Feeds

Web portal, API and downloads for machine-consumable intelligence deliver detection and triage workflows you can use operationally.

Feed Catalog

Indicators of Compromise (IOCs)

  • APT / sophisticated FIN / crimeware / hacktivism hostnames/domains/IPs

  • IP intelligence for anonymization services (TOR, 20+ VPNs, proxies)

  • Infra mapping for CDNs, domain parking, suspected attacker infra (SSL, fingerprinting)

Passive DNS

  • Continuously updated pDNS

  • High-performance API

  • Multiple streams + filters

  • Robust API documentation

YARA Rules + YARA Quality Lab

  • 5+ new rules/week
  • deep-tested on clean sets
  • YARA 3.2+ and YARA-X 0.5.0+

IP Risk / Reputation Feed

  • Daily-computed risk for IP ranges

  • 43k+ ranges

  • AI-weighted by recency/continuity

  • Real-time API endpoint for domains

C2 Monitor

  • C2 availability tracking

  • Includes common tooling such as Cobalt Strike

Honeypot Samples

  • Live sample stream
  • Attacker IPs/protocols

Web Crawler Samples (Blackthorne)

  • Live stream from malware spreading servers

  • Re-crawls at scale

Country C2 Infrastructure (Nightfall)

  • View of malicious infra per country with hosting details such as ASN

  • Supports country-level blocking and abuse investigations

Request Demo
Let's Talk

Integration

We Support What You Need

Delivery: API / TAXII / HTTPS / file drop
Formats: STIX / JSON / CSV
Cadence: Daily / hourly / near-real-time
Onboarding: 1–2 calls + trial window

Onboarding checklist

  1. Short intake: your tools + your priorities
  2. Choose bundle/module + define success criteria
  3. Integrate and validate with a small test window
  4. Review results and tune

Want help integrating?

Book a short call and we’ll tell you exactly what’s required.

Let's Talk