Threat Feed Aggregator

Enter any IP address, domain, or file hash to check it against 10+ live threat intelligence feeds simultaneously. Each feed is queried in real-time — get a composite blocklist score showing exactly which feeds flag the indicator and which don't.

Last updated:

Auto-detects type: IPv4 · Domain · MD5/SHA1/SHA256

What are threat intelligence feeds?

Threat intelligence feeds are continuously updated lists of malicious indicators — IP addresses, domains, URLs, and file hashes — maintained by security organizations worldwide. By checking an indicator against multiple feeds simultaneously, you can quickly determine if it's been associated with malware distribution, botnet command-and-control, brute-force attacks, phishing, or other malicious activity. No single feed is comprehensive, which is why aggregating results from 10+ sources provides much higher confidence.

Key Terminology

IOC (Indicator of Compromise)
A piece of forensic data — an IP address, domain name, URL, or file hash — that identifies potentially malicious activity. IOCs are the building blocks of threat intelligence and are shared between organizations to improve collective defense.
C2 (Command and Control)
Infrastructure used by attackers to communicate with and control compromised systems. Feodo Tracker specifically monitors C2 servers for banking trojans like Emotet, Dridex, and QakBot.
Passive DNS
Historical DNS resolution data collected by observing real DNS queries. Shows what domains resolved to in the past and what other domains share the same IP — useful for mapping attacker infrastructure.

🚨 Threat Feed Aggregator — Frequently Asked Questions

What threat feeds does this tool check?

It checks Feodo Tracker for botnet C2 IPs, URLhaus for malware distribution URLs, SSLBL for malicious SSL certificates, blocklist.de for brute-force attack IPs, Tor Project for exit nodes, SANS ISC for attack reports, OTX AlienVault for threat pulses, InQuest Labs for reputation data, ThreatFox for IOC matches, and MalwareBazaar for malware sample hashes.

How is the composite threat score calculated?

Each feed that flags the indicator adds points to the composite score. Critical feeds like Feodo C2 and active malware URLs add more weight than informational feeds. The final score is categorized as CRITICAL, HIGH, MEDIUM, or LOW based on how many feeds flag the indicator and the severity of the matches.

Threat Dashboard

Live security overview.

CVE Intelligence

Vulnerability lookup.

Hash Analyzer

Hash analysis.

IP Triage

IP intelligence.