Skip to content
SecurityCore logo SecurityCore Your One Stop Security Solution
Open-source intelligence

Threat Search

Check any suspicious indicator against live open-source threat feeds.

Paste an IP address, domain, URL, file hash, CVE ID, or file name. We query multiple public intelligence feeds in real time and show you a combined verdict, per-feed evidence, and where in the world the indicator has been observed.

Try:
IP addressHoneypot sightings, hijacked netblocks, exposed services and CVEs, network owner and location.
File hashMD5, SHA-1 or SHA-256 — matched against malware corpora and known-good software databases.
Domain / URLMalware distribution records, live phishing feeds, and worldwide scan observations.
CVE IDActive-exploitation status (CISA KEV), exploit-probability score (EPSS), and the MITRE record.
File nameSuspicious attachments like invoice.exe or update.dll, searched across scan and IOC databases.
Phone / emailBest-effort coverage — open feeds are thin here, so we also tell you what to do next.

Data sources: SANS ISC DShield · Shodan InternetDB · Spamhaus DROP / ZEN / DBL · blocklist.de · Feodo Tracker · FireHOL · Emerging Threats Open · CINS Army · Binary Defense · IPsum · GreenSnow · Tor Project · Team Cymru · Botvrij.eu · urlscan.io · CIRCL hashlookup · ThreatFox · URLhaus · MalwareBazaar · SSLBL · OpenPhish · PhishTank · Phishing.Database · Quad9 · Tranco · AlienVault OTX · CISA KEV · NIST NVD · FIRST EPSS · MITRE CVE · CIRCL CVE Search · Malpedia · Ransomware.live. Lookups are proxied and cached server-side; nothing you search is sent to third parties from your browser.