Our Threat Intelligence Offerings

Non-commercial use
Limited CSV export

Non-commercial use
Expanded dataset
REST API access
Academic pricing available
Commercial use
Expanded dataset with tags
Custom API integration
Premium support



Our Research CTI offering provides a feed of compromised hosts actively being used for botnet activities such as DDoS attacks and other malicious activity. This dataset is primarily used by ISPs and CERT teams for remediation purposes. It was also featured in our academic research paper, Identifying infected energy systems in the wild, co-authored with Lancaster University researchers.

Fields provided: Source IP Address, Source Port, Target Port, Protocol, Country, Date First Seen, Date Last Seen, and Event Count


Our Enterprise CTI offering provides the exploit attempts (includes CVE if known) conducted by malicious hosts and the location of malware payload (binaries) used by threat actors and botnet operators. This is especially useful for locating command-and-control servers before they're used to conduct DDoS attacks.

Fields provided: Source IP, Country, User Agent, Payload, POST Data, Target Port, Bad Packets® Tags (Description | Category | CVE), Date First Seen, Date Last Seen, and Event Count

Our feeds can be delivered to you via our REST API endpoint, CSV, or JSON. Integration and support are provided under our standard enterprise contract which includes a no-cost pilot period.

We also offer cybersecurity consulting services. Please select which service you're interested in and we'll get back to you within one business day.