Enricher - Flashpoint Torrents

This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.


Enricher name

Flashpoint Torrents


Company, hash-sha1, ipv4, and registrar.


Enriches supported observable types with indicators and related enrichment observables that provide details on torrent downloads and seeding peers the input IP address, or related to the company name or registrar information used as input.

  • When the input is an IP address, the enricher returns torrent peers seeding files potentially related to terrorism, hacking, and extremism, including the date when an IP address was recorded offering or downloading such files.

  • When the input is a (ISP) company or a registrar name, the enricher returns all forum visits for the input organization.

  • When the input is a SHA-1 hash, the enricher returns all downloaders and seeders of the file the hash represents.

API endpoint



The Flashpoint Torrents enricher provides information on a range of cyber threat data focusing on torrent users and activities related to terrorism, hacking, and extremism.

Configure the enricher parameters

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Flashpoint Torrents enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://fp.tools/api/v4/torrents/peers.

  4. In the Token field, enter a valid token associated with the Flashpoint account to access and consume the corresponding Flashpoint service.

  5. To store your changes, click Save; to discard them, click Cancel.

See also