| Alexa High 1 Million websites |
Possible Whitelist of the highest 1 Million websites from Amazon(Alexa). |
| Apility.io |
Apility.io is a Minimal and Easy anti-abuse API blacklist lookup device. It helps customers to know instantly if an IP, Area or E-mail is blacklisted. It routinely extracts all the data in realtime from a number of sources. |
| APT Teams and Operations |
A spreadsheet containing data and intelligence about APT teams, operations and techniques. |
| AutoShun |
A public service providing at most 2000 malicious IPs and a few extra assets. |
| BGP Rating |
Rating of ASNs having probably the most malicious content material. |
| Botnet Tracker |
Tracks a number of lively botnets. |
| BOTVRIJ.EU |
Botvrij.eu supplies completely different units of open supply IOCs that you need to use in your safety gadgets to detect attainable malicious exercise. |
| BruteForceBlocker |
BruteForceBlocker is a perl script that displays a server’s sshd logs and identifies brute drive assaults, which it then makes use of to routinely configure firewall blocking guidelines and submit these IPs again to the mission website, |
| C&C Tracker |
A feed of identified, lively and non-sinkholed C&C IP addresses, from Bambenek Consulting. |
| CertStream |
Actual-time certificates transparency log replace stream. See SSL certificates as they’re issued in actual time. |
| CCSS Discussion board Malware Certificates |
The next is a listing of digital certificates which have been reported by the discussion board as probably being related to malware to varied certificates authorities. This data is meant to assist forestall corporations from utilizing digital certificates so as to add legitimacy to malware and encourage immediate revocation of such certificates. |
| CI Military Checklist |
A subset of the industrial CINS Rating listing, targeted on poorly rated IPs that aren’t at present current on different threatlists. |
| Cisco Umbrella |
Possible Whitelist of the highest 1 million websites resolved by Cisco Umbrella (was OpenDNS). |
| Essential Stack Intel |
The free risk intelligence parsed and aggregated by Essential Stack is prepared to be used in any Bro manufacturing system. You possibly can specify which feeds you belief and wish to ingest. |
| C1fApp |
C1fApp is a risk feed aggregation utility, offering a single feed, each Open Supply and personal. Supplies statistics dashboard, open API for search and is been operating for a number of years now. Searches are on historic information. |
| Cymon |
Cymon is an aggregator of indicators from a number of sources with historical past, so you have got a single interface to a number of risk feeds. It additionally supplies an API to go looking a database together with a reasonably net interface. Risk Intelligence Instruments. |
| Disposable E-mail Domains |
A set of nameless or disposable electronic mail domains generally used to spam/abuse companies. |
| DNSTrails |
Free intelligence supply for present and historic DNS data, WHOIS data, discovering different web sites related to sure IPs, subdomain information and applied sciences. There’s a IP and area intelligence API obtainable as nicely. |
| Rising Threats Firewall Guidelines |
A set of guidelines for a number of varieties of firewalls, together with iptables, PF and PIX. |
| Rising Threats IDS Guidelines |
A set of Snort and Suricata guidelines recordsdata that can be utilized for alerting or blocking. |
| ExoneraTor |
The ExoneraTor service maintains a database of IP addresses which have been a part of the Tor community. It solutions the query whether or not there was a Tor relay operating on a given IP deal with on a given date. |
| Exploitalert |
Itemizing of newest exploits launched. |
| ZeuS Tracker |
The Feodo Tracker abuse.ch tracks the Feodo trojan. |
| FireHOL IP Lists |
400+ publicly obtainable IP Feeds analysed to doc their evolution, geo-map, age of IPs, retention coverage, overlaps. The location focuses on cyber crime (assaults, abuse, malware). |
| FraudGuard |
FraudGuard is a service designed to offer a straightforward technique to validate utilization by constantly gathering and analyzing real-time web visitors. Risk Intelligence Instruments. |
| Gray Noise |
Gray Noise is a system that collects and analyzes information on Web-wide scanners.It collects information on benign scanners similar to Shodan.io, in addition to malicious actors like SSH and telnet worms. |
| Hail a TAXII |
Hail a TAXII.com is a repository of Open Supply Cyber Risk Intelligence feeds in STIX format. They provide a number of feeds, together with some which can be listed right here already in a special format, just like the Rising Threats guidelines and PhishTank feeds. |
| HoneyDB |
HoneyDB supplies actual time information of honeypot exercise. This information comes from honeypots deployed on the Web utilizing the HoneyPy honeypot. As well as, HoneyDB supplies API entry to collected honeypot exercise, which additionally consists of aggregated information from varied honeypot Twitter feeds. |
| Icewater |
12,805 Free Yara guidelines created by http://icewater.io |
| I-Blocklist |
I-Blocklist maintains a number of varieties of lists containing IP addresses belonging to varied classes. A few of these fundamental classes embody international locations, ISPs and organizations. Different lists embody net assaults, TOR, spyware and adware and proxies. Many are free to make use of, and obtainable in varied codecs. |
| Majestic Million |
Possible Whitelist of the highest 1 million internet sites, as ranked by Majestic. Websites are ordered by the variety of referring subnets. Extra concerning the rating will be discovered on their weblog. |
| Malc0de DNS Sinkhole |
The recordsdata on this hyperlink can be up to date each day with domains which have been indentified distributing malware throughout the previous 30 days. Collected by malc0de. Risk Intelligence Instruments. |
| MalShare.com |
The MalShare Undertaking is a public malware repository that gives researchers free entry to samples. |
| Malware Area Checklist |
A searchable listing of malicious domains that additionally performs reverse lookups and lists registrants, targeted on phishing, trojans, and exploit kits. |
| MalwareDomains.com |
The DNS-BH mission creates and maintains a list of domains which can be identified for use to propagate malware and spyware and adware. These can be utilized for detection in addition to prevention (sinkholing DNS requests). |
| Metadefender.com |
Metadefender Cloud Risk Intelligence Feeds comprises high new malware hash signatures, together with MD5, SHA1, and SHA256. These new malicious hashes have been noticed by Metadefender Cloud throughout the final 24 hours. The feeds are up to date each day with newly detected and reported malware to offer actionable and well timed risk intelligence. |
| Minotaur |
The Minotaur Undertaking is an ongoing analysis mission by the group at NovCon Options (novcon.web). It’s being constructed as a hub for safety professionals, researchers and fanatics to find new threats and talk about mitigations. It’s a mixture of Third-party opensource software program, native datasets, new evaluation instruments, and extra. |
| Netlab OpenData Undertaking |
The Netlab OpenData mission was introduced to the general public first at ISC’ 2016 on August 16, 2016. We at present present a number of information feeds, together with DGA, EK, MalCon, Mirai C2, Mirai-Scanner, Hajime-Scanner and DRDoS Reflector. |
| NoThink! |
SNMP, SSH, Telnet Blacklisted IPs from Matteo Cantoni’s Honeypots. Risk Intelligence Instruments. |
| NormShield Companies |
NormShield Companies present 1000’s of area data (together with whois data) that potential phishing assaults might come from. Breach and blacklist companies additionally obtainable. There may be free join public companies for steady monitoring. |
| OpenPhish Feeds |
OpenPhish receives URLs from a number of streams and analyzes them utilizing its proprietary phishing detection algorithms. There are free and industrial choices obtainable. |
| PhishTank |
PhishTank delivers a listing of suspected phishing URLs. Their information comes from human stories, however in addition they ingest exterior feeds the place attainable. It’s a free service, however registering for an API key’s typically vital. |
| Ransomware Tracker |
The Ransomware Tracker by abuse.ch tracks and displays the standing of domains, IP addresses and URLs which can be related to Ransomware, similar to Botnet C&C servers, distribution websites and cost websites. |
| Rutgers Blacklisted IPs |
IP Checklist of SSH Brute drive attackers is created from a merged of domestically noticed IPs and a pair of hours outdated IPs registered at badip.com and blocklist.de |
| SANS ICS Suspicious Domains |
The Suspicious Domains Risk Lists by SANS ICS tracks suspicious domains. It provides 3 lists categorized as both excessive, medium or low sensitivity, the place the excessive sensitivity listing has fewer false positives, whereas the low sensitivity listing with extra false positives. There may be additionally an authorised whitelist of domains.
Lastly, there’s a advised IP blocklist from DShield. |
| signature-base |
A database of signatures utilized in different instruments by Neo23x0. |
| The Spamhaus mission |
The Spamhaus Undertaking comprises a number of threatlists related to spam and malware exercise. |
| SSL Blacklist |
SSL Blacklist (SSLBL) is a mission maintained by abuse.ch. The objective is to offer a listing of “dangerous” SSL certificates recognized by abuse.ch to be related to malware or botnet actions. SSLBL depends on SHA1 fingerprints of malicious SSL certificates and provides varied blacklists |
| Statvoo High 1 Million Websites |
Possible Whitelist of the highest 1 million internet sites, as ranked by Statvoo.Risk Intelligence Instruments. |
| Strongarm, by Percipient Networks |
Strongarm is a DNS blackhole that takes motion on indicators of compromise by blocking malware command and management. Strongarm aggregates free indicator feeds, integrates with industrial feeds, makes use of Percipient’s IOC feeds, and operates DNS resolvers and APIs so that you can use to guard your community and enterprise. Strongarm is free for private use. |
| Talos Aspis |
Undertaking Aspis is a closed collaboration between Talos and internet hosting suppliers to establish and deter main risk actors. Talos shares its experience, assets, and capabilities together with community and system forensics, reverse engineering, and risk intelligence for free of charge to the supplier. |
| Technical Blogs and Reviews, by ThreatConnect |
This supply is being populated with the content material from over 90 open supply, safety blogs. IOCs (Indicators of Compromise) are parsed out of every weblog and the content material of the weblog is formatted in markdown. |
| Threatglass |
An internet device for sharing, shopping and analyzing web-based malware. Threatglass permits customers to graphically browse web site infections by viewing screenshots of the phases of an infection, in addition to by analyzing community traits similar to host relationships and packet captures. |
| ThreatMiner |
ThreatMiner has been created to free analysts from information assortment and to offer them a portal on which they’ll perform their duties, from studying stories to pivoting and information enrichment. The emphasis of ThreatMiner isn’t nearly indicators of compromise (IoC) but additionally to offer analysts with contextual data associated to the IoC they’re . |
| WSTNPHX Malware E-mail Addresses |
E-mail addresses utilized by malware collected by VVestron Phoronix (WSTNPHX) |
| VirusShare |
VirusShare.com is a repository of malware samples to offer safety researchers, incident responders, forensic analysts, and the morbidly curious entry to samples of malicious code. Entry to the positioning is granted by way of invitation solely. |
| Yara-Guidelines |
An open supply repository with completely different Yara signatures which can be compiled, categorised and stored as updated as attainable. |
| ZeuS Tracker |
The ZeuS Tracker by abuse.ch tracks ZeuS Command & Management servers (hosts) world wide and supplies you a domain- and a IP-blocklist. |
