What information do you include in your reports?

We share most of the data that we collect each day, filtered by ASN, CIDR, Country Code, or TLD (all levels). We offer over 100 different report types; you can subscribe to any or all of them. Our data is actionable and includes at minimum, the IPs, timestamps, and other incident meta-data necessary to act on the issue reported. The information shared can come from scans, sinkholes, honeypots, darknets, sandboxes,  blocklists and many other sources.

Each custom report contains filtered data on the activity that we were able to monitor within the last 24 hours (or, for C&Cs, seven days). If we haven’t detected any activity relevant to your subscription during that period, we won’t send the report for that day.

Other Questions