European Threat Intelligence Platform

EXPOSE THE THREAT.GDPR-Native · EU Infrastructure · Real-Time

DreadNet continuously scans the open internet to surface exposed threat actor panels, insecure C2 infrastructure, and misconfigured attack assets — before they reach your network.

Request Early Access View Demo
2.4M+Hosts Indexed
187KThreat Panels Found
99.7%Uptime SLA
<4hDetection Latency
NEW Cobalt Strike C2 — 185.220.101.44 — DE
ALERT Exposed AsyncRAT panel — 91.92.240.18 — RO
RESOLVED Open Metasploit listener — 134.209.117.X — NL
NEW njRAT admin interface — 176.111.173.22 — BG
ALERT Exposed phishing kit — 195.88.208.14 — PL
NEW XLoader C2 panel — 79.137.194.33 — FR
PATCHED Open Redis — 157.90.89.X — DE
NEW Cobalt Strike C2 — 185.220.101.44 — DE
ALERT Exposed AsyncRAT panel — 91.92.240.18 — RO
RESOLVED Open Metasploit listener — 134.209.117.X — NL
NEW njRAT admin interface — 176.111.173.22 — BG
ALERT Exposed phishing kit — 195.88.208.14 — PL
NEW XLoader C2 panel — 79.137.194.33 — FR
PATCHED Open Redis — 157.90.89.X — DE

Core Capabilities

Built for defenders.
Not spectators.

A purpose-built platform for European security teams who need actionable intelligence, not raw data dumps.

Threat Actor Panel Discovery

Automated detection of exposed malware C2 dashboards, RAT admin panels, botnet management interfaces, and phishing kits accessible from the public internet.

Active Scanning

Misconfiguration Intelligence

Continuously surface exposed databases, open admin interfaces, default credentials, unprotected APIs, and misconfigured cloud assets across European IP ranges.

Config Analysis

GDPR-Native Architecture

All data processed and stored exclusively within EU boundaries. Full compliance with NIS2 and DORA directives. Privacy-by-design with zero data residency outside Europe.

EU Compliant

Real-Time Alert Feed

Structured IOC feeds in STIX 2.1, JSON, and CSV. Webhook integrations with SIEM platforms, Splunk, Elastic, Microsoft Sentinel, and custom endpoints.

STIX 2.1

Infrastructure Graph

Map relationships between IPs, ASNs, domains, certificates, and hosting providers. Pivot from a single IOC to reveal the full infrastructure of a threat actor.

Graph Analysis

API-First Platform

Full REST & GraphQL API access. SDKs for Python and Go. Bulk query, historical data access, and automated vulnerability attribution pipelines.

REST / GraphQL

Live Query Demo

Search the
exposed internet.

Query millions of indexed hosts using DreadNet's purpose-built threat intelligence syntax. Filter by panel type, malware family, ASN, country, or port.

panel:cobalt-strike
panel:asyncrat OR njrat
country:EU service:redis auth:none
asn:AS13335 port:50050

dreadnet-cli v0.9.2 — dreadnet.eu
dn› query panel:cobalt-strike country:DE
Scanning 41,209,220 indexed hosts…
Filter: panel_type=cobalt-strike | geo=DE

✦ 185.220.101.44:50050 [ACTIVE]
  Team Server / Cobalt Strike 4.7
  ASN: AS24940 (Hetzner) | First seen: 2h ago
  Cert: *.evil-c2.net | TLP: AMBER

 ✦ 78.46.219.138:50050 [ACTIVE]
  Team Server / Cobalt Strike 4.5
  ASN: AS24940 (Hetzner) | First seen: 6h ago

 ⚠ 91.107.144.22:50050 [HONEYPOT LIKELY]
  Low confidence — flagged for review

 ✓ Export: STIX2 | CSV | JSON | Webhook
  3 results in 0.38s | quota: 997/1000

dn›

Process

How DreadNet works

01

Continuous Scanning

Our distributed EU-based scanner fleet probes IPv4/IPv6 space across all ports, capturing banners, certificates, and service fingerprints.

02

Panel Fingerprinting

ML-driven classifiers identify known threat actor panel signatures, malware C2 patterns, and insecure admin interfaces with low false-positive rates.

03

Contextual Enrichment

Each finding is enriched with ASN data, geolocation, WHOIS, certificate chains, related infrastructure, and historical context.

04

Actionable Delivery

Results pushed instantly to your SIEM, TIP, or custom webhooks as STIX 2.1 bundles — or queried interactively via the platform and API.

Live Intelligence

What's exposed
right now.

Live Detections+14 in last hour
TimestampTarget / ServiceSeverityCountry
03:41:22Z185.220.101.44
Cobalt Strike C2• Critical🇩🇪 DE
03:38:07Z91.92.240.18
AsyncRAT Panel• Critical🇷🇴 RO
03:31:55Z195.88.208.14
Phishing Kit (exposed zip)• High🇵🇱 PL
03:29:40Z176.111.173.22
njRAT Admin Interface• Critical🇧🇬 BG
03:22:11Z157.90.89.143
Redis — no auth• High🇩🇪 DE
03:17:58Z79.137.194.33
XLoader C2 Panel• Critical🇫🇷 FR
03:09:24Z5.75.212.90
Exposed Metasploit listener• Medium🇳🇱 NL
02:58:03Z93.184.220.14
Default admin creds (Grafana)• High🇦🇹 AT

Top Panel Families — 7d

Cobalt Strike31%
AsyncRAT24%
njRAT / Quasar18%
Phishing Kits14%
Other Malware13%

Top Countries — Hosted Threats

🇩🇪 Germany28%
🇳🇱 Netherlands19%
🇷🇴 Romania14%
🇫🇷 France11%
🇵🇱 Poland9%

Pricing

Scale with
your threat surface.

We're finalizing our pricing plans. Join early access to lock in founding member rates.

Starter

For individual researchers and small security teams getting started with threat intelligence.

  • API access with rate limits
  • Real-time panel detection feed
  • STIX 2.1 & JSON export
  • Basic historical data
  • Email alerts
  • Infrastructure graph
  • SIEM integration
Join Waitlist

Team

For SOC teams and MSSPs needing automation, integrations, and deeper historical context.

  • Higher API rate limits
  • Real-time + priority alert feed
  • STIX 2.1, JSON, CSV, Webhook
  • Extended historical data
  • Infrastructure graph access
  • SIEM integrations (Splunk, Elastic)
  • Multiple team seats
Join Waitlist

Enterprise

Custom

For large enterprises, national CERTs, and organisations requiring on-premise or dedicated infrastructure.

  • Unlimited queries
  • Full historical archive
  • Dedicated scan nodes (EU)
  • On-premise deployment option
  • Custom panel fingerprints
  • NIS2 / DORA compliance pack
  • SLA + dedicated support
Contact Sales

Abuse & Responsible Disclosure

Report abuse or misuse.

DreadNet is built for defensive security. Our platform is designed to help security teams protect their infrastructure, not to enable malicious activity.

If you believe DreadNet data is being used in violation of our terms of service, or if you have identified an asset that was incorrectly indexed, please contact our abuse team immediately.

We take every report seriously and commit to responding within 24 hours on business days.

abuse@dreadnet.eu
Report Abuse

Built in Europe. Trusted by European defenders.

DreadNet operates exclusively within EU jurisdiction. All scanning, processing, storage, and alerting infrastructure is hosted in certified EU data centres. We are aligned with NIS2, DORA, and GDPR — providing your legal and compliance teams with the documentation they need.

🇪🇺EU Hosted
🔒GDPR Ready
⚖️NIS2 Aligned
🛡️DORA Ready

Stop hunting.
Start knowing.

Join the early access programme and get the first 30 days free.
No credit card required.

🔒 EU data only · No spam · Cancel anytime