Query a Host or URL Indicator in Archive.org's Wayback Machine

One-Click querying of the Wayback Machine

See if a website has been archived in the Wayback Machine

ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.

When investigating phishing pages it can be helpful to see what a malicious website looks like. This can help you identify what organization the phishing page is spoofing and possibly whether or not a phishing kit is being used. Sometimes, however, the phishing page is taken down before an analyst gets a chance to see what it looked like.

Archive.org’s Wayback Machine can be helpful in these cases as it allows anyone to archive a snapshot of a website. This playbook allows you to check if a Host or URL Indicator has already been archived in the Wayback Machine.

One-click querying of the Wayback Machine

This playbook is triggered with a User Action Trigger available on the page for all Host and URL Indicators.

Once triggered, the playbook queries Archive.org’s Wayback Machine to see if the domain exists. If a domain exists, it will return a link to the archived website. Otherwise, it will let you know that the indicator has not yet been archived.

This playbook requires no configuration. Just install and turn it on!

ThreatConnect Research Team
About the Author
ThreatConnect Research Team

The ThreatConnect Research Team: is an elite group of globally-acknowledged cybersecurity experts, dedicated to tracking down existing and emerging cyber threats. We scrutinize trends, technology and socio-political motivators to develop comprehensive knowledge of the cyber landscape. Then, we share what we’ve learned so that you can protect your organization, and your team can take precise action against threats.