Public Threat Intelligence Lookup

See what our SOC knows about your indicator.

Search IP addresses, domains, malware hashes, and email addresses against Cyber Defence’s internal intelligence, curated phishing feeds, credential leak datasets, global network of deception devices, and adversary infrastructure tracking.

All of our data is scanned and re-analysed every day. IP and Domain data that is older than 6 months is expunged to ensure accurancy. Not all threat intelligence platforms do this, they think quantity is a sign of quality.

Indicator Statistics

Total tracked indicators

Malicious IP's

425,874

Malicious Domains

995,496

IOC Hashes

3,048,548

Account Leaks

829,470,641

Malicious URLs

145,476

Phishing domains

623,140

Lookup

Indicator of Compromise search

Indicator

Provide the lookup type with your indicator for the fastest match.

Examples:
ip:1.2.3.4
domain:example.com
hash:abc123
email:user@example.com
dw:search-term

Combine multiple filters with AND and OR (in uppercase) to build more complex searches.
Example: ip:1.2.3.4 AND domain:example.com
You can group logic with parentheses such as (ip:1.2.3.4 OR domain:example.com) AND dw:market.

You can also paste a value without a prefix and we will auto-detect the type.

For darkweb research you will need an account to search what our darkweb collector has observed.