Bulk Data feeds are unenriched feeds containing domains, URLs, and nameservers that are exportable as a TXT or CSV file, or as an API endpoint.
Feeds are categorized by data type and contain information on important changes and additions across the global IPv4/6 range, which organizations can use to inform their cyber defense operations, such as lists of new nameservers or country code top-level domains (ccTLDs).
Access Bulk Data feeds
Log in to your Enterprise account.
Navigate to Data Export > Bulk Data Exports
Export data with API endpoint
Log in to your Enterprise account.
Navigate to Data Export > Bulk Data Exports.
Click the Automate Export button on the chosen feed.
Select the required file type.
Click the Copy API Endpoint button. The endpoint retrieves a time-limited URL (3 hours) that you can call to download the file.
Click on the cURL, Python, or pHp tabs to copy code samples, and call it from another security tool.
Export data as a text file
From the Silent Push menu, navigate to Data Exports > Archive Exports.
Choose the Card or Table view, and click Download file.
Select the required file type.
Click Download file.
Select the required file type.
List of Bulk Data feeds
Feed name | Description |
|---|---|
| A list of new domains, collected from daily ICANN zone file updates (exportable as a text file) |
| A list of new domains hosted on country code top-level domains (ccTLDs), first seen within the last 24 hours (exportable as a text file) |
| A list of new nameservers, first seen within the last 24 hours. (exportable as a text file) |
| A list of new self-named nameservers, first seen within the last 24 hours (exportable as a text file) |
| A list of Domains that have changed nameservers within the last 24 hours (exportable as a JSON) |
| Domains that have changed to a self-named nameserver within the last 24 hours (exportable as a JSON) |
| New mail servers, seen within the last 24 hours (exportable as a text file) |
| FUNNULL is a Chinese content delivery network (CDN) company involved in ongoing criminal campaigns, including investment scams, fake trading apps, and hosting online gambling networks. Over the past two years, Silent Push identified more than 200,000 unique hostnames being proxied through FUNNULL, with more than 95% appearing to have been created via domain generation algorithms (DGAs). A large portion of these FUNNULL-hosted domains are online gambling networks containing the logo and branding of Suncity Group, an organization accused of illegal betting and offshore operations, and allegedly supporting money laundering for Lazarus Group, according to a U.N. report. Additionally, FUNNULL’s modified Polyfill JavaScript library was recently used in a supply chain attack redirect that impacted more than 110,000 of the top websites on the internet (exportable as a CSV file) |
| IPv4 addresses that have acted as IPFS nodes within the last 7 days (exportable as a text file) |
| IPv6 addresses that have acted as IPFS nodes within the last 7 days (exportable as a text file) |
| IPs hosting WordPress websites running ClickFix weaponized plugins, in the past 30 days. This feed may contain legitimate IP infrastructure that was compromised by the threat actor, and is therefore provided here as bulk data feeds (BDFs) instead of IoFA feeds (exportable as a text file) |
| Domains hosting WordPress websites running ClickFix weaponized plugins, in the past 30 days. This feed may contain legitimate domain infrastructure that was compromised by the threat actor, and is therefore provided here as bulk data feeds (BDFs) instead of IoFA feeds. (exportable as a text file) |
| AstrillVPN is a vpn commonly employed by North Korean threat actors to conduct malicious actions on the internet (exportable as a CSV file) |
| This feed provides a list of IPs that were discovered within the sensitive files that were acquired from the Contagious Interview infrastructure (exportable as a CSV file) |
| These domains allow anyone to register and rent subdomains on them. Some originate from the Public Suffix List (PSL), dynamic DNS providers, and various third-party services that facilitate subdomain leasing (exportable as a CSV file) |
| This feed contains threat actors who abuse Smishing tactics -- sending malicious phishing messages over SMS text messages. This feed also contains IOFAs from Smishing Triad, a specific threat group known to target 50+ countries with smishing messages that focus on mail delivery scams, toll road scams, and certain types of other government services scams (exportable as a CSV file) |
| This feed contains threat actors who abuse Smishing tactics -- sending malicious phishing messages over SMS text messages. This feed also contains IOFAs from Smishing Triad, a specific threat group known to target 50+ countries with smishing messages that focus on mail delivery scams, toll road scams, and certain types of other government services scams (exportable as a CSV file) |
| This feed contains the archive of threat actors who abuse Smishing tactics -- sending malicious phishing messages over SMS text messages. This feed also contains IOFAs from Smishing Triad, a specific threat group known to target 50+ countries with smishing messages that focus on mail delivery scams, toll road scams, and certain types of other government services scams (exportable as a CSV file) |
| This feed contains the archive of threat actors who abuse Smishing tactics -- sending malicious phishing messages over SMS text messages. This feed also contains IOFAs from Smishing Triad, a specific threat group known to target 50+ countries with smishing messages that focus on mail delivery scams, toll road scams, and certain types of other government services scams (exportable as a CSV file) |
| This FakeUpdates / SocGholish cluster is named merchantServices. The actor exploits vulnerable sites and uses them to deliver the malicious code to more victims (exportable as a CSV file) |
| This FakeUpdates / SocGholish cluster is named merchantServices. The actor exploits vulnerable sites and uses them to deliver the malicious code to more victims (exportable as a CSV file) |