Threat Intel Sources

BluSapphire natively collects from the below list of Sources, de-duplicates the data, consolidates and validates the data before consuming the threat intelligence. While the list is dynamic and varies by the quality of threat intel provided, BluSapphire also uses proprietary bots that collect threat intel data from various Social Media platforms and DarkNets.

Intel Name

URL

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=compromised

abuse.ch

https://zeustracker.abuse.ch/monitor.php?filter=all

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=badips

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

vxvault.net

http://vxvault.net/URL_List.php

voipbl.org

http://www.voipbl.org/update/

urlvir.com

http://www.urlvir.com/export-hosts/

turris.cz

https://www.turris.cz/greylist-data/greylist-latest.csv

blutmagie.de

https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

torproject.org

https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

sslproxies.org

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset

abuse.ch

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

socks-proxy.net

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset

snort.org

http://labs.snort.org/feeds/ip-filter.blf

sblam.com

http://sblam.com/blacklist.txt

rutgers.edu

http://report.rutgers.edu/DROP/attackers

rosinstrument.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt

spys.ru

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset

proxyrss.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset

proxylists.net

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset

cybercrime-tracker.net

http://cybercrime-tracker.net/ccpmgate.php

malwaredomains.com

https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt

abuse.ch

https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist

packetmail.net

https://www.packetmail.net/iprep_ramnode.txt

openphish.com

https://openphish.com/feed.txt

openbl.org

http://www.openbl.org/lists/base.txt

nothink.org

http://www.nothink.org/blacklist/blacklist_malware_irc.txt

myip.ms

https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt

maxmind.com

https://www.maxmind.com/en/high-risk-ip-sample-list

malwarepatrol.net

https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian

malwaredomains.com

http://malwaredomains.lehigh.edu/files/domains.txt

malwaredomainlist.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset

malwaredomainlist.com

https://www.malwaredomainlist.com/hostslist/hosts.txt

malc0de.com

https://malc0de.com/bl/ZONES

otx.alienvault.com

https://raw.githubusercontent.com/Neo23x0/signature-base/39787aaefa6b70b0be6e7dcdc425b65a716170ca/iocs/otx-c2-iocs.txt

greensnow.co

http://blocklist.greensnow.co/greensnow.txt

abuse.ch

https://feodotracker.abuse.ch/blocklist/?download=ipblocklist

abuse.ch

https://feodotracker.abuse.ch/blocklist/?download=domainblocklist

emergingthreats.net

https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules

emergingthreats.net

http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt

emergingthreats.net

http://rules.emergingthreats.net/open/suricata/rules/botcc.rules

dshield.org

http://feeds.dshield.org/top10-2.txt

dshield.org

https://isc.sans.edu/feeds/suspiciousdomains_Low.txt

dragonresearchgroup.org

https://dragonresearchgroup.org/insight/vncprobe.txt

dragonresearchgroup.org

https://dragonresearchgroup.org/insight/sshpwauth.txt

deepviz.com

https://intel.deepviz.com/recap/network/

cybercrime-tracker.net

http://cybercrime-tracker.net/all.php

cruzit.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset

cinsscore.com

http://cinsscore.com/list/ci-badguys.txt

rulez.sk

http://danger.rulez.sk/projects/bruteforceblocker/blist.php

botscout.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset

blocklist.de

http://lists.blocklist.de/lists/all.txt

bitnodes.io

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/dga-feed.txt

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt

badips.com

https://www.badips.com/get/list/any/2?age=7d

cybercrime-tracker.net

http://cybercrime-tracker.net/ccam.php

alienvault.com

https://reputation.alienvault.com/reputation.generic

PreviousCisco pxGrid Integration Next08_Use cases

Last updated 7 months ago

Threat Intel Sources

Intel Name

URL

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=compromised

abuse.ch

https://zeustracker.abuse.ch/monitor.php?filter=all

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=badips

abuse.ch

https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

vxvault.net

http://vxvault.net/URL_List.php

voipbl.org

http://www.voipbl.org/update/

urlvir.com

http://www.urlvir.com/export-hosts/

turris.cz

https://www.turris.cz/greylist-data/greylist-latest.csv

blutmagie.de

https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv

torproject.org

https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1

sslproxies.org

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset

abuse.ch

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

socks-proxy.net

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset

snort.org

http://labs.snort.org/feeds/ip-filter.blf

sblam.com

http://sblam.com/blacklist.txt

rutgers.edu

http://report.rutgers.edu/DROP/attackers

rosinstrument.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_URLBL.txt

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

abuse.ch

http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt

spys.ru

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset

proxyrss.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset

proxylists.net

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset

cybercrime-tracker.net

http://cybercrime-tracker.net/ccpmgate.php

malwaredomains.com

https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple_domains_blacklist.txt

abuse.ch

https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist

packetmail.net

https://www.packetmail.net/iprep_ramnode.txt

openphish.com

https://openphish.com/feed.txt

openbl.org

http://www.openbl.org/lists/base.txt

nothink.org

http://www.nothink.org/blacklist/blacklist_malware_irc.txt

myip.ms

https://myip.ms/files/blacklist/htaccess/latest_blacklist.txt

maxmind.com

https://www.maxmind.com/en/high-risk-ip-sample-list

malwarepatrol.net

https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233&product=8&list=dansguardian

malwaredomains.com

http://malwaredomains.lehigh.edu/files/domains.txt

malwaredomainlist.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset

malwaredomainlist.com

https://www.malwaredomainlist.com/hostslist/hosts.txt

malc0de.com

https://malc0de.com/bl/ZONES

otx.alienvault.com

https://raw.githubusercontent.com/Neo23x0/signature-base/39787aaefa6b70b0be6e7dcdc425b65a716170ca/iocs/otx-c2-iocs.txt

greensnow.co

http://blocklist.greensnow.co/greensnow.txt

abuse.ch

https://feodotracker.abuse.ch/blocklist/?download=ipblocklist

abuse.ch

https://feodotracker.abuse.ch/blocklist/?download=domainblocklist

emergingthreats.net

https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules

emergingthreats.net

http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt

emergingthreats.net

http://rules.emergingthreats.net/open/suricata/rules/botcc.rules

dshield.org

http://feeds.dshield.org/top10-2.txt

dshield.org

https://isc.sans.edu/feeds/suspiciousdomains_Low.txt

dragonresearchgroup.org

https://dragonresearchgroup.org/insight/vncprobe.txt

dragonresearchgroup.org

https://dragonresearchgroup.org/insight/sshpwauth.txt

deepviz.com

https://intel.deepviz.com/recap/network/

cybercrime-tracker.net

http://cybercrime-tracker.net/all.php

cruzit.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset

cinsscore.com

http://cinsscore.com/list/ci-badguys.txt

rulez.sk

http://danger.rulez.sk/projects/bruteforceblocker/blist.php

botscout.com

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset

blocklist.de

http://lists.blocklist.de/lists/all.txt

bitnodes.io

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/dga-feed.txt

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt

bambenekconsulting.com

http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt

badips.com

https://www.badips.com/get/list/any/2?age=7d

cybercrime-tracker.net

http://cybercrime-tracker.net/ccam.php

alienvault.com

https://reputation.alienvault.com/reputation.generic

PreviousCisco pxGrid Integration Next08_Use cases

Last updated 7 months ago