Together with an outstanding engineering team, consisting of specialists in the fields of artificial intelligence, natural language processing, machine learning and data mining, Sixgill’s is today’s most sophisticated, ADVANCED AUTOMATIC DEEP, DARK AND SURFACE WEB CYBER THREAT INTELLIGENCE PLATFORM that analyses Dark Web activity undetectably and autonomously with the ability to detect cyber-attacks and sensitive data leaks originating from the Deep and Dark Web and eliminate them before they occur by prioritizing real-time alerts, profiling malicious actors mapping their hidden social networks and their behaviour patterns, analysing their activity, and identifying potential criminals and terrorists with accuracy and depth.

 Deep and Dark Web Threat Intelligence Platform 

Sixgill’s Deep and Dark Web Threat Intelligence Platform creates profiles of Dark Web malicious actors mapping their hidden social networks and their behavior patterns, to analyze their activity. Through autonomous monitoring of closed, open, and hybrid dark web forums, the platform allows to identify potential criminals and terrorists with accuracy and depth.


  • Prevent attacks before they occur

    • Gain more reaction time by seeing your threats well in advance

  • Detect and control organizational data leaks

    • Discover critical information that otherwise can’t be seen

  • Observe the attacker and their plans

    • Understand your attacker and the context of the attack

  • Generate customized actionable intelligence

    • Obtain needs-based customized intelligence and prioritized real-time intelligence



Clarity by Decoding


Detection & Monitoring

Focused Insight


Sixgill structures collected data through identifying key items such as threat actor, date, language, site, post type, and post language. It extracts entities such as email addresses, bitcoin wallets and credit card numbers. Through this, data is transformed into information that can now be understood, sorted, filtered and searched.

Darkfeed integrates with your TIP, SIEM, SOAR or vulnerability management solutions and supplies you with malicious indicators of compromise - including domains, URLs, hashes, and IP addresses.

Darkfeed is powered by Sixgill’s proprietary AI algorithms, unmatched automation and contextual analysis. It delivers unparalleled collection in terms of depth and breadth.


Darkfeed Content

  • Domains

    • Compromised sites to which access is sold on the dark web

    • Suspicious domains that are for sale on the dark web

  • URLs

    • Links to malware files hosted on underground file-sharing sites

  • Hashes

    • Malware hashes

    • Hashes of malware claimed to be undetected

  • IP addresses

    • Command-and-control server IP addresses for most prevalent malware

    • Command-and-control server IP addresses for servers involved in botnets, DDoS attacks, and proxy anonymization


Under the Hood


Unmatched collection 

Light years ahead of the threat curve

Sixgill’s proprietary AI algorithms, automation and contextual analysis deliver unparalleled collection in terms of depth and breadth.


Sophisticated structuring

This is what intelligence is made of

The Darkfeed's comprehensive structuring includes:

  • Standard STIX properties for automated parsing.

  • Contextual information to enrich IOCs and allow client-side filtering. This incl. source, post title, post ID, actor, feed name, feed ID, severity, confidence.

  • External integrations for IOC enrichment Incl. : Mitre ATT&CK – tactic and technique Virustotal – abstraction of detections and link to pages.



Intelligence that gets the big picture

Sixgill uses NLP and machine learning to tag posts based on their contents. The Darkfeed focuses on malware-tagged posts, ensuring that malicious indicators are published, while false positives are minimized.