RayveLabs — atlas · lookup
// ioc lookup · 11 feeds in one query

What do we know about this thing?

Paste an IP, domain, URL, file hash, or CVE. We check every supported feed at once and tell you which ones have something to say. Data refreshes every morning.

How the lookup works

Every supported feed is fetched server-side once a day by a GitHub Actions cron, indexed by the right key (IP, host, hash, CVE), and committed to this repo. When you click look up, your browser searches those indexes locally — no API keys, no rate limits, nothing leaves your machine except the request for the indexes themselves.

Feeds checked

CISA KEV — actively exploited CVEs
EPSS — exploit-likelihood for any CVE
URLhaus — malicious URLs by host
ThreatFox — IoCs with actor attribution
Feodo Tracker — active botnet C2 IPs
SSLBL — malicious TLS cert fingerprints
Spamhaus DROP — hijacked netblocks
Tor exit list — anonymisation relays
DShield — top honeypot attackers
DataPlane.org — SSH brute-forcers
HIBP — breaches by domain