QSentry is a feed of IP addresses that are associated with infrastructure actively utilized or abused by cyber criminals.
These IP addresses are from virtual private networks (“VPN”) and proxy services that are promoted online and in some cases within criminal marketplaces. They are scored based on how open the service is to the general public. This collection of VPN and proxy data is enriched with IP addresses related to mass platform abuse such as compromised credential checking, as well as Tor exit nodes. Additionally, the QSentry feed includes IP addresses linked to malicious infrastructure of criminal and nation-state threats.
This feed can be consumed by customers to flag suspicious ingress or egress traffic, as well as monitor potential platform abuse. The feed is accessed via the Qintel API and is updated on a daily basis.
In addition to all of the above features, the API allows historical queries by providing a date range, which specifies when the data was added to the feed.