Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you


using it now

Our mission is to help cybersecurity experts to consolidate their knowledge about all publicly available threat intelligence sources in one convenient service.

It is important to respond promptly to every new emerging threat. We provide full context around triggered indicators of compromise to fulfil the needs of quick and informed decision.

Every indicator is ranked, so, you can make a quick decision

Every indicator is enriched to support you to make an informed decision

Out-of-the-box and custom


Many indicators come with no threat context. This makes it difficult to make a decision should we block based on the indicators or not.

Looking at an indicator it is crucial to have additional information such as: when it was first seen in the wild, who owns that IP or domain, where it is hosted geographically and which well-known hosting provider is used.

After IoCs are being aggregated from multiple sources we contextualise them by adding:

  • First seen timestamp
  • Threat category
  • ASN and owner
  • WHOIS data
  • Geo data
  • Cloud provider residency
  • Linked malicious objects


Every day hundreds of threats are targeting every organisation who is actively using the Internet in their day-to-day business. This may cause thousands of alerts daily to be monitored and analysed.

Having such a big flow of everyday alerts it is important to sort them by score and start an investigation of the most critical first. We rank every indicator using our algorithms to assign an appropriate score and help you to look at only the relevant piece of information.

Enterprise Feed Download Sample


Indicators are temporarily in nature and some may be added incorrectly

The occurrence of Type I (false positive) errors and Type II (false negative) errors when you deal with Indicators of Compromise is usual and annoying.

We cross-verify the feeds and also perform additional sanitising checks to determine relation to:

  • Publicly available cloud services (AWS, GCP, Azure and many others)
  • Exception list according to RFC
  • Other whitelists used by the cybersecurity community

Have any questions left?

We are happy to answer and provide more information!

Ask a question


0 /mon

Free Feed

Full dump every 24 hours
SIEM Integration
Please contact us


IP and Domains

Full dump every 24 hours
SIEM Integration