Closed Source Intelligence (CSINT) lists

ThreatJammer is a product to help users to identify as soon as possible the threats that can compromise your services, applications, devices, and any piece of technology that needs an IP address to connect or create an account.

In this page you can find an explanation of the different closed sources that are used to calculate the risk score of the IP addresses. You can learn more about the diffferent threat detection strategies in our product reading the documentation.

These datasets are available now for all users during the Beta stage if the product.

VPN Datasets
Anonymous VPN or Logless VPNs providers can be a strong indicator of a potential threat. Threat Jammer keeps track of the most recent VPNs to help you identify them and take the best possible action as result.
Every hour
Datacenter Datasets
When a user connects to an online service, they do it from a device such as a cell phone, tablet, PC, or laptop. These devices connect to the web through internet service providers intended for residential, mobile, or enterprise audiences. So we can infer that most of the connections made by humans will come from these IP addresses.

When a server responds to a request from users' devices or connects to another server (machine-to-machine communication), it does so over different IP address ranges because the datacenters have pools optimized to connect servers to the service providers' backbone.

Therefore, a connection from a device generally used by humans made from a data center can qualify as suspicious activity.
Every day
Autonomous System Datasets
Every day there are countless attempts to compromise the security of a server or a personal device such as a cell phone or PC. And a significant percentage of those attempts succeed, becoming a malicious element ready to be used as a spearhead for evil actions. Suppose the network provider implements adequate preventive measures. In that case, it can detect such an intrusion (e.g., by detecting abnormal traffic) and either fix the problem by itself or ask the device owner to fix it. That is what we all expect from a provider with good practices in place.

But sometimes, this is not what happens, and the network service provider does not have these best practices in place for various reasons. Or even worse, it is an unscrupulous provider hosting malicious actors regardless of the damage it can do to third parties. These are the providers for whom Threat Jammer implements a risk calculation system.

Therefore, a connection from a network service with a Threat Jammer high-risk score can qualify as suspicious activity.
Every day
Crawlers User Agents Datasets
When a user requests a web page, many websites check the type of browser used to deliver a specialized page to render it correctly. A lesser-known browser can identify itself as a popular browser as long as it renders pages in the same way. It is not a problem for most websites, but the user experience can sometimes change depending on the browser.

There is an entirely different scenario when the user is not a human but an automated script or a bot. In this case, the bot will try to tease our service by pretending to be a classic interactive browser to obtain an accurate version of the web page.

A malicious actor can use this trick to hide their real identity and cover the path of their activities by pretending to be a human.
Every day

Signup to start using Threat Jammer for free!