Try Claude
DNS & DomainDNS, WHOIS, SSL & domain checks
AI Tools for Cybersecurity Analysts
AI tools that help cybersecurity analysts scan URLs for malware, look up CVEs, audit security headers, and screen suspicious emails.
Get started for free
Works in Chat, Cowork and Code
Threat Verdict
47/72 engines flagged as malicious — active phishing
URLhaus
Host IP Reputation
185.220.xxx.xxx — 847 abuse reports in 30 days (AbuseIPDB)
Domain Age
Registered 3 days ago in Panama · free CA certificate
Action
Block at perimeter firewall · notify affected users
Malware and phishing URL scanning
Check any suspicious URL against 70+ antivirus engines and threat intelligence feeds before clicking or sharing it with users. Get a verdict from VirusTotal, URLhaus, and AbuseIPDB in a single lookup.
Scan this URL: https://microsoft-account-verify.xyz/secure-login. It was in a phishing report from a user. Check it against all AV engines and threat feeds.
47/72 AV engines flagged as malicious. URLhaus: listed as active phishing. AbuseIPDB: host IP 185.220.xxx.xxx — 847 abuse reports in 30 days. Domain registered 3 days ago in Panama. TLS certificate issued to a free CA. Confidence: phishing campaign targeting Microsoft accounts. Block at perimeter firewall.
ToolRouter scan_url
Engine Verdict
47/72 flagged malicious — high confidence phishing
URLhaus
Listed as active phishing — Microsoft account targeting
Domain Age
3 days old · Panama registration · free CA cert
Host IP
185.220.xxx.xxx — 847 AbuseIPDB reports in 30 days
Action
Block at perimeter firewall · escalate to SOC
CVE lookup and patch prioritization
Look up any CVE by ID or search by product and version to assess severity, attack vector, and available patches. Prioritize your patching backlog based on CVSS scores and exploitation status in the wild.
Look up CVE-2024-3400 (Palo Alto PAN-OS). I need CVSS score, attack vector, affected versions, CISA KEV status, and patch availability.
CVE-2024-3400: CVSS 10.0 (Critical). Command injection in GlobalProtect feature, unauthenticated remote code execution. Affected: PAN-OS 10.2.x < 10.2.9-h1, 11.0.x < 11.0.4-h1, 11.1.x < 11.1.2-h3. CISA KEV: YES — active exploitation confirmed. Patch: available in all three tracks. Mitigate immediately by disabling GlobalProtect gateway if patch cannot be applied.
ToolRouter get_cve
CVSS Score
10.0 Critical — unauthenticated RCE via GlobalProtect
Affected Versions
PAN-OS 10.2.x, 11.0.x, 11.1.x — see specific hotfix versions
CISA KEV
YES — active exploitation confirmed in the wild
Patch Status
Available in all three version tracks — apply immediately
Interim Mitigation
Disable GlobalProtect gateway if patching delayed
Phishing email analysis
Analyze suspicious emails for spoofed senders, malicious links, and impersonation indicators. Check SPF/DKIM/DMARC alignment, extract and scan all URLs, and identify the social engineering lure.
Analyze this email: sender is "Microsoft Security <noreply@microsoft-accounts-verify.net>", subject "Urgent: Account Compromised", contains link to https://login.microsoftonline.com.secureauth-verify.com/oauth.
VERDICT: Phishing. SPF: FAIL — sender domain microsoft-accounts-verify.net not authorized. DKIM: missing. Sender domain registered 6 days ago (registrar: Namecheap). Link analysis: subdomain stuffing — microsoftonline.com is the subdomain of secureauth-verify.com (not Microsoft). AV: 31/72 engines flag the landing domain as phishing.
ToolRouter analyze_email
Verdict
PHISHING — Microsoft brand impersonation
SPF
FAIL — sender IP not authorized for claimed domain
Domain Age
microsoft-accounts-verify.net registered 6 days ago (Namecheap)
Link Technique
Subdomain stuffing: microsoftonline.com IS the subdomain of secureauth-verify.com
AV Verdict
31/72 engines flag landing domain as phishing
Web application penetration testing
Run a black-box pentest on any web application — crawl the attack surface, test for OWASP Top 10 vulnerabilities, and get a structured findings report with severity ratings and remediation steps.
Run a pentest on https://staging.myapp.com. Check for XSS in the comment field, IDOR on /api/users/{id}, SSRF via the image upload URL parameter, and SQL injection on the search endpoint.
Found 3 issues. HIGH: IDOR on /api/users/{id} — incrementing the ID exposes other users' profiles without authorization. MEDIUM: Reflected XSS in /search?q= — input echoed without encoding. LOW: SSRF partial — /upload?url= fetches internal URLs but blocked at metadata endpoint. SQLi: not found (parameterized queries in use).
ToolRouter pentest_web
HIGH: IDOR
/api/users/{id} — unauthorized access to other user profiles
MEDIUM: XSS
/search?q= reflected XSS — input not HTML-encoded
LOW: SSRF Partial
/upload?url= fetches internal URLs (metadata blocked)
PASS: SQLi
Not found — parameterized queries in use
PASS: Auth Bypass
No bypass found on /admin routes
Domain threat intelligence
Investigate suspicious domains with WHOIS lookup, DNS record analysis, IP geolocation, and hosting provider identification. Build a threat intelligence profile for incident response or domain blocking decisions.
Investigate domain paypa1-secure.com — I need WHOIS registration data, DNS records, IP geolocation, and whether the hosting provider has a history of abuse.
WHOIS: registered 2 days ago, Namecheap, privacy-protected registrant. DNS: A record 185.220.101.42 (Tor exit node / bulletproof hosting). IP: AS204337, hosted in Russia, AbuseIPDB score 100/100 with 1,247 reports. MX records mimic PayPal. VERDICT: Active fraud domain — submit to Google Safe Browsing and PayPal abuse team.
ToolRouter lookup_domain
FieldValue
Registered2 days ago — newly created fraud domain
RegistrarNamecheap · privacy-protected registrant
DNS A Record185.220.101.42 — Tor exit node / bulletproof hosting
MX RecordsMimic PayPal domain structure — active fraud setup
Submit to Google Safe Browsing + PayPal abuse@paypal.com
ToolRouter lookup_ip
FieldValue
ASNAS204337 · Russia-hosted
ClassificationBulletproof hosting · Tor-adjacent
AbuseIPDBScore 100/100 · 1,247 prior abuse reports
High-confidence malicious hosting infrastructure
Compliance screening and sanctions checking
Screen vendors, contractors, and business partners against OFAC sanctions lists, PEP databases, and international watchlists before onboarding. A single missed hit can result in regulatory penalties.
Screen these vendor names against OFAC SDN, EU sanctions, and PEP lists: Dmitry Volkov, Volkov Technology LLC, and BTC-e Exchange.
BTC-e Exchange: OFAC SDN match (CAATSA designation, cryptocurrency exchange used to launder Lazarus Group funds). Dmitry Volkov: no direct OFAC match but associated with BTC-e entity — recommend enhanced due diligence. Volkov Technology LLC: no direct match, requires beneficial ownership verification given name association.
ToolRouter screen_entity
BTC-e Exchange
OFAC SDN MATCH — CAATSA designation, Lazarus Group money laundering
Dmitry Volkov
No direct OFAC match · associated with BTC-e — enhanced due diligence
Volkov Technology LLC
No direct match · beneficial ownership verification required
Recommendation
Do not onboard BTC-e · investigate Volkov associations before proceeding
Ready-to-use prompts
Scan malicious URL
Scan https://secure-login-verify.amaz0n.xyz against all AV engines and threat intelligence feeds. Check VirusTotal, URLhaus, and AbuseIPDB. Report the verdict and which engines flagged it.
Look up specific CVE
Look up CVE-2024-3400. Give me: CVSS score and vector, affected products and versions, attack prerequisites, CISA KEV status, exploitation evidence, and patch/mitigation steps.
Analyze phishing email
Analyze this email for phishing indicators: sender "Apple Support <verify@apple-account-id.net>", link to https://appleid.apple.com.verify-secure.net/signin. Check SPF/DKIM, domain age, link destination, and AV verdict.
Pentest web app
Run a black-box pentest on https://staging.myapp.com. Focus on: IDOR on user-facing API endpoints, XSS in form inputs, SSRF via URL parameters, and authentication bypass on /admin routes.
WHOIS domain investigation
Investigate domain microsoft-secure-verify.net: WHOIS registration date and registrar, DNS A and MX records, IP geolocation and ASN, and whether the IP appears in AbuseIPDB.
Sanctions screening
Screen these entities against OFAC SDN, EU consolidated sanctions, and UN sanctions lists: Lazarus Group, Conti ransomware group members, and Garantex Exchange.
Search CVEs for product
Search for critical CVEs in Cisco IOS XE from the last 12 months. Show CVE ID, CVSS score, attack vector, whether actively exploited in the wild, and patch availability.
IP geolocation investigation
Look up IP addresses 185.220.101.42, 194.165.16.0, and 45.142.212.100. Give ASN, country, hosting provider, and AbuseIPDB confidence score for each. Are any known Tor exit nodes or bulletproof hosting?
Tools to power your best work
WHOIS & RDAPDomain owner, registrar & expiry
Security ScannerScan URLs, IPs, domains and files for threats
Phishing Email CheckerCheck suspicious emails, screenshots, and links
Vulnerability DatabaseSearch CVEs & track new advisories
IP GeolocationIP to location, ISP & network
Penetration TestingAI-powered black-box pen testing
Compliance ScreeningAML, sanctions, PEP & due diligence investigations
165+ tools.
One conversation.
Everything cybersecurity analysts need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Incident response URL triage
When a suspicious URL is reported, triage it quickly: scan for malware, investigate the domain, and screen associated IPs.
Vulnerability patch prioritization
After a new critical CVE drops, assess your exposure and prioritize the patch in your remediation queue.
Vendor due diligence check
Before onboarding a new vendor, screen them against sanctions lists and check their web presence for security issues.
Frequently Asked Questions
How many antivirus engines does the Security Scanner check against?
Security Scanner checks URLs, domains, IPs, and file hashes against 70+ antivirus engines and threat intelligence sources including VirusTotal, URLhaus, and AbuseIPDB. Results include a per-engine verdict and an aggregate confidence score.
Does the CVE database include CISA Known Exploited Vulnerabilities (KEV) status?
Yes. Vulnerability Database includes CISA KEV status for every CVE — whether the vulnerability has been confirmed exploited in the wild. This is the highest priority signal for patch urgency and should be treated as a P0 remediation item.
Can the Pentest tool be used against production systems?
The Pentest tool is designed for black-box testing on systems you own or have explicit written authorization to test. Use it on staging environments before production. Never run it against systems you do not own — unauthorized pentesting is illegal.
How recent is the OFAC sanctions data in Compliance Screening?
Compliance Screening pulls from live OFAC SDN and non-SDN lists, EU consolidated sanctions, and UN sanctions lists. OFAC updates the SDN list multiple times per week. The tool reflects current list status at query time.
Can the Phishing Email Checker analyze email headers as well as body content?
Yes. Provide the full email headers (including the raw Received chain) in your prompt and the tool will check SPF, DKIM, and DMARC alignment, identify header spoofing, and trace the originating IP address through the mail relay chain.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code