Each IOC verdict now exposes source agreement, data freshness, reliability weighting, contradictory signals, and a recommended analyst action.
The public JSON includes current source reliability, blocklist freshness, warning counts, and recent source-health history once the production cron has run.
Data quality should be easy to inspect without reading an implementation guide. These checks translate the registry and source-health history into plain-language proof.
The registry separates current source state from historical snapshots so visitors can see whether feeds are healthy now and whether that health is stable over time.
A single authoritative provider can matter more than many noisy contextual lists, which helps avoid overreacting to ads, trackers, or privacy blocklists.
Every SOC-ready verdict is designed to answer: what did we see, which sources agree, what conflicts exist, and should an analyst allow, monitor, review, escalate, or block?
Every feed is weighted by provider quality so authoritative detections outweigh noisy contextual blocklists.
Scanner, blocklist, OTX, WHOIS, certificate, and infrastructure signals are cross-checked for agreement or conflict.
Responses include observed time, last update, first seen, last seen, and stale-data warnings when available.
API and bulk outputs expose reasons, contradictory signals, confidence, and recommended SOC action.
A compact view of the highest-weighted feeds used by the scoring and evidence pipeline.
summary
Totals and warning counts for a quick health read.
sources
Configured providers with reliability and noise profile.
blocklists
Feed freshness, record counts, and stale or empty warnings.
history
Recent cron snapshots once production has recorded them.
| Source | Type | Category | Reliability | Noise Profile |
|---|---|---|---|---|
| Feodo Tracker - Botnet C2 IPs | ip | c2 | 0.98 | low |
| MITRE ATT&CK Enterprise STIX | mitre | threat-context | 0.98 | low |
| AbuseIPDB - IP Blacklist | ip | abuse | 0.98 | medium |
| VulnCheck - Vulnerability Intelligence | cve | vulnerability | 0.98 | low |
| MalwareBazaar - Recent SHA-256 Hashes | hash | malware | 0.98 | low |
| MalwareBazaar - Recent MD5 Hashes | hash | malware | 0.98 | low |
| DigitalSide-IT OSINT - Latest Malicious Domains | domain | malware | 0.98 | low |
| DigitalSide-IT OSINT - Latest Malicious IPs | ip | malware | 0.98 | low |
| DigitalSide-IT OSINT - Latest Malicious URLs | url | malware | 0.98 | low |
| DigitalSide-IT OSINT - Latest Malware SHA-256 | hash | malware | 0.98 | low |
| Phishing.Database - Active Phishing Domains | domain | phishing | 0.98 | low |
| duggytuxy - Ransomware IP Addresses | ip | ransomware | 0.98 | low |