Our daily Threat Intelligence Data Feeds give you actionable insights into the latest cyber threats, including malware, phishing, C2 (C&C), botnets, and other malicious activity. Choose from raw data feeds or pre-filtered feeds that seamlessly integrate with your security systems, allowing you to detect and respond to threats and safeguard your business quickly.
THIS SHARE INCLUDES 10 SAMPLES OF RANDOM MALICIOUS RECORDS (URLs, DOMAINs). Review our website to access the complete Threat Intelligence Data Feeds (https://threat-intelligence.alldatafeeds.com/?ref=sf).
Formats included:
- Malicious IPv4/IPv6 address data feeds
- Malicious domain name data feed (included in the sample)
- Malicious URL data feed (included in the sample)
- Malicious file hashes data feed
- Hosts file
- Nginx's ngx_http_access_module compatible IPv4/IPv6 denylist
- Raw IPv4/IPv6 denylists
- Raw domain denylist (included in the sample)
- Raw CIDR denylist
- Malicious IPv4/IPv6 ranges in CIDR notation data feeds
Fields included:
- ip – IoC: IPv4 and IPv6 addresses. IPv6 feed also contains IPv4 addresses represented in the IPv6 notation.
- cidr – IoC: IPv4 and IPv6 ranges in CIDR notation. IPv6 feed also contains IPv4 ranges represented in the IPv6 notation.
- domainName – IoC: domain name.
- url – IoC: URL. It might be absolute (https://example.com/files/badfile.php) or relative (/files/badfile.php). Relative URLs do not have a corresponding domainName field.
- host – Domain name or IP for absolute URLs.
- hash – IoC: file's checksum. The hashing algorithm is determined by the algorithm field.
– algo – The algorithm used to generate the value in the hash field: md5 or sha1.
- threatType – The threat type associated with the IoC. One of the following: attack, botnet, c2, malware, phishing, spam, suspicious, tor, generic.
- lastSeen – UNIX timestamp when the activity was detected last time.
The complete database (https://threat-intelligence.alldatafeeds.com/documentation?ref=sf) covers the following 9 threat types:
- Attack: malicious activity detected from the host. For example, SSH brute-force, etc.
- Botnet: a host was detected as an actor in a group of connected hosts that perform malicious activities (botnet).
- C2 or C&C: the host is a known botnet's "Command and Control" server.
- Malware: the IoC is related to malicious software distribution. It can be a host or a URL serving the malware.
- Phishing: the indicator, usually a domain name or URL, is involved in Phishing activity.
- Spam: a host engaged in sending spam.
- Suspicious: IoC's activity hasn't been verified to be of malicious nature. For instance, it may be a host scraping websites, sending large amounts of ICMP queries, etc.
- Tor: a host acts as a TOR exit node.
- Generic: IoC has been involved in some form of malicious activity but couldn't be classified into one of the other categories.
Our Threat Intelligence Data Feed is powered by multiple sources, ensuring you receive comprehensive and accurate information to protect your organization. Our sources include the following:
- Server logs: we scrutinize server logs to detect unusual activity and unauthorized access attempts.
- Honeypots: we use decoy systems called honeypots to attract attackers and gather intelligence on the latest attack methods.
- OSINT: we collect threat intelligence from open sources such as social media, forums, and blogs to stay informed on emerging threats and trends.
- Abuse reports (ISPs): we monitor abuse reports from internet service providers to identify potential threats and malicious activity.
- Our own researches: our team of experts conducts in-depth research to identify new and emerging threats and provide a comprehensive analysis of existing threats.
Read more about our database: https://threat-intelligence.alldatafeeds.com/?ref=sf