All my scripts written in Bourne again shell.
This script download list of IP addresses, URL and domains, which are suspicious or maicious. List of sources:
- Feodo IP Blacklist
- Emerging Threats - Spamhaus DROP Nets
- DShield.org Suspicious Domain List (Low Sensitivity Level)
- DShield.org Suspicious Domain List (Medium Sensitivity Level)
- DShield.org Suspicious Domain List (High Sensitivity Level)
- Emerging Threats - Known hostile or compromised hosts
- Binary Defense Systems Artillery Threat Intelligence Feed and Banlist Feed
- AlienVault - IP Reputation Database
- SSLBL - SSL Blacklist
- ZeuS Tracker - IP Blacklist
- Malc0de - Malc0de Blacklist
- Ransomware Tracker - Ransomware IP Blacklist
- Ransomware Tracker - Ransomware Domain Blacklist
- Ransomware Tracker - Ransomware URL Blacklist
- Threatexpert.com Malicious Domains
- Bambenek's Feed of known, active and non-sinkholed C&Cs IP addresses
- BotScout FireHOL IP List
- Brute Force Blocker IP List
- CI Army Bad IPs
- Malware Domain Blacklist
- Talos Reputation Center
- Talos Reputation Center
- Blocklist.de - All attacked IP addresses
- Blocklist.de - Attacks on the service SSH
- Blocklist.de - Attacks on the service Mail, Postfix
- Blocklist.de - Attacks on the service Apache, Apache-DDOS, RFI-Attacks
- Blocklist.de - Attacks on the Service imap, sasl, pop3
- Blocklist.de - Attacks on the Service FTP
- Blocklist.de - All IP addresses that tried to login in a SIP-, VOIP- or Asterisk-Server
- Blocklist.de - Attacks attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots https://lists.blocklist.de/lists/bots.txt
- Blocklist.de - All IPs which are older then 2 month and have more then 5.000 attacks
- All IPs which attacks Joomlas, Wordpress and other Web-Logins with Brute-Force Loginss