Available Feeds

The available feeds are grouped by the provider of the feeds. For each feed the collector and parser that can be used is documented as well as any feed-specific parameters. To add feeds to this file add them to intelmq/etc/feeds.yaml and then run intelmq/bin/intelmq_gen_feeds_docs.py to generate the new content of this file.

Abuse.ch

Feodo Tracker Browse

Collector

Parser

Feodo Tracker IPs

Collector

Parser

Ransomware Tracker

Collector

Parser

URLhaus

Collector

Parser

Zeus Tracker Domains

Collector

Parser

Zeus Tracker IPs

Collector

Parser

AlienVault

OTX

Collector

Parser

Reputation List

Collector

Parser

AnubisNetworks

Cyberfeed Stream

Collector

Parser

Autoshun

Shunlist

Collector

Parser

Bambenek

C2 Domains

Collector

Parser

C2 IPs

Collector

Parser

DGA Domains

Collector

Parser

Bitcash

Banned IPs

Collector

Parser

Blocklist.de

Apache

Collector

Parser

Bots

Collector

Parser

Brute-force Logins

Collector

Parser

FTP

Collector

Parser

IMAP

Collector

Parser

IRC Bots

Collector

Parser

Mail

Collector

Parser

SIP

Collector

Parser

SSH

Collector

Parser

Strong IPs

Collector

Parser

Blueliv

CrimeServer

Collector

Parser

CERT.PL

N6 Stomp Stream

Collector

Parser

CINSscore

Army List

Collector

Parser

Calidog

CertStream

Collector

Parser

CleanMX

Phishing

Collector

Parser

Virus

Collector

Parser

CyberCrime Tracker

Latest

Collector

Parser

DShield

AS Details

Collector

Parser

Block

Collector

Parser

Suspicious Domains

Collector

Parser

Danger Rulez

Bruteforce Blocker

Collector

Parser

SIP Invitation

Collector

Parser

Dataplane

SIP Query

Collector

Parser

SIP Registration

Collector

Parser

SSH Client Connection

Collector

Parser

SSH Password Authentication

Collector

Parser

DynDNS

Infected Domains

Collector

Parser

Fraunhofer

DDoS Attack Feed (C&C)

Collector

Parser

DDoS Attack Feed (Targets)

Collector

Parser

DGA Archive

Collector

Parser

HPHosts

Hosts

Collector

Parser

Have I Been Pwned

Enterprise Callback

server {
    listen 443 ssl http2;
    server_name [your host name];
    client_max_body_size 50M;

    ssl_certificate [path to your key];
    ssl_certificate_key [path to your certificate];

    location /[your private url] {
         if ($http_authorization != '[your private password]') {
             return 403;
         }
         proxy_pass http://localhost:5001/intelmq/push;
         proxy_read_timeout 30;
         proxy_connect_timeout 30;
     }
}

"

Collector

Parser

Malc0de

Bind Format

Collector

Parser

IP Blacklist

Collector

Parser

Windows Format

Collector

Parser

Malware Domain List

Blacklist

Collector

Parser

Malware Domains

Malicious

Collector

Parser

MalwarePatrol

DansGuardian

Collector

Parser

MalwareURL

Latest malicious activity

Collector

Parser

McAfee Advanced Threat Defense

Sandbox Reports

Collector

Parser

Microsoft

BingMURLs

Collector

Parser

CTIP

Collector

Parser

Netlab 360

DGA

Collector

Parser

Hajime Scanner

Collector

Parser

Magnitude EK

Collector

Parser

Mirai Scanner

Collector

Parser

Nothink

DNS Attack

Collector

Parser

SNMP

Collector

Parser

SSH

Collector

Parser

Telnet

Collector

Parser

OpenPhish

Phishing

Collector

Parser

OpenPhish Commercial

Phishing

Collector

Parser

PhishTank

Online

Collector

Parser

PrecisionSec

Agent Tesla

Collector

Parser

ShadowServer

Via IMAP

Collector

Parser

Via Request Tracker

Collector

Parser

Spamhaus

ASN Drop

Collector

Parser

CERT

Collector

Parser

Drop

Collector

Parser

Dropv6

Collector

Parser

EDrop

Collector

Parser

Sucuri

Hidden IFrames

Collector

Parser

Surbl

Malicious Domains

Collector

Parser

Taichung

Netflow

Collector

Parser

Team Cymru

CAP

Collector

Parser

Full Bogons

Collector

Parser

Threatminer

Recent domains

Collector

Parser

Turris

Greylist

Collector

Parser

URLVir

Hosts

Collector

Parser

IPs

Collector

Parser

University of Toulouse

Blacklist

Collector

Parser

VXVault

URLs

Collector

Parser

ViriBack

Unsafe sites

Collector

Parser

WebInspektor

Unsafe sites

Collector

Parser

ZoneH

Defacements

Collector

Parser