Free Threat Intelligence Search
Look up any domain, IP address, or file hash against security databases to check its threat history and reputation. Free, no account required.
Search Threat Intelligence, FreeWhat Is Threat Intelligence?
Threat intelligence is information about known cyber threats, malicious websites, dangerous IP addresses, compromised servers, and files confirmed to contain malware. Security researchers and automated systems continuously monitor internet infrastructure to identify and catalog these threats.
Traditionally, access to threat intelligence databases was limited to security professionals with enterprise tools. ScanTotal makes this freely available to everyone, whether you're an IT professional investigating an incident, a developer checking an endpoint, or an everyday user wanting to know more about a suspicious contact.
What Can You Look Up?
Domain names. Enter any domain (e.g., example.com) to check its security reputation, whether it has been flagged for phishing, malware distribution, spam, or other malicious activity. Useful when you receive an email from an unfamiliar domain or want to verify a website's legitimacy.
IP addresses. Enter any IPv4 or IPv6 address to check whether it has been associated with spam, phishing, malware distribution, botnet activity, or unauthorized scanning. Particularly useful for IT professionals reviewing server logs or developers investigating unusual API requests.
File hashes (MD5, SHA-1, SHA-256). A file hash is a unique digital fingerprint of a file's contents. If you have a hash from a security alert, a downloaded installer, or a forensic investigation, you can look it up to see whether it matches any known malware.
Who Uses Threat Intelligence Search?
- IT professionals and system administrators: Investigating alerts, analyzing suspicious traffic, verifying whether a domain or IP seen in logs is known malicious infrastructure.
- Developers and security researchers: Checking third-party domains or APIs before integrating them. Verifying that dependencies have not been compromised.
- Business owners and employees: Verifying whether an email came from a domain with a suspicious reputation before responding to a business inquiry.
- Journalists and researchers: Investigating infrastructure associated with cyberattacks, disinformation campaigns, or online fraud.
- Privacy-conscious individuals: Investigating connection requests on home networks or verifying the reputation of services they're considering using.
Frequently Asked Questions
How do I find the hash of a file?
On Windows, open PowerShell and run: Get-FileHash filename.exe (defaults to SHA-256). On macOS or Linux, run: shasum -a 256 filename in Terminal. Many download sites also publish file hashes alongside downloads for verification.
Can I look up my own IP address?
Yes. If you want to check whether your IP has been flagged in any security databases, for example, due to a suspected compromise, you can look it up. Your current IP address is visible on any 'what is my IP' website.
What does it mean if a domain is listed as recently registered?
Newly registered domains are frequently used for phishing. Attackers register domains, run campaigns, and abandon them quickly to evade detection. A very recently registered domain in an unexpected communication is a meaningful red flag.
Is my search query private?
Yes. We do not log your searches, build profiles of your queries, or share query data with third parties. Your threat intelligence lookups are private.
Free Threat Intelligence Search, Try It Now
Free, private, no account needed.
Search Threat Intelligence, Free