MONARX
//
GLOBAL INTELLIGENCE NETWORK
LIVE
00:00:00 UTC
IOCs ANALYZED
0
+0 past hour
ACTIVE THREATS
0
↗ 0 new today
SIGNALS INTERCEPTED
0
Global coverage · 24/7
ORBITAL ASSETS
0
0 session queries
⦿ INTEL STREAM
SOURCES:
1
OSINT SEARCH
Netlas · VirusTotal · GreyNoise · AbuseIPDB · Hunter.io · Censys · GOD EYE Map
CHECKING…
→
2
THREAT INTELLIGENCE
OTX AlienVault · URLhaus · LeakIX · Cisco Talos · MITRE ATT&CK · OpenPhish · Pulsedive
FREE SOURCES
→
3
DARK WEB INTELLIGENCE
Ahmia · IntelX · DarkSearch · DeHashed · CISA KEV
CHECKING…
→
4
DARK FORUM INTELLIGENCE
Ransomware tracker · CVE intel · exploit intel · 20K+ victims
LIVE FEEDS
→
5
GLOBAL INTELL
Threat archive · actor timeline · watchlist analytics
OPEN ACCESS
→
6
SATELLITE TRACKER
Starlink · GPS · ISS · OneWeb · Real-time SGP4 orbital propagation
LIVE DATA
→
7
MESSENGER INTELLIGENCE
NumVerify carrier lookup · Cell tower triangulation · Phone OSINT
CHECKING…
→
⟟ RECENT QUERY LOG
0 ENTRIES
⚡ Intelligence Console
Multi-source OSINT · parallel · zero-retention
0 running
0 ok
0 err
—
🎯
AUTO
QUICK INPUT
SOURCES
📡 SIGNAL INTELLIGENCE
Wi-Fi · Cell · BLE · CCTV · IoT · Vehicle · Smart TV · ICS / SCADAPick a device class above to scan for exposed endpoints via Netlas.
—
COMPOSITE THREAT SCORE · 0-100
Awaiting data…
🎯 GOD EYE — GEOLOCATION INTELLIGENCE
|
—
INITIALIZING...
TARGET
—
Awaiting data
GEOLOCATION METHODS
IP GEOLOCATION
~50km accuracy
GPS
~10m accuracy
WI-FI POSITIONING
~15m accuracy
CELL TRIANGULATION
~300m accuracy
BLE / BEACONS
~3m accuracy
RUN SEARCH TO
AUTO-POPULATE
AUTO-POPULATE
LAT — · LON —
🛰
OSINT INTELLIGENCE CONSOLE
Type any indicator above and press Enter to query all matching sources in parallel.
IPv4, IPv6, domains, URLs, file hashes, emails, BSSIDs, SSIDs, and cell towers are auto-detected.
Keyboard: Ctrl+K to focus · Enter to run · Esc to clear
IPv4, IPv6, domains, URLs, file hashes, emails, BSSIDs, SSIDs, and cell towers are auto-detected.
Keyboard: Ctrl+K to focus · Enter to run · Esc to clear
🛰 LIVE SATELLITE TRACKER
LOADING TLE DATA
—
Loading satellites...
STARLINK
ONEWEB
GPS
ISS / CREWED
IRIDIUM
OTHER
FETCHING TLE DATA FROM CELESTRAK
Initializing orbital mechanics...
SATELLITES — CLICK TO SELECT
URLhaus
abuse.ch · malware URL / host / hash intelligence
checking key…
AUTO
OpenPhish
openphish.com · community phishing feed
public feed · no key
Enter a full URL and press SEARCH — OpenPhish checks whether the URL (or its host) is in the live community phishing feed.
Shodan InternetDB
internetdb.shodan.io · IP exposure — ports · CVEs · software · tags
public API · no key
ThreatFox
threatfox.abuse.ch · IOC lookup — malware C2 · hashes · domains · IPs
abuse.ch key
LeakIX
leakix.net · exposed services · open DBs · misconfig & leak intelligence
checking key…
HOST · IPv4
Pick an action above and press SEARCH — LeakIX indexes services, leaks, open DBs, phishing kits, and breach markers.
🛡 CISCO TALOS EMAIL & SENDER REPUTATION
IP · Domain · Sender — No API key required · Powered by SenderBase
Enter an IP address, domain, or email sender address above to check its reputation across Cisco Talos threat intelligence.
⚔ MITRE ATT&CK — Intelligence Matrix
Enterprise adversary TTPs · techniques · threat groups · software · mitigations
—
Techniques
—
Sub-Techniques
—
Threat Groups
—
Software / Tools
Quick Tactic Filter
Load ATT&CK data to see tactics →
🎯 APT Group Profiler — TTP Mapper
Select a threat actor · map all ATT&CK techniques · download Navigator layer
OTX AlienVault — Threat Pulses
🔍 ONION SEARCH
🎣 PHISHING FEED
🌐 EXPOSURE SCAN
🦠 IOC LOOKUP
🔴 CISA KEV
AHMIA — DARK WEB SEARCH ENGINE
Powered by ahmia.fi — free Tor hidden service search engine. Results include .onion links indexed by Ahmia's crawler.
OPENPHISH — LIVE PHISHING INTELLIGENCE
Real-time phishing URL feed — completely free, no API key required
NOT LOADED
—
TOTAL PHISHING URLS
—
UNIQUE DOMAINS
—
LAST UPDATED
HACKERTARGET — FREE EXPOSURE SCANNER
DNS · Reverse IP · Host Discovery · HTTP Headers · GeoIP — 10 free queries/day per tool, no API key needed
» Target reconnaissance output will appear here
» Enter an IP or domain and select a tool above
» All tools use HackerTarget.com free API (10 req/day)
📖 TOOL REFERENCE
hostsearch — Find subdomains
dnslookup — A, MX, NS, TXT records
reverseiplookup — Other domains on IP
httpheaders — Server fingerprint
geoip — Country, city, ASN
whois — Registration data
⚠ Rate limit: 10 free queries/day per tool. Upgrade at hackertarget.com for more.
PULSEDIVE — FREE IOC ENRICHMENT
Enrich any IOC — IP, domain, URL, email — with threat context from Pulsedive. Uses the free demo key (no registration required).
🔍 SINGLE IOC LOOKUP
📡 LIVE THREAT FEEDS
Browse critical and high-risk active threats from Pulsedive's global feed aggregation.
Select a risk level to browse live threats
CISA KNOWN EXPLOITED VULNERABILITIES
Official US government list of actively exploited CVEs — free, authoritative, updated daily
NOT LOADED
—
TOTAL KEVs
—
RANSOMWARE-LINKED
—
VENDORS AFFECTED
Click LOAD KEV DATABASE to fetch the official CISA vulnerability catalog
📱 Telegram
📞 Phone Intel
🔍 Username OSINT
💬 WhatsApp
📡 Platform Links
TELEGRAM
Public channel / group / user lookup via t.me
ℹ️ Works for public channels, groups, and user profiles. Private accounts return limited data.
UNIFIED
THREAT LIVE FEED
ℹ️ Merged live feed — server-scraped every 60s, newest-first.
TELEGRAM BOT DETECTOR
PHONE INTELLIGENCE
Number format · carrier · country · type · OSINT
PHONE BLACKLIST CHECK
Cross-checks number against spam/scam phone databases
USERNAME OSINT
Probe username across messenger & social platforms
WHATSAPP INTELLIGENCE
⚠ WhatsApp does not expose a public OSINT API. The tools below work without authentication.
CLICK-TO-CHAT LINK
Enter a number above to generate
OSINT RESOURCES
MESSENGER PLATFORM OSINT RESOURCES
TELEGRAM
SIGNAL
🔒 Signal Privacy Model
📄 Signal Legal Requests
Signal exposes no public OSINT surface. Legal requests yield only account creation date and last connection timestamp.
VIBER
📜 Viber Public Chats ToS
🔗 Viber Public Chats
Viber public channels are searchable. No unauthenticated API available for phone lookup.
PHONE OSINT TOOLS
Local Backend (proxy.py)
UNTESTED
If you are running
Default when running locally:
python proxy.py on your machine,
enter its URL below. This gives full API support including header-based auth (VirusTotal, Censys).Default when running locally:
http://localhost:5000
CORS Proxy (Optional — alternative to local backend)
UNTESTED
Auto-rotation enabled. Leave this field blank and MonarX will
automatically rotate through a built-in pool of public CORS proxies
(
Set your own prefix below to override the pool (e.g.
⚠ Public CORS proxies only work for APIs that accept their key in the URL (Hunter, OpenTracker). Header-auth APIs (Netlas, VirusTotal, AbuseIPDB) require the local Flask backend (proxy.py).
corsproxy.io,
allorigins,
codetabs,
thingproxy,
cors.eu.org)
— failing proxies are put on a 60-second cooldown; the last-working one is tried first.Set your own prefix below to override the pool (e.g.
https://corsproxy.io/?url=).⚠ Public CORS proxies only work for APIs that accept their key in the URL (Hunter, OpenTracker). Header-auth APIs (Netlas, VirusTotal, AbuseIPDB) require the local Flask backend (proxy.py).
Danger Zone
■ Intelligence Newsletter
Not yet generated
TLP:WHITE · UNCLASSIFIED · SINGLE-OPERATOR
MonarX Daily Threat Briefing
Click GENERATE to compile today's intelligence
Keyword Watch — Upload keywords or paste them below
Upload a file or paste keywords, then generate the report.
—
Ransomware Victims
—
Active IOCs
—
Cyber News Items
—
OSINT Queries Today
Ransomware Intelligence
Waiting for data…
Active Threat IOCs — ThreatFox · Feodo C2 · MalwareBazaar
Waiting for data…
Cyber News — BleepingComputer · Krebs · CISA · SANS · Unit42
Waiting for data…
Dark Web & Hacker Group Activity
Waiting for data…
Operator OSINT Activity Log
Waiting for data…
MonarX OSINT Intelligence Platform · Self-hosted · Single-operator ·
TLP:WHITE
📡 INTEL FEEDS
☠ RANSOMWARE TRACKER
🔒 CVE INTEL
💥 EXPLOIT INTEL
🔑 FREE SOURCES
Threat Intelligence Feed Aggregator
12 curated live sources — CISA · BleepingComputer · Krebs · The Hacker News · The Record · Cisco Talos · Unit 42 · SecureList · SANS ISC · Dark Reading · Help Net Security · Schneier
Select a feed source above or click LOAD ALL FEEDS
Ransomware.live — Global Victim Tracker
NOT LOADED
—
Total Victims
—
Groups
—
Countries
—
Sectors
GLOBAL RANSOMWARE FLOW
● VICTIM
↗ FLOW ARC
drag = rotate · wheel = zoom
◉ RANSOMWARE GLOBAL INTEL
3D · WGS84 · LIVE FEED
NIST NVD — CVE Vulnerability Intelligence
Official US National Vulnerability Database · CVSS scores · descriptions · affected products · free, no key required
NOT LOADED
Select a severity above or search by keyword to load CVE intelligence
💥 Exploit Intelligence — CISA KEV + NVD CVE
Official vulnerability databases — free, authoritative, updated daily by US government agencies
Select a source above to load exploit intelligence
📚 All Free Intelligence Sources
🌐 Dark Web Intelligence (No Key Required)
Ahmia.fi — Dark web search engine (clearnet index of .onion sites) · ahmia.fi
OpenPhish — Live phishing URL feed · openphish.com
HackerTarget — Network recon tools · hackertarget.com
Pulsedive (demo key) — IOC enrichment + threat feeds · pulsedive.com
OpenPhish — Live phishing URL feed · openphish.com
HackerTarget — Network recon tools · hackertarget.com
Pulsedive (demo key) — IOC enrichment + threat feeds · pulsedive.com
⚠ Vulnerability Intelligence (No Key Required)
CISA KEV — Known Exploited Vulnerabilities catalog · cisa.gov
NVD (NIST) — National Vulnerability Database · nvd.nist.gov
Ransomware.live — Global ransomware victim tracker · ransomware.live
NVD (NIST) — National Vulnerability Database · nvd.nist.gov
Ransomware.live — Global ransomware victim tracker · ransomware.live
📚 ARCHIVE
📈 ACTOR TIMELINE
🔎 WATCHLIST
Global Intell Archive
Search dark archive sources, ransomware group signals, MITRE intrusion set signals, and CISA KEV insights.
—
Feed Items
—
Ransomware Groups
—
MITRE Matches
—
KEV Entries
Archive search results will appear here.
Actor Timeline
Track ransomware actor activity and recent OSINT queries in a single timeline.
—
Victims
—
Groups
—
Recent Queries
—
Last 24h
Loading actor timeline…
Watchlist Intelligence
Paste keywords or upload a watchlist and detect matches across internal OSINT feeds plus Ahmia archive search.
Internal signal matches and external dark archive results appear below.
No watch run yet.
SpiderFoot — OSINT Automation
Embedded SpiderFoot 4.0 engine · 200+ modules · footprint / investigate / passive use cases
New Scan
domain
ip
email
phone
username
asn
The footprint / investigate / passive profiles only activate modules whose
per-module API keys are configured in SpiderFoot's native UI
(Settings → modules).
Start with All modules until keys are set.
Scans
No scans yet
Select a scan on the left, or start a new one.