Threat Intelligence Extension

Instant Threat Intelligence In Your Browser

Right-click any IP, domain, or hash to get instant threat intelligence from 9+ security sources in a sleek popup interface. Features built-in dark/light theme toggle and customizable display settings. No copy-paste, no context switching.

9+
API Integrations
100%
Local API Keys
Free
Forever
chrome-extension://ioclens/popup.html?ioc=44d88612f...

See It In Action

Watch IOCLens enrich threat indicators in real-time

IOCLens Extension Demo
IOCLens Extension Demo

Core Capabilities

Engineered for incident responders who think in TTPs and IOCs

Regex-Powered Detection

Pattern matching for IPv4/IPv6, FQDNs, SHA256 hashes. Context menu injection via Chrome Extension API. Sub-100ms IOC identification.

Multi-Source Correlation

Parallel REST API calls to VirusTotal, GreyNoise, AbuseIPDB, Shodan, AlienVault OTX, ThreatFox, URLhaus. Normalized JSON aggregation layer.

Zero-Trust Architecture

Client-side execution only. No proxy servers. No analytics beacons. Direct HTTPS to threat intel providers. Your OPSEC is intact.

Universal IOC Parser

Compiled regex engine detects indicators in logs, emails, tickets, chat. Works on any webpage including Slack, Gmail, Jira, Confluence.

Machine-Readable Output

JSON export for SIEM ingestion, threat intelligence platforms, ticketing workflows. One-click copy or export enriched data in structured format.

Customizable Interface

Toggle between dark and light themes directly in the popup. Granular settings control: show/hide individual API verdicts, tags, geolocation, threats, and technical details to match your workflow.

Choose Your Plan

Open source free tier. One-time payment for lifetime Pro access.

Free Tier

$0 /forever
  • VirusTotal integration
  • GreyNoise Community API
  • InternetDB lookups
  • IP-API geolocation
  • Open source & free forever
Get Started Free View on GitHub →
Lifetime Access

Pro License

$19 /forever

One-time payment • Lifetime access

  • All Free Tier features
  • AbuseIPDB integration
  • Shodan lookups
  • URLhaus & ThreatFox
  • AlienVault OTX
  • JSON export functionality
  • Lifetime updates
Get Pro License

How It Works

Under the hood: event-driven architecture for real-time threat correlation

01

Pattern Match

Selection event → regex engine validates IOC type → Chrome storage API caches result → context menu dynamically rendered.

02

API Orchestration

Background service worker spawns async fetch() calls. Headers injected with API keys. Rate limiting via token bucket algorithm.

03

Data Normalization

Response parser extracts reputation scores, geolocation, malware families, WHOIS data. Unified schema rendered in side panel UI.

Start Enriching IOCs Today

Install the extension or share your feedback to help me improve the tool

Install Free Extension

Need Pro Features?

Get access to all 9+ integrations with a lifetime Pro license. One-time payment, no subscriptions.

Get Pro License