Threat Intel Sources
Last updated
Last updated
BluSapphire natively collects from the below list of Sources, de-duplicates the data, consolidates and validates the data before consuming the threat intelligence. While the list is dynamic and varies by the quality of threat intel provided, BluSapphire also uses proprietary bots that collect threat intel data from various Social Media platforms and DarkNets.
Intel Name
URL
abuse.ch
https://zeustracker.abuse.ch/blocklist.php?download=compromised
abuse.ch
https://zeustracker.abuse.ch/monitor.php?filter=all
abuse.ch
https://zeustracker.abuse.ch/blocklist.php?download=badips
abuse.ch
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
vxvault.net
http://vxvault.net/URL_List.php
voipbl.org
http://www.voipbl.org/update/
urlvir.com
http://www.urlvir.com/export-hosts/
turris.cz
https://www.turris.cz/greylist-data/greylist-latest.csv
blutmagie.de
https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
torproject.org
https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
sslproxies.org
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset
abuse.ch
https://sslbl.abuse.ch/blacklist/sslipblacklist.csv
socks-proxy.net
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset
snort.org
http://labs.snort.org/feeds/ip-filter.blf
sblam.com
http://sblam.com/blacklist.txt
rutgers.edu
http://report.rutgers.edu/DROP/attackers
rosinstrument.com
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset
abuse.ch
http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt
abuse.ch
http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
abuse.ch
http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
spys.ru
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset
proxyrss.com
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset
proxylists.net
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset
cybercrime-tracker.net
http://cybercrime-tracker.net/ccpmgate.php
malwaredomains.com
https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt
abuse.ch
https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist
packetmail.net
https://www.packetmail.net/iprep_ramnode.txt
openphish.com
https://openphish.com/feed.txt
openbl.org
http://www.openbl.org/lists/base.txt
nothink.org
http://www.nothink.org/blacklist/blacklist_malware_irc.txt
myip.ms
https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt
maxmind.com
https://www.maxmind.com/en/high-risk-ip-sample-list
malwarepatrol.net
https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian
malwaredomains.com
http://malwaredomains.lehigh.edu/files/domains.txt
malwaredomainlist.com
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset
malwaredomainlist.com
https://www.malwaredomainlist.com/hostslist/hosts.txt
malc0de.com
https://malc0de.com/bl/ZONES
otx.alienvault.com
https://raw.githubusercontent.com/Neo23x0/signature-base/39787aaefa6b70b0be6e7dcdc425b65a716170ca/iocs/otx-c2-iocs.txt
greensnow.co
http://blocklist.greensnow.co/greensnow.txt
abuse.ch
https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
abuse.ch
https://feodotracker.abuse.ch/blocklist/?download=domainblocklist
emergingthreats.net
https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules
emergingthreats.net
http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt
emergingthreats.net
http://rules.emergingthreats.net/open/suricata/rules/botcc.rules
dshield.org
http://feeds.dshield.org/top10-2.txt
dshield.org
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
dragonresearchgroup.org
https://dragonresearchgroup.org/insight/vncprobe.txt
dragonresearchgroup.org
https://dragonresearchgroup.org/insight/sshpwauth.txt
deepviz.com
https://intel.deepviz.com/recap/network/
cybercrime-tracker.net
http://cybercrime-tracker.net/all.php
cruzit.com
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset
cinsscore.com
http://cinsscore.com/list/ci-badguys.txt
rulez.sk
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
botscout.com
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset
blocklist.de
http://lists.blocklist.de/lists/all.txt
bitnodes.io
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset
bambenekconsulting.com
http://osint.bambenekconsulting.com/feeds/dga-feed.txt
bambenekconsulting.com
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt
bambenekconsulting.com
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt
badips.com
https://www.badips.com/get/list/any/2?age=7d
cybercrime-tracker.net
http://cybercrime-tracker.net/ccam.php
alienvault.com
https://reputation.alienvault.com/reputation.generic