Matteo Lodi

We could use AbuseIPDB, Abuse.ch APIs to flag each IP address with malware name if available, or already known in the community. These should be a sort of first version...

Following on https://github.com/intelowlproject/GreedyBear/issues/524, we can provide custom feeds based on countries. This should be reflected in the feeds. I think this feed should be protected by authentication and provided only...

Following on https://github.com/intelowlproject/GreedyBear/issues/522, we could analyze the payload requests to categorize together IP addresses of the same cluster. Other ideas are welcome