Cyber Threat Intelligence (CTI)

Our internal CTI platform gives security teams, researchers, and law enforcement a structured environment to scan, investigate, and hunt threats across the internet — backed by Karen IT's own data collection infrastructure, threat feeds, and image clustering technology.

Available on

Overview

One Platform.
Every Layer of a URL.

When a suspicious URL surfaces, our CTI platform goes deeper. A single scan returns the full technical stack: HTTP, DNS, TLS, Geolocation, WHOIS, HAR logs, and image clustering — all in one structured record.

Every scan is permanently linked, exportable as raw JSON, and searchable. Built for analysts who need answers fast.

Core Scanning

Submit a URL.
Get the Full Picture.

Each scan produces a structured record across the following data layers. Private scan mode is available for sensitive investigations.

📋 Summary

- Input URL & resolved URL
- Scan timestamp
- Full request chain
- IP count & ASN
- TLS validity & issuer
- DNS record count
- UUID & JSON link
- Image similarity cluster

🌐 HTTP

- Input URL & final URL
- Page title
- Full HTML source (80 KB)

🔍 DNS

- A, AAAA, NS, MX records
- Response codes
- Full query/response data

📍 Geolocation

- IP address
- Country Code (CC)
- ASN & AS Name

🔐 TLS

- Issuer & validity window
- Certificate fingerprint
- Subject Alternative Names

📁 HAR

- Per-request breakdown
- Full request/response chain

Advanced Search

Query Across Every Field.
Build Multi-Condition Rules.

Every scan record is indexed and fully searchable. Build single-field lookups or construct compound rules with AND/OR logic across any combination of fields. Export results for use in your own workflow or SIEM.

Record UUID Scan Date Scanned URL WHOIS Creation Date Page Title Registered Domain A Record Hashtag ASN Target other...

Built-in Analysis Tools

Investigation Tools,
Built Into the Platform.

🔎 Image Search

Find visually similar pages across all scans. Our platform captures screenshots and uses two clustering algorithms (P-Hash and C-Hash) to find pages that look the same, even on different domains. This is extremely effective for identifying phishing kit reuse.

🌐 Dig Interface

Full web-based dig command-line interface. Query any domain's DNS records directly through the platform.

📅 Daily Domains

Fresh domain registration data, updated daily. Browse newly registered domains by date and TLD to detect typosquatting and infrastructure prep early.

🎯 Domain Hunting

Find related malicious domains registered by the same actor. Two modes: SimilarityX (finds typosquatting) and Startswith (finds domains with a consistent prefix).

📖 WHOIS (Live)

Real-time WHOIS lookup for both domains and IP addresses. Get registrar details, dates, nameservers, ASN, network range, and more.

Access & Eligibility

Designed for Professionals Who Need More Than a Free Tool.

Access to the Karen IT CTI platform is provided to vetted organizations and individuals operating in a security capacity.

Security Operations Centers (SOC) Incident Response Teams Threat Intelligence Analysts Law Enforcement

→ Request Platform Access

Threat Intelligence Is Only Useful
If You Can Act on It.

Our CTI platform is built around one principle: give analysts the full picture, fast, in a format they can use. Whether you are triaging a phishing report or hunting a threat actor's infrastructure, the platform is designed to support that work.

→ Request Access