Threat IntelligenceAlso called: "ioc defanging", "url sanitization"
Defanging makes indicators of compromise (IOCs) safe to share in emails, reports, and chat.
Common defanging patterns
- hxxp:// instead of http://
- example[.]com instead of example.com
- 192.168.1[.]1 instead of 192.168.1.1
- user@example[.]com instead of user@example.com
Why defang?
- Prevent accidental clicks in threat intelligence reports.
- Stop email scanners from following malicious links.
- Protect analysts from visiting dangerous sites.
- Avoid triggering security tools that crawl links.
Refanging
- Reverse the process to get original IOC for investigation.
- Tools can automate defanging/refanging for IOC extraction.
Explore More Threat Intelligence
View all termsIP Reputation
A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.
Read more →Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.
Read more →Phishing
A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.
Read more →Threat Intelligence
Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.
Read more →