CyberIntel™ aggregates publicly available threat intelligence from the sources listed below. We are deeply grateful to the organisations and researchers who make this data freely accessible for the betterment of global cybersecurity. All data is used in accordance with each provider's terms of service and applicable licenses.
CyberIntel does not claim ownership of any third-party data. All trademarks, copyrights, and intellectual property displayed on this platform belong to their respective owners.
⚖️ Legal notice: All third-party data displayed on CyberIntel is used under the respective terms of service, public domain declarations, Creative Commons licenses, or non-commercial use permissions of each provider. Where attribution is required, it is provided on this page and in the platform footer. If you believe your data is being used outside the scope of your license terms, please contact us at legal@resilientprivacy.com.
© National Institute of Standards and Technology (NIST), U.S. Department of Commerce. NVD data is a work of the U.S. Government and is in the public domain. CVE data is used to populate our vulnerability reports.
© Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of Homeland Security. Public domain. The KEV catalog is used to surface actively exploited vulnerabilities requiring immediate attention.
© AbuseIPDB LLC. Used under the AbuseIPDB Terms of Service. AbuseIPDB blacklist and check APIs power our live threat heatmap, attack feed, and IP reputation lookup. Attribution required for public displays.
© abuse.ch. Used for non-commercial threat intelligence purposes per abuse.ch terms. MalwareBazaar powers our malware samples feed, ThreatFox powers our IOC intelligence feed, and URLhaus powers our phishing/malware URL feed.
© 2015–2026 The MITRE Corporation. ATT&CK® is a registered trademark of The MITRE Corporation. ATT&CK framework data is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0). Used to map threat intelligence to adversary tactics and techniques.
© SANS Internet Storm Center. DShield data including top attacking IPs, targeted ports, and the Infocon threat level is used under SANS ISC terms for informational and non-commercial use.
© ransomware.live contributors. An open-data project tracking ransomware groups and their victims. Used to power our Ransomware Tracker section. Data is publicly contributed by the security research community.
© OpenPhish. The OpenPhish community feed is used under OpenPhish Terms of Service for informational threat intelligence purposes. Phishing URLs are used in our Malware & Phishing Intel section.
© Cisco Talos / PhishTank. Used under PhishTank Terms of Service. PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Powers one of our URL scanner engines.
© urlscan.io GmbH. Used under urlscan.io Terms of Service (free tier). urlscan.io is a service to scan and analyse websites. Powers our URL scanner deep analysis engine including screenshot capability.
© Google LLC. Used under Google APIs Terms of Service (free tier). The Safe Browsing API checks URLs against Google's continuously updated lists of unsafe web resources. Powers one of our four URL scanner engines.
© Shodan. Used under Shodan Terms of Service. The Shodan InternetDB provides fast IP lookups including open ports, known CVEs on services, and tags. Powers our IP/Domain Reputation Lookup tool.
© BleepingComputer. News summaries fetched via public RSS feed for threat intelligence news aggregation purposes.
© Brian Krebs / Krebs on Security. News summaries fetched via public RSS feed.
© The Hacker News Media. News summaries fetched via public RSS feed.
© Informa Tech / Dark Reading. News summaries fetched via public RSS feed.
© Wired Business Media / SecurityWeek. News summaries fetched via public RSS feed.
© Sophos Ltd. News summaries fetched via public RSS feed.
© Malwarebytes Inc. News summaries fetched via public RSS feed.
© Bruce Schneier. Commentary and analysis summaries fetched via public Atom feed.
© Graham Cluley. News summaries fetched via public RSS feed.
© CISA, U.S. Government. Public domain. Security advisories fetched via public RSS/XML feed.
© Cisco Systems / Talos Intelligence Group. Research summaries fetched via public RSS feed.
© Palo Alto Networks / Unit 42 Threat Research. Research summaries fetched via public RSS feed.
© Offensive Security. Exploit entries fetched via public RSS feed under Offensive Security Terms.
© Packet Storm Security. Security advisories and exploits fetched via public RSS feed.
© SigmaHQ Contributors. Sigma detection rules are used under the Detection Rule License (DRL) 1.1. Sample rules displayed on our MITRE ATT&CK page are adapted from SigmaHQ for educational and threat intelligence purposes.
© OpenStreetMap contributors. Map tiles and data are available under the Open Database Licence (ODbL). Used for our global threat heatmap. openstreetmap.org/copyright
© 2010–2024 Vladimir Agafonkin. Leaflet is an open-source JavaScript library for interactive maps, licensed under BSD 2-Clause. Used for our interactive threat heatmap.
© 2014–2024 Chart.js Contributors. Licensed under the MIT License. Used for ransomware timelines, port charts, and UEBA analytics visualizations.
© Google LLC. Inter (© The Inter Project Authors) and JetBrains Mono (© JetBrains s.r.o.) are licensed under the SIL Open Font License 1.1. Served via Google Fonts CDN.
If you are a data provider and believe your content is being used outside the scope of your license or terms of service, please contact us immediately:
Email: legal@resilientprivacy.com
General: info@resilientprivacy.com
Resilient Privacy Inc.
We take attribution seriously and will respond within 5 business days.