☀️ 🌙
← Back to Home

Threat Intelligence Feeds Enterprise

Licensable threat intelligence feeds for security products and services

Overview

DNS Science Threat Intelligence Feeds provide high-quality, machine-readable threat data for integration into security products, SIEMs, firewalls, and DNS filtering solutions. Enterprise tier ($999/month) required.

Available Feeds

malicious_domains

Known malicious domains from multiple sources

Update frequency: Hourly
dga_domains

ML-detected Domain Generation Algorithm domains

Update frequency: Real-time
phishing_domains

Phishing infrastructure and lookalike domains

Update frequency: Hourly
botnet_c2

Command and Control domains

Update frequency: Hourly
botnet_c2_ips

C2 IP addresses

Update frequency: Hourly
newly_suspicious

Newly registered suspicious domains

Update frequency: Daily
typosquatting

Brand lookalike and typosquatting domains

Update frequency: Daily

1. List Available Feeds

GET /api/v2/feeds/available

2. Download Feed

GET /api/v2/feeds/{feed_name}?limit={limit}&min_confidence={confidence}

Parameters

Parameter Description Default
limit Maximum entries to return 10000
min_confidence Minimum confidence score (0-100) 70
since Delta updates since timestamp -
format json, csv, or jsonl json

Example

curl "https://www.dnsscience.io/api/v2/feeds/malicious_domains?limit=1000&min_confidence=80" \
  -H "X-API-Key: YOUR_API_KEY"

Response

{
  "feed": "malicious_domains",
  "generated_at": "2024-11-22T10:30:00Z",
  "count": 1000,
  "entries": [
    {
      "indicator_value": "malware-site.com",
      "first_seen": "2024-11-20T10:30:00Z",
      "last_seen": "2024-11-22T08:15:00Z",
      "confidence": 85,
      "severity": "high",
      "tags": ["malware", "c2"],
      "source": "dnsscience-ml"
    }
  ]
}

3. Indicator Lookup

GET /api/v2/feeds/{feed_name}/lookup?indicator={value}

4. API Key Management

Create dedicated API keys for feed access with custom rate limits.

GET /api/v2/feeds/keys
POST /api/v2/feeds/keys
DELETE /api/v2/feeds/keys/{id}

Create Key Example

curl -X POST "https://www.dnsscience.io/api/v2/feeds/keys" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
    "name": "Production Feed Access",
    "allowed_feeds": ["malicious_domains", "dga_domains"],
    "rate_limit": 1000,
    "expires_days": 365
  }'

5. Bulk Export

Export large datasets to S3 for download.

POST /api/v2/feeds/export
GET /api/v2/feeds/export/{job_id}

6. Usage Tracking

GET /api/v2/feeds/usage

Rate Limits

Key Type Requests/Hour
Standard 100
Premium 1,000
Enterprise 10,000

Output Formats

Format Content-Type Use Case
JSON application/json API integration
CSV text/csv Spreadsheet, SIEM import
JSON Lines application/x-ndjson Stream processing