About ThreatScope

ThreatScope is a privacy-first malware triage gatekeeper for homelab and personal use. Lookups run against a local SQLite database built from open OSINT feeds; optional AI summaries are generated by Ollama on the same server.

This is not commercial antivirus or a VirusTotal replacement. File uploads receive parse-only static analysis and YARA scanning in the web process; samples are stored by SHA256 on disk for operator review. Verdicts use an honest UNKNOWN when nothing matches — not “clean.”

This public instance

• Visitors: IOC search, bulk paste (50 lines), static file upload, blocklist CSV export.
• Rate limits: per-IP limits on lookups and uploads (see Privacy).
• No accounts — CSRF session cookie only.
• No dynamic detonation for visitors — MobSF/CAPE stay on a private lab host.
• Lookup history is not shown to anonymous visitors.

Links

• Source code (GitHub)
• Malware triage walkthrough

Indicator searches are submitted via POST and are not shared with third-party lookup APIs by default. See Privacy for logging and uploads.