iplists.firehol.org
Open in
urlscan Pro
2a06:98c1:3120::c
Public Scan
URL:
http://iplists.firehol.org/
Submission: On September 02 via manual from IT — Scanned from NL
Submission: On September 02 via manual from IT — Scanned from NL
Form analysis
1 forms found in the DOM<form id="search_form" class="navbar-form navbar-left navbar-input-group " role="search">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><span class="glyphicon glyphicon-search"></span></span>
<span class="twitter-typeahead" style="position: relative; display: inline-block;"><input class="form-control typeahead tt-hint" type="text"
style="width: 290px; position: absolute; top: 0px; left: 0px; border-color: transparent; box-shadow: none; opacity: 1; background: none 0% 0% / auto repeat scroll padding-box border-box rgb(255, 255, 255);" readonly="" autocomplete="off"
spellcheck="false" tabindex="-1" dir="ltr"><input id="search_input" class="form-control typeahead tt-input" type="text" placeholder="search 369 IP lists, by name or maintainer"
style="width: 290px; position: relative; vertical-align: top; background-color: transparent;" autocomplete="off" spellcheck="false" dir="auto">
<pre aria-hidden="true"
style="position: absolute; visibility: hidden; white-space: pre; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; word-spacing: 0px; letter-spacing: 0px; text-indent: 0px; text-rendering: auto; text-transform: none;"></pre>
<div class="tt-menu" style="position: absolute; top: 100%; left: 0px; z-index: 100; display: none;">
<div class="tt-dataset tt-dataset-search_ipsets"></div>
</div>
</span>
</div>
</div>
</form>
Text Content
Toggle navigation FireHOL IP Lists * Home * About * About * Evolution * Map * Age * Retention * Overlaps * Comments * Wiki new! * * All Lists * alienvault_reputation * anonymous * asprox_c2 * bambenek_banjori * bambenek_bebloh * bambenek_c2 * bambenek_cl * bambenek_cryptowall * bambenek_dircrypt * bambenek_dyre * bambenek_geodo * bambenek_hesperbot * bambenek_matsnu * bambenek_necurs * bambenek_p2pgoz * bambenek_pushdo * bambenek_pykspa * bambenek_qakbot * bambenek_ramnit * bambenek_ranbyus * bambenek_simda * bambenek_suppobox * bambenek_symmi * bambenek_tinba * bambenek_volatile * bbcan177_ms1 * bbcan177_ms3 * bds_atif * bitcoin_nodes * bitcoin_nodes_1d * bitcoin_nodes_30d * bitcoin_nodes_7d * blocklist_de * blocklist_de_apache * blocklist_de_bots * blocklist_de_bruteforce * blocklist_de_ftp * blocklist_de_imap * blocklist_de_mail * blocklist_de_sip * blocklist_de_ssh * blocklist_de_strongips * blocklist_net_ua * blueliv_crimeserver_last * blueliv_crimeserver_last_1d * blueliv_crimeserver_last_2d * blueliv_crimeserver_last_30d * blueliv_crimeserver_last_7d * blueliv_crimeserver_online * blueliv_crimeserver_recent * bogons * botscout * botscout_1d * botscout_30d * botscout_7d * botvrij_dst * botvrij_src * bruteforceblocker * ciarmy * cidr_report_bogons * cleantalk * cleantalk_1d * cleantalk_30d * cleantalk_7d * cleantalk_new * cleantalk_new_1d * cleantalk_new_30d * cleantalk_new_7d * cleantalk_top20 * cleantalk_updated * cleantalk_updated_1d * cleantalk_updated_30d * cleantalk_updated_7d * coinbl_hosts * coinbl_hosts_browser * coinbl_hosts_optional * coinbl_ips * cruzit_web_attacks * cta_cryptowall * cybercrime * darklist_de * datacenters * dataplane_dnsrd * dataplane_dnsrdany * dataplane_dnsversion * dataplane_sipinvitation * dataplane_sipquery * dataplane_sipregistration * dataplane_sshclient * dataplane_sshpwauth * dataplane_vncrfb * dm_tor * dronebl_anonymizers * dronebl_auto_botnets * dronebl_autorooting_worms * dronebl_compromised * dronebl_ddos_drones * dronebl_dns_mx_on_irc * dronebl_irc_drones * dronebl_unknown * dronebl_worms_bots * dshield * dshield_1d * dshield_30d * dshield_7d * dshield_top_1000 * dyndns_ponmocup * esentire_14072015_com * esentire_14072015q_com * esentire_22072014a_com * esentire_22072014b_com * esentire_22072014c_com * esentire_atomictrivia_ru * esentire_auth_update_ru * esentire_burmundisoul_ru * esentire_crazyerror_su * esentire_dagestanskiiviskis_ru * esentire_differentia_ru * esentire_disorderstatus_ru * esentire_dorttlokolrt_com * esentire_downs1_ru * esentire_ebankoalalusys_ru * esentire_emptyarray_ru * esentire_fioartd_com * esentire_getarohirodrons_com * esentire_hasanhashsde_ru * esentire_inleet_ru * esentire_islamislamdi_ru * esentire_krnqlwlplttc_com * esentire_maddox1_ru * esentire_manning1_ru * esentire_misteryherson_ru * esentire_mysebstarion_ru * esentire_smartfoodsglutenfree_kz * esentire_venerologvasan93_ru * esentire_volaya_ru * et_block * et_botcc * et_compromised * et_dshield * et_spamhaus * et_tor * feodo * feodo_badips * firehol_abusers_1d * firehol_abusers_30d * firehol_anonymous * firehol_level1 * firehol_level2 * firehol_level3 * firehol_level4 * firehol_proxies * firehol_webclient * firehol_webserver * fullbogons * gpf_comics * graphiclineweb * greensnow * haley_ssh * hphosts_ats * hphosts_emd * hphosts_exp * hphosts_fsa * hphosts_grm * hphosts_hfs * hphosts_hjk * hphosts_mmt * hphosts_pha * hphosts_psh * hphosts_wrz * iblocklist_abuse_palevo * iblocklist_abuse_spyeye * iblocklist_abuse_zeus * iblocklist_ads * iblocklist_badpeers * iblocklist_bogons * iblocklist_ciarmy_malicious * iblocklist_cidr_report_bogons * iblocklist_cruzit_web_attacks * iblocklist_dshield * iblocklist_edu * iblocklist_exclusions * iblocklist_fornonlancomputers * iblocklist_forumspam * iblocklist_hijacked * iblocklist_iana_multicast * iblocklist_iana_private * iblocklist_iana_reserved * iblocklist_isp_aol * iblocklist_isp_att * iblocklist_isp_cablevision * iblocklist_isp_charter * iblocklist_isp_comcast * iblocklist_isp_embarq * iblocklist_isp_qwest * iblocklist_isp_sprint * iblocklist_isp_suddenlink * iblocklist_isp_twc * iblocklist_isp_verizon * iblocklist_level1 * iblocklist_level2 * iblocklist_level3 * iblocklist_malc0de * iblocklist_onion_router * iblocklist_org_activision * iblocklist_org_apple * iblocklist_org_blizzard * iblocklist_org_crowd_control * iblocklist_org_electronic_arts * iblocklist_org_joost * iblocklist_org_linden_lab * iblocklist_org_logmein * iblocklist_org_microsoft * iblocklist_org_ncsoft * iblocklist_org_nintendo * iblocklist_org_pandora * iblocklist_org_pirate_bay * iblocklist_org_punkbuster * iblocklist_org_riot_games * iblocklist_org_sony_online * iblocklist_org_square_enix * iblocklist_org_steam * iblocklist_org_ubisoft * iblocklist_org_xfire * iblocklist_pedophiles * iblocklist_proxies * iblocklist_rangetest * iblocklist_spamhaus_drop * iblocklist_spider * iblocklist_spyware * iblocklist_webexploit * iblocklist_yoyo_adservers * ip2proxy_px1lite * ipblacklistcloud_recent * ipblacklistcloud_recent_1d * ipblacklistcloud_recent_30d * ipblacklistcloud_recent_7d * ipblacklistcloud_top * iw_spamlist * iw_wormlist * lashback_ubl * malc0de * malwaredomainlist * maxmind_proxy_fraud * myip * nixspam * normshield_all_attack * normshield_all_bruteforce * normshield_all_ddosbot * normshield_all_dnsscan * normshield_all_spam * normshield_all_suspicious * normshield_all_wannacry * normshield_all_webscan * normshield_all_wormscan * normshield_high_attack * normshield_high_bruteforce * normshield_high_ddosbot * normshield_high_dnsscan * normshield_high_spam * normshield_high_suspicious * normshield_high_wannacry * normshield_high_webscan * normshield_high_wormscan * nt_malware_dns * nt_malware_http * nt_malware_irc * nt_ssh_7d * nullsecure * packetmail * packetmail_emerging_ips * packetmail_mail * packetmail_ramnode * php_commenters * php_commenters_1d * php_commenters_30d * php_commenters_7d * php_dictionary * php_dictionary_1d * php_dictionary_30d * php_dictionary_7d * php_harvesters * php_harvesters_1d * php_harvesters_30d * php_harvesters_7d * php_spammers * php_spammers_1d * php_spammers_30d * php_spammers_7d * proxylists * proxylists_1d * proxylists_30d * proxylists_7d * proxz * proxz_1d * proxz_30d * proxz_7d * pushing_inertia_blocklist * ransomware_cryptowall_ps * ransomware_feed * ransomware_locky_c2 * ransomware_locky_ps * ransomware_online * ransomware_rw * ransomware_teslacrypt_ps * ransomware_torrentlocker_c2 * ransomware_torrentlocker_ps * satellite * sblam * shunlist * snort_ipfilter * socks_proxy * socks_proxy_1d * socks_proxy_30d * socks_proxy_7d * sorbs_anonymizers * sorbs_dul * sorbs_escalations * sorbs_new_spam * sorbs_noserver * sorbs_recent_spam * sorbs_smtp * sorbs_web * sorbs_zombie * spamhaus_drop * spamhaus_edrop * sslbl * sslbl_aggressive * sslproxies * sslproxies_1d * sslproxies_30d * sslproxies_7d * stopforumspam * stopforumspam_180d * stopforumspam_1d * stopforumspam_30d * stopforumspam_365d * stopforumspam_7d * stopforumspam_90d * stopforumspam_toxic * taichung * talosintel_ipfilter * threatcrowd * tor_exits * tor_exits_1d * tor_exits_30d * tor_exits_7d * turris_greylist * urandomusto_dns * urandomusto_ftp * urandomusto_http * urandomusto_mailer * urandomusto_ntp * urandomusto_rdp * urandomusto_smb * urandomusto_ssh * urandomusto_telnet * urandomusto_unspecified * urandomusto_vnc * urlvir * uscert_hidden_cobra * voipbl * vxvault * xforce_bccs * xroxy * xroxy_1d * xroxy_30d * xroxy_7d * yoyo_adservers * Links * FireHOL Sites * FireHOL Home * IPSet Files in GitHub * * Interesting Articles * Threat Intelligence is Not Intellectual Property * * Other IP Blacklist Aggregators * Valli MultiRBL DNSBL Checker * CriticalStack Intel Marketplace * * Global Real Time Threat Monitors * LookingGlass, Global Botnet Infections * Google, Malware Distribution * Google, Digital Attack Map * FireEye, Threat Map * Kaspersky, Cyber Warfare Real Time Map * Deutche Telekom, Security Tachometer * Akamai, Real Time Web Attacks Monitor * Norse, IpViking Live Map * Trend Micro, Global Botnet Threat Activity Map * F-Secure, Globe ALL CYBERCRIME IP FEEDS BY FIREHOL This site analyses all available security IP Feeds, mainly related to on-line attacks, on-line service abuse, malwares, botnets, command and control servers and other cybercrime activities. Scroll down! The main menu is several pages long... Discuss about this site! Have you seen netdata? Do you like this site? Help us make it better. OVERVIEW OF FIREHOL_LEVEL1 namefirehol_level1 categoryattacks maintainerFireHOL IP familyipv4 ipset hashhash:net ipset entries2,360 min: 2,360 max: 2,549 unique IPs614,479,616 min: 614,479,616 max: 615,780,864 source(not a url) local copydownload local copy changesetsgithub commit log check frequency1 minute average update frequency4 hours and 33 minutes aggregationnone fetch errorsnone monitoring sinceFri Jun 19 2015 07:26:23 GMT+0000 (GMT) (2632 days and 4 minutes ago) last time updated by its maintainersThu Sep 01 2022 22:40:37 GMT+0000 (GMT) (8 hours and 49 minutes ago) last time processed by usThu Sep 01 2022 23:24:21 GMT+0000 (GMT) (8 hours and 6 minutes ago) last time we checkedThu Sep 01 2022 23:24:21 GMT+0000 (GMT) (8 hours and 6 minutes ago) Found a bug? Search issues -------------------------------------------------------------------------------- ALL IP LISTS MONITORED * By Category * By Maintainer * Alphabetically older alienvault_reputation older anonymous older errors asprox_c2 older errors bambenek_banjori older errors bambenek_bebloh older errors bambenek_c2 older errors bambenek_cl older errors bambenek_cryptowall older errors bambenek_dircrypt older errors bambenek_dyre older errors bambenek_geodo older errors bambenek_hesperbot older errors bambenek_matsnu older errors bambenek_necurs older errors bambenek_p2pgoz older errors bambenek_pushdo older errors bambenek_pykspa older errors bambenek_qakbot older errors bambenek_ramnit older errors bambenek_ranbyus older errors bambenek_simda older errors bambenek_suppobox older errors bambenek_symmi older errors bambenek_tinba older errors bambenek_volatile older bbcan177_ms1 older bbcan177_ms3 this hour bds_atif now bitcoin_nodes now bitcoin_nodes_1d now bitcoin_nodes_30d now bitcoin_nodes_7d this hour blocklist_de this hour blocklist_de_apache this hour blocklist_de_bots this hour blocklist_de_bruteforce this hour blocklist_de_ftp this hour blocklist_de_imap this hour blocklist_de_mail this hour blocklist_de_sip this hour blocklist_de_ssh this hour blocklist_de_strongips now blocklist_net_ua older errors blueliv_crimeserver_last older blueliv_crimeserver_last_1d older blueliv_crimeserver_last_2d older blueliv_crimeserver_last_30d older blueliv_crimeserver_last_7d older errors blueliv_crimeserver_online older errors blueliv_crimeserver_recent older bogons now botscout now botscout_1d now botscout_30d now botscout_7d older botvrij_dst older botvrij_src older errors bruteforceblocker this hour ciarmy older errors cidr_report_bogons today cleantalk today cleantalk_1d today cleantalk_30d today cleantalk_7d today errors cleantalk_new today cleantalk_new_1d today cleantalk_new_30d today cleantalk_new_7d this week cleantalk_top20 today errors cleantalk_updated today cleantalk_updated_1d today cleantalk_updated_30d today cleantalk_updated_7d older coinbl_hosts older coinbl_hosts_browser older coinbl_hosts_optional older errors coinbl_ips today cruzit_web_attacks older cta_cryptowall today cybercrime this week errors darklist_de older datacenters older errors dataplane_dnsrd older errors dataplane_dnsrdany older errors dataplane_dnsversion older errors dataplane_sipinvitation older errors dataplane_sipquery older errors dataplane_sipregistration older errors dataplane_sshclient older errors dataplane_sshpwauth older errors dataplane_vncrfb this hour dm_tor now dronebl_anonymizers older dronebl_auto_botnets older dronebl_autorooting_worms this week dronebl_compromised older dronebl_ddos_drones older dronebl_dns_mx_on_irc today dronebl_irc_drones older dronebl_unknown today dronebl_worms_bots today dshield today dshield_1d today dshield_30d today dshield_7d older dshield_top_1000 today dyndns_ponmocup older esentire_14072015_com older esentire_14072015q_com older esentire_22072014a_com older esentire_22072014b_com older esentire_22072014c_com older esentire_atomictrivia_ru older esentire_auth_update_ru older esentire_burmundisoul_ru older esentire_crazyerror_su older esentire_dagestanskiiviskis_ru older esentire_differentia_ru older esentire_disorderstatus_ru older esentire_dorttlokolrt_com older esentire_downs1_ru older esentire_ebankoalalusys_ru older esentire_emptyarray_ru older esentire_fioartd_com older esentire_getarohirodrons_com older esentire_hasanhashsde_ru older esentire_inleet_ru older esentire_islamislamdi_ru older esentire_krnqlwlplttc_com older esentire_maddox1_ru older esentire_manning1_ru older esentire_misteryherson_ru older esentire_mysebstarion_ru older esentire_smartfoodsglutenfree_kz older esentire_venerologvasan93_ru older esentire_volaya_ru this week et_block older et_botcc this week et_compromised this week et_dshield this week et_spamhaus this week et_tor older feodo older feodo_badips now firehol_abusers_1d 4 hours firehol_abusers_30d now firehol_anonymous today firehol_level1 now firehol_level2 this hour firehol_level3 now firehol_level4 now firehol_proxies today firehol_webclient 4 hours firehol_webserver today fullbogons older errors gpf_comics older graphiclineweb now greensnow this hour haley_ssh older errors hphosts_ats older errors hphosts_emd older errors hphosts_exp older errors hphosts_fsa older errors hphosts_grm older errors hphosts_hfs older errors hphosts_hjk older errors hphosts_mmt older errors hphosts_pha older errors hphosts_psh older errors hphosts_wrz older iblocklist_abuse_palevo older iblocklist_abuse_spyeye older iblocklist_abuse_zeus 4 hours iblocklist_ads older iblocklist_badpeers older iblocklist_bogons today iblocklist_ciarmy_malicious today iblocklist_cidr_report_bogons today iblocklist_cruzit_web_attacks older iblocklist_dshield today iblocklist_edu older iblocklist_exclusions older iblocklist_fornonlancomputers older iblocklist_forumspam older iblocklist_hijacked older iblocklist_iana_multicast older iblocklist_iana_private older iblocklist_iana_reserved older iblocklist_isp_aol older iblocklist_isp_att older iblocklist_isp_cablevision older iblocklist_isp_charter older iblocklist_isp_comcast older iblocklist_isp_embarq older iblocklist_isp_qwest older iblocklist_isp_sprint older iblocklist_isp_suddenlink older iblocklist_isp_twc older iblocklist_isp_verizon today iblocklist_level1 4 hours iblocklist_level2 this week iblocklist_level3 older iblocklist_malc0de today iblocklist_onion_router older iblocklist_org_activision older iblocklist_org_apple older iblocklist_org_blizzard older iblocklist_org_crowd_control older iblocklist_org_electronic_arts older iblocklist_org_joost older iblocklist_org_linden_lab older iblocklist_org_logmein older iblocklist_org_microsoft older iblocklist_org_ncsoft older iblocklist_org_nintendo older iblocklist_org_pandora older iblocklist_org_pirate_bay older iblocklist_org_punkbuster older iblocklist_org_riot_games older iblocklist_org_sony_online older iblocklist_org_square_enix older iblocklist_org_steam older iblocklist_org_ubisoft older iblocklist_org_xfire older iblocklist_pedophiles older iblocklist_proxies older iblocklist_rangetest older iblocklist_spamhaus_drop older iblocklist_spider today iblocklist_spyware older iblocklist_webexploit this week iblocklist_yoyo_adservers today ip2proxy_px1lite older ipblacklistcloud_recent older ipblacklistcloud_recent_1d older ipblacklistcloud_recent_30d older ipblacklistcloud_recent_7d older ipblacklistcloud_top older errors iw_spamlist older errors iw_wormlist older errors lashback_ubl older errors malc0de older errors malwaredomainlist older maxmind_proxy_fraud 4 hours myip older errors nixspam older normshield_all_attack older normshield_all_bruteforce older normshield_all_ddosbot older normshield_all_dnsscan older normshield_all_spam older normshield_all_suspicious older normshield_all_wannacry older normshield_all_webscan older normshield_all_wormscan older normshield_high_attack older normshield_high_bruteforce older normshield_high_ddosbot older normshield_high_dnsscan older normshield_high_spam older normshield_high_suspicious older normshield_high_wannacry older normshield_high_webscan older normshield_high_wormscan older errors nt_malware_dns older errors nt_malware_http older errors nt_malware_irc older errors nt_ssh_7d older errors nullsecure older errors packetmail older errors packetmail_emerging_ips older errors packetmail_mail older errors packetmail_ramnode 4 hours php_commenters 4 hours php_commenters_1d 4 hours php_commenters_30d 4 hours php_commenters_7d today php_dictionary today php_dictionary_1d today php_dictionary_30d today php_dictionary_7d today php_harvesters today php_harvesters_1d today php_harvesters_30d today php_harvesters_7d today php_spammers today php_spammers_1d today php_spammers_30d today php_spammers_7d older proxylists older proxylists_1d older proxylists_30d older proxylists_7d older proxz older proxz_1d older proxz_30d older proxz_7d older pushing_inertia_blocklist older errors ransomware_cryptowall_ps older errors ransomware_feed older errors ransomware_locky_c2 older errors ransomware_locky_ps older ransomware_online older errors ransomware_rw older errors ransomware_teslacrypt_ps older errors ransomware_torrentlocker_c2 older errors ransomware_torrentlocker_ps older satellite older errors sblam older errors shunlist older errors snort_ipfilter this hour socks_proxy this hour socks_proxy_1d this hour socks_proxy_30d this hour socks_proxy_7d older sorbs_anonymizers older sorbs_dul older sorbs_escalations older sorbs_new_spam older sorbs_noserver older sorbs_recent_spam older sorbs_smtp older sorbs_web older sorbs_zombie today spamhaus_drop this week spamhaus_edrop older sslbl older sslbl_aggressive now sslproxies 4 hours sslproxies_1d 4 hours sslproxies_30d this hour sslproxies_7d today stopforumspam today stopforumspam_180d this hour stopforumspam_1d this hour stopforumspam_30d 4 hours stopforumspam_365d today stopforumspam_7d 4 hours stopforumspam_90d older stopforumspam_toxic older errors taichung older errors talosintel_ipfilter older threatcrowd older errors tor_exits older tor_exits_1d older tor_exits_30d older tor_exits_7d older errors turris_greylist older errors urandomusto_dns older errors urandomusto_ftp older errors urandomusto_http older errors urandomusto_mailer older errors urandomusto_ntp older errors urandomusto_rdp older errors urandomusto_smb older errors urandomusto_ssh older errors urandomusto_telnet older errors urandomusto_unspecified older errors urandomusto_vnc older errors urlvir older errors uscert_hidden_cobra 4 hours voipbl this week vxvault older xforce_bccs this hour xroxy this hour xroxy_1d 4 hours xroxy_30d 4 hours xroxy_7d older errors yoyo_adservers ABUSE now blocklist_net_ua now botscout now botscout_1d now botscout_30d now botscout_7d today cleantalk today cleantalk_1d today cleantalk_30d today cleantalk_7d today errors cleantalk_new today cleantalk_new_1d today cleantalk_new_30d today cleantalk_new_7d this week cleantalk_top20 today errors cleantalk_updated today cleantalk_updated_1d today cleantalk_updated_30d today cleantalk_updated_7d today dronebl_irc_drones now firehol_abusers_1d 4 hours firehol_abusers_30d older errors gpf_comics older graphiclineweb older errors hphosts_hfs older iblocklist_forumspam older ipblacklistcloud_recent older ipblacklistcloud_recent_1d older ipblacklistcloud_recent_30d older ipblacklistcloud_recent_7d older ipblacklistcloud_top 4 hours myip older normshield_all_suspicious older normshield_high_suspicious older errors sblam today stopforumspam today stopforumspam_180d this hour stopforumspam_1d this hour stopforumspam_30d 4 hours stopforumspam_365d today stopforumspam_7d 4 hours stopforumspam_90d older stopforumspam_toxic -------------------------------------------------------------------------------- ANONYMIZERS this hour dm_tor now dronebl_anonymizers this week et_tor now firehol_anonymous now firehol_proxies today iblocklist_onion_router older iblocklist_proxies today ip2proxy_px1lite older maxmind_proxy_fraud older proxylists older proxylists_1d older proxylists_30d older proxylists_7d older proxz older proxz_1d older proxz_30d older proxz_7d this hour socks_proxy this hour socks_proxy_1d this hour socks_proxy_30d this hour socks_proxy_7d now sslproxies 4 hours sslproxies_1d 4 hours sslproxies_30d this hour sslproxies_7d older errors tor_exits older tor_exits_1d older tor_exits_30d older tor_exits_7d this hour xroxy this hour xroxy_1d 4 hours xroxy_30d 4 hours xroxy_7d -------------------------------------------------------------------------------- ATTACKS this hour blocklist_de this hour blocklist_de_apache this hour blocklist_de_bots this hour blocklist_de_bruteforce this hour blocklist_de_ftp this hour blocklist_de_imap this hour blocklist_de_mail this hour blocklist_de_sip this hour blocklist_de_ssh this hour blocklist_de_strongips older errors blueliv_crimeserver_last older blueliv_crimeserver_last_1d older blueliv_crimeserver_last_2d older blueliv_crimeserver_last_30d older blueliv_crimeserver_last_7d older errors blueliv_crimeserver_online older errors blueliv_crimeserver_recent older botvrij_dst older botvrij_src older errors bruteforceblocker today cruzit_web_attacks this week errors darklist_de older errors dataplane_dnsrd older errors dataplane_dnsrdany older errors dataplane_dnsversion older errors dataplane_sipinvitation older errors dataplane_sipquery older errors dataplane_sipregistration older errors dataplane_sshclient older errors dataplane_sshpwauth older errors dataplane_vncrfb older dronebl_autorooting_worms this week dronebl_compromised older dronebl_ddos_drones today dshield today dshield_1d today dshield_30d today dshield_7d older dshield_top_1000 this week et_block this week et_compromised this week et_dshield this week et_spamhaus today firehol_level1 now firehol_level2 this hour firehol_level3 now firehol_level4 4 hours firehol_webserver now greensnow this hour haley_ssh today iblocklist_cruzit_web_attacks older iblocklist_dshield older iblocklist_hijacked older iblocklist_spamhaus_drop older normshield_all_attack older normshield_all_bruteforce older normshield_all_ddosbot older normshield_all_dnsscan older normshield_all_webscan older normshield_high_attack older normshield_high_bruteforce older normshield_high_ddosbot older normshield_high_dnsscan older normshield_high_webscan older errors nt_malware_dns older errors nt_malware_http older errors nt_malware_irc older errors nt_ssh_7d older errors shunlist older errors snort_ipfilter older errors taichung older errors talosintel_ipfilter older errors urandomusto_dns older errors urandomusto_ftp older errors urandomusto_http older errors urandomusto_ntp older errors urandomusto_rdp older errors urandomusto_smb older errors urandomusto_ssh older errors urandomusto_telnet older errors urandomusto_unspecified older errors urandomusto_vnc older errors uscert_hidden_cobra 4 hours voipbl -------------------------------------------------------------------------------- GEOLOCATION older anonymous older satellite -------------------------------------------------------------------------------- MALWARE older errors asprox_c2 older errors bambenek_banjori older errors bambenek_bebloh older errors bambenek_c2 older errors bambenek_cl older errors bambenek_cryptowall older errors bambenek_dircrypt older errors bambenek_dyre older errors bambenek_geodo older errors bambenek_hesperbot older errors bambenek_matsnu older errors bambenek_necurs older errors bambenek_p2pgoz older errors bambenek_pushdo older errors bambenek_pykspa older errors bambenek_qakbot older errors bambenek_ramnit older errors bambenek_ranbyus older errors bambenek_simda older errors bambenek_suppobox older errors bambenek_symmi older errors bambenek_tinba older errors bambenek_volatile older bbcan177_ms1 older bbcan177_ms3 older cta_cryptowall today cybercrime today dronebl_worms_bots today dyndns_ponmocup older esentire_14072015_com older esentire_14072015q_com older esentire_22072014a_com older esentire_22072014b_com older esentire_22072014c_com older esentire_atomictrivia_ru older esentire_auth_update_ru older esentire_burmundisoul_ru older esentire_crazyerror_su older esentire_dagestanskiiviskis_ru older esentire_differentia_ru older esentire_disorderstatus_ru older esentire_dorttlokolrt_com older esentire_downs1_ru older esentire_ebankoalalusys_ru older esentire_emptyarray_ru older esentire_fioartd_com older esentire_getarohirodrons_com older esentire_hasanhashsde_ru older esentire_inleet_ru older esentire_islamislamdi_ru older esentire_krnqlwlplttc_com older esentire_maddox1_ru older esentire_manning1_ru older esentire_misteryherson_ru older esentire_mysebstarion_ru older esentire_smartfoodsglutenfree_kz older esentire_venerologvasan93_ru older esentire_volaya_ru older feodo older feodo_badips today firehol_webclient older errors hphosts_emd older errors hphosts_exp older errors hphosts_hjk older iblocklist_abuse_palevo older iblocklist_abuse_spyeye older iblocklist_abuse_zeus older iblocklist_malc0de older errors malc0de older errors malwaredomainlist older normshield_all_wannacry older normshield_all_wormscan older normshield_high_wannacry older normshield_high_wormscan older errors ransomware_cryptowall_ps older errors ransomware_feed older errors ransomware_locky_c2 older errors ransomware_locky_ps older ransomware_online older errors ransomware_rw older errors ransomware_teslacrypt_ps older errors ransomware_torrentlocker_c2 older errors ransomware_torrentlocker_ps older sslbl older sslbl_aggressive older threatcrowd older errors urlvir this week vxvault older xforce_bccs -------------------------------------------------------------------------------- ORGANIZATIONS now bitcoin_nodes now bitcoin_nodes_1d now bitcoin_nodes_30d now bitcoin_nodes_7d older coinbl_hosts older coinbl_hosts_browser older coinbl_hosts_optional older errors coinbl_ips older datacenters older errors hphosts_ats 4 hours iblocklist_ads today iblocklist_edu older iblocklist_isp_aol older iblocklist_isp_att older iblocklist_isp_cablevision older iblocklist_isp_charter older iblocklist_isp_comcast older iblocklist_isp_embarq older iblocklist_isp_qwest older iblocklist_isp_sprint older iblocklist_isp_suddenlink older iblocklist_isp_twc older iblocklist_isp_verizon older iblocklist_org_activision older iblocklist_org_apple older iblocklist_org_blizzard older iblocklist_org_crowd_control older iblocklist_org_electronic_arts older iblocklist_org_joost older iblocklist_org_linden_lab older iblocklist_org_logmein older iblocklist_org_microsoft older iblocklist_org_ncsoft older iblocklist_org_nintendo older iblocklist_org_pandora older iblocklist_org_pirate_bay older iblocklist_org_punkbuster older iblocklist_org_riot_games older iblocklist_org_sony_online older iblocklist_org_square_enix older iblocklist_org_steam older iblocklist_org_ubisoft older iblocklist_org_xfire this week iblocklist_yoyo_adservers older errors yoyo_adservers -------------------------------------------------------------------------------- REPUTATION older alienvault_reputation this hour bds_atif this hour ciarmy older dronebl_auto_botnets older dronebl_dns_mx_on_irc older dronebl_unknown older et_botcc older errors hphosts_fsa older errors hphosts_mmt older errors hphosts_pha older errors hphosts_psh older errors hphosts_wrz older iblocklist_badpeers today iblocklist_ciarmy_malicious older iblocklist_exclusions older iblocklist_fornonlancomputers today iblocklist_level1 4 hours iblocklist_level2 this week iblocklist_level3 older iblocklist_pedophiles older iblocklist_rangetest older iblocklist_spider today iblocklist_spyware older iblocklist_webexploit older errors nullsecure older errors packetmail older errors packetmail_emerging_ips older errors packetmail_mail older errors packetmail_ramnode older pushing_inertia_blocklist today spamhaus_drop this week spamhaus_edrop older errors turris_greylist -------------------------------------------------------------------------------- SPAM older errors hphosts_grm older errors iw_spamlist older errors iw_wormlist older errors lashback_ubl older errors nixspam older normshield_all_spam older normshield_high_spam 4 hours php_commenters 4 hours php_commenters_1d 4 hours php_commenters_30d 4 hours php_commenters_7d today php_dictionary today php_dictionary_1d today php_dictionary_30d today php_dictionary_7d today php_harvesters today php_harvesters_1d today php_harvesters_30d today php_harvesters_7d today php_spammers today php_spammers_1d today php_spammers_30d today php_spammers_7d older sorbs_anonymizers older sorbs_dul older sorbs_escalations older sorbs_new_spam older sorbs_noserver older sorbs_recent_spam older sorbs_smtp older sorbs_web older sorbs_zombie older errors urandomusto_mailer -------------------------------------------------------------------------------- UNROUTABLE older bogons older errors cidr_report_bogons today fullbogons older iblocklist_bogons today iblocklist_cidr_report_bogons older iblocklist_iana_multicast older iblocklist_iana_private older iblocklist_iana_reserved ABUSE.CH older feodo older feodo_badips older errors ransomware_cryptowall_ps older errors ransomware_feed older errors ransomware_locky_c2 older errors ransomware_locky_ps older ransomware_online older errors ransomware_rw older errors ransomware_teslacrypt_ps older errors ransomware_torrentlocker_c2 older errors ransomware_torrentlocker_ps older sslbl older sslbl_aggressive -------------------------------------------------------------------------------- ALIEN VAULT older alienvault_reputation -------------------------------------------------------------------------------- AUTOSHUN.ORG older errors shunlist -------------------------------------------------------------------------------- BAMBENEK CONSULTING older errors bambenek_banjori older errors bambenek_bebloh older errors bambenek_c2 older errors bambenek_cl older errors bambenek_cryptowall older errors bambenek_dircrypt older errors bambenek_dyre older errors bambenek_geodo older errors bambenek_hesperbot older errors bambenek_matsnu older errors bambenek_necurs older errors bambenek_p2pgoz older errors bambenek_pushdo older errors bambenek_pykspa older errors bambenek_qakbot older errors bambenek_ramnit older errors bambenek_ranbyus older errors bambenek_simda older errors bambenek_suppobox older errors bambenek_symmi older errors bambenek_tinba older errors bambenek_volatile -------------------------------------------------------------------------------- BBCAN177 older bbcan177_ms1 older bbcan177_ms3 -------------------------------------------------------------------------------- BINARY DEFENSE SYSTEMS this hour bds_atif -------------------------------------------------------------------------------- BITNODES now bitcoin_nodes now bitcoin_nodes_1d now bitcoin_nodes_30d now bitcoin_nodes_7d -------------------------------------------------------------------------------- BLOCKLIST.DE this hour blocklist_de this hour blocklist_de_apache this hour blocklist_de_bots this hour blocklist_de_bruteforce this hour blocklist_de_ftp this hour blocklist_de_imap this hour blocklist_de_mail this hour blocklist_de_sip this hour blocklist_de_ssh this hour blocklist_de_strongips -------------------------------------------------------------------------------- BLOCKLIST.NET.UA now blocklist_net_ua -------------------------------------------------------------------------------- BLUELIV.COM older errors blueliv_crimeserver_last older blueliv_crimeserver_last_1d older blueliv_crimeserver_last_2d older blueliv_crimeserver_last_30d older blueliv_crimeserver_last_7d older errors blueliv_crimeserver_online older errors blueliv_crimeserver_recent -------------------------------------------------------------------------------- BOTSCOUT.COM now botscout now botscout_1d now botscout_30d now botscout_7d -------------------------------------------------------------------------------- BOTVRIJ.EU older botvrij_dst older botvrij_src -------------------------------------------------------------------------------- CHARLES HALEY this hour haley_ssh -------------------------------------------------------------------------------- CIDR-REPORT.ORG older errors cidr_report_bogons -------------------------------------------------------------------------------- CLEANTALK today cleantalk today cleantalk_1d today cleantalk_30d today cleantalk_7d today errors cleantalk_new today cleantalk_new_1d today cleantalk_new_30d today cleantalk_new_7d this week cleantalk_top20 today errors cleantalk_updated today cleantalk_updated_1d today cleantalk_updated_30d today cleantalk_updated_7d -------------------------------------------------------------------------------- COINBLOCKERLISTS older coinbl_hosts older coinbl_hosts_browser older coinbl_hosts_optional older errors coinbl_ips -------------------------------------------------------------------------------- COLLECTIVE INTELLIGENCE NETWORK SECURITY this hour ciarmy -------------------------------------------------------------------------------- CRUZIT.COM today cruzit_web_attacks -------------------------------------------------------------------------------- CYBER THREAT ALLIANCE older cta_cryptowall -------------------------------------------------------------------------------- CYBERCRIME today cybercrime -------------------------------------------------------------------------------- DAN.ME.UK this hour dm_tor -------------------------------------------------------------------------------- DANGER.RULEZ.SK older errors bruteforceblocker -------------------------------------------------------------------------------- DARKLIST.DE this week errors darklist_de -------------------------------------------------------------------------------- DATAPLANE.ORG older errors dataplane_dnsrd older errors dataplane_dnsrdany older errors dataplane_dnsversion older errors dataplane_sipinvitation older errors dataplane_sipquery older errors dataplane_sipregistration older errors dataplane_sshclient older errors dataplane_sshpwauth older errors dataplane_vncrfb -------------------------------------------------------------------------------- DRONEBL.ORG now dronebl_anonymizers older dronebl_auto_botnets older dronebl_autorooting_worms this week dronebl_compromised older dronebl_ddos_drones older dronebl_dns_mx_on_irc today dronebl_irc_drones older dronebl_unknown today dronebl_worms_bots -------------------------------------------------------------------------------- DSHIELD.ORG today dshield today dshield_1d today dshield_30d today dshield_7d older dshield_top_1000 -------------------------------------------------------------------------------- DYNDNS.ORG today dyndns_ponmocup -------------------------------------------------------------------------------- EMERGING THREATS this week et_block older et_botcc this week et_compromised this week et_dshield this week et_spamhaus this week et_tor -------------------------------------------------------------------------------- ESENTIRE older esentire_14072015_com older esentire_14072015q_com older esentire_22072014a_com older esentire_22072014b_com older esentire_22072014c_com older esentire_atomictrivia_ru older esentire_auth_update_ru older esentire_burmundisoul_ru older esentire_crazyerror_su older esentire_dagestanskiiviskis_ru older esentire_differentia_ru older esentire_disorderstatus_ru older esentire_dorttlokolrt_com older esentire_downs1_ru older esentire_ebankoalalusys_ru older esentire_emptyarray_ru older esentire_fioartd_com older esentire_getarohirodrons_com older esentire_hasanhashsde_ru older esentire_inleet_ru older esentire_islamislamdi_ru older esentire_krnqlwlplttc_com older esentire_maddox1_ru older esentire_manning1_ru older esentire_misteryherson_ru older esentire_mysebstarion_ru older esentire_smartfoodsglutenfree_kz older esentire_venerologvasan93_ru older esentire_volaya_ru -------------------------------------------------------------------------------- FIREHOL now firehol_abusers_1d 4 hours firehol_abusers_30d now firehol_anonymous today firehol_level1 now firehol_level2 this hour firehol_level3 now firehol_level4 now firehol_proxies today firehol_webclient 4 hours firehol_webserver -------------------------------------------------------------------------------- FREE PROXY LIST this hour socks_proxy this hour socks_proxy_1d this hour socks_proxy_30d this hour socks_proxy_7d now sslproxies 4 hours sslproxies_1d 4 hours sslproxies_30d this hour sslproxies_7d -------------------------------------------------------------------------------- GPF COMICS older errors gpf_comics -------------------------------------------------------------------------------- GRAPHICLINEWEB older graphiclineweb -------------------------------------------------------------------------------- GREENSNOW.CO now greensnow -------------------------------------------------------------------------------- H3X.EU older errors asprox_c2 -------------------------------------------------------------------------------- HPHOSTS older errors hphosts_ats older errors hphosts_emd older errors hphosts_exp older errors hphosts_fsa older errors hphosts_grm older errors hphosts_hfs older errors hphosts_hjk older errors hphosts_mmt older errors hphosts_pha older errors hphosts_psh older errors hphosts_wrz -------------------------------------------------------------------------------- IBLOCKLIST.COM older iblocklist_abuse_palevo older iblocklist_abuse_spyeye older iblocklist_abuse_zeus 4 hours iblocklist_ads older iblocklist_badpeers older iblocklist_bogons today iblocklist_ciarmy_malicious today iblocklist_cidr_report_bogons today iblocklist_cruzit_web_attacks older iblocklist_dshield today iblocklist_edu older iblocklist_exclusions older iblocklist_fornonlancomputers older iblocklist_forumspam older iblocklist_hijacked older iblocklist_iana_multicast older iblocklist_iana_private older iblocklist_iana_reserved older iblocklist_isp_aol older iblocklist_isp_att older iblocklist_isp_cablevision older iblocklist_isp_charter older iblocklist_isp_comcast older iblocklist_isp_embarq older iblocklist_isp_qwest older iblocklist_isp_sprint older iblocklist_isp_suddenlink older iblocklist_isp_twc older iblocklist_isp_verizon today iblocklist_level1 4 hours iblocklist_level2 this week iblocklist_level3 older iblocklist_malc0de today iblocklist_onion_router older iblocklist_org_activision older iblocklist_org_apple older iblocklist_org_blizzard older iblocklist_org_crowd_control older iblocklist_org_electronic_arts older iblocklist_org_joost older iblocklist_org_linden_lab older iblocklist_org_logmein older iblocklist_org_microsoft older iblocklist_org_ncsoft older iblocklist_org_nintendo older iblocklist_org_pandora older iblocklist_org_pirate_bay older iblocklist_org_punkbuster older iblocklist_org_riot_games older iblocklist_org_sony_online older iblocklist_org_square_enix older iblocklist_org_steam older iblocklist_org_ubisoft older iblocklist_org_xfire older iblocklist_pedophiles older iblocklist_proxies older iblocklist_rangetest older iblocklist_spamhaus_drop older iblocklist_spider today iblocklist_spyware older iblocklist_webexploit this week iblocklist_yoyo_adservers -------------------------------------------------------------------------------- IBM X-FORCE EXCHANGE older xforce_bccs -------------------------------------------------------------------------------- IMPROWARE ANTISPAM older errors iw_spamlist older errors iw_wormlist -------------------------------------------------------------------------------- IP BLACKLIST CLOUD older ipblacklistcloud_recent older ipblacklistcloud_recent_1d older ipblacklistcloud_recent_30d older ipblacklistcloud_recent_7d older ipblacklistcloud_top -------------------------------------------------------------------------------- IP2LOCATION.COM today ip2proxy_px1lite -------------------------------------------------------------------------------- MALC0DE.COM older errors malc0de -------------------------------------------------------------------------------- MALWAREDOMAINLIST.COM older errors malwaredomainlist -------------------------------------------------------------------------------- MAXMIND.COM older anonymous older maxmind_proxy_fraud older satellite -------------------------------------------------------------------------------- MYIP.MS 4 hours myip -------------------------------------------------------------------------------- NICK GALBREATH older datacenters -------------------------------------------------------------------------------- NIX SPAM older errors nixspam -------------------------------------------------------------------------------- NORMSHIELD.COM older normshield_all_attack older normshield_all_bruteforce older normshield_all_ddosbot older normshield_all_dnsscan older normshield_all_spam older normshield_all_suspicious older normshield_all_wannacry older normshield_all_webscan older normshield_all_wormscan older normshield_high_attack older normshield_high_bruteforce older normshield_high_ddosbot older normshield_high_dnsscan older normshield_high_spam older normshield_high_suspicious older normshield_high_wannacry older normshield_high_webscan older normshield_high_wormscan -------------------------------------------------------------------------------- NOTHINK.ORG older errors nt_malware_dns older errors nt_malware_http older errors nt_malware_irc older errors nt_ssh_7d -------------------------------------------------------------------------------- NULLSECURE.ORG older errors nullsecure -------------------------------------------------------------------------------- PACKETMAIL.NET older errors packetmail older errors packetmail_emerging_ips older errors packetmail_mail older errors packetmail_ramnode -------------------------------------------------------------------------------- PROJECTHONEYPOT.ORG 4 hours php_commenters 4 hours php_commenters_1d 4 hours php_commenters_30d 4 hours php_commenters_7d today php_dictionary today php_dictionary_1d today php_dictionary_30d today php_dictionary_7d today php_harvesters today php_harvesters_1d today php_harvesters_30d today php_harvesters_7d today php_spammers today php_spammers_1d today php_spammers_30d today php_spammers_7d -------------------------------------------------------------------------------- PROXYLISTS.NET older proxylists older proxylists_1d older proxylists_30d older proxylists_7d -------------------------------------------------------------------------------- PROXZ.COM older proxz older proxz_1d older proxz_30d older proxz_7d -------------------------------------------------------------------------------- PUSHING INERTIA older pushing_inertia_blocklist -------------------------------------------------------------------------------- SBLAM.COM older errors sblam -------------------------------------------------------------------------------- SNORT.ORG LABS older errors snort_ipfilter -------------------------------------------------------------------------------- SORBS.NET older sorbs_anonymizers older sorbs_dul older sorbs_escalations older sorbs_new_spam older sorbs_noserver older sorbs_recent_spam older sorbs_smtp older sorbs_web older sorbs_zombie -------------------------------------------------------------------------------- SPAMHAUS.ORG today spamhaus_drop this week spamhaus_edrop -------------------------------------------------------------------------------- STOPFORUMSPAM.COM today stopforumspam today stopforumspam_180d this hour stopforumspam_1d this hour stopforumspam_30d 4 hours stopforumspam_365d today stopforumspam_7d 4 hours stopforumspam_90d older stopforumspam_toxic -------------------------------------------------------------------------------- TAICHUNG EDUCATION CENTER older errors taichung -------------------------------------------------------------------------------- TALOSINTEL.COM older errors talosintel_ipfilter -------------------------------------------------------------------------------- TEAM CYMRU older bogons today fullbogons -------------------------------------------------------------------------------- THE LASHBACK UNSUBSCRIBE BLACKLIST older errors lashback_ubl -------------------------------------------------------------------------------- THREAT CROWD older threatcrowd -------------------------------------------------------------------------------- TORPROJECT.ORG older errors tor_exits older tor_exits_1d older tor_exits_30d older tor_exits_7d -------------------------------------------------------------------------------- TURRIS older errors turris_greylist -------------------------------------------------------------------------------- URANDOM.US.TO older errors urandomusto_dns older errors urandomusto_ftp older errors urandomusto_http older errors urandomusto_mailer older errors urandomusto_ntp older errors urandomusto_rdp older errors urandomusto_smb older errors urandomusto_ssh older errors urandomusto_telnet older errors urandomusto_unspecified older errors urandomusto_vnc -------------------------------------------------------------------------------- URLVIR.COM older errors urlvir -------------------------------------------------------------------------------- US CERT older errors uscert_hidden_cobra -------------------------------------------------------------------------------- VOIPBL.ORG 4 hours voipbl -------------------------------------------------------------------------------- VXVAULT this week vxvault -------------------------------------------------------------------------------- XROXY.COM this hour xroxy this hour xroxy_1d 4 hours xroxy_30d 4 hours xroxy_7d -------------------------------------------------------------------------------- YOYO.ORG older errors yoyo_adservers YOUR CLOCK IS WRONG! Your computer clock seems wrong! Some calculations may be wrong. Please sync your clock. AGGREGATED DATA... The IPs in this list are aggregated by us. The source list either has no retention at all (i.e. it lists IPs just once and they are lost at the next refresh), or its retention is too low, or it would be interesting to know the IPs that pass through the original list in longer durations. So we decided to aggregate several updates together. If you use this IP list in production systems, keep in mind this aggregation introduces a significant drawback: To unlist an IP, once it is in the aggregation log, you will either have to whitelist it using your own means, or wait for the aggregation period to expire so that it will be unlisted automatically. ABOUT FIREHOL_LEVEL1 This IP list is a composition of other IP lists. The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs. The key prerequisite for this cause, is to have no false positives. All IPs listed should be bad and should be blocked, without exceptions. To accomplish this, we include the following IP lists: * FULLBOGONS - THE UNROUTABLE IPS fullbogons includes IPs that should not be routable in the Internet. It includes bogons which lists private and reserved IPs, but it also includes IPs that are allocated to a local registry, but they are not currently assinged to any one, ISP, corporation, or end user. fullbogons should be 100% safe, it should never include a false positive and should never give you a complaint from an end user or customer. Of course it needs to be up to date. * SPAMHAUS DROP AND EDROP - DON'T ROUTE OR PEER IPS According to Spamhaus, DROP and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The spamhaus_drop and spamhaus_edrop lists are designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks. The spamhaus_drop list will not include any IP address space under the control of any legitimate network - even if being used by "the spammers from hell". spamhaus_edrop is an extension of the spamhaus_drop list that includes suballocated netblocks controlled by spammers or cyber criminals. spamhaus_edrop is meant to be used in addition to the direct allocations on the spamhaus_drop list. When implemented at a network or ISP's 'core routers', spamhaus_drop and spamhaus_edrop will help protect the network from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks. Spamhaus strongly encourages the use of spamhaus_drop and spamhaus_edrop by tier-1s and backbones. In my personal experience, Spamhaus is very responsive cleaning up these lists when it receives complaints. * DSHIELD - THE TOP 20 ATTACKING CLASS-C dshield summarizes the top 20 attacking class C (/24) subnets over the last three days. This sounds like many false positives are included. They are not, and this is why: dshield.org, or better The Internet Storm Center of SANS Institute, collects firewall and IDS logs from hundreds of thousands of computers around the globe. You can submit yours too! The dshield IP list includes only the top 20 class-C, i.e. it always lists 5120 IPs only. The rate of change of these top 20 class-C is so high, that most of them are listed for just 15 mins. Check it. Goto to the dshield page and take a look on the second chart (the "changes history" chart). Out of the 5120 IPs listed, about 3000 of them expire on every update. To visualize it even better, check the dshield_1d list. This one aggregates all IPs listed by dshield, for 24 hours. Check its unique IPs count. 60k to 120k unique IPs pass through dshield every day. So, if it has a so aggressive change rate, is it usefull at all? The whole idea of dshield is to follow the storm as close as possible. And they are doing a great job accoplishing it. * MALWARE LISTS - THE COMMAND AND CONTROL IPS There are several malware lists that are very focused. They only track IPs that are actively used by specific malwares or trojans. These lists are usualy very small and they even reach zero IP count if the malware is vanished. We include most the Abuse.ch and Bambenek Consulting lists. Namely: * feodo * sslbl * zeus_badips * bambenek_c2 which includes all Bambenek Consulting lists These lists do suffer from some false positives, but not for dynamic IP users. The only false positives I ever found on these malware lists was on hosting providers that share the same IP among many sites. If a site is hosting a malware or trojan monitored by these lists, then the IP of that site and therefore all the other sites that share the same IP will be blocked. firehol_level1 is updated automatically every time any of its IP lists is updated. If you use FireHOL's update-ipsets.sh, you can just enable it and it will be composed directly from the individual lists, on your computer. Otherwise, you can download it from github. I would love to hear any comments for this list. So please, let me know if you have any. -------------------------------------------------------------------------------- EVOLUTION OF FIREHOL_LEVEL1 Each time the IP list is changed, modified, or updated we keep track of its size (both number of entries and number of unique IPs matched). Using this information we can detect what the list maintainers do, get an idea of the list trend and its maintainers habbits. Using the chart below we attempt to answer these questions: * HOW MANY ENTRIES DOES IT HAVE? If you are going to use this IP list as a blocklist / blacklist at a firewall, its size can be important for the performance of the firewall. Keep in mind that the performance of Linux netfilter / iptables firewalls that use ipsets (like FireHOL does), is not affected by the size of an ipset. Any number of entries can be added and the firewall will just do one lookup for every packet checked against the ipset. Linux ipsets are affected only by the number of different subnets in an ipset. FireHOL solves this by automatically reducing the number of unique subnets on all hash:net ipsets (check this article for more information on how this is done). * HOW MANY UNIQUE IPS DOES IT MATCH? The number of unique IPs matched by an IP list, determines the effectiveness of the blacklist / blocklist. Generally, smaller IP lists are more focused and safer to use as firewall blacklists / blocklists. Fewer unique IPs means fewer possible false positives. On the other hand a very small list will not provide a significant level of protection. * IS IT UPDATED FREQUENTLY AND REGULARLY? We need IP lists that are well maintained, frequently and regularly. In the chart below, every point is updated only when the list maintainers add IPs to, or remove IPs from the IP list, so even if the number of unique IPs remains the same, a point in the chart indicates that something changed in it. The exact number of unique IPs added and removed with each update can be seen on the chart next to the one below. The frequency of updates is irrelevant to the retention policy of the IP list. We will examine its retention below in the sections below. * DOES IT HAVE A CONSISTENT SIZE THROUGH TIME? We don't want surprises. Sudden increases or decreases is generally an indication of poor maintainance. Of course, there are cases where an IP list will by definition have sudden changes in its size. The chart below shows the last 500 updates, of the IP list. * Entries is the number of entries the ipset has. * UniqueIPs is the number of unique IPs the ipset matches. Created with Highcharts 10.2.1Number of Unique IPsNumber of IPset EntriesChart context menufirehol_level1 Historyevolution of unique IPs and entriesUniqueIPsEntries6. Jun20. Jun4. Jul18. Jul1. Aug15. Aug29. Aug0 IPs100000000 IPs200000000 IPs300000000 IPs400000000 IPs500000000 IPs600000000 IPs700000000 IPsHighcharts.com The chart below shows the change history of the IP list, i.e. the number of unique IPs added and removed with each update. Using the chart below we attempt to answer these questions: * HOW MUCH OF THIS IP LIST IS CHANGED ON EVERY UPDATE? There are IP lists that, although they have an almost constant size, they change their contents almost entirely on every update. In other cases, similar IP lists have minimal incremental updates. The following chart attempts to visualize this. Created with Highcharts 10.2.1Number of Unique IPsChart context menufirehol_level1 Changes Historychanges history of unique IPsAddedIPsRemovedIPs6. Jun20. Jun4. Jul18. Jul1. Aug15. Aug29. Aug-400000 IPs-300000 IPs-200000 IPs-100000 IPs0 IPs100000 IPsHighcharts.com -------------------------------------------------------------------------------- COUNTRY MAP OF FIREHOL_LEVEL1 Each time an ipset is updated we check it against the MaxMind GeoLite2 country, the IPDeny.com country, the IP2Location.com Lite country and the IPIP.net country databases, to find the list's unique IPs per country. Using the maps below we attempt to answer these questions: * WHICH COUNTRIES DOES IT CURRENTLY MATCH? If you are going to install this IP list as a blocklist / blacklist at a firewall, it is important to know which countries will be mainly affected, since you are going to block access from/to these IPs. All lists suffer from false positives to some degree, so using this IP list at your firewall might block some of your users or customers. * WHERE DO THE ATTACKERS OR THE ABUSERS COME FROM? Some lists focus only on specific regions of the world. The following map illustrates this. It is a heat map of the list's focus. * MaxMind.com GeoLite2 * IPDeny.com * IP2Location.com Lite * IPIP.net Created with Highcharts 10.2.1Chart context menuZoom in+Zoom out-firehol_level1 Country Mapmapped with geolite2 geo-country DB110010k1M100M10…Unique IPsCopyright (c) 2022 Highsoft AS, Based on data from Natural EarthHighcharts.com © Natural Earth Loading ipdeny map... Loading ip2location map... Loading ipip map... -------------------------------------------------------------------------------- AGE OF IPS LISTED IN FIREHOL_LEVEL1 The age of each IP in the list is shown below. The time shown is calculated in realtime; it will be refreshed as time passes, even if the list is not updated. Using the chart below we attempt to answer these questions: * WHAT IS THE CURRENT AGE OF THE IPS LISTED? Most lists include IPs that match some criteria (e.g. an attack or abuse is detected originated from the IP in question). Once an IP is listed, it remains listed for a pre-defined amount of time, unless it matches the criteria again, in which case its expiration time is refreshed. Many lists announce the duration they list IPs. Many don't and almost all lists have exceptions that do not follow the announced rules. A false positive is in place when an IP that was properly detected and added to the list, was released and re-used by another person, before being unlisted from the list. Since the world is full of dynamic IP users, false positives is the biggest problem of blocklist / blacklists. In the chart below we show the exact age of the IPs currently listed. Small ages are good. Long ages are not necessarily bad. Normally, longer ages should only be a small part of the list's size. Pay attention to the 50% mark. This is the average age of the IPs in the list. Pay also attention to the 75% (most probable) and the 90% (expected max) marks. * DOES THE LIST INCLUDE ANY STATIC DATA? The ideal age chart of a well maintained IP list should a straight line from the bottom left corner, to the upper right corner of the chart. Of course, this is affected by the pressure of different attacks and possibly the different listing policies for different types of attacks. In general though, this chart should be as granural as possible. Long horizontal lines indicate either sustaining attacks, or unreasonably high listing policies. Created with Highcharts 10.2.1IPs age in hours% of IPs currently listedChart context menufirehol_level1 Age of IPsAge of 614,479,616 currently listed IPs monitoring its age since Fri Jun 19 2015 07:26:23 GMT+0000 (GMT)IPs with age up to this hour (cumulative)IPs with age in this hour820857992113851925272232264234494659066861802589429470103021111411786126181413015275161461701017354176071870019674208742476226305286333028234389377460 %25 %50 %75 %100 %Highcharts.com -------------------------------------------------------------------------------- RETENTION POLICY OF FIREHOL_LEVEL1 The retention policy of the list shows the duration IPs were listed, when they were listed. This is calculated every time the list maintainers remove an IP from the list. The chart below shows the retention policy detected, since we started monitoring the list (it is not limited to a certain timeframe). Using the chart below we attempt to answer these questions: * WHEN ARE IPS BEING REMOVED FROM THE LIST? This chart shows data for the past IPs, currently unlisted. The vertical parts of the "stair steps" in this chart, indicate periods of intensive IPs cleanup. This is their retention policy. If the chart contains more than one "stair steps", the list has many different retention policies. Created with Highcharts 10.2.1IPs retention in hours% of past IPsChart context menufirehol_level1 Retention PolicyRetention of not currently listed IPs for 175,861,487 IPs removed, 100.00 % of 175,861,487 IPs added since we started monitoring it (Fri Jun 19 2015 07:26:23 GMT+0000 (GMT))Retention of past IPs up to this hour (cumulative)Retention of past IPs for this hour< 119267141183171903805717619561155137916432272266731493659424848545518633680168948981211087122641393715264165362007221728237922711231384360680 %25 %50 %75 %100 %Highcharts.com -------------------------------------------------------------------------------- OVERLAPS OF FIREHOL_LEVEL1 WITH OTHER IP LISTS Using the chart below we attempt to answer these questions: * IS THE LIST A DERIVATIVE OF OTHER LISTS? Check the column Their %. A high percentage in this column, indicates that the IP list of that row is included in firehol_level1. * IS THE LIST INCLUDED IN ANY OTHER LIST? Check the column This %. A high percentage in this column, indicates that firehol_level1 is included in the IP list of that row. * DOES THE LIST SHARE IPS WITH OTHER LISTS? Focus on the last two columns: Their % and This %. These two percentages show the percentage of overlap this list has with other IP lists. Using the comparison table, we can easily find out that, for example, abuse is often initiated from anonymizing IPs (like open proxies) and malwares. In the table below we compare firehol_level1 with all other lists. If a list is not shown in the following table, it does not have any common IPs with firehol_level1. * Unique IPs is the unique IPs each ipset has. * Common IPs is the number of unique IPs common to firehol_level1 and each ipset. * Their % the percentage: common IPs vs. the unique IPs of each row ipset. * This % is the percentage: common IPs vs. the unique IPs of firehol_level1 (having 614,479,616 unique IPs). * Category * List * Unique IPs * Common IPs * Their % * This % * JSON * XML * CSV * TXT * SQL * Ms-Excel Loading, please wait... Category List Unique IPs Common IPs Their % This % unroutablefullbogons596,869,888596,869,888100.00%97.13%unroutableiblocklist_cidr_report_bogons603,454,544592,990,71298.27%96.50%unroutablecidr_report_bogons605,125,864592,989,17697.99%96.50%unroutablebogons592,708,608592,708,608100.00%96.46%unroutableiblocklist_bogons645,673,639544,973,82384.40%88.69%unroutableiblocklist_iana_reserved536,870,912536,870,912100.00%87.37%reputationiblocklist_fornonlancomputers302,055,424302,055,424100.00%49.16%unroutableiblocklist_iana_multicast268,435,456268,435,456100.00%43.69%unroutableiblocklist_iana_private51,643,64651,643,390100.00%8.40%attackset_block17,278,22017,145,60099.23%2.79%reputationspamhaus_drop17,141,76017,141,760100.00%2.79%attacksiblocklist_spamhaus_drop17,338,36817,141,76098.87%2.79%attackset_spamhaus17,272,83217,141,76099.24%2.79%reputationiblocklist_level2337,907,5958,632,4482.55%1.40%reputationiblocklist_level3137,010,6274,529,2953.31%0.74%reputationiblocklist_level1723,114,4302,867,7190.40%0.47%attacksfirehol_level49,341,0392,247,90624.06%0.37%attacksiblocklist_hijacked8,802,0482,241,28025.46%0.36%malwarebbcan177_ms15,269,9732,162,71241.04%0.35%organizationsiblocklist_edu227,991,292783,9840.34%0.13%spamsorbs_zombie1,903,876723,96838.03%0.12%reputationspamhaus_edrop497,408497,408100.00%0.08%attacksfirehol_webserver60,487,496320,2570.53%0.05%reputationpushing_inertia_blocklist60,462,830320,2560.53%0.05%spamsorbs_dul375,474,21047,2800.01%0.01%organizationsiblocklist_ads886,68717,4161.96%0.00%anonymizersfirehol_anonymous2,313,02217,1830.74%0.00%anonymizersfirehol_proxies2,300,85017,1740.75%0.00%anonymizersip2proxy_px1lite2,299,99717,1710.75%0.00%organizationsdatacenters95,959,47610,2400.01%0.00%abusestopforumspam_365d616,1158,7211.42%0.00%organizationsiblocklist_isp_sprint6,310,5708,1920.13%0.00%spamsorbs_web6,375,0295,5400.09%0.00%attacksfirehol_level229,2545,17217.68%0.00%attacksfirehol_level330,4545,14316.89%0.00%attacksdshield_7d10,2405,12050.00%0.00%attacksdshield_30d12,2885,12041.67%0.00%attacksdshield_1d6,6565,12076.92%0.00%attacksdshield5,1205,120100.00%0.00%reputationiblocklist_spyware339,2994,1001.21%0.00%attackset_dshield5,1203,84075.00%0.00%abusestopforumspam_180d311,4613,5171.13%0.00%abusefirehol_abusers_30d190,1142,3401.23%0.00%abusestopforumspam170,6852,1481.26%0.00%abusestopforumspam_90d170,7992,1381.25%0.00%abuseblocklist_net_ua102,1831,8031.76%0.00%malwaredronebl_worms_bots236,3381,4310.61%0.00%abusedronebl_irc_drones978,3461,3110.13%0.00%anonymizersdronebl_anonymizers1,369,2831,2700.09%0.00%spamsorbs_recent_spam555,4381,0340.19%0.00%abusestopforumspam_toxic120,9231,0240.85%0.00%abusestopforumspam_30d67,0159521.42%0.00%reputationiblocklist_ciarmy_malicious15,0007364.91%0.00%reputationciarmy15,0007274.85%0.00%abusebotscout_30d22,7086142.70%0.00%abusestopforumspam_7d25,5884041.58%0.00%reputationturris_greylist9,6142782.89%0.00%reputationiblocklist_pedophiles847,8892560.03%0.00%abusebotscout_7d8,1062142.64%0.00%reputationnullsecure29,4392120.72%0.00%abusefirehol_abusers_1d8,6622032.34%0.00%attacksvoipbl43,2311860.43%0.00%attacksdronebl_compromised70,1431750.25%0.00%abusestopforumspam_1d6,9531702.44%0.00%attackshaley_ssh55,6371580.28%0.00%abusecleantalk_30d12,6341391.10%0.00%spamsorbs_anonymizers610,2631280.02%0.00%abusesblam7,8951211.53%0.00%abusecleantalk_updated_30d6,0191201.99%0.00%organizationscoinbl_hosts10,506950.90%0.00%malwarehphosts_emd59,204920.16%0.00%attacksblueliv_crimeserver_last_30d87,551560.06%0.00%reputationhphosts_psh44,781550.12%0.00%attacksblocklist_de19,501540.28%0.00%attacksblueliv_crimeserver_last_7d77,098530.07%0.00%attacksgreensnow5,500510.93%0.00%abusebotscout_1d1,844492.66%0.00%attacksblueliv_crimeserver_last_2d71,293470.07%0.00%spamsorbs_new_spam35,967450.13%0.00%spamlashback_ubl37,994450.12%0.00%attacksblueliv_crimeserver_recent64,076450.07%0.00%reputationpacketmail3,986431.08%0.00%organizationsyoyo_adservers9,942420.42%0.00%organizationsiblocklist_yoyo_adservers9,661420.43%0.00%attacksdataplane_sshclient23,463410.17%0.00%attacksblueliv_crimeserver_last_1d58,312350.06%0.00%attackstaichung2,658321.20%0.00%attacksiblocklist_cruzit_web_attacks13,343310.23%0.00%attackscruzit_web_attacks12,825300.23%0.00%reputationhphosts_fsa24,764280.11%0.00%reputationbds_atif926283.02%0.00%attacksdataplane_sipquery1,182272.28%0.00%organizationshphosts_ats13,037250.19%0.00%abusecleantalk_new_30d7,249240.33%0.00%abusecleantalk_7d3,200240.75%0.00%attacksblocklist_de_ssh7,174230.32%0.00%abusecleantalk_updated_7d1,568211.34%0.00%reputationpacketmail_ramnode2,502190.76%0.00%attacksblocklist_de_mail10,374170.16%0.00%attacksblocklist_de_imap2,080170.82%0.00%attacksurandomusto_rdp1331511.28%0.00%spamphp_dictionary_30d1,201151.25%0.00%attacksblueliv_crimeserver_last24,381140.06%0.00%attackset_compromised352133.69%0.00%attacksblueliv_crimeserver_online15,628130.08%0.00%anonymizerssocks_proxy_30d10,059120.12%0.00%attacksdataplane_sshpwauth20,155120.06%0.00%organizationsbitcoin_nodes_30d13,210120.09%0.00%spamnixspam17,135110.06%0.00%anonymizerset_tor5,997110.18%0.00%attacksdronebl_ddos_drones2,656110.41%0.00%reputationdronebl_auto_botnets10,848110.10%0.00%attacksdataplane_dnsrd1,638110.67%0.00%attacksblocklist_de_apache8,780110.13%0.00%attacksurandomusto_smb451022.22%0.00%spamphp_spammers_30d1,301100.77%0.00%abusecleantalk_1d491102.04%0.00%abusecleantalk497102.01%0.00%attacksblocklist_de_bruteforce791101.26%0.00%anonymizersdm_tor6,05190.15%0.00%abusecleantalk_updated_1d25093.60%0.00%abusecleantalk_updated25093.60%0.00%spamphp_commenters_30d1,18480.68%0.00%anonymizersiblocklist_onion_router1,37880.58%0.00%organizationsbitcoin_nodes_7d8,38180.10%0.00%organizationsbitcoin_nodes_1d6,69680.12%0.00%organizationsbitcoin_nodes6,08680.13%0.00%attacksurandomusto_dns67710.45%0.00%attacksnormshield_high_attack54971.28%0.00%attacksnormshield_all_attack54971.28%0.00%attacksdronebl_autorooting_worms1,82260.33%0.00%attacksdataplane_vncrfb3,84260.16%0.00%organizationscoinbl_ips1,39060.43%0.00%attacksurandomusto_ntp7256.94%0.00%reputationhphosts_pha2,47450.20%0.00%malwareesentire_smartfoodsglutenfree_kz2,67450.19%0.00%malwarebambenek_banjori13653.68%0.00%attacksurandomusto_ftp15242.63%0.00%spamphp_harvesters_30d43940.91%0.00%abusegpf_comics3,26140.12%0.00%malwareesentire_manning1_ru6,82440.06%0.00%malwareesentire_maddox1_ru11,34540.04%0.00%malwareesentire_downs1_ru7,23140.06%0.00%malwareesentire_dorttlokolrt_com23,66440.02%0.00%malwareesentire_22072014c_com1,28940.31%0.00%malwareesentire_22072014b_com1,28840.31%0.00%malwareesentire_22072014a_com1,29040.31%0.00%malwareesentire_14072015q_com57540.70%0.00%malwareesentire_14072015_com57940.69%0.00%anonymizersproxylists_7d8,26330.04%0.00% Showing 1 to 150 of 220 rows150 * 150 * 300 records per page * « * ‹ * 1 * 2 * › * » -------------------------------------------------------------------------------- COMMENTS ON FIREHOL_LEVEL1 -------------------------------------------------------------------------------- The data on this site were last updated 6 minutes ago on Fri Sep 02 2022 07:24:33 GMT+0000 (GMT) 2015-2017 Costa Tsaousis, for FireHOL a firewall for humans!. The data on this page are automatically generated using FireHOL's update-ipsets.sh (for downloading the lists from their sources and generating the data for this site), which utilizes iprange (for comparing and manipulating IP lists). Both are part of FireHOL, which is provided under GPL v2, so you are free to get, use, adapt and re-distribute. This site is provided as-is, without any warranty. IP Lists are a property of their maintainers. This site is a single static page, with all its data uploaded as static JSON and CSV files every time an IP List is updated. For the final result, it utilizes IP data and web services provided by third parties. It uses IP lists and related data provided and maintained by their respective owners (mentioned together with each IP list), IP-to-country geolocation data provided by maxmind.com (GeoLite2), ipdeny.com, ip2location.com (Lite) and ipip.net, javascript chart libraries provided by highcharts.com, comments engine provided by disqus.com, social media sharing buttons provided by shareaholic.com, the HTML, CSS and JS framework bootstrap, the bootstrap-table component, icons provided by iconsdb.com and it uses several services provided by github. × ABOUT THIS SITE This site aggregates, analyzes, compares and documents publicly available IP Feeds, with a focus on attacks and abuse. It is automatically generated and maintained using open source software (check the wiki), that can be installed and run on your systems too, to download all IP lists directly from their maintainers, process them and re-generate the site and its data. Special care has been given to make this analysis as scientific and objective as possible, respecting the hard work of the security teams, security companies and security professionals who offer these IP lists to the rest of us. Of course, security is achieved with a lot more than IP lists. And not all IP lists included here should be used for blocking traffic at a firewall or border router. Many of them, should be used, for example, to influence the way applications handle clients, or help in the development of further threat analysis. Unfortunatelly, the InfoSec industry still considers as a standard industry practice the trade of Threat Intelligence for money. This is disappointing. Why? Threat Intelligence requires knowledge, skills and sophisticated tools to be effective. Instead of selling these skills and tools, security firms selling threat intel state clearly they have valid information that identifies criminals. But they want money to reveal it. This is contradictory to what we consider acceptable, if it was about criminal activity other than cyber. So, I have concluded that either the InfoSec industry has a severe cultural fault, or they have nothing. The super duper feeds they advertise are just a marketing tool to attract customers. They sell an illusion... Many will argue that collecting threat intel is expensive. Of course it is! Then, you will also accept it if someone opens an online shop to sell information about a gang that breaks houses in your neighbor, as long as it cost them enough to acquire this information. Yes? To my understanding Threat Intelligence cannot be effective when it is treated as Intellectual Property. Hopefully, many security companies and professionals agree and openly distribute the result of their hard work. Close