OVERVIEW
OPERATIONAL
|
--:--:--
MONARX // GLOBAL INTELLIGENCE NETWORK
LIVE 00:00:00 UTC
// TOP SECRET / SI / TK / NOFORN / MONARX EYES ONLY //
IOCs ANALYZED
0
+0 past hour
ACTIVE THREATS
0
0 new today
SIGNALS INTERCEPTED
0
Global coverage · 24/7
ORBITAL ASSETS
0
0 session queries
⦿ INTEL STREAM
SOURCES:
1
OSINT SEARCH
Netlas · VirusTotal · GreyNoise · AbuseIPDB · Hunter.io · Censys · GOD EYE Map
CHECKING…
2
THREAT INTELLIGENCE
OTX AlienVault · URLhaus · LeakIX · Cisco Talos · MITRE ATT&CK · OpenPhish · Pulsedive
FREE SOURCES
3
🧅
DARK WEB INTELLIGENCE
Ahmia · IntelX · DarkSearch · DeHashed · CISA KEV
CHECKING…
4
DARK FORUM INTELLIGENCE
Ransomware tracker · CVE intel · exploit intel · 20K+ victims
LIVE FEEDS
5
🌐
GLOBAL INTELL
Threat archive · actor timeline · watchlist analytics
OPEN ACCESS
6
🛰
SATELLITE TRACKER
Starlink · GPS · ISS · OneWeb · Real-time SGP4 orbital propagation
LIVE DATA
7
📡
MESSENGER INTELLIGENCE
NumVerify carrier lookup · Cell tower triangulation · Phone OSINT
CHECKING…
⟟ RECENT QUERY LOG
0 ENTRIES
🛰 LIVE SATELLITE TRACKER LOADING TLE DATA
Loading satellites...
STARLINK
ONEWEB
GPS
ISS / CREWED
IRIDIUM
OTHER
FETCHING TLE DATA FROM CELESTRAK
Initializing orbital mechanics...
SATELLITES — CLICK TO SELECT
abuse.ch · malware URL / host / hash intelligence
checking key…
AUTO
openphish.com · community phishing feed
public feed · no key
Enter a full URL and press SEARCH — OpenPhish checks whether the URL (or its host) is in the live community phishing feed.
internetdb.shodan.io · IP exposure — ports · CVEs · software · tags
public API · no key
Enter an IP — Shodan InternetDB returns exposed ports, known CVEs, detected software (CPEs), hostnames, and tags. No API key required.
threatfox.abuse.ch · IOC lookup — malware C2 · hashes · domains · IPs
abuse.ch key
TRY: IP domain
Search ThreatFox for an indicator of compromise (IP, domain, URL, or file hash). Uses your shared abuse.ch Auth-Key — the same key also powers URLhaus and MalwareBazaar.
leakix.net · exposed services · open DBs · misconfig & leak intelligence
checking key…
HOST · IPv4
Pick an action above and press SEARCH — LeakIX indexes services, leaks, open DBs, phishing kits, and breach markers.
IP · Domain · Sender — No API key required · Powered by SenderBase
Enter an IP address, domain, or email sender address above to check its reputation across Cisco Talos threat intelligence.
⚔ MITRE ATT&CK — Intelligence Matrix
Enterprise adversary TTPs · techniques · threat groups · software · mitigations
CLICK TO LOAD
Techniques
Sub-Techniques
Threat Groups
Software / Tools
Quick Tactic Filter
Load ATT&CK data to see tactics →
🎯 APT Group Profiler — TTP Mapper
Select a threat actor · map all ATT&CK techniques · download Navigator layer
IDLE
OTX AlienVault — Threat Pulses
DARK WEB INTELLIGENCE OPS
ALL SOURCES FREE · NO PAYMENT REQUIRED · LIVE THREAT TRACKING
PHISHING URLS
CISA KEVs
🔍 ONION SEARCH
🎣 PHISHING FEED
🌐 EXPOSURE SCAN
🦠 IOC LOOKUP
🔴 CISA KEV
OPENPHISH — LIVE PHISHING INTELLIGENCE
Real-time phishing URL feed — completely free, no API key required
NOT LOADED
TOTAL PHISHING URLS
UNIQUE DOMAINS
LAST UPDATED
Phishing URL
Domain
Copy
Click LOAD PHISHING FEED to fetch live threat data
HACKERTARGET — FREE EXPOSURE SCANNER
DNS · Reverse IP · Host Discovery · HTTP Headers · GeoIP — 10 free queries/day per tool, no API key needed
» Target reconnaissance output will appear here » Enter an IP or domain and select a tool above » All tools use HackerTarget.com free API (10 req/day)
📖 TOOL REFERENCE
hostsearch — Find subdomains
dnslookup — A, MX, NS, TXT records
reverseiplookup — Other domains on IP
httpheaders — Server fingerprint
geoip — Country, city, ASN
whois — Registration data
⚠ Rate limit: 10 free queries/day per tool. Upgrade at hackertarget.com for more.
PULSEDIVE — FREE IOC ENRICHMENT
Enrich any IOC — IP, domain, URL, email — with threat context from Pulsedive. Uses the free demo key (no registration required).
🔍 SINGLE IOC LOOKUP
📡 LIVE THREAT FEEDS
Browse critical and high-risk active threats from Pulsedive's global feed aggregation.
Select a risk level to browse live threats
CISA KNOWN EXPLOITED VULNERABILITIES
Official US government list of actively exploited CVEs — free, authoritative, updated daily
NOT LOADED
TOTAL KEVs
RANSOMWARE-LINKED
VENDORS AFFECTED
Click LOAD KEV DATABASE to fetch the official CISA vulnerability catalog
📱 Telegram
📞 Phone Intel
🔍 Username OSINT
💬 WhatsApp
📡 Platform Links
TELEGRAM Public channel / group / user lookup via t.me
ℹ️ Works for public channels, groups, and user profiles. Private accounts return limited data.
UNIFIED THREAT LIVE FEED
ℹ️ Merged live feed — server-scraped every 60s, newest-first.
TELEGRAM BOT DETECTOR
PHONE INTELLIGENCE Number format · carrier · country · type · OSINT
PHONE BLACKLIST CHECK
Cross-checks number against spam/scam phone databases
USERNAME OSINT Probe username across messenger & social platforms
WHATSAPP INTELLIGENCE
⚠ WhatsApp does not expose a public OSINT API. The tools below work without authentication.
CLICK-TO-CHAT LINK
MESSENGER PLATFORM OSINT RESOURCES
Local Backend (proxy.py) UNTESTED
If you are running python proxy.py on your machine, enter its URL below. This gives full API support including header-based auth (VirusTotal, Censys).
Default when running locally: http://localhost:5000
CORS Proxy (Optional — alternative to local backend) UNTESTED
Auto-rotation enabled. Leave this field blank and MonarX will automatically rotate through a built-in pool of public CORS proxies (corsproxy.io, allorigins, codetabs, thingproxy, cors.eu.org) — failing proxies are put on a 60-second cooldown; the last-working one is tried first.
Set your own prefix below to override the pool (e.g. https://corsproxy.io/?url=).
⚠ Public CORS proxies only work for APIs that accept their key in the URL (Hunter, OpenTracker). Header-auth APIs (Netlas, VirusTotal, AbuseIPDB) require the local Flask backend (proxy.py).
Danger Zone
■ Intelligence Newsletter Not yet generated
TLP:WHITE · UNCLASSIFIED · SINGLE-OPERATOR
MonarX Daily Threat Briefing
Click GENERATE to compile today's intelligence
THREAT LEVEL
🔎Keyword Watch — Upload keywords or paste them below
Upload a file or paste keywords, then generate the report.
Ransomware Victims
Active IOCs
Cyber News Items
OSINT Queries Today
Ransomware Intelligence
Waiting for data…
Active Threat IOCs — ThreatFox · Feodo C2 · MalwareBazaar
Waiting for data…
📡Cyber News — BleepingComputer · Krebs · CISA · SANS · Unit42
Waiting for data…
🧅Dark Web & Hacker Group Activity
Waiting for data…
📋Operator OSINT Activity Log
Waiting for data…
MonarX OSINT Intelligence Platform · Self-hosted · Single-operator · TLP:WHITE
📡 INTEL FEEDS
☠ RANSOMWARE TRACKER
🔒 CVE INTEL
💥 EXPLOIT INTEL
🔑 FREE SOURCES
Threat Intelligence Feed Aggregator
12 curated live sources — CISA · BleepingComputer · Krebs · The Hacker News · The Record · Cisco Talos · Unit 42 · SecureList · SANS ISC · Dark Reading · Help Net Security · Schneier
Select a feed source above or click LOAD ALL FEEDS
Ransomware.live — Global Victim Tracker
NOT LOADED
Total Victims
Groups
Countries
Sectors
GLOBAL RANSOMWARE FLOW ● VICTIM ↗ FLOW ARC drag = rotate · wheel = zoom
◉ RANSOMWARE GLOBAL INTEL
3D · WGS84 · LIVE FEED
NIST NVD — CVE Vulnerability Intelligence
Official US National Vulnerability Database · CVSS scores · descriptions · affected products · free, no key required
NOT LOADED
Select a severity above or search by keyword to load CVE intelligence
💥 Exploit Intelligence — CISA KEV + NVD CVE
Official vulnerability databases — free, authoritative, updated daily by US government agencies
Select a source above to load exploit intelligence
📚 All Free Intelligence Sources
🌐 Dark Web Intelligence (No Key Required)
Ahmia.fi — Dark web search engine (clearnet index of .onion sites) · ahmia.fi
OpenPhish — Live phishing URL feed · openphish.com
HackerTarget — Network recon tools · hackertarget.com
Pulsedive (demo key) — IOC enrichment + threat feeds · pulsedive.com
⚠ Vulnerability Intelligence (No Key Required)
CISA KEV — Known Exploited Vulnerabilities catalog · cisa.gov
NVD (NIST) — National Vulnerability Database · nvd.nist.gov
Ransomware.live — Global ransomware victim tracker · ransomware.live
📚 ARCHIVE
📈 ACTOR TIMELINE
🔎 WATCHLIST
Global Intell Archive
Search dark archive sources, ransomware group signals, MITRE intrusion set signals, and CISA KEV insights.
Feed Items
Ransomware Groups
MITRE Matches
KEV Entries
Archive search results will appear here.
Actor Timeline
Track ransomware actor activity and recent OSINT queries in a single timeline.
Victims
Groups
Recent Queries
Last 24h
Loading actor timeline…
Watchlist Intelligence
Paste keywords or upload a watchlist and detect matches across internal OSINT feeds plus Ahmia archive search.
Internal signal matches and external dark archive results appear below.
No watch run yet.
engine · unknown version · — modules · — Open Native UI

New Scan

domain ip email phone username asn
The footprint / investigate / passive profiles only activate modules whose per-module API keys are configured in SpiderFoot's native UI (Settings → modules). Start with All modules until keys are set.

Scans

No scans yet
Select a scan on the left, or start a new one.