LookingGlass Intelligence

LookingGlass raw intelligence is gathered from a wide variety of deployed internet sensors; surface, Deep and Dark Web sources; botnet sinkholes; underground channels and LookingGlass proprietary crawling algorithms. It is continuously refined and updated, and then vetted by expert security analysts and machine learning algorithms.


Phishing URLs

A near real-time phishing URL feed comes from a variety of sources including spam email, domain name registrations, proprietary LookingGlass web crawling technology, and “suspect email” streams from major web-based email providers. Our experienced threat analysts quality control this data feed before it goes to you.


Malicious URLs

A near real-time stream of URLs that attempt to infect computers with malicious code when the user accesses the URL. Discovered malicious URLs are gathered from a variety of sources, including spammed links, suspicious domain name registrations, phishing attacks, “suspect email” streams from major web-based email providers, and patented LookingGlass Site Seal technology. LookingGlass analysts then analyze and test against multiple antivirus engines and security programs to ensure the efficacy of this data feed.

Newly Registered

Newly Registered Domains

Daily list of Top-Level Domains (TLDs) registered globally in the last 24 hours. We don’t stop at just the top five traditional TLDs—our systems span more than 825 new generic TLD (gTLD) extensions.

Virus Tracker™
Infection Records

Virus Tracker™ Infection Records

Identify millions of new malware infections every day, as well as have access to historical global infections collected by LookingGlass Virus Tracker botnet monitoring technology.

Virus Tracker™
C2 Domains

Virus Tracker™ C2 Domains

Limit and block outgoing traffic from infected machines from reaching command-and-control (C2) servers. LookingGlass Virus Tracker technology provides a daily updated list of fully-qualified domain names (FQDNs) associated with infected C2. The list is generated from a combination of LookingGlass virus and botnet tracking, sinkhole servers, and reverse engineering of domain-generation algorithms (DGA) and analysis of advanced persistent threats.



High-quality threat intelligence that can be easily consumed and integrated with your own workflows and security platforms.


  • Security Information and Event Management (SIEM)
  • Threat Intelligence Management and Platform products
  • Security Appliances (e.g., Application Level Gateways)



Datafeed Collection Process - Malware
Datafeed Collection Process - Malware

Datafeed Collection Process - Phishing
Datafeed Collection Process - Phishing

Cyber Threat Intelligence.