Free and Open Source Threat Intelligence Feeds
All abuse apt bitcoin bot botnet bruteforce c2 cobaltstrike cve dga domain email enrichment hash honeypot ioc ip lookup mail malware phishing proxy ransomware reputation ryuk spam ssh stixx tor url whois yara
APTNotes
lookup
apt
634 IOCs
Maintainers: David Westcott, Kiran Bandla
Statistics:
Added: 2020-07-12 00:00
Added: 2020-07-12 00:00
Checked:
2022-06-06 09:15
Byte Size:
136 KB
Lines:
635
APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.
Alexa Top 1 Million Domains List
domain
enrichment
reputation
lookup
542.000 IOCs
Alexa Top Sites by Amazon Web Services
Statistics:
Added: 2020-08-22 00:00
Added: 2020-08-22 00:00
Checked:
2022-06-06 09:13
Byte Size:
5.0 MB
Lines:
542.000
The Alexa Top Sites service provides programmatic access to lists of websites ordered by Alexa Traffic Rank.
Alienvault
ip
reputation
609 IOCs
Alienvault is now AT&T Cybersecurity.
Statistics:
Added: 2020-07-18 00:00
Added: 2020-07-18 00:00
Checked:
2022-06-06 09:13
Byte Size:
39 KB
Lines:
617
Generic reputation feed.
AlphaSOC Ryuk Feed
ryuk
ransomware
malware
domain
apt
-24 IOCs
AlphaSOC Ryuk ransomware campaign infrastructure
Statistics:
Added: 2020-11-28 00:00
Added: 2020-11-28 00:00
Checked:
2022-06-06 09:13
Byte Size:
127 bytes
Lines:
1
Below is a list of Internet domains registered by the Ryuk ransomware gang to distribute malware and act as C2 infrastructure. This threat actor continuously registers new domains that are in-turn uncovered and added to this list. Security teams can primarily use the list to retrospectively uncover compromised hosts.
Bambenek
ip
domain
dga
botnet
c2
malware
0 IOCs
Bambenek Consulting is a leading consultancy led by industry veteran John Bambenek. Services include the Well Fed Intelligence feeds used by thousands of organizations all over the world.
Statistics:
Added: 2020-07-18 00:00
Added: 2020-07-18 00:00
Checked:
2022-06-06 09:13
Byte Size:
0 bytes
Lines:
0
The license for this data has changed. The data is now under copyright and requires a commercial license for any commercial use (including companies protecting themselves). Sub Feeds available for various families like Cryptolocker, Gozi, Locky or Quakbot. Link points to Master Feed of known, active and non-sinkholed C&Cs indicators
Binary Defense
ip
6.290 IOCs
Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed
Statistics:
Added: 2020-08-30 00:00
Added: 2020-08-30 00:00
Checked:
2022-06-06 09:14
Byte Size:
89 KB
Lines:
6.303
Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed. The ATIF feed may not be used for commercial resale or in products that are charging fees for such services.
Bitcoin Nodes
ip
bitcoin
reputation
7.029 IOCs
Bitnodes is currently being developed to estimate the size of the Bitcoin network by finding all the reachable nodes in the network.
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:13
Byte Size:
97 KB
Lines:
7.059
Full Bitcoin nodes list analysis, including geolocation map, history, retention policy, overlaps with other lists, etc. available at http://iplists.firehol.org/?ipset=bitcoin_nodes_1d. Generated by FireHOL's update-ipsets.sh, processed with FireHOL's iprange
Blackbook
domain
malware
c2
17.576 IOCs
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:14
Byte Size:
296 KB
Lines:
17.576
blackbook is a historical (black)list of malicious domains created as part of the periodic automated heuristic check (i.e. WHOIS, HTTP, etc.) of newly reported entries from public lists of malicious URLs (currently CyberCrime, URLhaus, ScumBots, Benkow and VirusTracker). Main goal is listing those that are/were malware dedicated (e.g. C&C) - thus, excluding compromised sites. It is supposed to be used for detection of malware beaconing infected clients by inspection of associated DNS traffic, with significant reduce of false-positives.
Blocklist
ip
malware
reputation
20.684 IOCs
www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked via SSH-, Mail-Login-, FTP-, Webserver- and other services.
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:15
Byte Size:
288 KB
Lines:
20.684
We report more than 70,000 attacks every 12 hours in real time using Whois (abuse-mailbox, abuse@, security@, email, remarks), the Ripe-Abuse-Finder, and the contact-database from abusix.org so we may find the abuse-address assigned to the offending host. Our reports are based on X-Arf (Network Abuse Reporting 2.0), so the abuse-department of the provider for the attacking host may parse our reports automatically.
BotScout
bot
reputation
abuse
1.372 IOCs
BotScout helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites.
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:13
Byte Size:
21 KB
Lines:
1.409
This list is composed of the most recently-caught bots. Our database contains bot 'signatures'. A signature is composed of a unique combination of the name the bot used when trying to register, the bot's email address, and the bot's IP address.
Bruteforceblocker
ssh
bruteforce
329 IOCs
BruteForceBlocker is a perl script, that works along with pf – firewall developed by OpenBSD team.
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:13
Byte Size:
16 KB
Lines:
330
Its main purpose is to block SSH bruteforce attacks via firewall.
CINS Army List
ip
reputation
15.000 IOCs
Leveraging data from our network of Sentinel devices and other trusted InfoSec sources, CINS is a Threat Intelligence database that provides an accurate and timely score for any IP address in the world.
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:15
Byte Size:
211 KB
Lines:
15.000
The CINS Army list is a subset of the CINS Active Threat Intelligence ruleset, and consists of IP addresses that meet one of two basic criteria: 1) The IP's recent Rogue Packet score factor is very poor, or 2) The IP has tripped a designated number of 'trusted' alerts across a given number of our Sentinels deployed around the world.
Cobaltstrike Server
ip
reputation
cobaltstrike
9.586 IOCs
Historical list of {Cobalt Strike,NanoHTTPD} servers
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:13
Byte Size:
381 KB
Lines:
9.587
This repository contains a historical list of Cobalt Strike (or NanoHTTPD) hosts that have been identified using the "extraneous space" fingerprint. The list is a CSV file with ip, port, first_seen, last_seen pairs, starting from 2014-01 till 2019-04-21.
Cruzit Blacklist
ip
reputation
12.526 IOCs
Statistics:
Added: 2020-07-19 00:00
Added: 2020-07-19 00:00
Checked:
2022-06-06 09:15
Byte Size:
173 KB
Lines:
12.529
Server Blacklist of known blacklisted IP adresses.
Cyber Crime Tracker
ip
reputation
botnet
c2
malware
0 IOCs
www.badips.com is an abuse tracker with a simple API to report and consume blocklists.
Statistics:
Added: 2020-07-18 00:00
Added: 2020-07-18 00:00
Checked:
2022-06-06 09:13
Byte Size:
0 bytes
Lines:
0
badips.com is a community based IP blacklist service. You can report malicious IPs and you can download blacklists or query our API to find out if a IP is listed. Currently only observed last 7 days of any IPs with no considering of scores and categories - please review the API documentation!
Cyber Crime Tracker
url
domain
botnet
c2
malware
22.699 IOCs
Atmos Strategic Monitoring
Statistics:
Added: 2020-07-18 00:00
Added: 2020-07-18 00:00
Checked:
2022-06-06 09:13
Byte Size:
856 KB
Lines:
22.699
C2 and Botnet Tracker since 2012 - Top 5 Bots Pony, Lokibot, ZeuS, AZORult, Citadel
Emerging Threats
ip
url
malware
c2
354 IOCs
Proofpoint Suricata Rules
Statistics:
Added: 2020-08-03 00:00
Added: 2020-08-03 00:00
Checked:
2022-06-06 09:13
Byte Size:
5 KB
Lines:
354
Providing Snort and Suricata Rules - here: compromised IPs Feed
Florian Roth YARA Repository
yara
480 IOCs
Nextron Systems is the global leading provider for compromise assessment software.
Statistics:
Added: 2020-08-14 00:00
Added: 2020-08-14 00:00
Checked:
2022-06-06 09:13
Byte Size:
375 KB
Lines:
480
Florian Roth YARA Rules signature repository.
GreenSnow
ip
reputation
5.370 IOCs
GreenSnow is a team consisting of the best specialists in computer security, we harvest a large number of IPs from different computers located around the world.
Statistics:
Added: 2020-07-20 00:00
Added: 2020-07-20 00:00
Checked:
2022-06-06 09:15
Byte Size:
75 KB
Lines:
5.370
GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam. Our list is updated automatically and you can withdraw at any time your IP address if it has been listed.
James Brine IoCs and STIXII
honeypot
phishing
ip
stixx
177.781 IOCs
James Brine IoCs and STIXII
Statistics:
Added: 2021-02-05 00:00
Added: 2021-02-05 00:00
Checked:
2022-06-06 09:15
Byte Size:
2.424 MB
Lines:
177.781
Collection of CTI from Australian and international honeypots covering ssh, telnet, ntp, git, redis, mssql, mysql, URIs, proxy, nmap scans, google dorking hosts, sip and ftp. Potential phishing domains by category as well as dropped domains for blocklist cleanup. STIX2 for the previous day published as json files.
Malware Domain List
domain
malware
0 IOCs
Malware Domain List is a non-commercial community project.
Statistics:
Added: 2020-07-20 00:00
Added: 2020-07-20 00:00
Checked:
2022-06-06 09:13
Byte Size:
0 bytes
Lines:
0
Feed Description not available yet
Maxmind
ip
reputation
581 IOCs
MaxMind provides IP intelligence through the GeoIP brand.
Statistics:
Added: 2020-07-24 00:00
Added: 2020-07-24 00:00
Checked:
2022-06-06 09:13
Byte Size:
80 KB
Lines:
581
This feed provides a sample list of some of the most used IP addresses in the minFraud network that have been identified as higher risk.
Myip
ip
reputation
whois
909 IOCs
#1 World Live Whois IP Source
Statistics:
Added: 2020-07-24 00:00
Added: 2020-07-24 00:00
Checked:
2022-06-06 09:15
Byte Size:
23 KB
Lines:
928
Latest Blacklist IP List to your website .htaccess file
Netlab 360
dga
url
malware
1.224.078 IOCs
Network Security Research Lab at 360, PassiveDNS, DDoSMon, NetworkScan Mon, DGA Feeds
Statistics:
Added: 2020-06-20 00:00
Added: 2020-06-20 00:00
Checked:
2022-06-06 09:13
Byte Size:
80.033 MB
Lines:
1.224.083
Caution huge DGA Domain List, it is recommended to include the
dedicated subfeeds, see Browse Link.
Families: bamital, banjori, blackhole,ccleaner, chinad, conficker cryptolocker, dircrypt, dyre, emotet, enviserv, feodo fobber, gameover, gspy, locky, madmax, matsnu mirai, murofet, mydoom, necurs, nymaim, omexo padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus rovnix, shifu, shiotob, simda, suppobox, symmi tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro virut, xshellghost
Families: bamital, banjori, blackhole,ccleaner, chinad, conficker cryptolocker, dircrypt, dyre, emotet, enviserv, feodo fobber, gameover, gspy, locky, madmax, matsnu mirai, murofet, mydoom, necurs, nymaim, omexo padcrypt, proslikefan, pykspa, qadars, ramnit, ranbyus rovnix, shifu, shiotob, simda, suppobox, symmi tempedreve, tinba, tinynuke, tofsee, vawtrak, vidro virut, xshellghost
Openfish
url
phishing
500 IOCs
Timely. Accurate. Relevant Threat Intelligence.
Statistics:
Added: 2020-07-24 00:00
Added: 2020-07-24 00:00
Checked:
2022-06-06 09:13
Byte Size:
27 KB
Lines:
500
Community feed, update frequency 12 hours, only phishing URLs.
Phishtank
url
phishing
email
7.307 IOCs
PhishTank is a collaborative clearing house for data and information about phishing on the Internet.
Statistics:
Added: 2020-08-03 00:00
Added: 2020-08-03 00:00
Checked:
2022-06-06 09:13
Byte Size:
1.34 MB
Lines:
7.308
Open phishing data.
Rutgers
ip
reputation
1.864 IOCs
Rutgers - School of Arts and Sciences
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:15
Byte Size:
26 KB
Lines:
1.864
Known attackers
Sans Internet Storm Center DShield
ip
malware
100 IOCs
The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations.
Statistics:
Added: 2020-08-03 00:00
Added: 2020-08-03 00:00
Checked:
2022-06-06 09:13
Byte Size:
2 KB
Lines:
100
Top IPs
Sblam
ip
reputation
8.202 IOCs
Sblam! is a web service that blocks spammy posts in blog comments, forums and guestbooks.
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:13
Byte Size:
115 KB
Lines:
8.205
HTTP spam sources identified by http://sblam.com - This is a list of HTML form (comment) spammers--not for blocking e-mail spam.
Seclookup
ip
url
domain
hash
N/A IOCs
Seclookup provides APIs service for domain scaning at Mass scale assisting enterprises and SOC teams in better detecting cyber threats and preventing fraud.
Statistics:
Added: 2022-06-06 00:00
Added: 2022-06-06 00:00
Checked:
2022-06-06 09:13
Byte Size:
0 bytes
Lines:
N/A
Seclookup provides APIs service to improve detection and analysis of common online threats. Seclookup APIs can enrich threat indicators in SIEM, provide comprehensive information on domain names, improve threat detection & response, and automate threat investigations. Our security service at seclookup provides smart threat intelligence APIs that can be easily integrated in your services and products. The best part is we are providing 1 million free lookup every month which is higher than any threat intelligence provider in industry.
Spamhaus
ip
spam
email
-3 IOCs
The Spamhaus Project is an international nonprofit organization that tracks spam and related cyber threats such as phishing, malware and botnets.
Statistics:
Added: 2020-08-03 00:00
Added: 2020-08-03 00:00
Checked:
2022-06-06 09:13
Byte Size:
19 bytes
Lines:
1
The DROP list will not include any IP address space under the control of any legitimate network - even if being used by "the spammers from hell".
Spys
ip
proxy
399 IOCs
Free proxy list. HTTP, SSL/HTTPS, SOCKS proxies. Live proxy servers.
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:15
Byte Size:
11 KB
Lines:
408
Proxy List - IP address:Port CountryCode-Anonymity(Noa/Anm/Hia)-SSL_support(S)-Google_passed(+)
Talos Intelligence
ip
reputation
0 IOCs
Cisco Talos threat intelligence and research group
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:14
Byte Size:
0 bytes
Lines:
0
IP Blacklist
ThreatFox IOC Database
ip
url
domain
hash
4.789 IOCs
ThreatFox from abuse.ch
Statistics:
Added: 2021-03-10 00:00
Added: 2021-03-10 00:00
Checked:
2022-06-06 09:15
Byte Size:
1.052 MB
Lines:
4.799
ThreatFox is a free platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers.
Tor
ip
tor
reputation
1.354 IOCs
Tor is free and open-source software for enabling anonymous communication.
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:13
Byte Size:
19 KB
Lines:
1.354
Tor Exit Nodes
Turris
ip
reputation
9 IOCs
Project Turris is a service helping to protect its user's home network with the help of a special router.
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:13
Byte Size:
644 bytes
Lines:
10
The data are processed and clasified every week and behaviour of IP addresses that accessed a larger number of Turris routers is evaluated. The result is a list of addresses that have tried to obtain information about services on the router or tried to gain access to them. We publish this so called "greylist" that also contains a list of tags for each address which indicate what behaviour of the address was observed.
Twitter IOC Hunter
ioc
url
domain
hash
mail
cve
32 IOCs
Twitter IOC Hunter project
Statistics:
Added: 2020-08-27 00:00
Added: 2020-08-27 00:00
Checked:
2022-06-06 09:13
Byte Size:
13 KB
Lines:
32
IOC Feeds from Twitter tweets. Feed provides only daily tweets.
URLhaus
malware
url
146.591 IOCs
URLhaus is a project operated by abuse.ch. The purpose of the project is to collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats.
Statistics:
Added: 2020-06-01 00:00
Added: 2020-06-01 00:00
Checked:
2022-06-06 09:13
Byte Size:
5.46 MB
Lines:
146.600
Multiple subfeeds are available, like ZeuS Tracker, Ransomware Tracker, SSL Blacklist, Malware Bazar, Feodo Tracker.
VX Fault
url
malware
101 IOCs
VX Fault
Statistics:
Added: 2020-06-19 00:00
Added: 2020-06-19 00:00
Checked:
2022-06-06 09:13
Byte Size:
6 KB
Lines:
105
About Malwares, Rogues, Scarewares, SmitfraudFix. Feed contains only last 100 submissions.
Viriback
ip
url
malware
c2
7.691 IOCs
Malware C2 Tracker List
Statistics:
Added: 2020-07-26 00:00
Added: 2020-07-26 00:00
Checked:
2022-06-06 09:15
Byte Size:
578 KB
Lines:
7.692
C2 URL and IPs. Top 10 Families - Lokibot, Predator, AZORult, Kpot, Pony, AgentTesla, Oski, Nexus, BetaBot, Amadey