Intel Feeds Source URLs

Updated 1 week ago by Elvis Hovor

This document lists the source URLs for both Open Source Intel feeds and Premium Intel Feeds.

Open Intel Feeds (OSINT)

Feed Source

Source URLs

Abuse.ch IP Blacklist

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

Abuse.ch Ransomware

https://ransomwaretracker.abuse.ch/feeds/csv/

Abuse.ch SSL Blacklist

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

AIS - DHS

https://taxii.dhs.gov:8443/flare/taxii11/poll

Bambenek

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

EU-CERT

https://www.circl.lu/doc/misp/feed-osint/

Hail_a_Taxii

http://hailataxii.com/taxii-discovery-service/

Hybrid Analysis_Public Feed

https://www.hybrid-analysis.com/feed?json

Open Intel Feeds (RSS)

Feed Source

Source URLs

Abuse.ch IP Blacklist

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

Abuse.ch Ransomware

https://ransomwaretracker.abuse.ch/feeds/csv/

Abuse.ch SSL Blacklist

https://sslbl.abuse.ch/blacklist/sslipblacklist.csv

AIS - DHS

https://taxii.dhs.gov:8443/flare/taxii11/poll

Bambenek

http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

EU-CERT

https://www.circl.lu/doc/misp/feed-osint/

Hail_a_Taxii

http://hailataxii.com/taxii-discovery-service/

Hybrid Analysis_Public Feed

https://www.hybrid-analysis.com/feed?json

Premium Intel Sources

Intel Source

Source URLs

A-ISAC

AlienVault OTX

https://otx.alienvault.com/api (indicators)

Alienvault OTX Pulse

https://otx.alienvault.com/api (pulses)

Cisco AMP ThreatGrid Analysis Feeds

https://panacea.threatgrid.com/api/v2/search/submissions

Cisco AMP ThreatGrid Indicator Query

https://panacea.threatgrid.com/api/v2/search/ips/domains/urls/artifacts/registry_key

Crowdstrike Falcon Detect

https://falconapi.crowdstrike.com/detects/queries/detects/

Crowdstrike Falcon Intelligence

https://intelapi.crowdstrike.com/indicator/v2/search/indicator

Crowdstrike Falcon Reports

https://intelapi.crowdstrike.com

Crowdstrike Falcon Stream

https://firehose.crowdstrike.com

CyberSource

https://ebc.cybersource.com/ebc/DownloadReport

Digital Shadows

https://portal-digitalshadows.com/api/incidents/find/intel-incidents/find/intel-threats/find

F-ISAC

https://fisac-signal-v3.jpcert.or.jp/api/

FS-ISAC

https://analysis.fsisac.com/taxii-discovery-service

Facebook Threat Exchange

https://graph.facebook.com/v2.8/threat_descriptors

Farsight DNSDB

https://api.dnsdb.info/lookup/rrset/name/www.farsightsecurity.com

Flashpoint

HybridAnalysis

https://www.hybrid-analysis.com/api/search

IBM X-Force

https://api.xforce.ibmcloud.comhttps://exchange.xforce.ibmcloud.com/search

Intel 471 Adversary Intelligence

Intel 471 Alerts Watchlist

Intel 471 Malware Intelligence

iSight Partners

https://api.isightpartners.com

Joe Sandbox

MISP

NCFTA CyFin

NCFTA TNT

Recorded Future

https://api.recordedfuture.com

Recorded Future Hash Intelligence

Recorded Future IP Intelligence

Recorded Future URL Intelligence

Recorded Future Vulnerability Intelligence

RiskIQ Blacklist

http://api.riskiq.net/api/blacklist/

RiskIQ PassiveTotal

https://api.passivetotal.org/v2

Shape Blackfish

Spy Cloud

VirusTotal

https://www.virustotal.com/vtapi/v2


How Did We Do?