Announcing Hunt 2.8: Sharper IOC Hunter Workflows, Smarter Provider Visibility, and Easier C2 Filtering

Hunt 2.8 brings major improvements across C2 listings, IOC Hunter, AttackCapture™, IP search, and domain risk assessment.

This release focuses on giving analysts faster pivots, more consistent filtering, better visual clarity, and more accurate threat signals. It also introduces new provider visibility, expanded bulk enrich data, and important fixes that tighten the accuracy of our phishing and malware detection views.

Here's a quick look at what's new:

Below is a closer look at some of the most impactful improvements in Hunt 2.8.

General Updates

• Negative filters are now available on both the C2 listing page and the AttackCapture™ listing page. You can exclude providers, countries, ports, or TLDs for more focused hunts.

  

  
  

• Provider Tags now appear in IP search on the Domain tab, including reverse DNS entries, and on the C2 listing page. This helps reveal cloud or hosting infrastructure faster during investigations.

  

  
  

• Bulk enrich now includes registrar and domain creation date. Helpful for spotting newly registered or suspicious domains.
  
  

• IOC Hunter now links hosts and IPs directly to their corresponding posts. Faster pivots and less manual searching.

  

  
  

• IOC Hunter list now directly shows the malware family. Makes large lists more scannable.

  

  
  

• IOC Hunter supports custom date-range filtering. Makes it easier to focus on specific activity windows.

  

  
  

• IOC Hunter filters now always show all available values. Multi-filter selections remain available at all times.
  
  

• IOC Hunter posts now use a unified, shareable layout. All related context appears in one view.
  
  

• "Possible APT" indicators moved to the Reputation & Risk box. More consistent threat context.

  

  
  

• Phishing page dark mode has been refined. Better readability during extended analysis.
  
  

• Host Radar partial-name matching has been improved. Previously missed assets are now reliably found.
  
  

• Host Radar now uses unified tables and horizontal filters. Includes free-text highlighting for faster scanning.
  
  

• Path updates: /ip-detail/ → /ip/, /asn-detail/ → /asn/, /domain-detail/ → /domain/. Cleaner, shorter, and consistent across the platform.

AttackCapture™ Updates

• Domain details now highlight AttackCapture™ warnings that let you pivot into related open dirs. Smoother transitions when mapping related assets.

  

  
  

• Open ports on IPs now display HTTP and HTTPS status codes. Quick visibility into exposed services.

  

  
  

• The malware list now uses the unified horizontal filter concept. Cleaner and more consistent filtering.

Bug Fixes

• Restored missing malware hosts in Host Radar. Some malware-related hosts were not appearing due to an indexing issue and are now fully visible again.
  
  

• Corrected malware name display on IOC Hunter posts. Some posts showed empty or incorrect malware names; all entries now render consistently.
  
  

• Fixed incorrect time-range pivoting in AttackCapture™ → Explore → Open Source Software. Pivots now load the proper activity window every time.
  
  

• Improved Host Radar partial-match behavior. Partial asset names that previously failed to match now return correct results.
  
  

• Corrected phishing filter logic inside Reputation & Risk. The filter previously allowed false positives through; only confirmed malicious URLs now appear.

Every improvement in Hunt 2.8 came directly from real analyst feedback and real hunts happening on the platform. If you have suggestions or ideas that can make Hunt.io even more effective for your workflows, we're always ready to hear them.