Threat Intel Sources
BluSapphire natively collects from the below list of Sources, de-duplicates the data, consolidates and validates the data before consuming the threat intelligence. While the list is dynamic and varies by the quality of threat intel provided, BluSapphire also uses proprietary bots that collect threat intel data from various Social Media platforms and DarkNets.
Intel Name | URL |
abuse.ch | https://zeustracker.abuse.ch/blocklist.php?download=compromised |
abuse.ch | https://zeustracker.abuse.ch/monitor.php?filter=all |
abuse.ch | https://zeustracker.abuse.ch/blocklist.php?download=badips |
abuse.ch | https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist |
vxvault.net | http://vxvault.net/URL_List.php |
voipbl.org | http://www.voipbl.org/update/ |
urlvir.com | http://www.urlvir.com/export-hosts/ |
turris.cz | https://www.turris.cz/greylist-data/greylist-latest.csv |
blutmagie.de | https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv |
torproject.org | https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 |
sslproxies.org | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset |
abuse.ch | https://sslbl.abuse.ch/blacklist/sslipblacklist.csv |
socks-proxy.net | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset |
snort.org | http://labs.snort.org/feeds/ip-filter.blf |
sblam.com | http://sblam.com/blacklist.txt |
rutgers.edu | http://report.rutgers.edu/DROP/attackers |
rosinstrument.com | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset |
abuse.ch | http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt |
abuse.ch | http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt |
abuse.ch | http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt |
spys.ru | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset |
proxyrss.com | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset |
proxylists.net | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset |
cybercrime-tracker.net | http://cybercrime-tracker.net/ccpmgate.php |
malwaredomains.com | https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt |
abuse.ch | https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist |
packetmail.net | https://www.packetmail.net/iprep_ramnode.txt |
openphish.com | https://openphish.com/feed.txt |
openbl.org | http://www.openbl.org/lists/base.txt |
nothink.org | http://www.nothink.org/blacklist/blacklist_malware_irc.txt |
myip.ms | https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt |
maxmind.com | https://www.maxmind.com/en/high-risk-ip-sample-list |
malwarepatrol.net | https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian |
malwaredomains.com | http://malwaredomains.lehigh.edu/files/domains.txt |
malwaredomainlist.com | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset |
malwaredomainlist.com | https://www.malwaredomainlist.com/hostslist/hosts.txt |
malc0de.com | https://malc0de.com/bl/ZONES |
otx.alienvault.com | https://raw.githubusercontent.com/Neo23x0/signature-base/39787aaefa6b70b0be6e7dcdc425b65a716170ca/iocs/otx-c2-iocs.txt |
greensnow.co | http://blocklist.greensnow.co/greensnow.txt |
abuse.ch | https://feodotracker.abuse.ch/blocklist/?download=ipblocklist |
abuse.ch | https://feodotracker.abuse.ch/blocklist/?download=domainblocklist |
emergingthreats.net | https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules |
emergingthreats.net | http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt |
emergingthreats.net | http://rules.emergingthreats.net/open/suricata/rules/botcc.rules |
dshield.org | http://feeds.dshield.org/top10-2.txt |
dshield.org | https://isc.sans.edu/feeds/suspiciousdomains_Low.txt |
dragonresearchgroup.org | https://dragonresearchgroup.org/insight/vncprobe.txt |
dragonresearchgroup.org | https://dragonresearchgroup.org/insight/sshpwauth.txt |
deepviz.com | https://intel.deepviz.com/recap/network/ |
cybercrime-tracker.net | http://cybercrime-tracker.net/all.php |
cruzit.com | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset |
cinsscore.com | http://cinsscore.com/list/ci-badguys.txt |
rulez.sk | http://danger.rulez.sk/projects/bruteforceblocker/blist.php |
botscout.com | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset |
blocklist.de | http://lists.blocklist.de/lists/all.txt |
bitnodes.io | https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset |
bambenekconsulting.com | http://osint.bambenekconsulting.com/feeds/dga-feed.txt |
bambenekconsulting.com | http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt |
bambenekconsulting.com | http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt |
badips.com | https://www.badips.com/get/list/any/2?age=7d |
cybercrime-tracker.net | http://cybercrime-tracker.net/ccam.php |
alienvault.com | https://reputation.alienvault.com/reputation.generic |
Last updated