IOCRadar

Enter the IP address into the IOC Radar search bar. The tool will return a risk score (0–100), threat category classification (botnet, malware C2, phishing, spam, Tor exit node, proxy/VPN), geolocation, ASN information, and whether the IP appears on any blocklists or has been observed in active attack campaigns. A high risk score indicates the IP has been associated with malicious activity across multiple intelligence sources.

Domain and URL lookups return: risk score and threat category, DNS history (A/MX/NS records over time), SSL certificate analysis and issuer chain, hosting infrastructure associations (shared hosting, bulletproof hosting), WHOIS registration details, and any observed malware distribution or phishing campaigns linked to the domain. This helps analysts quickly assess whether a suspicious link in an email or log is genuinely malicious.

File hash lookups (MD5, SHA1, SHA256) return malware family classification, associated campaign names, first/last seen timestamps, sandbox analysis results where available, and MITRE ATT&CK technique mappings. If the hash matches a known malware sample, you'll see the threat actor group associated with it and other indicators from the same campaign — helping incident responders understand the full scope of an infection.

IOC Radar aggregates intelligence from over 200 feeds that update continuously. New malicious IPs, domains, and hashes are typically reflected within minutes to hours of their first detection across the global threat landscape. SOCRadar's own sensor network, honeypots, and dark web monitoring complement the open-source and commercial feeds, ensuring coverage of emerging threats that may not yet appear in public databases.