Hello and welcome to the Wednesday, February 5th, 2025 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich and I am recording from Jacksonville, Florida.

Today I updated some of the documentation around the website.

There are a good number of data feeds that we either create in-house

or that we pull from other public sources.

And these data feeds are often mentioned.

For example, when you're looking up an IP address

and one of the IP address you're looking up shows up in one of these data feeds.

It will be listed in the IP info page.

But they never really documented well what these shortcuts, these acronyms for using,

actually mean.

So this has been fixed now with a couple of additional links throughout the pages that will probably be

expanded as I find more opportunities to do so. And the diary that I wrote today does explain

a little bit sort of what we're doing here. Again, our API is free to use if you would like to

download any of these threat feeds.

Just understand that they're not to be supposed to be used as a block list.

I actually prefer to call them data feeds instead of threat feeds.

I mess it up sometimes myself a little bit.

The reason I call them data feeds is that, for example, we have

feeds of public NTP servers, which are not malicious, but sometimes it's nice to know that an

IP address that you're investigating is associated with the public NTP server, because that

could explain some of the traffic that you are seeing.

...