SOCRadar® Cyber Intelligence Inc. | The Ultimate List of Free and Open-source Threat Intelligence Feeds


Apr 12, 2021
7 Mins Read

The Ultimate List of Free and Open-source Threat Intelligence Feeds

Cybersecurity threats are evolving quickly, and there’s no time to keep up to date on the new details for most security researchers. This is why threat intelligence is an important part of the security activities of each organization. Many sources of threats include costly fees, but luckily there are many free and inexpensive choices to choose from. Here is the ultimate list of the safest platforms for open-source threats.


Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization


InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure. Through seamless collaboration, InfraGard connects owners and operators within the critical infrastructure to the FBI, to provide education, information sharing, networking, and workshops on emerging technologies and threats. InfraGard’s vetted membership includes business executives, entrepreneurs, lawyers, security personnel, military, and government officials, IT professionals, academia, and state and local law enforcement—all dedicated to contributing industry-specific insight and advancing national security.

DHS CISA Automated Indicator Sharing

Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks. The AIS community includes private sector entities; federal departments and agencies; state, local, tribal, and territorial (SLTT) governments; information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs); and foreign partners and companies. AIS is offered at no cost to participants as part of CISA’s mission to work with our public and private sector partners to identify and help mitigate cyber threats through information sharing and provide technical assistance, upon request, that helps prevent, detect, and respond to incidents.


The AIS ecosystem empowers participants to share cyber threat indicators and defensive measures, such as information about attempted adversary compromises as they are being observed, to help protect other participants of the AIS community and ultimately limit the adversary’s use of an attack method. is a non-profit platform running a couple of projects helping internet service providers and network operators protecting their infrastructure from malware. IT-Security researchers, vendors, and law enforcement agencies rely on data from, trying to make the internet a safer place.


Open Threat Exchange is the neighborhood watch of the global intelligence community. It enables private companies, independent security researchers, and government agencies to openly collaborate and share the latest information about emerging threats, attack methods, and malicious actors, promoting greater security across the entire community.

COVID-19 Cyber Threat Coalition Feeds

The platform publishes data sets with indicators we believe to be used by criminals trying to prey on individuals, organizations, businesses, and governments using the COVID-19 pandemic. They also have an Open Threat Exchange group with MISP feeds. The OTX is mostly for people and teams helping out with curating the threat feed, and to access it you need an API key. is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked via SSH-, Mail-Login-, FTP-, Webserver- and other services. The mission is to report any and all attacks to the respective abuse departments of the infected PCs/servers, to ensure that the responsible provider can inform their customer about the infection and disable the attacker.

Phishtank Verified Online Url Feeds

OpenDNS uses its network analysis to help identify and confirm phishing sites. As that information becomes richer, OpenDNS will provide a feed to PhishTank. That feed’s quality will be up to the PhishTank community to judge, just as other submissions and submitters are. OpenDNS encourages its phishing feed providers to share their data with the PhishTank community.

Proofpoint Emerging Threats Rules

The Emerging Threats Intelligence (ET) is one of the top rating threat intelligence feeds, developed and provided by Proofpoint in both open-source and premium. ET categorizes web malicious activities IP addresses and domain addresses and monitors recent activity by each of these. The feed has 40 separate IP and URL classes, as well as an ongoing trust value updated.

The CINS Score

Sentinel supports the CINS Score. The CINS Score rates according to their confidence, like the ET confidence score. They add details in the form of frequency, type, and breadth of alleged or reported attacks from these IPs. They even aim to build “persons” for attacks that IPs have to do with: bugs in screening, networking or remote desktops, ransomware bots, or control servers.

SANS Internet Storm Center

It uses a distributed sensor network, which generates security warnings in more than 20 million log entries a day. The platform also offers security experts with research, tools, and forums.


VirusTotal uses hundreds of antivirus scanners and other resources for analysis and extraction of user-presented data from users’ directories and URLs. The service can be used to easily check events such as alleged phishing e-mails, and each entry can be kept in its database to provide a global cyber threat image.

Cisco Talos Intelligence

Cisco customers are protected by the Talos Threat Intelligence Team, although a free version has been made available for everyone. Talos’ comprehensive resources and insights inform people on knowledgeable threats, emerging risks, and current vulnerabilities. Talos also offers resources for testing and study

The Spamhaus Project

The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware, and botnets, provides real-time actionable and highly accurate threat intelligence to the Internet’s major networks, corporations, and security vendors, and works with law enforcement agencies to identify and pursue spam and malware sources worldwide.

VirusShare Malware Repository

VirusShare is an online repository of malware. The platform provides security researchers, incident responders, and forensic investigators access to millions of malware samples.

Google Safe Browsing

Google Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer. Safe Browsing protections work across Google products and power safer browsing experiences across the Internet.

Discover SOCRadar® Free Edition for free

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.


Cover image by miksturaproduction from Freepik