Fantastic,
Perhaps you could consider adding these:
- **SSLBL Botnet C2 IP Blacklist (IPs only) **
https://sslbl.abuse.ch/blacklist/sslipblacklist.txt
- 3CoreSec Blacklist - ALL -
https://blacklist.3coresec.net/lists/all.txt
The "All" list could be fine tuned with these lists, in case anyone is interested
2a. - 3Coresec Hosts involved in **SSH brute-force**
[https://blacklist.3coresec.net/lists/ssh.txt ](https://blacklist.3coresec.net/lists/ssh.txt)
2b. -Hosts involved in **mass scanning** and/or exploitation attempts
[https://blacklist.3coresec.net/lists/misc.txt ](https://blacklist.3coresec.net/lists/misc.txt)
2c. -Hosts involved in **HTTP brute-force** and/or enumeration
[https://blacklist.3coresec.net/lists/http.txt ](https://blacklist.3coresec.net/lists/http.txt)