Stay ahead of cyber threats with our intelligence feeds

Our daily Threat Intelligence Data Feeds give you actionable insights into the latest cyber threats, including malware, phishing, C2 (C&C), botnets, and other malicious activity. Choose from raw data feeds or pre-filtered feeds that seamlessly integrate with your security systems, allowing you to quickly detect and respond to threats and safeguard your business.

1.5M+
IPs
6.8M+
Domains
1M+
URLs
600K+
File hashes

Use Cases

Threat Intelligence Database provide the data to improve many aspects of information security. By providing lists of known threats, the feeds enable identification, monitoring, flagging and blocking them, in addition to allowing performing cybersecurity research and analysis.

Security Tools

Empower your security tools with fresh threat data by integrating our feeds. This enables the automatic flagging of IoCs, ensuring timely threat identification and mitigation.

Saas Platforms

Enhance your SaaS platform's threat coverage by seamlessly integrating our feeds, providing maximum protection to your clients.

Firewalls & Denylists

Secure your infrastructure by downloading our data feed and using it to configure firewalls and denylists, blocking traffic from dangerous domains, IPs, CIDRs, and URLs.

We cover the following threat types

Every IoC is attributed with a threat type. There are 9 threat types present in the data feed:

Attack

Malicious activity detected from the host. For example, SSH brute-force, etc.

Botnet

A host was detected as an actor in a group of connected hosts that perform malicious activities (botnet).

C2 (C&C)

The host is a known botnet's "Command and Control" server.

Malware

The IoC is related to malicious software distribution. It can be a host or a URL serving the malware.

Phishing

The indicator, usually a domain name or URL, is involved in Phishing activity;

Suspicious

IoC's activity hasn't been verified to be of malicious nature. For instance, it may be a host scraping websites, sending large amounts of ICMP queries, etc.;

Generic

IoC has been involved in some form of malicious activity but couldn't be classified into one of the other categories.

Spam

A host engaged in sending spam.

Tor

A host acts as a TOR exit node

Database integrations

Unlock the power of Snowflake and AWS: Seamlessly access, deploy, and utilize our data feed product through the Snowflake Marketplace and AWS Marketplace.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our Threat Intelligence Data Feed provides you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.

Server log analysis

We analyze server logs to identify potential threats, such as suspicious activity or unauthorized access attempts.

Honeypots

We use honeypots, which are decoy systems designed to attract attackers, to gather intelligence about the latest attack methods and techniques.

OSINT

We gather threat intelligence from open sources, such as social media, forums, and blogs, to stay on top of emerging threats and trends.

Abuse reports (ISPs)

We monitor abuse reports from internet service providers (ISPs) to identify potential threats and malicious activity.

Our own researches

Our team of experts conducts their own research to identify and analyze new and emerging threats, as well as to provide in-depth analysis of existing threats.

Database samples

We provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, IPs, CIDR, hashes, and more.

Free sample

The free sample provides all product features within a small subset of records. It can be published on the website to the potential customers free of charge for demonstration purposes.

Full sample

A one-day slice of full data which demonstrate the coverage, volumes and data structure. Contact us to get a full sample.

Pricing plans for all team sizes

Threat Intelligence Data Feeds provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, suspicious IPs, CIDRs, malware hashes, and more.

Billed MonthlyBilled Annually🎁 2 months FREE
TIDFStartup

$499 / month

< 100 employees

All threat types

Daily updates

TIDFBusiness

$1,990 / month

101 - 500 employees

All threat types

Daily updates

Dedicated support

TIDFEnterprise

Ask for a quote

> 500 employees

All threat types

Daily updates

Dedicated support

Custom data formats

Real-time streaming

Data enrichment

You’ll be in good company

FlexWebAfricaWeWorkGuardDogCyberCNS

Connect to the threat pulse with the streaming version

Since we continuously receive new IoCs, we can also provide access to the streaming version of this product. In this case, you will receive new records with the lowest delay. Please contact us for details.

Contact Us

Got a technical issue? Want to send feedback about data feeds? Need details about our plans? Let us know.