Bryce Maxheimer
← Browser Lab

Threat Intel Walkthrough

Recorded demo of the SecIntel.ThreatIntel family of PowerShell modules — a unified wrapper around AbuseIPDB, urlscan.io, NIST NVD, Team Cymru hash lookup, and the NSRL hash database.

Why this is recorded, not live. The PowerShell modules call third-party threat-intel APIs that require my private API keys and have rate limits. Shipping those keys to a public website is a non-starter, and proxying every visitor's lookup through my account would burn the quota in minutes. So this page shows the workflow as a recording. The full live tooling is in the GitHub repo; clone it, drop in your own API keys, run locally.
Live lookup disabled — see recording below
Results would appear here. The recording below shows what a real lookup looks like.

Walkthrough recording

A short screen recording will live here showing a full IP and hash lookup against the live module.

Recording recipe
  1. Run a 30–60 second capture of Invoke-IpLookup 8.8.8.8 followed by Invoke-HashLookup 44d88612fea8a8f36de82e1278abb02f using OBS or ScreenToGif.
  2. Save as walkthrough.mp4 (or .gif) in /lab/threat-intel/.
  3. Replace this entire <div class="ti-recording-slot"> with a <video controls src="/lab/threat-intel/walkthrough.mp4"> tag (or <img> for GIF).
  4. If using video, add preload="metadata" muted so it doesn't auto-buffer or auto-play.

What the modules do

Reputation scoring for IPv4 addresses. Returns abuse confidence score, country, ISP, usage type, and recent reports. Caches responses to disk to avoid repeated calls during an investigation.

Submit URLs to urlscan.io and read back the verdict (malicious / suspicious / benign), screenshot URL, and detected technologies. Async-capable for batched submissions.

NIST NVD CVE detail lookups. Pulls description, CVSS scores (v2 + v3), affected configurations, and references for any CVE ID.

Hash reputation via Team Cymru's Malware Hash Registry. Quick sanity check for files you've pulled from a host during an investigation.

NSRL (NIST RDS) hash lookup — the inverse: known-good files. Useful for filtering benign system files out of large hash sets during forensics triage.