You can use automated tools to look for IPs and Urls and hashes in email body.
After extracting the URLs, the next step is to check the reputation of the URLs and root domain.
You can use any of the tools mentioned in the previous task to aid you with this.
It’s important to note the root domain for the extracted URLs. You will need to perform an analysis on the root domain as well.
IP and Domain lookup tools
- Talos Reputation Center: https://talosintelligence.com/reputation
- IPinfo.io: https://ipinfo.io/
Per the site, “With IPinfo, you can pinpoint your users’ locations, customize their experiences, prevent fraud, ensure compliance, and so much more“.
- URLScan.io: https://urlscan.io/
Tools for safely viewing a domain
- Archive.org or other Internet archived
- Urlscan.io again
Notice that urlscan.io provides a screenshot of the URL. This screenshot is provided, so you don’t have to navigate to the URL in question explicitly.
You can use other tools that provide the same functionality and more, such as
Tools to safely extract urls from email body
- URL Extractor: https://www.convertcsv.com/url-extractor.htm
You can copy and paste the raw header into the text box
- You may also use CyberChef to extract URLs with the Extract URLs recipe.