Proprietary Cyber Threat Intelligence
Fraudlogix has operated in the digital advertising fraud space since 2010, protecting the world’s largest advertising exchanges and networks. We recently found that the data we collect on botnets, malware, and infected devices that are used to commit ad fraud is highly applicable to the cyber security space. These same infected devices are being used by multiple threat actors for nefarious activities such as DDoS, unauthorized login attempts, network penetration, data theft breaches, etc.
First, watch this short video – it provides an overview of the data and how it is collected, answering most FAQ’s.
Data Feeds Available:
Full Data Feed
The Full Data Feed is an hourly deposit that contains over 100 MB of data in JSON format on all the threat events that we saw in the last 1 hour increment. The data contains 24 variables on each of the infected devices that we saw. These variables include the IP, user agent, ASN, etc.
IP Intelligence Feed
The IP Intelligence Feed is a cumulative list of all the IPs in the universe that we believe are high risk for infected machines and botnets/malware based on the traffic we’re seeing. There’s roughly 2 million IPs at any given time, updating hourly. The list is available as a downloadable file or via an API, and each IP is assigned a risk level and reason code for its inclusion.
For further analysis, a dashboard has been set up that allows you to query any of the IPs in the file to get granular level data on the threat events and devices that we saw coming from that IP during the previous 60 days. See the process and search results below:
1. Enter the IP address.
2. View the list of threat events that Fraudlogix has seen in the last 60 days and select one.
3. Once the threat event is selected, see the granular device data that we saw.