Curious what folks are using for IR resources to investigate domains, URLs, IPs, and other information. I’ve seen folks using things like MXtoolbox, Cymon, and other free resources and there is interesting Awesome List on Github (https://github.com/hslatman/awesome-threat-intelligence), but was curious what unconventional or less common things are using?
The “Awesome List” on on Github https://github.com/hslatman/awesome-threat-intelligence is a great start for some of the most common tools. I would like to add Moocher (https://moocher.io) as an additional tool (reputation). Below are a few simple snippets for using their API (Python requests)
To check an IP of 1.2.3.4):
import requests
import json
#MOOCHER_IP:
api = '/badip/'
server = 'api.moocher.io'
badip = '1.2.3.4' #Suspicious IP
header = {'content-type': 'application/json'}
url = 'https://' + server + api + badip
try:
moocher_ip = requests.get(url, headers=header, verify=False)
moocher_ip.raise_for_status()
except requests.exceptions.RequestException as e:
print e
else:
response = json.loads(moocher_ip.text)
print [response]
#Bad Domain (example.com):
import requests
import json
#MOOCHER_DOMAIN:
api = '/baddomain/'
server = 'api.moocher.io'
baddomain = 'example.com' #Suspicious Domain
header = {'content-type': 'application/json'}
url = 'https://' + server + api + baddomain
try:
moocher_domain = requests.get(url, headers=header, verify=False)
moocher_domain.raise_for_status()
except requests.exceptions.RequestException as e:
print e
else:
response = json.loads(moocher_domain.text)
print [response]
#Bad Email:
import requests
import json
#MOOCHER_EMAIL:
api = '/bademail/'
server = 'api.moocher.io'
bademail = 'test@example.com' #Suspicious email
header = {'content-type': 'application/json'}
url = 'https://' + server + api + bademail
try:
moocher_email = requests.get(url, headers=header, verify=False)
moocher_email.raise_for_status()
except requests.exceptions.RequestException as e:
print e
else:
response = json.loads(moocher_email.text)
print [response]
3 Likes
Hi, I’m the developer of Moocher and I would like to thank @SwedishMike for the support!
Sadly, the Moocher site has been deprecated and now it runs in a new site named Apility.io. The main reason for the name change has to do with people considering ‘Moocher’ an offensive word… The reason why I chose ‘Moocher’ was because I developed the tool to help me keep the ‘moochers’ (people registering, again and again, to enjoy unlimited trial periods) away. Irony can be interpreted differently depending on your culture, so I changed to a more neutral name.
The endpoint of the APIs have changed: now instead of api.moocher.io you have to use api.apility.net.
Enjoy!!!
4 Likes
Hi @logronoide thanks for joining SecOps Hub–we’re glad to have you!
And, thanks for letting us know about Apility. I do like the joke. 
Best,
Emma Furtado
Community Manager
1 Like
Thought this was a pretty good one. I think I’m late to the game for knowing about it, but better late than never!
Found this list Awesome list of tools related to malware analysis. Some free some not but figured it was worth a share.
1 Like