Scarlet Shark gives your team the data and tools to enhance investigations, track malicious infrastructure, and stay ahead of emerging threats.
From service identification to threat actor reporting, Scarlet Shark consolidates the intelligence your investigations depend on.
We track more than 10,000 services — SaaS platforms, VPNs, web crawlers, and beyond. Uncover the IPs, domains, certificates, and other artifacts each service uses.
Download a sample list of VPN & proxy IPs →
Monitor the uptime and security compliance of the SaaS platforms your team relies on. Track scheduled maintenance windows and service events, so your analysts always know what's planned, what's degraded, and what's back online. Scarlet Shark also maps upstream dependencies, the services your services rely on, so you can spot the true source of an outage, all consolidated in one location.

Gain an in-depth understanding with comprehensive reports covering the tools, targets, tactics, techniques, and procedures of active threat actors and malware families.

Track malicious IPs, ASNs, domains, file hashes, and other artifacts. Our AI and machine-learning models flag potentially malicious indicators, giving analysts an edge over newly deployed infrastructure.
Resolve the physical locations of IPv4 and IPv6 addresses while gaining insight into their network types and owners.
Stay informed about threats that may affect your organization. Receive updates and security alerts for the software and services you actually use.
Create custom tools, enhance existing workflows, and enrich IoCs programmatically. View the API documentation.
Connect powerful data platforms like VirusTotal, Shodan, Azure Graph, and CrowdStrike to unlock deeper insights and connections in your investigations.
One consolidated view of uptime and security compliance across every SaaS platform your analysts depend on.
All prices are plus tax.
Check out some of our intelligence feeds — available for free, no account required.
Browse Free Intel Feeds