Our Threat Intelligence Offerings

Non-commercial use
Limited CSV export

Limited commercial use
Expanded dataset
REST API access
Academic pricing available
Starting at $15,000/year
Commercial use
Expanded dataset with tags
Custom API integration
Premium support
Starting at $100,000/year



Our Analyst CTI offering provides a feed of compromised hosts actively being used for botnet activities such as DDoS attacks and other malicious activity. This dataset is primarily used by ISPs and CERT teams for remediation purposes. It was also featured in our academic research papers, Identifying infected energy systems in the wild and Profiling IoT-based botnet traffic using DNS, co-authored with Lancaster University researchers.


Our Enterprise CTI offering provides the exploit attempts (includes CVE if known) conducted by malicious hosts and the location of malware payload (binaries) used by threat actors and botnet operators. This is especially useful for locating command-and-control servers before they're used to conduct DDoS attacks.

Bad Packets® CTI feeds are provided via our REST API endpoint in CSV or JSON format. Integration and support are provided under our standard enterprise contract which includes a pilot period of 30 days.

We also offer cybersecurity consulting services. Please select which service you're interested in and we'll get back to you within one business day.