About TweetFeed

Free IOC feeds from 90+ infosec researchers on Twitter/X

About TweetFeed

TweetFeed

A free, community-driven project that collects Indicators of Compromise (IOCs) shared by security researchers on Twitter/X and makes them accessible via feeds, API and search.

What are IOCs?

Indicators of Compromise are artifacts (URLs, domains, IPs, file hashes) observed in connection with malicious activity. They help defenders detect and respond to threats.

How does TweetFeed work?

TweetFeed monitors tweets containing specific tags or posted by known infosec researchers, extracts IOCs, and aggregates them into feeds updated every 15 minutes.

Who is behind TweetFeed?

I'm Daniel López, a Cyber Threat Researcher with over 10 years of experience in the cybersecurity field. I like researching and building projects, and that's why I created TweetFeed.

I only created this website. The valuable data is shared by the whole infosec community.

What people say

@fr0gger_

Pretty cool TweetFeed is back and you can also use it with #OpenCTI

Amazing work by @0xDanielLopez

@1ZRR4H

Muy bueno Daniel

Se valora mucho tu trabajo!!

@BushidoToken

Nice one

@Lucifer_UD

very amazing tools! just the nice function that I want

Similar services

ThreatFox - IOC sharing platform from abuse.ch
URLhaus - Malicious URL sharing from abuse.ch
urlscan.io - Website scanner and sandbox
phishunt.io - Real-time phishing detection

Get the data

All IOC data is free and open. Use it in your threat hunting, blocklists, or SIEM.

API Docs Download Feeds

Please consider making your own analysis before taking any action related to the IOCs. The confidence of the shared IOCs is not always 100% so it is strongly recommended NOT adding them to a blocklist directly. These could potentially be used for Threat Hunting and could be added to a Watchlist.

Also please note that all the data is collected from Twitter and sorted/served here as it is on best effort.

Feel free to reach out regarding any False Positive or to provide feedback.