# Threat Intel Sources

BluSapphire natively collects from the below list of Sources, de-duplicates the data, consolidates and validates the data before consuming the threat intelligence. While the list is dynamic and varies by the quality of threat intel provided, BluSapphire also uses proprietary bots that collect threat intel data from various Social Media platforms and DarkNets.&#x20;

| **Intel Name**          | **URL**                                                                                                                  |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| abuse.ch                | <https://zeustracker.abuse.ch/blocklist.php?download=compromised>                                                        |
| abuse.ch                | <https://zeustracker.abuse.ch/monitor.php?filter=all>                                                                    |
| abuse.ch                | <https://zeustracker.abuse.ch/blocklist.php?download=badips>                                                             |
| abuse.ch                | <https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist>                                                    |
| vxvault.net             | <http://vxvault.net/URL\\_List.php>                                                                                      |
| voipbl.org              | <http://www.voipbl.org/update/>                                                                                          |
| urlvir.com              | <http://www.urlvir.com/export-hosts/>                                                                                    |
| turris.cz               | <https://www.turris.cz/greylist-data/greylist-latest.csv>                                                                |
| blutmagie.de            | <https://torstatus.blutmagie.de/ip\\_list\\_all.php/Tor\\_ip\\_list\\_ALL.csv>                                           |
| torproject.org          | <https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1>                                                     |
| sslproxies.org          | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies\\_1d.ipset>                                |
| abuse.ch                | <https://sslbl.abuse.ch/blacklist/sslipblacklist.csv>                                                                    |
| socks-proxy.net         | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks\\_proxy\\_7d.ipset>                             |
| snort.org               | <http://labs.snort.org/feeds/ip-filter.blf>                                                                              |
| sblam.com               | <http://sblam.com/blacklist.txt>                                                                                         |
| rutgers.edu             | <http://report.rutgers.edu/DROP/attackers>                                                                               |
| rosinstrument.com       | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri\\_web\\_proxies\\_30d.ipset>                       |
| abuse.ch                | <http://ransomwaretracker.abuse.ch/downloads/RW\\_URLBL.txt>                                                             |
| abuse.ch                | <http://ransomwaretracker.abuse.ch/downloads/RW\\_IPBL.txt>                                                              |
| abuse.ch                | <http://ransomwaretracker.abuse.ch/downloads/RW\\_DOMBL.txt>                                                             |
| spys.ru                 | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy\\_1d.ipset>                                  |
| proxyrss.com            | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss\\_1d.ipset>                                  |
| proxylists.net          | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists\\_1d.ipset>                                |
| cybercrime-tracker.net  | <http://cybercrime-tracker.net/ccpmgate.php>                                                                             |
| malwaredomains.com      | <https://raw.githubusercontent.com/futpib/policeman-rulesets/master/examples/simple\\_domains\\_blacklist.txt>           |
| abuse.ch                | <https://palevotracker.abuse.ch/blocklists.php?download=combinedblocklist>                                               |
| packetmail.net          | <https://www.packetmail.net/iprep\\_ramnode.txt>                                                                         |
| openphish.com           | <https://openphish.com/feed.txt>                                                                                         |
| openbl.org              | <http://www.openbl.org/lists/base.txt>                                                                                   |
| nothink.org             | <http://www.nothink.org/blacklist/blacklist\\_malware\\_irc.txt>                                                         |
| myip.ms                 | <https://myip.ms/files/blacklist/htaccess/latest\\_blacklist.txt>                                                        |
| maxmind.com             | <https://www.maxmind.com/en/high-risk-ip-sample-list>                                                                    |
| malwarepatrol.net       | <https://lists.malwarepatrol.net/cgi/getfile?receipt=f1417692233\\&product=8\\&list=dansguardian>                        |
| malwaredomains.com      | <http://malwaredomains.lehigh.edu/files/domains.txt>                                                                     |
| malwaredomainlist.com   | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset>                              |
| malwaredomainlist.com   | <https://www.malwaredomainlist.com/hostslist/hosts.txt>                                                                  |
| malc0de.com             | <https://malc0de.com/bl/ZONES>                                                                                           |
| otx.alienvault.com      | <https://raw.githubusercontent.com/Neo23x0/signature-base/39787aaefa6b70b0be6e7dcdc425b65a716170ca/iocs/otx-c2-iocs.txt> |
| greensnow\.co           | <http://blocklist.greensnow.co/greensnow.txt>                                                                            |
| abuse.ch                | <https://feodotracker.abuse.ch/blocklist/?download=ipblocklist>                                                          |
| abuse.ch                | <https://feodotracker.abuse.ch/blocklist/?download=domainblocklist>                                                      |
| emergingthreats.net     | <https://rules.emergingthreats.net/open/suricata/rules/emerging-dns.rules>                                               |
| emergingthreats.net     | <http://rules.emergingthreats.net/open/suricata/rules/compromised-ips.txt>                                               |
| emergingthreats.net     | <http://rules.emergingthreats.net/open/suricata/rules/botcc.rules>                                                       |
| dshield.org             | <http://feeds.dshield.org/top10-2.txt>                                                                                   |
| dshield.org             | <https://isc.sans.edu/feeds/suspiciousdomains\\_Low.txt>                                                                 |
| dragonresearchgroup.org | <https://dragonresearchgroup.org/insight/vncprobe.txt>                                                                   |
| dragonresearchgroup.org | <https://dragonresearchgroup.org/insight/sshpwauth.txt>                                                                  |
| deepviz.com             | <https://intel.deepviz.com/recap/network/>                                                                               |
| cybercrime-tracker.net  | <http://cybercrime-tracker.net/all.php>                                                                                  |
| cruzit.com              | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit\\_web\\_attacks.ipset>                         |
| cinsscore.com           | <http://cinsscore.com/list/ci-badguys.txt>                                                                               |
| rulez.sk                | <http://danger.rulez.sk/projects/bruteforceblocker/blist.php>                                                            |
| botscout.com            | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout\\_1d.ipset>                                  |
| blocklist.de            | <http://lists.blocklist.de/lists/all.txt>                                                                                |
| bitnodes.io             | <https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin\\_nodes\\_1d.ipset>                           |
| bambenekconsulting.com  | <http://osint.bambenekconsulting.com/feeds/dga-feed.txt>                                                                 |
| bambenekconsulting.com  | <http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist-high.txt>                                                     |
| bambenekconsulting.com  | <http://osint.bambenekconsulting.com/feeds/c2-dommasterlist-high.txt>                                                    |
| badips.com              | <https://www.badips.com/get/list/any/2?age=7d>                                                                           |
| cybercrime-tracker.net  | <http://cybercrime-tracker.net/ccam.php>                                                                                 |
| alienvault.com          | <https://reputation.alienvault.com/reputation.generic>                                                                   |