Threat Intelligence Database

Equips your security systems with a comprehensive list of IoCs, including IPs, domain names, and URLs, for automatic threat detection and response. The premium version enhances this with in-depth threat intelligence, similar to our Lookup service. Select from raw or pre-filtered feeds, both tailored for smooth integration within your infrastructure.

1.5M+
IPs
6.8M+
Domains
1M+
URLs

Use Cases

Threat Intelligence Database provide the data to improve many aspects of information security. By providing lists of known threats, the feeds enable identification, monitoring, flagging and blocking them, in addition to allowing performing cybersecurity research and analysis.

Security Tools

Empower your security tools with fresh threat data by integrating our feeds. This enables the automatic flagging of IoCs, ensuring timely threat identification and mitigation.

Saas Platforms

Enhance your SaaS platform's threat coverage by seamlessly integrating our feeds, providing maximum protection to your clients.

Firewalls & Denylists

Secure your infrastructure by downloading our data feed and using it to configure firewalls and denylists, blocking traffic from dangerous domains, IPs, CIDRs, and URLs.

We cover the following threat types

Every IoC is attributed with a threat type. There are 9 threat types present in the data feed:

Attack

Malicious activity detected from the host. For example, SSH brute-force, etc.

Botnet

A host was detected as an actor in a group of connected hosts that perform malicious activities (botnet).

C2 (C&C)

The host is a known botnet's "Command and Control" server.

Malware

The IoC is related to malicious software distribution. It can be a host or a URL serving the malware.

Phishing

The indicator, usually a domain name or URL, is involved in Phishing activity;

Suspicious

IoC's activity hasn't been verified to be of malicious nature. For instance, it may be a host scraping websites, sending large amounts of ICMP queries, etc.;

Generic

IoC has been involved in some form of malicious activity but couldn't be classified into one of the other categories.

Spam

A host engaged in sending spam.

Tor

A host acts as a TOR exit node

Database integrations

Unlock the power of Snowflake and AWS: Seamlessly access, deploy, and utilize our data feed product through the Snowflake Marketplace and AWS Marketplace.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our Threat Intelligence Data Feed provides you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.

OSINT

We collect indicators of compromise (IoCs) and threat data from open sources, combining details from nearly all available public sources into one centralized location.

Honeypots/sensors

We operate a custom network of honeypots to trap and study attacks's infrastructure.

Algorithmic and Machine Learning Analysis

We use known IoCs to predict and discover new potential threats, which we then validate and incorporate into our database.

Abuse Reports

We gather abuse reports and scrutinize them for insights.

In-House Research

Our specialist team conducts independent research to pinpoint and dissect new IoCs.

Database samples

We provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, IPs, CIDR, and more.

Free sample

The free sample provides all product features within a small subset of records. It can be published on the website to the potential customers free of charge for demonstration purposes.

Full sample

A one-day slice of full data which demonstrate the coverage, volumes and data structure. Contact us to get a full sample.

Pricing plans for all team sizes

Threat Intelligence Data Feeds provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, suspicious IPs, CIDRs, and more. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.

Billed MonthlyBilled Annually🎁 2 months FREE
TIDFStartup

$499 / month

< 100 employees

All threat types

Daily updates

TIDFBusiness

$1,990 / month

101 - 500 employees

All threat types

Daily updates

Dedicated support

TIDFEnterprise

Ask for a quote

> 500 employees

All threat types

Daily updates

Dedicated support

Custom data formats

Real-time streaming

Data enrichment

You’ll be in good company

Our solutions are already used by HiQ Finland, Deloitte, Amesan Consulting, Swedbank, Cisco, Accenture, Nielsen Suomi, CGI, Telia, Digital Ocean, University of Southern California, and others.

Connect to the threat pulse with the streaming version

Since we continuously receive new IoCs, we can also provide access to the streaming version of this product. In this case, you will receive new records with the lowest delay. Please contact us for details.

Contact Us

Got a technical issue? Want to send feedback about data feeds? Need details about our plans? Let us know. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.