Threat Intelligence Feeds

Browse and download our comprehensive threat intelligence feeds. All feeds are updated hourly and available for free.

🌐 IP Addresses

Updated Hourly

Malicious IP addresses detected through our global honeypot network. Includes attackers conducting brute-force attempts, port scanning, and exploitation attempts.

  • Complete historical archive
  • Daily breakdowns available
  • One IP per line (plain text)
  • IPv4 addresses
Browse IP Feeds Download All

🔗 Domains & URLs

Updated Hourly

Malicious domains and URLs used in attacks. Includes phishing sites, malware distribution servers, C2 infrastructure, and other malicious web resources.

  • Full URLs and domains
  • Phishing campaigns
  • Malware distribution
  • C2 infrastructure
Browse Domain Feeds Download All

🔐 File Hashes

Updated Hourly

Cryptographic hashes (MD5, SHA1, SHA256) of malware samples collected from our honeypots. Use for file reputation checks and malware detection.

  • MD5, SHA1, SHA256 hashes
  • Malware samples
  • Exploit payloads
  • One hash per line
Browse Hash Feeds Download All

⚡ Malicious Commands

Updated Hourly

Actual commands and payloads executed by attackers on our honeypots. Valuable for understanding attack patterns and building detection rules.

  • Shell commands
  • Exploitation attempts
  • Malicious scripts
  • Attack patterns
Browse Command Feeds Download All

🛡️ Suricata Rules

IDS/IPS

Suricata IDS/IPS rules generated from our threat intelligence. Deploy these rules to detect and block known threats in your network.

  • Network detection rules
  • Signature-based alerts
  • Compatible with Suricata
  • Regular updates
Browse Rules

📊 API Access

Programmatic

Access all feeds programmatically via our simple API. No authentication required. Perfect for automation and integration with security tools.

  • Simple HTTP GET requests
  • No authentication needed
  • Integration examples
  • Free for all users
View API Documentation

Usage Guidelines

✅ Allowed Uses

  • Blocking malicious IPs at firewalls
  • DNS filtering and blocklists
  • SIEM and security monitoring
  • Threat hunting and analysis
  • Security research
  • Commercial security products

📋 Requirements

  • Implement reasonable rate limiting
  • Cache feeds locally (updated hourly)
  • Validate data before use
  • Handle errors gracefully
  • Attribution appreciated (optional)

Quick Integration

Command Line (cURL)

curl https://www.check-the-sum.fr/feeds/ip/all_ip.txt

Python

import requests
r = requests.get('https://www.check-the-sum.fr/feeds/ip/all_ip.txt')
ips = r.text.split('\n')