Our threatlists are a way for us to help in supporting the security community. Our email subscribers receive access to our regularly-updated lists.
These high-confidence IP addresses are gathered from attackers attempting to log into our private honeypot network hosted across the world. You can use this list of known attackers to hunt for comprised accounts on your own systems, to populate firewall lists, or for general security research purposes.
Download our threatlists in CSV format with a simple GET request the URLs below.
API Tokens are completely free and help us prevent abuse. Get an API token by signing up for our email newsletter below and checking your inbox, and then visit any of the below URLs at your preferred interval.
Sample Threatlist (No API Token Required): https://threatlists.intercept.sh/threatlist_7d_weekly_sample.csv
Hourly Incremental:
https://threatlists.intercept.sh/threatlist_1hr.csv?token=<token>
Every 24 hours (updated nightly):
https://threatlists.intercept.sh/threatlist_24hr.csv?token=<token>
Every 30 day overall count (updated nightly):
https://threatlists.intercept.sh/threatlist_30d.csv?token=<token>
We'll send you info when we launch and you'll get access to our free content – spam isn't part of the plan.
