Threat Hunting Resources


The first few minutes of a threat investigation or incident response are the toughest. You know something appears wrong, but you don’t have the details to prove it. The following sites take a piece of information you have — like the remote IP address to which one of your systems is talking — and give back more detail on what it is and whether it’s benign or malicious.



Port Lookups




IP Addresses

From a Linux/Unix/Mac OS command line, run:

dig +short -x


What Is My External IP Address?

(Handy if you’re on a lan that shares a single IP address!)


Reserved IP Address Blocks





(Autonomous System Numbers, which are blocks of addresses owned by an organization)


Possible Malware (Files and URLs)


User Agent Strings


JA3 Hashes


TOR Servers


Multiple Categories


Everything Else





For more articles like this, subscribe to receive the PROMPT# Magazine!



Interested in threat hunting tools? Check out AC-Hunter

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!

Share this:
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To