Closed Source Intelligence (CSINT) lists
ThreatJammer is a product to help users to identify as soon as possible the threats that can compromise your services, applications, devices, and any piece of technology that needs an IP address to connect or create an account.
In this page you can find an explanation of the different closed sources that are used to calculate the risk score of the IP addresses. You can learn more about the diffferent threat detection strategies in our product reading the documentation.
These datasets are available now for all users during the Beta stage if the product.
When a server responds to a request from users' devices or connects to another server (machine-to-machine communication), it does so over different IP address ranges because the datacenters have pools optimized to connect servers to the service providers' backbone.
Therefore, a connection from a device generally used by humans made from a data center can qualify as suspicious activity.
But sometimes, this is not what happens, and the network service provider does not have these best practices in place for various reasons. Or even worse, it is an unscrupulous provider hosting malicious actors regardless of the damage it can do to third parties. These are the providers for whom Threat Jammer implements a risk calculation system.
Therefore, a connection from a network service with a Threat Jammer high-risk score can qualify as suspicious activity.
There is an entirely different scenario when the user is not a human but an automated script or a bot. In this case, the bot will try to tease our service by pretending to be a classic interactive browser to obtain an accurate version of the web page.
A malicious actor can use this trick to hide their real identity and cover the path of their activities by pretending to be a human.