Welcome to CrowdSec MISP Feeds

Note: All lists are individually limited to 5,000 entries. Only contains IPs that were active in the last 7 to 14 days.

Free Feeds

How to get it

Add https://feeds.crowdsec.net/free/ to your MISP feeds.

Content

• CrowdSec - Public Internet Scanners: IPs belonging to public internet scanners (Shodan, Censys, etc.).
• CrowdSec - Intelligence Feed: Aggressive IPs known for a long time and still.

---

Private Feeds

How to get it

Contact us at misp-feeds@crowdsec.net to request access to private feeds.

Content

• Emerging IPs involved in CVE exploitation: IPs first seen in the last 14 days and actively exploiting known vulnerabilities.
• Botnet IPs involved in ingress attacks: IPs belonging to botnets performing ingress attacks (exploitation, brute-force, etc.) and hosting malicious payloads.
• Malicious VPNs and Proxies: Proxies and VPNs IPs involved in ingress attacks.
• Browser Impersonation Bots: Malicious Bots impersonating bot user agents.