Free and Open Source Threat Intelligence Feeds

APTNotes
lookup apt
546 IOCs
Maintainers: David Westcott, Kiran Bandla


CSV JSON
online
Statistics:
Added: 2020-07-12 00:00
Checked: 2020-10-17 08:55
Byte Size: 115 KB
Lines: 547
APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.
Alexa Top 1 Million Domains List
domain enrichment reputation lookup
542.000 IOCs
Alexa Top Sites by Amazon Web Services


CSV
online
Statistics:
Added: 2020-08-22 00:00
Checked: 2020-10-17 08:55
Byte Size: 5.0 MB
Lines: 542.000
The Alexa Top Sites service provides programmatic access to lists of websites ordered by Alexa Traffic Rank.
Alienvault
ip reputation
25.134 IOCs
Alienvault is now AT&T Cybersecurity.


TXT
online
Statistics:
Added: 2020-07-18 00:00
Checked: 2020-10-17 08:55
Byte Size: 1.595 MB
Lines: 25.142
Generic reputation feed.
Bambenek
ip domain dga botnet c2 malware
0 IOCs
Bambenek Consulting is a leading consultancy led by industry veteran John Bambenek. Services include the Well Fed Intelligence feeds used by thousands of organizations all over the world.

Statistics:
Added: 2020-07-18 00:00
Checked: 2020-10-17 08:55
Byte Size: 0 bytes
Lines: 0
The license for this data has changed. The data is now under copyright and requires a commercial license for any commercial use (including companies protecting themselves). Sub Feeds available for various families like Cryptolocker, Gozi, Locky or Quakbot. Link points to Master Feed of known, active and non-sinkholed C&Cs indicators
Binary Defense
ip
4.323 IOCs
Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed


TXT
online
Statistics:
Added: 2020-08-30 00:00
Checked: 2020-10-17 08:55
Byte Size: 61 KB
Lines: 4.336
Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed. The ATIF feed may not be used for commercial resale or in products that are charging fees for such services.
Bitcoin Nodes
ip bitcoin reputation
7.268 IOCs
Bitnodes is currently being developed to estimate the size of the Bitcoin network by finding all the reachable nodes in the network.


TXT
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 101 KB
Lines: 7.298
Full Bitcoin nodes list analysis, including geolocation map, history, retention policy, overlaps with other lists, etc. available at http://iplists.firehol.org/?ipset=bitcoin_nodes_1d. Generated by FireHOL's update-ipsets.sh, processed with FireHOL's iprange
Blackbook
domain malware c2
15.208 IOCs

TXT CSV
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 258 KB
Lines: 15.208
blackbook is a historical (black)list of malicious domains created as part of the periodic automated heuristic check (i.e. WHOIS, HTTP, etc.) of newly reported entries from public lists of malicious URLs (currently CyberCrime, URLhaus, ScumBots, Benkow and VirusTracker). Main goal is listing those that are/were malware dedicated (e.g. C&C) - thus, excluding compromised sites. It is supposed to be used for detection of malware beaconing infected clients by inspection of associated DNS traffic, with significant reduce of false-positives.
Blocklist
ip malware reputation
32.739 IOCs
www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked via SSH-, Mail-Login-, FTP-, Webserver- and other services.


TXT
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 456 KB
Lines: 32.739
We report more than 70,000 attacks every 12 hours in real time using Whois (abuse-mailbox, abuse@, security@, email, remarks), the Ripe-Abuse-Finder, and the contact-database from abusix.org so we may find the abuse-address assigned to the offending host. Our reports are based on X-Arf (Network Abuse Reporting 2.0), so the abuse-department of the provider for the attacking host may parse our reports automatically.
BotScout
bot reputation abuse
1.232 IOCs
BotScout helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites.


TXT
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 19 KB
Lines: 1.269
This list is composed of the most recently-caught bots. Our database contains bot 'signatures'. A signature is composed of a unique combination of the name the bot used when trying to register, the bot's email address, and the bot's IP address.
Bruteforceblocker
ssh bruteforce
1.109 IOCs
BruteForceBlocker is a perl script, that works along with pf – firewall developed by OpenBSD team.


TXT
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 53 KB
Lines: 1.110
Its main purpose is to block SSH bruteforce attacks via firewall.
CINS Army List
ip reputation
15.000 IOCs
Leveraging data from our network of Sentinel devices and other trusted InfoSec sources, CINS is a Threat Intelligence database that provides an accurate and timely score for any IP address in the world.


TXT
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 210 KB
Lines: 15.000
The CINS Army list is a subset of the CINS Active Threat Intelligence ruleset, and consists of IP addresses that meet one of two basic criteria: 1) The IP's recent Rogue Packet score factor is very poor, or 2) The IP has tripped a designated number of 'trusted' alerts across a given number of our Sentinels deployed around the world.
Cobaltstrike Server
ip reputation cobaltstrike
9.586 IOCs
Historical list of {Cobalt Strike,NanoHTTPD} servers


CSV
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 381 KB
Lines: 9.587
This repository contains a historical list of Cobalt Strike (or NanoHTTPD) hosts that have been identified using the "extraneous space" fingerprint. The list is a CSV file with ip, port, first_seen, last_seen pairs, starting from 2014-01 till 2019-04-21.
Cruzit Blacklist
ip reputation
10.938 IOCs

TXT CSV
online
Statistics:
Added: 2020-07-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 151 KB
Lines: 10.941
Server Blacklist of known blacklisted IP adresses.
Cyber Crime Tracker
url domain botnet c2 malware
22.433 IOCs
Atmos Strategic Monitoring


TXT
online
Statistics:
Added: 2020-07-18 00:00
Checked: 2020-10-17 08:55
Byte Size: 846 KB
Lines: 22.433
C2 and Botnet Tracker since 2012 - Top 5 Bots Pony, Lokibot, ZeuS, AZORult, Citadel
Cyber Crime Tracker
ip reputation botnet c2 malware
75.855 IOCs
www.badips.com is an abuse tracker with a simple API to report and consume blocklists.


TXT
online
Statistics:
Added: 2020-07-18 00:00
Checked: 2020-10-17 08:55
Byte Size: 1.04 MB
Lines: 75.855
badips.com is a community based IP blacklist service. You can report malicious IPs and you can download blacklists or query our API to find out if a IP is listed. Currently only observed last 7 days of any IPs with no considering of scores and categories - please review the API documentation!
Emerging Threats
ip url malware c2
1.074 IOCs
Proofpoint Suricata Rules


TXT
online
Statistics:
Added: 2020-08-03 00:00
Checked: 2020-10-17 08:55
Byte Size: 15 KB
Lines: 1.074
Providing Snort and Suricata Rules - here: compromised IPs Feed
Florian Roth YARA Repository
yara
480 IOCs
Nextron Systems is the global leading provider for compromise assessment software.


YARA
online
Statistics:
Added: 2020-08-14 00:00
Checked: 2020-10-17 08:55
Byte Size: 375 KB
Lines: 480
Florian Roth YARA Rules signature repository.
GreenSnow
ip reputation
6.942 IOCs
GreenSnow is a team consisting of the best specialists in computer security, we harvest a large number of IPs from different computers located around the world.


TXT
online
Statistics:
Added: 2020-07-20 00:00
Checked: 2020-10-17 08:55
Byte Size: 97 KB
Lines: 6.942
GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam. Our list is updated automatically and you can withdraw at any time your IP address if it has been listed.
Malware Domain List
domain malware
2.255 IOCs
Malware Domain List is a non-commercial community project.


CSV
online
Statistics:
Added: 2020-07-20 00:00
Checked: 2020-10-17 08:55
Byte Size: 318 KB
Lines: 2.255
Feed Description not available yet
Maxmind
ip reputation
581 IOCs
MaxMind provides IP intelligence through the GeoIP brand.


HTML
online
Statistics:
Added: 2020-07-24 00:00
Checked: 2020-10-17 08:55
Byte Size: 95 KB
Lines: 581
This feed provides a sample list of some of the most used IP addresses in the minFraud network that have been identified as higher risk.
Myip
ip reputation whois
1.799 IOCs
#1 World Live Whois IP Source


TXT
online
Statistics:
Added: 2020-07-24 00:00
Checked: 2020-10-17 08:55
Byte Size: 45 KB
Lines: 1.818
Latest Blacklist IP List to your website .htaccess file
Netlab 360
dga url malware
1.224.078 IOCs
Network Security Research Lab at 360, PassiveDNS, DDoSMon, NetworkScan Mon, DGA Feeds


TXT
online
Statistics:
Added:
Checked: 2020-06-20 00:00
Byte Size: 80.033 MB
Lines: 1.224.083
Caution huge DGA Domain List, it is recommended to include the dedicated subfeeds, see Browse Link.
Families: bamital, banjori, blackhole,ccleaner, chinad, conficker cryptolocker, dircrypt, dyre, emotet, enviserv, feodo fobber, gameover, gspy, locky, madmax, matsnu mirai, murofet, mydoom, necurs, nymaim, omexo padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus rovnix, shifu, shiotob, simda, suppobox, symmi tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro virut, xshellghost
Openfish
url phishing
4.093 IOCs
Timely. Accurate. Relevant Threat Intelligence.


TXT
online
Statistics:
Added: 2020-07-24 00:00
Checked: 2020-10-17 08:55
Byte Size: 330 KB
Lines: 4.093
Community feed, update frequency 12 hours, only phishing URLs.
Phishtank
url phishing email
14.366 IOCs
PhishTank is a collaborative clearing house for data and information about phishing on the Internet.


CSV XML JSON
online
Statistics:
Added: 2020-08-03 00:00
Checked: 2020-10-17 08:55
Byte Size: 2.99 MB
Lines: 14.367
Open phishing data.
Rutgers
ip reputation
5.460 IOCs
Rutgers - School of Arts and Sciences


TXT
online
Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 76 KB
Lines: 5.460
Known attackers
Sans Internet Storm Center DShield
ip malware
100 IOCs
The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations.


TXT
online
Statistics:
Added: 2020-08-03 00:00
Checked: 2020-10-17 08:55
Byte Size: 2 KB
Lines: 100
Top IPs
Sblam
ip reputation
6.318 IOCs
Sblam! is a web service that blocks spammy posts in blog comments, forums and guestbooks.


TXT
online
Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 89 KB
Lines: 6.321
HTTP spam sources identified by http://sblam.com - This is a list of HTML form (comment) spammers--not for blocking e-mail spam.
Spamhaus
ip spam email
923 IOCs
The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets.


TXT
online
Statistics:
Added: 2020-08-03 00:00
Checked: 2020-10-17 08:55
Byte Size: 25 KB
Lines: 927
The DROP list will not include any IP address space under the control of any legitimate network - even if being used by "the spammers from hell".
Spys
ip proxy
402 IOCs
Free proxy list. HTTP, SSL/HTTPS, SOCKS proxies. Live proxy servers.


TXT
online
Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 11 KB
Lines: 411
Proxy List - IP address:Port CountryCode-Anonymity(Noa/Anm/Hia)-SSL_support(S)-Google_passed(+)
Talos Intelligence
ip reputation
0 IOCs
Cisco Talos threat intelligence and research group

Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 0 bytes
Lines: 0
IP Blacklist
Tor
ip tor reputation
1.776 IOCs
Tor is free and open-source software for enabling anonymous communication.


TXT
online
Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 25 KB
Lines: 1.776
Tor Exit Nodes
Turris
ip reputation
0 IOCs
Project Turris is a service helping to protect its user's home network with the help of a special router.

Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 0 bytes
Lines: 0
The data are processed and clasified every week and behaviour of IP addresses that accessed a larger number of Turris routers is evaluated. The result is a list of addresses that have tried to obtain information about services on the router or tried to gain access to them. We publish this so called "greylist" that also contains a list of tags for each address which indicate what behaviour of the address was observed.
Twitter IOC Hunter
ioc url domain hash mail cve
390 IOCs
Twitter IOC Hunter project


JSON
online
Statistics:
Added: 2020-08-27 00:00
Checked: 2020-10-17 08:55
Byte Size: 166 KB
Lines: 390
IOC Feeds from Twitter tweets. Feed provides only daily tweets.
URLhaus
malware url
694.270 IOCs
URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.


TXT CSV
online
Statistics:
Added: 2020-06-01 00:00
Checked: 2020-10-17 08:55
Byte Size: 30.375 MB
Lines: 694.279
Multiple subfeeds are available, like ZeuS Tracker, Ransomware Tracker, SSL Blacklist, Malware Bazar, Feodo Tracker.
VX Fault
url malware
101 IOCs
VX Fault

Statistics:
Added: 2020-06-19 00:00
Checked: 2020-10-17 08:55
Byte Size: 4 KB
Lines: 105
About Malwares, Rogues, Scarewares, SmitfraudFix. Feed contains only last 100 submissions.
Viriback
ip url malware c2
4.417 IOCs
Malware C2 Tracker List


CSV
online
Statistics:
Added: 2020-07-26 00:00
Checked: 2020-10-17 08:55
Byte Size: 340 KB
Lines: 4.418
C2 URL and IPs. Top 10 Families - Lokibot, Predator, AZORult, Kpot, Pony, AgentTesla, Oski, Nexus, BetaBot, Amadey