We pull IOCs from 26 public feeds, deduplicate them, and give you a fast search and an API. Currently tracking 556,910 indicators.
Search, filter, export. Use the dashboard or the API.
Pulls from abuse.ch, AlienVault OTX, Spamhaus, Emerging Threats, Ransomware.live, PhishTank, and others. New data comes in every 15 minutes.
Look up any IP, domain, hash, or URL. Filter by type, threat category, confidence, or source.
Token-based REST API for lookups, bulk searches, and data export. JSON responses, standard HTTP.
Victim domains, leak site URLs, group infrastructure. Data from Ransomware.live and Ransomwatch, updated automatically.
See what's coming in. IOC distribution by type and threat category, active ransomware groups, today's new indicators.
Export as JSON, CSV, or plain text. Filter by any field. Your data is never locked in.
All public feeds. We normalize the formats, deduplicate across sources, and keep everything searchable in one place.
Feodotracker, URLhaus, ThreatFox, MalwareBazaar
Community pulses and IOCs
DROP + EDROP blocklists
Compromised IPs
Victims, groups, leak sites
Group infrastructure, .onion domains
Verified phishing URLs
Brute-force and attack IPs
Aggregated blocklists
What's in the database right now
REST API with token auth. Look up a single indicator, search in bulk, or export a filtered feed. Use it from your SIEM, a Python script, or just curl.
import requests
r = requests.get(
"https://malware.channel/api/v1/iocs/lookup",
params={"value": "evil.example.com"},
headers={"Authorization": f"Bearer {token}"}
)
data = r.json()
if data.get("found"):
print(f"Threat: {data['threat_type']}")
print(f"Source: {data['source']}")