Threat Intelligence Data Feed

Equips your security systems with a comprehensive list of IoCs for automatic threat detection and response. The premium version enhances this with in-depth threat intelligence, similar to our Lookup service. Select from raw or pre-filtered feeds, both tailored for smooth integration within your infrastructure.

Use Cases

Threat Intelligence Data Feed provide the data to improve many aspects of information security. By providing lists of known threats, the feeds enable identification, monitoring, flagging and blocking them, in addition to allowing performing cybersecurity research and analysis.

Security Tools

Empower your security tools with fresh threat data by integrating our feeds. This enables the automatic flagging of IoCs, ensuring timely threat identification and mitigation.

Saas Platforms

Enhance your SaaS platform's threat coverage by seamlessly integrating our feeds, providing maximum protection to your clients.

Firewalls & Denylists

Secure your infrastructure by downloading our data feed and using it to configure firewalls and denylists, blocking traffic from dangerous domains, IPs, CIDRs, and URLs.

We cover the following threat types

Every IoC is attributed with a threat type. There are 9 threat types present in the data feed:


Malicious activity detected from the host. For example, SSH brute-force, etc.


A host was detected as an actor in a group of connected hosts that perform malicious activities (botnet).

C2 (C&C)

The host is a known botnet's "Command and Control" server.


The IoC is related to malicious software distribution. It can be a host or a URL serving the malware.


The indicator, usually a domain name or URL, is involved in Phishing activity;


IoC's activity hasn't been verified to be of malicious nature. For instance, it may be a host scraping websites, sending large amounts of ICMP queries, etc.;


IoC has been involved in some form of malicious activity but couldn't be classified into one of the other categories.


A host engaged in sending spam.


A host acts as a TOR exit node

Database integrations

Seamlessly access, deploy, and utilize our data feeds through the Snowflake and AWS Marketplaces.

Our Threat Intelligence data sources

By combining data from the following multiple sources, our Threat Intelligence Data Feed provides you with a comprehensive and accurate view of the threat landscape, enabling you to take proactive steps to protect your organization from cyber threats.


We collect indicators of compromise (IoCs) and threat data from open sources, combining details from nearly all available public sources into one centralized location.


We operate a custom network of honeypots to trap and study attacks's infrastructure.

Algorithmic and Machine Learning Analysis

We use known IoCs to predict and discover new potential threats, which we then validate and incorporate into our database.

Abuse Reports

We gather abuse reports and scrutinize them for insights.

In-House Research

Our specialist team conducts independent research to pinpoint and dissect new IoCs.

Download sample

Free sample

Experience our product's capabilities with a complimentary sample that includes a limited selection of records. This allows you to familiarize yourself with the data formats and test integration with your systems. However, please note that this sample is not indicative of the full scope of our data.

Full sample

For a comprehensive understanding, request our full sample, which encompasses all product features and provides a complete day's data. This sample will showcase the extensive coverage, volume, and structure of our data. To obtain the full sample, please get in touch with us

You’ll be in good company

Our solutions are already used by HiQ Finland, Deloitte, Amesan Consulting, Swedbank, Cisco, Accenture, Nielsen Suomi, CGI, Telia, Digital Ocean, University of Southern California, and others.

Connect to the threat pulse with the streaming version

Since we continuously receive new IoCs, we can also provide access to the streaming version of this product. In this case, you will receive new records with the lowest delay. Please contact us for details.

Pricing plans for all team sizes

Threat Intelligence Data Feeds provide daily data in CSV and JSON formats. The data includes denylists, malicious domains, suspicious IPs, CIDRs, and more. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.

Billed MonthlyBilled Annually🎁 2 months FREE

$490 / month

< 15 employees

All threat types

Daily updates


$890 / month

16 - 100 employees

All threat types

Daily updates

Dedicated support


Ask for a quote

> 100 employees

All threat types

Daily updates

Dedicated support

Custom data formats

Real-time streaming

Data enrichment

For invoice payments, please get in touch with us via or Contact us form.

Contact Us

Got a technical issue? Want to send feedback about data feeds? Need details about our plans? Let us know. Please note that our service is for registered companies only. Requests from private individuals or emails that don't match the company domain name are ignored.