Sunday 28 February 2016

Crowdsourced feeds from ThreatCrowd


Voting was added to ThreatCrowd recently, and I've been pleased to see a number of users regularly contributing votes.

These votes provide a useful source of malicious indicators, and so I've now put these into a feed in two files:

These feeds are not a substitute for the scale of auto-extracted command and control domains or the quality of some commercially provided feeds. But crowd-sourcing does go some way towards the quick sharing of threat intelligence between the community.

These files are updated once per hour, on the hour.

You can submit votes via the interface, or a simple API:

This will place a vote for "" being non-malicious:

This will place a vote for "" being malicious:

This data is available for free, and commercial use is allowed. It's licensed under
I make no guarantees to the quality of the data.