Skip to content
← UserSearch.comLog in ↗

Threat intelligence modules & options

The Threat Intelligence search type exposes six Modules in the captured build, split across two data sources: three on HudsonRock infostealer data and three on SpamHaus reputation data. All six are single-purpose Modules — this search type does not offer OneScan. For the composer flow that surrounds these Modules, see Threat intelligence search: overview.

The Threat Intelligence Module grid showing the Computer/IP Threat tile selected with a coral-orange border, alongside the IP Reputation, Domain Reputation, Email Threat, Domain Threat and Malware URLs tiles
The Threat Intelligence Module grid showing the Computer/IP Threat tile selected with a coral-orange border, alongside the IP Reputation, Domain Reputation, Email Threat, Domain Threat and Malware URLs tiles
Moduledata sourceInputCost / cost typeWhat it does
Computer/IP Threat (Data: HudsonRock) (selected by default)HudsonRockIP address (+ a Compromised Since year)Free (0 Credits)Checks an IP for infostealer compromise and threat indicators such as malware, botnets and malicious activity
Email Threat (Data: HudsonRock)HudsonRockEmail (inferred)Not captured — see cautionThreat analysis for an email via HudsonRock infostealer data
Domain Threat (Data: HudsonRock)HudsonRockDomain (inferred)Not captured — see cautionThreat analysis for a domain via HudsonRock infostealer data
IP Reputation (Data: SpamHaus)SpamHausIP address (inferred)Not captured — see cautionReputation and blocklist check for an IP via SpamHaus
Domain Reputation (Data: SpamHaus)SpamHausDomain (inferred)Not captured — see cautionReputation and blocklist check for a domain via SpamHaus
Malware URLs (Data: SpamHaus)SpamHausURL (inferred)Not captured — see cautionChecks a URL against the SpamHaus malware-URL database

The three HudsonRock Modules run against HudsonRock infostealer data — records drawn from information-stealing malware logs, used to determine whether a machine or identity tied to an identifier has been compromised. For what this data source is and returns, see HudsonRock.

Computer/IP Threat is the lead Module and is pre-selected when you open the Threat Intelligence search type. Its tile is drawn with a coral-orange highlighted border.

  • Purpose: checks an IP address for infostealer compromise and threat indicators — malware, botnets and malicious activity — via HudsonRock infostealer data.
  • Input: an IP address, plus a Compromised Since year field.
  • Cost: the line beneath the input reads “Cost per search: Free” — the Module consumes no Credits per search.

Email Threat runs threat analysis for an email address against HudsonRock infostealer data — a check for whether the email appears in infostealer logs.

Domain Threat runs threat analysis for a domain against HudsonRock infostealer data.

The three SpamHaus Modules run against SpamHaus reputation data — IP and domain reputation intelligence together with malware-URL blocklists. For what this data source is and returns, see SpamHaus.

IP Reputation checks an IP address against SpamHaus reputation and blocklist data.

Domain Reputation checks a domain against SpamHaus reputation and blocklist data.

Malware URLs checks a URL against the SpamHaus malware-URL database.

See also: Threat intelligence search: overview and Reading Threat intelligence results.

Verified against UserSearch v2.0.20