Our Threat Intelligence Offerings

Non-commercial use
Limited CSV export

Non-commercial use
Expanded dataset
REST API access
Academic pricing available
Commercial use
Expanded dataset with tags
Custom API integration
Premium support



Our Research CTI offering provides a feed of compromised hosts actively being used for botnet activities such as DDoS attacks and other malicious activity. This dataset is primarily used by ISPs and CERT teams for remediation purposes. It was also featured in our academic research papers, Identifying infected energy systems in the wild and Profiling IoT-based botnet traffic using DNS, co-authored with Lancaster University researchers.


Our Enterprise CTI offering provides the exploit attempts (includes CVE if known) conducted by malicious hosts and the location of malware payload (binaries) used by threat actors and botnet operators. This is especially useful for locating command-and-control servers before they're used to conduct DDoS attacks.

Bad Packets® CTI feeds are provided via our REST API endpoint in CSV or JSON format. Integration and support are provided under our standard enterprise contract which includes a no-cost pilot period of 30 days.

We also offer cybersecurity consulting services. Please select which service you're interested in and we'll get back to you within one business day.