Sicehice - Home

Discover Detections

Sicehice enables investigators and incident responders to search indicators of compromise at scale.

Search across 30+ data sources for IP addresses associated with blocklists, command and control, malware distribution, bruteforce, and anonymization services like VPNs or TOR.

Feeds are available for download and consumption, or utilize our free API for programatic searching.

Search One. Search All.

Perform bulk IP lookups using the Bulksearch feature for up to 1,000 IP addresses at a time and export the results as a CSV. Search for indicators by Autonomous System (AS) and retrieve multiple results per AS.

Each IP's results are enriched with detections, IP address geolocation information, and AS information.

Integrations

VirusTotal Collections
X (Twitter) Feed
ThreatFox Submissions

TOR Exit Nodes (Current)
TOR Exit Nodes (Historical)
Cobalt Strike C2 Blocklist
Metasploit C2 Blocklist

Search Examples: