Data Sources

ThirdProof queries multiple independent intelligence categories in parallel for every vendor assessment. The specific providers within each category may change as we add, replace, or retire sources to improve coverage.

Sanctions Screening

Screens vendors against OFAC SDN, consolidated sanctions lists, PEP databases, and international sanctions regimes. Entity name verification reduces false positives from similar names.

Sanctions matches, PEP associations, regulatory watchlist hits

Business Registration

Verifies legal entity identity via the GLEIF LEI registry, confirming jurisdiction, formation date, active status, and registered address. Name matching is verified to prevent misattribution.

Legal entity verification, registration status, jurisdiction confirmation

Adverse Media

Screens recent news coverage for regulatory actions, lawsuits, data breaches, financial distress, and fraud allegations across multiple news sources.

Breach history, regulatory enforcement, litigation, financial distress signals

Domain Analysis

Validates SSL certificates, HTTPS enforcement, domain age, registrar information, and DNS configuration.

SSL health, domain age, HTTPS status, DNS configuration issues

Infrastructure Exposure

Identifies open ports, exposed services, cloud hosting footprint, and network-level security indicators.

Open port inventory, exposed services, hosting environment details

Threat Intelligence

Multi-engine threat analysis checking for malware association, phishing indicators, abuse reports, botnet participation, and safe browsing status.

Malware flags, phishing detection, abuse reports, safe browsing status

Company Intelligence

Provides firmographic data including industry classification, company size estimates, technology stack, and operational context.

Industry sector, company profile, operational footprint

Domain Registration

Queries WHOIS records for registrant information, registration dates, and registrar details.

Registration dates, registrar info, privacy protection status

Certificate Transparency

Reviews SSL/TLS certificate issuance history, subdomain enumeration, and certificate authority validation.

Certificate history, subdomain discovery, CA validation

HTTP Security

Evaluates security headers, content security policies, and browser security configurations.

Missing security headers, CSP configuration, HSTS implementation

IP Reputation

Checks IP addresses against known blocklists, spam databases, and abuse registries.

Blocklist presence, spam association, abuse history

Malware & Phishing Detection

Scans domains against malware databases, phishing registries, and unsafe browsing indicators.

Malware flags, phishing indicators, unsafe browsing warnings

Website Security Scan

Performs live website scanning to detect technologies in use, screenshot capture, and threat indicators at the URL level.

Technology detection, live scan results, URL-level threat indicators

Web Archive

Analyzes historical web presence to assess operational longevity and content consistency over time.

Historical web presence, operational continuity indicators

Community Sentiment

Reviews public tech community discussions for vendor-related feedback, incident reports, and reputation signals.

Public sentiment trends, community-reported issues

Trust & Compliance Page Scan

Scans vendor trust, security, and compliance pages for certification claims (SOC 2, ISO 27001, HITRUST, PCI-DSS, FedRAMP, and more). Cross-references the FedRAMP public registry for independent verification. Detects aspirational language to distinguish current certifications from in-progress efforts.

Certification claims (vendor attested vs. independently verified), FedRAMP authorization status

Supply Chain & Subprocessor Discovery

Discovers vendor subprocessor pages and extracts third-party dependencies. Runs sanctions screening and safe browsing checks against each subprocessor to surface supply chain risk.

Subprocessor list, supply chain sanctions exposure, subprocessor safety status

FDIC Institution Check

Searches the FDIC BankFind registry for failed bank records associated with the vendor. Verifies entity identity through name match confirmation.

FDIC failure records, bank closure history, institution status

SEC Filing Search

Searches SEC EDGAR full-text search for enforcement-related filings mentioning the vendor in the last 5 years. Findings indicate the vendor is mentioned in a filing, not necessarily the subject of enforcement.

Enforcement filing mentions, regulatory action references, filing details

For the full source list or questions about data coverage, contact support@thirdproof.ai.