IP and Domain Threat Intel
Premium roomA look into enriching IP and domain insights with open source threat intelligence.
medium
To access material, start machines and answer questions login.
Security Operations runbooks still revolve around the process verify → enrich → decide, but when the alert is a lone IP address or domain, the enrichment phase looks different. Instead of hashes, we pivot on geolocation, ASNs, open-service footprints, and passive to learn whether a connection is routine traffic or an adversary foothold beacon.
Learning Objectives
By the end of this room, you will be able to:
- Understand IP and domain threat intelligence for a .
- Geolocate and interpret their Autonomous System Numbers (ASNs).
- Detect red-flag infrastructure via Shodan/Censys service banners.
- Assess reputation with various tools.
- Enrich domains with WHOIS age, records, and certificate transparency.
Prerequisites
Scenario
It is Wednesday morning. The has flagged two suspicious domains in emails and three IP addresses in outbound logs. You are tasked with triaging all seven artefacts, enriching them with context, and recommending actions with expiry.
- advanced-ip-sccanner[.]com
- 166[.]1[.]160[.]118
- 64[.]31[.]63[.]194
- 69[.]197[.]185[.]26
- 85[.]188[.]1[.]133
All set to begin.
Ready to learn Cyber Security?
The IP and Domain Threat Intel room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in