QSentryTM

QSentry is a feed of IP addresses that are associated with infrastructure actively utilized or abused by cyber criminals.

QSentryTM Delivers

These IP addresses are from virtual private networks (“VPN”) and proxy services that are promoted online and in some cases within criminal marketplaces. They are scored based on how open the service is to the general public. This collection of VPN and proxy data is enriched with IP addresses related to mass platform abuse such as compromised credential checking, as well as Tor exit nodes. Additionally, the QSentry feed includes IP addresses linked to malicious infrastructure of criminal and nation-state threats.

This feed can be consumed by customers to flag suspicious ingress or egress traffic, as well as monitor potential platform abuse. The feed is accessed via the Qintel API and is updated on a daily basis.

In addition to all of the above features, the API allows historical queries by providing a date range, which specifies when the data was added to the feed.

QSentryTM Highlights

Anonymization IPs graphic

Anonymization IPs

Data collected from VPN and proxy services advertised online as well as Tor nodes

Who can benefit from QSentry graphic

Who can benefit
from QSentry?

  • - Security Operation Centers (SOCs)
  • - Large platform operators
  • - Network security defenders
protect corporate systems graphic

protect corporate systems
+ customer platforms

  • Flag employee traffic to potentially malicious sites
  • Identify account registrations and logins from anonymous infrastructures
  • Pinpoint internal network traffic that could be related to unauthorized data exfiltration
  • Ensure employees follow proper security policies when accessing corporate systems
  • Quickly detect credential checking or other mass platform abuse
Highly Abused hosting ASNs graphic

Data from highly
abused hosting ASNs

Certain hosting providers either cater specifically to malicious actors or are highly abused because they lack necessary KYC protocols. Customers of QSentry can prevent their employees from ever reaching dangerous sites such as botnet command-and-control systems, phishing URLs, and exploit kit infection hosts.