Selector Detection Test Page

🌐 IP Addresses (IPv4)

Here are some IPv4 addresses to test:

Google DNS: 8.8.8.8
Cloudflare DNS: 1.1.1.1
Local network: 192.168.1.1
Private network: 10.0.0.1
Another example: 172.16.254.1

Some text with embedded IPs: The server at 203.0.113.42 is responding, but 198.51.100.14 is down.

🌐 IP Addresses (IPv6)

Here are some IPv6 addresses to test:

Loopback: ::1
Google DNS: 2001:4860:4860::8888
Cloudflare DNS: 2606:4700:4700::1111

🏠 Domain Names

Various domain names that should be detected:

google.com
github.com
stackoverflow.com
malicious-site.evil
suspicious-domain.tk
test.example.org

In this paragraph, we mention several domains like facebook.com and twitter.com for testing purposes.

📧 Email Addresses

Email addresses that should be detected:

admin@example.com
user.test@gmail.com
suspicious@badactor.net
contact@legitimate-business.org

🔗 URLs

Full URLs for testing:

https://www.google.com/search?q=test
http://malicious-site.com/payload.php
https://github.com/user/repository
https://api.example.com/v1/users

🔐 Hash Values

Various hash values for testing:

MD5: 5d41402abc4b2a76b9719d911017c592
SHA1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
SHA256: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae

📝 Mixed Content

This paragraph contains mixed content for comprehensive testing: The attacker used IP 192.168.1.100 to connect to malicious-c2.com and sent data to admin@evil-corp.net. The payload was downloaded from https://bad-site.com/malware.exe with hash 1234567890abcdef1234567890abcdef.

🧪 Instructions

Load this page with the Chrome extension enabled
Look for highlighted selectors (IP addresses, domains, emails, etc.)
Click on any highlighted selector to see the AI agent submenu
Choose from three AI agents:
- 🔍 Search - Fast OSINT (Passive) <1 minute
- 🛡️ Thinking - Extended Thinking (Active) <5 minutes
- 🔬 Research - Deep Research (Active) <2 hours
The extension will send the selector to the selected AI agent for analysis

⚙️ Settings

You can toggle the selector detection feature on/off from the extension popup:

Click the extension icon in the browser toolbar
Look for the "Selector Detection" toggle in the settings section
Toggle it off to disable detection, or on to enable it

⚠️ Live Malicious Website Investigation

URLhaus by abuse.ch - A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.

This is perfect for demonstrating the extension's capabilities with real-world malicious indicators:

✅ Live malicious URLs and domains
✅ Real IOCs (Indicators of Compromise)
✅ Current threat intelligence data
✅ Multiple selector types on one page

🚨 Open URLhaus (Live Threat Data)

💡 Demo Tip: Once on URLhaus, use the extension to investigate any suspicious URLs, domains, or IPs directly from the page. This demonstrates real-time threat intelligence capabilities to clients.

🔎 SOC Investigation Workflow

SOC analysts typically follow a layered investigation approach when analyzing suspicious websites. Use these tools in order for a comprehensive investigation:

1️⃣ Initial Triage

Check URL/IP/domain against quick reputation services to determine if already known malicious.

🔒 VirusTotal

70+ scanners for URLs, domains, IPs, and file hashes

Open VirusTotal

🌐 IPVoid

Comprehensive IP reputation and blacklist checking

Open IPVoid

🔗 URLVoid

Check website reputation across 30+ blocklists

Open URLVoid

🕵️ AbuseIPDB

IP reputation and abuse reporting database

Open AbuseIPDB

2️⃣ WHOIS and Infrastructure Analysis

Gather registration details, hosting information, DNS records, and related infrastructure.

📋 DomainDossier

WHOIS, DNS records, traceroute, and network analysis

Open DomainDossier

🌍 Shodan

Search engine for Internet-connected devices and services

Open Shodan

🔍 ThreatMiner

Data mining for threat intelligence and infrastructure

Open ThreatMiner

🏢 DomainTools

WHOIS history and domain intelligence research

Open DomainTools

3️⃣ Behavioral Analysis

Safe browsing analysis capturing network activity, resources, and screenshots without direct interaction.

👁️ URLScan.io

Scan websites safely with full network activity capture

Open URLScan.io

4️⃣ Sandboxing

Interactive sandboxes to observe real-time behavior of potentially malicious sites in isolated environments.

⚡ ANY.RUN

Interactive online malware analysis sandbox

Open ANY.RUN

🧪 Joe Sandbox

Deep malware analysis and detection sandbox

Open Joe Sandbox

🔬 Hybrid Analysis

Free malware analysis service powered by Falcon

Open Hybrid Analysis

5️⃣ Correlation and Enrichment

Cross-reference findings across threat intelligence sources to understand attack context, attribution, and campaigns.

🔍 ThreatMiner

Threat intelligence data mining and pivoting

Open ThreatMiner

🔷 IBM X-Force

Threat intelligence and research platform

Open X-Force

🌐 Cisco Talos

Reputation center and threat intelligence

Open Talos

👽 AlienVault OTX

Open threat intelligence community and data

Open OTX

6️⃣ IOC Extraction and Additional Tools

Document all indicators and use specialized tools for specific investigation needs.

📧 Hunter.io

Find and verify email addresses associated with domains

Open Hunter.io

🔐 Have I Been Pwned

Check if email addresses have been in data breaches

Open HIBP

💡 Workflow Tip: Follow the stages sequentially for a thorough investigation. Start with quick reputation checks in Stage 1, then progressively deepen your analysis through Stages 2-5. Use the extension to capture selectors from each tool's results and pivot between platforms for comprehensive threat intelligence gathering.

🔍 Selector Detection Test Page