SOC IP Analyzer

About the Project

The SOC IP Analyzer is a Flask-based cybersecurity web application built to help Security Operations Center (SOC) analysts investigate IP addresses in real time. It integrates multiple threat intelligence APIs — including AbuseIPDB, VirusTotal, and IP-API — to deliver deep insights into any public IP address.

The tool provides geolocation data, abuse confidence scores, malicious activity history, ISP details, and a composite risk assessment — all visualized through an interactive map (Leaflet.js) and dynamic charts (Chart.js). Designed for internal SOC use, it offers a unified, intuitive dashboard to accelerate threat triage and decision-making.

How It Works

User Input: Enter any public IP address (e.g., 8.8.8.8).
Data Fetching: Backend queries AbuseIPDB (reputation), VirusTotal (malicious ratio), and IP-API (geolocation).
Processing: Aggregates responses and computes a composite risk score.
Visualization: Displays location on an interactive world map, threat metrics via charts, and structured summary cards.
Output: Classifies the IP as Clean, Low Risk, Suspicious, or Malicious with color-coded indicators.

Key Features

Real-time IP lookup and threat analysis
Geolocation mapping with dynamic marker display
VirusTotal and AbuseIPDB reputation integration
Combined risk scoring system
User-friendly dark mode dashboard
Chart-based threat visualization
Cached requests for faster repeated lookups
API key validation and error handling

Technologies Used

Python
Flask
HTML5
CSS3
JavaScript
Leaflet.js
Chart.js
AbuseIPDB
VirusTotal API
IP-API
Render

Live Demo

Analyze any public IP address in real time using the live backend.

🔒 Internal Threat Intel Tool • Powered by AbuseIPDB & VirusTotal • v1.0
If the demo fails, CORS may be disabled on the backend. Visit the full app directly.