Threat Intelligence Extension

Instant Threat Intelligence In Your Browser

Right-click any IP, domain, or hash to get instant threat intelligence from 9+ security sources in a sleek popup interface. Features built-in dark/light theme toggle and customizable display settings. No copy-paste, no context switching.

Add to Chrome Learn more
9+
API Integrations
100%
Local API Keys
Free
Forever
chrome-extension://ioclens/popup.html?ioc=44d88612f...

IOCLens

XXX.XX.XX.XX ipv4

📊 Reputation Analysis

🔴
MALICIOUS
3 source(s) flagged as malicious

🔍 Individual API Verdicts

InternetDB
2 CVE(s), 2 ports ⚠ suspicious
AbuseIPDB
No abuse reports ✓ clean
Shodan
2 known CVE(s), 2 open ports ⚠ suspicious
GreyNoise
Not seen ✓ clean
ThreatFox
1 IOC(s) - 100 confidence ✗ malicious
AlienVault OTX
Found in 43 threat reports ✗ malicious
VirusTotal
Found 27/92 ✗ malicious

📍 Geolocation

Country: Japan (JP)
City: Tokyo
Region: Tokyo
ISP: Amazon Technologies Inc
ASN: AS16509 Amazon.com, Inc.
Organization: AWS EC2 (ap-northeast-1)

⚠️ Threats Detected

Known Vulnerabilities 2 CVE(s): CVE-2025-23419, CVE-2023-44487
Severity: high | Source: InternetDB
Known Vulnerabilities 2 CVEs detected
Severity: high | Source: Shodan

🏷️ Tags & Indicators

Malware Families

Aisuru AsyncRAT ClearFake Sliver Unknown malware VShell Vidar

Threat Types

C&C Server

MITRE ATT&CK

T1005: Data from Local System T1027: Obfuscated Files or Information T1036.006: Space after Filename T1041: Exfiltration Over C2 Channel T1055: Process Injection T1056.001: Keylogging T1059.001: PowerShell T1071.001: Web Protocols T1071: Application Layer Protocol T1078: Valid Accounts T1090: Proxy T1102: Web Service T1105: Ingress Tool Transfer T1110: Brute Force T1140: Deobfuscate/Decode Files or Information T1189: Drive-by Compromise T1195.002: Compromise Software Supply Chain T1204.002: Malicious File T1219: Remote Access Software T1539: Steal Web Session Cookie T1547.001: Registry Run Keys / Startup Folder T1555.003: Credentials from Web Browsers T1566.002: Spearphishing Link T1573: Encrypted Channel T1583.006: Web Services T1585: Establish Accounts T1586: Compromise Accounts T1595: Active Scanning

General Tags

AMAZON-02 AS16509 DugganUSA Vshell apt asyncrat attor auto-generated auto-updated automated blocked-ips c2 c2-infrastructure clearfake cloud dugganusa eol-product github infostealer isp-reputation mitre-attack osint-volley pattern-32 pattern-38 rhadamanthys sliver ssl-enrichment stealc stix-2.1 supply-chain threat-intelligence threatfox unknown-malware vidar

🔧 Technical Details

First Seen: 05/01/2026 16:01:17 (ThreatFox)

🔗 External Resources

🌐 ip-api.com 🔎 InternetDB 🦠 VirusTotal ⚠️ AbuseIPDB 🔎 Shodan 📡 GreyNoise 🦊 ThreatFox 👽 AlienVault OTX

Sources: ip-api.com, InternetDB, AbuseIPDB, Shodan, GreyNoise, ThreatFox, AlienVault OTX | Last updated: 12/01/2026 16:27:52

✨ PRO

See It In Action

Watch IOCLens enrich threat indicators in real-time

IOCLens Extension Demo
IOCLens Extension Demo

Core Capabilities

Engineered for incident responders who think in TTPs and IOCs

Regex-Powered Detection

Pattern matching for IPv4/IPv6, FQDNs, SHA256 hashes. Context menu injection via Chrome Extension API. Sub-100ms IOC identification.

Multi-Source Correlation

Parallel REST API calls to VirusTotal, GreyNoise, AbuseIPDB, Shodan, AlienVault OTX, ThreatFox, URLhaus. Normalized JSON aggregation layer.

Zero-Trust Architecture

Client-side execution only. No proxy servers. No analytics beacons. Direct HTTPS to threat intel providers. Your OPSEC is intact.

Universal IOC Parser

Compiled regex engine detects indicators in logs, emails, tickets, chat. Works on any webpage including Slack, Gmail, Jira, Confluence.

Machine-Readable Output

JSON export for SIEM ingestion, threat intelligence platforms, ticketing workflows. One-click copy or export enriched data in structured format.

Customizable Interface

Toggle between dark and light themes directly in the popup. Granular settings control: show/hide individual API verdicts, tags, geolocation, threats, and technical details to match your workflow.

Choose Your Plan

Open source free tier. One-time payment for lifetime Pro access.

Free Tier

$0 /forever
  • VirusTotal integration
  • GreyNoise Community API
  • InternetDB lookups
  • IP-API geolocation
  • Open source & free forever
Get Started Free View on GitHub →
Lifetime Access

Pro License

$19 /forever

One-time payment • Lifetime access

  • All Free Tier features
  • AbuseIPDB integration
  • Shodan lookups
  • URLhaus & ThreatFox
  • AlienVault OTX
  • JSON export functionality
  • Lifetime updates
Get Pro License

How It Works

Under the hood: event-driven architecture for real-time threat correlation

01

Pattern Match

Selection event → regex engine validates IOC type → Chrome storage API caches result → context menu dynamically rendered.

02

API Orchestration

Background service worker spawns async fetch() calls. Headers injected with API keys. Rate limiting via token bucket algorithm.

03

Data Normalization

Response parser extracts reputation scores, geolocation, malware families, WHOIS data. Unified schema rendered in side panel UI.

Start Enriching IOCs Today

Install the extension or share your feedback to help me improve the tool

Install Free Extension

Need Pro Features?

Get access to all 9+ integrations with a lifetime Pro license. One-time payment, no subscriptions.

Get Pro License