http://www.malwaredomains.com - Malware Prevention through Domain Blocking
• http://multirbl.valli.org - Free multiple DNSBL/RBL lookup and FCrDNS check tool
• http://toolbar.netcraft.com/stats/countries - Phishiest hosting countries
• http://www.dcwg.org/detect/ - Detect DNS Changer infection
• http://stopmalvertising.com - Investigate distribution of malware exploits through online advertising networks

Malware Binary Analysis

• https://www.virustotal.com/en/ - Analyze suspicious binaries
• http://anubis.iseclab.org - ANUBIS ANalyzing Unknown BInarieS
• http://wepawet.iseclab.org - Analyze Flash, JavaScript, and PDFs
• http://jsunpack.jeek.org - JavaScript Unpacker/ Decode De-Obfuscated JavaScript
• http://minotauranalysis.com - Hash value search
• http://www.threatexpert.com/filescan.aspx - Analyze suspicious binaries
• http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx

Malware Samples

• http://contagiodump.blogspot.com
• http://contagioexchange.blogspot.com
• http://malware.lu
• http://virusshare.com

HTTP Agent sniffers, Decode De-Obfuscate JavaScript and Base 64

• http://web-sniffer.net - Analysis of HTTP Request and Response Headers
• http://builtwith.com - Determine services running on target
• http://www.rexswain.com/httpview.html - See exactly what an HTTP request returns to your browser
• http://gsitecrawler.com/tools/Server-Status.aspx Sever redirect checker
• http://www.unmaskcontent.com - Unmask Content
• http://www.yellowpipe.com/yis/tools/encrypter - encode/decode or encrypt/decrypt your documents in various formats such as: ASCSII, Binary, Base 64,HTML/text/JavaScript Escaping
• http://scriptasylum.com/tutorials/encode-decode.html - HTML/text/JavaSript Escaping/Encoding Script
• http://ln.hixie.ch/?start=1073090889&count=1 - Unicode decoder tools
• http://www.crypo.com - Encode or Decode strings, email and other messages
• http://spyonweb.com - Determine what sites are sharing Google analytic code
• http://www.netdemon.net/decode.html - obfuscated URL Decoder

BotNet Tracking

• http://botlab.org - Spam ranking, botnet & C2 tracking
• https://palevotracker.abuse.ch - Palevo Tracker
• https://zeustracker.abuse.ch - ZeuS Tracker
• https://spyeyetracker.abuse.ch - SpyEye Tracker
• http://atlas.arbor.net/summary/fastflux - ATLAS Summary Report
• http://www.cert.pl/news/4711/langswitch_lang/en - ZeuS – P2P+DGA variant

Site History

• https://archive.org - Wayback Machine Internet Archive
• http://www.spiderfoot.net - Spider Indexing

Google Hacking

• http://www.exploit-db.com/google-dorks/ - Google Hacking Database (GHDB) by HfC
• http://ghh.sourceforge.net - Google Hack Honeynet
• http://www.edge-security.com