Deep threat intelligence.
Full analysis, free.
Look up any URL, IP address, domain, or file hash against our threat intelligence platform. Get WHOIS data, behavior analysis, blacklist results, and extracted indicators.
Enter any URL, IP address, domain, or file hash. You'll be taken directly to our full Threat Intelligence Platform for detailed analysis: WHOIS, behavior summary, extracted IOCs, threat feeds and more. Free, no login required.
Want this done automatically on every email your team receives?
Our Email Security Platform sandboxes every link automatically.
What You Get on TIP
Full threat intelligence, not just a verdict
Our Threat Intelligence Platform gives security analysts the complete picture, not just a traffic-light score.
WHOIS & domain intelligence
Full registrar data, registration date, expiry, organisation, abuse contact, DNS records and ASN information for any domain or IP you query.
Behavior analysis
See exactly what the URL does: network connections made, redirects followed, domains contacted, files downloaded, console errors, and extracted indicators.
Extracted IOCs & threat feeds
Automatically extracted IPs, URLs, domains, hashes and email addresses. Cross-referenced against external threat feeds with blacklist results from multiple engines.
For Security Analysts
More than IOC lookup. A full analyst toolkit.
Our Threat Intelligence Platform includes a full suite of security tools beyond URL lookup. DNS analysis, email header parsing, file hash checking, CIDR conversion, redirect tracking and more. All free.
FAQ
Questions about threat intelligence lookup
You can look up URLs, IP addresses, domain names, and file hashes (MD5, SHA1, SHA256). The platform auto-detects which type you've entered and routes you to the correct analysis page on our Threat Intelligence Platform.
No. Basic lookups including WHOIS data, domain age, blacklist results, behavior summary, and redirect chain are free without any registration. Register free to unlock external threat feed integrations, full IOC breakdown, and historical search data.
The full threat intelligence result lives on tip.cybercheck360.com, our dedicated analyst platform. Opening it in a new tab means you stay on this page and can check multiple IOCs without losing your place.
The URL safety checker (on our link-checker page) is designed for general users who want a simple Safe/Suspicious/Malicious verdict with a plain English explanation. The threat intelligence lookup is for security analysts who need the full picture: WHOIS, DNS, network behavior, extracted indicators, and threat feed cross-references.
Yes. Paste any IPv4 address and we'll look up its ASN, country, hosting provider, reverse DNS, and cross-reference it against our threat intelligence database. IPs associated with known malicious infrastructure, Tor exit nodes, or bulletproof hosting are flagged automatically.
Our Threat Intelligence Platform includes an Email Header Analysis tool at tip.cybercheck360.com/tools. Paste the full email header and we'll parse hop delays, SPF/DKIM/DMARC results, sending IP reputation, and anti-spam signals, giving you a complete picture of the email's journey and legitimacy.
Learn More
Understanding threat intelligence for security teams
What is an IOC and why does it matter?
An Indicator of Compromise (IOC) is a piece of forensic evidence: a URL, IP address, domain, file hash, or email address that suggests a system may have been breached or targeted. Checking IOCs against threat intelligence databases lets analysts determine if an artefact is known malicious infrastructure.
Why domain WHOIS data is critical for analysis
WHOIS data reveals who registered a domain, when, and through which registrar. Freshly registered domains, privacy-redacted registrations, and registrars frequently used for abuse are all red flags. Attackers rarely use aged, reputable domains. Domain age is one of the strongest signals of phishing infrastructure.
How threat feeds work together
No single threat intelligence source covers all malicious infrastructure. Our platform cross-references IOCs against multiple external threat feeds simultaneously, giving you a consensus verdict rather than a single opinion. High confidence comes from multiple independent sources flagging the same indicator.