AllDataFeeds logo

AllDataFeeds.com

Log In
AllDataFeeds logoAllDataFeeds.com
About Us
Contact Sales
Threat Intelligence Data Feeds
MAC Address Data Feed
Login
Sign Up
← Read other FAQ

What is an Indicator of Compromise (IoC)?

IoC or Indicator of Compromise is a clue or a piece of evidence that suggests the presence or occurrence of a cybersecurity incident or compromise. It can be used to identify and investigate malicious activities. By identifying and monitoring IoCs, organizations can implement security measures to detect and block known threats, strengthen their defenses, and respond swiftly to potential security incidents.

Our threat data feeds include five types of indicators of compromise:

1. IP addresses

Harmful or known malicious IP addresses linked to malicious actors, command and control (C2) servers or botnets. We support IPv4 and IPv6 addresses. Daily export includes about 1M of IP addresses. These IoCs are included in the following export files:

A. Malicious IPv4/IPv6 address data feeds

Files included:

  • *.malicious-ips.v4.csv.gz
  • *.malicious-ips.v4.jsonl.gz
  • *.malicious-ips.v6.csv.gz
  • *.malicious-ips.v6.jsonl.gz

Output formats available:

  • CSV
  • JSON

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

B. Raw IPv4/IPv6 denylists

Files included:

  • *.deny-ips.v4.gz
  • *.deny-ips.v6.gz

Output formats available:

  • List

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

2. CIDRs

CIDR is a Classless Inter-Domain Routing notation for IP addresses that enables more effective use of IP addresses and routing. A CIDR notation has an IP address followed by a slash and the number of bits of the network prefix, such as 192.0.2.0 / 24. A CIDR notation can also show a range of IP addresses, such as 66.10.5.0 / 27, which covers 32 IP addresses from 66.10.5.0 to 66.10.5.31.

Daily export includes about 1.1M of CIDRs. These IoCs are included in the following export files:

A. Nginx’s ngx_http_access_module compatible IPv4/IPv6 denylist

Files included:

  • *.nginx-access.v4.gz
  • *.nginx-access.v6.gz

Output formats available:

  • ngx_http_access_module compatible. Includes IPv4 and IPv6 ranges in CIDR notation.

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

B. Raw CIDR denylist

Files included:

  • *.deny-cidrs.v4.gz
  • *.deny-cidrs.v6.gz

Output formats available:

  • List. Includes IPv4 and IPv6 ranges in CIDR notation.

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

C. Malicious IPv4/IPv6 ranges in CIDR notation data feeds

Files included:

  • *.malicious-cidrs.v4.csv.gz
  • *.malicious-cidrs.v4.jsonl.gz
  • *.malicious-cidrs.v6.csv.gz
  • *.malicious-cidrs.v6.jsonl.gz

Output formats available:

  • CSV
  • JSON

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

3. Domain names

Harmful or malicious domain names. Daily export includes about 2.3M of the domain names. These IoCs are included in the following export files:

A. Malicious domain name data feed

Files included:

  • *.malicious-domains.csv.gz
  • *.malicious-domains.jsonl.gz

Output formats available:

  • CSV
  • JSON

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

B. Hosts file

Files included:

  • *.hosts.gz

Output formats available:

  • Hosts file format

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

C. Raw domain denylist

Files included:

  • *.deny-domains.gz

Output formats available:

  • List

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

4. URLs

Harmful or malicious URLs that may be used for phishing attacks, drive-by downloads, or other web-based threats. Includes both full and partial URLs. Daily export includes about 1.1M of URLs. These IoCs are included in the following export files:

A. Malicious URL data feed

Files included:

  • *.malicious-urls.csv.gz
  • *.malicious-urls.jsonl.gz

Output formats available:

  • CSV
  • JSON

Read more: https://threat-intelligence.alldatafeeds.com/documentation.

5. File hashes

Unique cryptographic values (MD5, SHA-1) that identify specific files. These hashes can show known malicious files, such as malware programs or compromised system files. Daily export includes about 700,000 of file hashes. These IoCs are included in the following export files:

A. Malicious file hashes data feed

Files included:

  • *.malicious-file-hashes.csv.gz
  • *.malicious-file-hashes.jsonl.gz

Output formats available:

  • CSV
  • JSON

Read more: https://threat-intelligence.alldatafeeds.com/documentation.


← Read other FAQ

Threat Intelligence Data Feeds

Get actionable insights into the latest cyber threats, including malware, phishing, C2 (C&C), botnets, and other malicious activity.

Pricing plans for all team sizes

Threat Intelligence Data Feeds provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, suspicious IPs, CIDRs, malware hashes, and more. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.

Billed MonthlyBilled Annually🎁 2 months FREE
TIDFStartup

$499 / month

< 100 employees

All threat types

Daily updates

TIDFBusiness

$1,990 / month

101 - 500 employees

All threat types

Daily updates

Dedicated support

TIDFEnterprise

Ask for a quote

> 500 employees

All threat types

Daily updates

Dedicated support

Custom data formats

Real-time streaming

Data enrichment

Database integrations

Unlock the power of Snowflake and AWS: Seamlessly access, deploy, and utilize our data feed product through the Snowflake Marketplace and AWS Marketplace.

You’ll be in good company

FlexWebAfricaWeWorkGuardDogCyberCNS

Contact Us

Got a technical issue? Want to send feedback about data feeds? Need details about our plans? Let us know. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.