Reputation Analysis of URL and IP

Introduction

• Discussion on analyzing the reputation of URLs and IP addresses.
• Usage of various online tools and websites for reputation analysis.

Checking IP Reputation

• Tools for IP Reputation Checks:
  • VirusTotal
  • IP Void
  • AbuseIPDB
  • IBM X-Force
  • IP Quality Score
  • MX Toolbox
• These platforms help determine if an IP is malicious or not.

Checking URL Reputation

• Tools for URL Reputation Checks:
  • VirusTotal (URL Section)
  • URL Void
  • URLScan.io
  • Browserling (provides a live demo of URL functionality)
  • CheckPhish
• Many other tools can be found via a Google search.

URL Categorization

• Tools for URL Categorization:
  • Site Review
  • Palo Alto URL Filtering
• Useful for identifying the category or domain of a URL.
• Note: Analysts have different preferences for tools.

Attachment Reputation

• Using a Sandbox:
  • Important not to check attachments directly on personal systems.
  • Recommended tools for public sandbox usage:
    • Any.Run
    • Hybrid Analysis
• Caution:
  • If attachments are legitimate, be cautious using public platforms to avoid data leaks.
  • Use company-provided sandbox environments if available.

Conclusion

• Discussed methods for checking URL and IP reputations and attachment safety.
• Next session will cover analyzing attachments and emails using Any.Run and Hybrid Analysis.
• End of the session with a sign-off.