Investigator Use
Pulsedive is a free threat intelligence platform that enriches indicators of compromise with context from dozens of threat feeds, user submissions, and automated enrichment sources. It aggregates data about domains, IPs, and URLs — providing reputation scores, associated threats, linked indicators, and historical activity data in a single searchable interface.
What OSINT investigators use Pulsedive for: enriching raw IOCs collected from investigations with contextual threat intelligence, pivoting from one indicator to related infrastructure through linked threat associations, checking whether a domain or IP has been flagged by threat feeds as malicious, and building threat profiles for actors or campaigns.
What Pulsedive exposes: risk scores for domains, IPs, and URLs, associated threats and malware families, feed sources that have flagged each indicator, historical Whois and DNS data, linked indicators discovered through threat associations, port and service information, and community-contributed threat data from Pulsedive analysts.
Pulsedive's threat-linking system is its most distinctive feature. When you submit an IOC, Pulsedive not only shows its own reputation score but also links it to related indicators observed in the same threat campaigns. A C2 domain might be linked to the IP addresses it resolved to, other domains hosted on those IPs, and malware samples known to communicate with that infrastructure.
Community threat intelligence: Pulsedive allows registered users to submit and classify threats, creating a community-driven layer of intelligence on top of automated feed data. Analyst notes and threat classifications add context that automated systems miss.
API access: Pulsedive provides a free API tier with rate-limited lookups, suitable for individual investigators. Paid plans offer higher rate limits and bulk enrichment capabilities for enterprise use.
In a workflow: use Pulsedive as an enrichment step after collecting initial IOCs from other sources. Submit indicators from VirusTotal findings, Shodan scans, or email header analysis to get threat context. Use linked indicator pivoting to expand a single IOC into a broader infrastructure map, then feed the expanded set back into Shodan and Censys for host enumeration.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.