Threatlens

ThreatLens is a professional threat intelligence Chrome extension designed for security analysts, SOC teams, and anyone working with threat data online.

It automatically scans any webpage for Indicators of Compromise (IoCs) — including IPv4 addresses, IPv6 addresses, domains, and URLs — and lets you check their reputation instantly with a single click, powered by the AbuseIPDB API.

KEY FEATURES

🔍 Automatic IoC Detection
Highlights IPs, domains, and URLs found in page text in real time, including dynamically loaded content.

⚡ One-Click Reputation Lookup
Click the scan button next to any detected indicator to instantly see its AbuseIPDB abuse confidence score, country, and ISP — without leaving the page.

📋 Bulk Scanner
Paste a list of IPs or domains into the options page and scan them all at once. Supports de-fanged indicators (hxxp://, [.], (.)).

🎯 Scope Control
Run ThreatLens only on specific sites (allowlist mode) or everywhere except certain sites (blocklist mode). Fully configurable.

🔒 Privacy First
No telemetry. No data collection. Reputation lookups are only sent to AbuseIPDB when you explicitly click scan. Your API key is stored locally on your device only.

REQUIREMENTS
A free AbuseIPDB API key is required. Register at abuseipdb.com — the free tier supports 1,000 checks per day.

IDEAL FOR
- Security Operations Center (SOC) analysts
- Threat hunters and incident responders
- CTF players and malware researchers
- Anyone reading threat intelligence reports online