Hunt 2.7 is Here: New Domain Risk, AttackCapture™ Filters, and Threat Actor Insights
Published on
Published on
Published on
Nov 6, 2025
Nov 6, 2025
Nov 6, 2025
Hunt 2.7 delivers faster C2 listings and risk cards, an expanded Domain Risk & Reputation system with richer threat indicators, IOC Hunter threat actor visibility on IP and domain pages, new multi-value filters in AttackCapture™ for smoother investigations, and more.
Here's a quick look at what's new:
| Highlights | What's New? |
|---|---|
| Data Improvements | Expanded Domain Risk & Reputation with threat indicators, IOC Hunter actor visibility on IP and domain searches, and a new Hosting Company column for easier pivots. |
| Usability Improvements | Improved C2 listing and risk card speed, added provider tags, refined messages for private and bogon IPs, and extended session timeout to one week. |
| AttackCapture™ Improvements | Added multi-value filters, summaries for open directories, linked IOC counts in the IOCs subtab, and smoother pivots between related listings. |
| Bug Fixes | Fixed Windows flag display, ZIP extraction issues, Malware Sandbox Tag alignment, and unknown malware ports in the IP search protocols table. |
Below is a closer look at some of the most impactful improvements in Hunt 2.7.
General Updates
New Provider Tags: Quickly spot provider infrastructure at a glance. Expect these tags to appear across more areas of the platform soon.
Domain Risk & Reputation: Now includes indicators for IOCs, malware, open directories, and phishing activity.
Performance Enhancements: Improved speed across C2 Listings and the new Risk Cards for IPs and domains.
Threat Actor Visibility: IOC Hunter data is now displayed directly in IP and domain searches.
Added WHOIS registrar and creation date for every apex domain and hostname. Useful for spotting newly registered or suspicious domains
Added search box and bulk uploader to the domain result page. Speeds up large-scale domain lookups.
Extended session timeout to one week: Sessions now remain active for seven days, addressing one of the most common user requests.
AttackCapture™ Updates
Improved Filters: A new horizontal filter layout saves space and supports selecting multiple values at once. Default fields include Date, Country, and ASN.
The new "More Filters" option lets you configure filters for Hostname, Port, Source, Tag, Malware, Sandboxed Malware in Dir, MITRE, GitHub Tag, Keysand, and IOCs.
Summaries for Open Directories: Instantly understand an open directory through concise, human-readable text instead of browsing files manually.
Improved AttackCapture™ Explore: Effortlessly pivot to the related listing page, such as Open Source Software, C2 Scanning Signatures, Malware Sandboxed Tags, IOCs, Keys, and more.
Added linked IOC counts in the IOCs subtab of AttackCapture™ Explore: The new Count column lets you click directly into related IOC listings, making it easier to pivot from research articles to specific indicators.
From there, the linked view automatically loads all matching IOCs under the selected article, giving analysts instant access to hostnames, ports, tags, and sources associated with that campaign.
Linked IOC Hunter IP lists from Host Radar counts. Clicking an IOC count in Host Radar opens IOC Hunter → IPs prefiltered to that provider and time range, with matching totals.
Added Hosting Company column in IOC Hunter: The IPs list in IOC Hunter now includes the hosting company, making it easier to pivot back to Host Radar for deeper infrastructure analysis.
Bug Fixes
Flags for Windows are now displayed correctly throughout the app.
Fixed an issue in AttackCapture™, causing some .zip files to appear as extracted.
IP Search warning counts now display accurate totals.
Fixed misaligned Malware Sandbox Tag counts on the AttackCapture™ Explore page.
Fixed an issue where unknown malware ports were not displayed in the IP search protocols table.
Hunt 2.7 continues what we've always aimed for - giving threat hunters better data, faster performance, and tools that actually make a difference in daily investigations.
Every improvement in this release comes from real feedback and real hunts happening on the platform. If something feels off or you have an idea that could make Hunt.io even better, we'd love to hear it.
Hunt 2.7 delivers faster C2 listings and risk cards, an expanded Domain Risk & Reputation system with richer threat indicators, IOC Hunter threat actor visibility on IP and domain pages, new multi-value filters in AttackCapture™ for smoother investigations, and more.
Here's a quick look at what's new:
| Highlights | What's New? |
|---|---|
| Data Improvements | Expanded Domain Risk & Reputation with threat indicators, IOC Hunter actor visibility on IP and domain searches, and a new Hosting Company column for easier pivots. |
| Usability Improvements | Improved C2 listing and risk card speed, added provider tags, refined messages for private and bogon IPs, and extended session timeout to one week. |
| AttackCapture™ Improvements | Added multi-value filters, summaries for open directories, linked IOC counts in the IOCs subtab, and smoother pivots between related listings. |
| Bug Fixes | Fixed Windows flag display, ZIP extraction issues, Malware Sandbox Tag alignment, and unknown malware ports in the IP search protocols table. |
Below is a closer look at some of the most impactful improvements in Hunt 2.7.
General Updates
New Provider Tags: Quickly spot provider infrastructure at a glance. Expect these tags to appear across more areas of the platform soon.
Domain Risk & Reputation: Now includes indicators for IOCs, malware, open directories, and phishing activity.
Performance Enhancements: Improved speed across C2 Listings and the new Risk Cards for IPs and domains.
Threat Actor Visibility: IOC Hunter data is now displayed directly in IP and domain searches.
Added WHOIS registrar and creation date for every apex domain and hostname. Useful for spotting newly registered or suspicious domains
Added search box and bulk uploader to the domain result page. Speeds up large-scale domain lookups.
Extended session timeout to one week: Sessions now remain active for seven days, addressing one of the most common user requests.
AttackCapture™ Updates
Improved Filters: A new horizontal filter layout saves space and supports selecting multiple values at once. Default fields include Date, Country, and ASN.
The new "More Filters" option lets you configure filters for Hostname, Port, Source, Tag, Malware, Sandboxed Malware in Dir, MITRE, GitHub Tag, Keysand, and IOCs.
Summaries for Open Directories: Instantly understand an open directory through concise, human-readable text instead of browsing files manually.
Improved AttackCapture™ Explore: Effortlessly pivot to the related listing page, such as Open Source Software, C2 Scanning Signatures, Malware Sandboxed Tags, IOCs, Keys, and more.
Added linked IOC counts in the IOCs subtab of AttackCapture™ Explore: The new Count column lets you click directly into related IOC listings, making it easier to pivot from research articles to specific indicators.
From there, the linked view automatically loads all matching IOCs under the selected article, giving analysts instant access to hostnames, ports, tags, and sources associated with that campaign.
Linked IOC Hunter IP lists from Host Radar counts. Clicking an IOC count in Host Radar opens IOC Hunter → IPs prefiltered to that provider and time range, with matching totals.
Added Hosting Company column in IOC Hunter: The IPs list in IOC Hunter now includes the hosting company, making it easier to pivot back to Host Radar for deeper infrastructure analysis.
Bug Fixes
Flags for Windows are now displayed correctly throughout the app.
Fixed an issue in AttackCapture™, causing some .zip files to appear as extracted.
IP Search warning counts now display accurate totals.
Fixed misaligned Malware Sandbox Tag counts on the AttackCapture™ Explore page.
Fixed an issue where unknown malware ports were not displayed in the IP search protocols table.
Hunt 2.7 continues what we've always aimed for - giving threat hunters better data, faster performance, and tools that actually make a difference in daily investigations.
Every improvement in this release comes from real feedback and real hunts happening on the platform. If something feels off or you have an idea that could make Hunt.io even better, we'd love to hear it.
Related Posts:
Hunt 2.6 launches with IP Risk & Reputation, SQL download via API, integration upgrades, enhanced IP search, and much more. Keep reading.
Hunt 2.6 launches with IP Risk & Reputation, SQL download via API, integration upgrades, enhanced IP search, and much more. Keep reading.
Hunt 2.5 introduces IP pivots, faster HuntSQL queries, a full-screen app view, and a refreshed IP database. Explore the latest improvements.
Hunt 2.5 introduces IP pivots, faster HuntSQL queries, a full-screen app view, and a refreshed IP database. Explore the latest improvements.
Hunt 2.4 adds archive-aware search, deeper SQL visibility, and improved phishing intel to make threat hunting faster, clearer, and more powerful.
Hunt 2.4 adds archive-aware search, deeper SQL visibility, and improved phishing intel to make threat hunting faster, clearer, and more powerful.
Hunt 2.6 launches with IP Risk & Reputation, SQL download via API, integration upgrades, enhanced IP search, and much more. Keep reading.
Hunt 2.5 introduces IP pivots, faster HuntSQL queries, a full-screen app view, and a refreshed IP database. Explore the latest improvements.
Hunt 2.4 adds archive-aware search, deeper SQL visibility, and improved phishing intel to make threat hunting faster, clearer, and more powerful.
Get biweekly intelligence to hunt adversaries before they strike.
Latest News
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Latest News
Hunt Intelligence, Inc.
Get biweekly intelligence to hunt adversaries before they strike.
Latest News
Hunt Intelligence, Inc.