Robot
/
blocklist-ipsets
mirror of https://github.com/firehol/blocklist-ipsets.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mon Nov 21 01:25:17 UTC 2016 update

This commit is contained in:
Costa Tsaousis 2016-11-21 01:25:17 +00:00
parent 9f68c63d06
commit 4b9ad059df
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -220,7 +220,7 @@ This script will update each ipset and call firehol to update the ipset while th
# List of ipsets included
The following list was automatically generated on Mon Nov 21 01:22:02 UTC 2016.
The following list was automatically generated on Mon Nov 21 01:25:17 UTC 2016.
The update frequency is the maximum allowed by internal configuration. A list will never be downloaded sooner than the update frequency stated. A list may also not be downloaded, after this frequency expired, if it has not been modified on the server (as reported by HTTP `IF_MODIFIED_SINCE` method).
@ -277,7 +277,7 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[bbcan177_ms1](http://iplists.firehol.org/?ipset=bbcan177_ms1)|pfBlockerNG Malicious Threats|ipv4 hash:net|2566 subnets, 5268568 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw)
[bbcan177_ms3](http://iplists.firehol.org/?ipset=bbcan177_ms3)|pfBlockerNG Malicious Threats|ipv4 hash:net|1146 subnets, 30151694 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/d7105c242f17f4498f81/raw)
[bds_atif](http://iplists.firehol.org/?ipset=bds_atif)|Artillery Threat Intelligence Feed and Banlist Feed|ipv4 hash:ip|3839 unique IPs|updated every 1 day from [this link](https://www.binarydefense.com/banlist.txt)
[bi_any_2_1d](http://iplists.firehol.org/?ipset=bi_any_2_1d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 1d|ipv4 hash:ip|1652 unique IPs|updated every 30 mins from [this link](https://www.badips.com/get/list/any/2?age=1d)
[bi_any_2_1d](http://iplists.firehol.org/?ipset=bi_any_2_1d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 1d|ipv4 hash:ip|1644 unique IPs|updated every 30 mins from [this link](https://www.badips.com/get/list/any/2?age=1d)
[bi_any_2_30d](http://iplists.firehol.org/?ipset=bi_any_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 30d|ipv4 hash:ip|11512 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/any/2?age=30d)
[bi_any_2_7d](http://iplists.firehol.org/?ipset=bi_any_2_7d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 7d|ipv4 hash:ip|7827 unique IPs|updated every 6 hours from [this link](https://www.badips.com/get/list/any/2?age=7d)
[bi_bruteforce_2_30d](http://iplists.firehol.org/?ipset=bi_bruteforce_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category bruteforce with score above 2 and age less than 30d|ipv4 hash:ip|2 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/bruteforce/2?age=30d)
@ -658,12 +658,12 @@ esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every
[feodo_badips](http://iplists.firehol.org/?ipset=feodo_badips)|[Abuse.ch Feodo tracker BadIPs](https://feodotracker.abuse.ch) The Feodo Tracker Feodo BadIP Blocklist only contains IP addresses (IPv4) used as C&C communication channel by the Feodo Trojan version B. These IP addresses are usually servers rented by cybercriminals directly and used for the exclusive purpose of hosting a Feodo C&C server. Hence you should expect no legit traffic to those IP addresses. The site highly recommends you to block/drop any traffic towards any Feodo C&C using the Feodo BadIP Blocklist. Please consider that this blocklist only contains IP addresses used by version B of the Feodo Trojan. C&C communication channels used by version A, version C and version D are not covered by this blocklist.|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=badips)
[firehol_abusers_1d](http://iplists.firehol.org/?ipset=firehol_abusers_1d)|An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)|ipv4 hash:net|12107 subnets, 12655 unique IPs|
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|199905 subnets, 212710 unique IPs|
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|39610 subnets, 46657 unique IPs|
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|39599 subnets, 46647 unique IPs|
[firehol_level1](http://iplists.firehol.org/?ipset=firehol_level1)|A firewall blacklist composed from IP lists, providing maximum protection with minimum false positives. Suitable for basic protection on all internet facing servers, routers and firewalls. (includes: bambenek_c2 dshield feodo fullbogons palevo spamhaus_drop spamhaus_edrop sslbl zeus_badips ransomware_rw)|ipv4 hash:net|17231 subnets, 662542747 unique IPs|
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow openbl_1d virbl)|ipv4 hash:net|14988 subnets, 32099 unique IPs|
[firehol_level3](http://iplists.firehol.org/?ipset=firehol_level3)|An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dragon_http dragon_sshpauth dragon_vncprobe dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip openbl_30d shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter zeus vxvault)|ipv4 hash:net|23796 subnets, 128650 unique IPs|
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|75349 subnets, 9571078 unique IPs|
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|32869 subnets, 33684 unique IPs|
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|32858 subnets, 33674 unique IPs|
[firehol_webclient](http://iplists.firehol.org/?ipset=firehol_webclient)|An IP blacklist made from blocklists that track IPs that a web client should never talk to. This list is to be used on top of firehol_level1. (includes: ransomware_online sslbl_aggressive cybercrime atlas_phishing_2d atlas_fastflux_2d dyndns_ponmocup maxmind_proxy_fraud)|ipv4 hash:net|11891 subnets, 11971 unique IPs|
[firehol_webserver](http://iplists.firehol.org/?ipset=firehol_webserver)|A web server IP blacklist made from blocklists that track IPs that should never be your web users. (This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history. This list is to be used on top of firehol_level1, firehol_level2, firehol_level3 and possibly firehol_proxies or firehol_anonymous). (includes: hphosts_emd hphosts_exp hphosts_fsa hphosts_hjk hphosts_psh hphosts_wrz maxmind_proxy_fraud myip pushing_inertia_blocklist stopforumspam_toxic)|ipv4 hash:net|50583 subnets, 50960158 unique IPs|
[fullbogons](http://iplists.firehol.org/?ipset=fullbogons)|[Team-Cymru.org](http://www.team-cymru.org) IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user|ipv4 hash:net|3760 subnets, 636477992 unique IPs|updated every 1 day from [this link](http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt)
@ -1306,13 +1306,13 @@ php_bad|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) bad web
[ri_web_proxies_30d](http://iplists.firehol.org/?ipset=ri_web_proxies_30d)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|4447 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[ri_web_proxies_7d](http://iplists.firehol.org/?ipset=ri_web_proxies_7d)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|1478 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[satellite](http://iplists.firehol.org/?ipset=satellite)|Satellite Service Providers -- [MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|43 subnets, 11112 unique IPs|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
[sblam](http://iplists.firehol.org/?ipset=sblam)|[sblam.com](http://sblam.com) IPs used by web form spammers, during the last month|ipv4 hash:ip|10639 unique IPs|updated every 1 day from [this link](http://sblam.com/blacklist.txt)
[sblam](http://iplists.firehol.org/?ipset=sblam)|[sblam.com](http://sblam.com) IPs used by web form spammers, during the last month|ipv4 hash:ip|10678 unique IPs|updated every 1 day from [this link](http://sblam.com/blacklist.txt)
[shunlist](http://iplists.firehol.org/?ipset=shunlist)|[AutoShun.org](http://autoshun.org/) IPs identified as hostile by correlating logs from distributed snort installations running the autoshun plugin|ipv4 hash:ip|500 unique IPs|updated every 4 hours from [this link](http://www.autoshun.org/files/shunlist.csv)
[snort_ipfilter](http://iplists.firehol.org/?ipset=snort_ipfilter)|[labs.snort.org](https://labs.snort.org/) supplied IP blacklist (this list seems to be updated frequently, but we found no information about it)|ipv4 hash:ip|2338 unique IPs|updated every 12 hours from [this link](http://labs.snort.org/feeds/ip-filter.blf)
[socks_proxy](http://iplists.firehol.org/?ipset=socks_proxy)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|80 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_1d](http://iplists.firehol.org/?ipset=socks_proxy_1d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|4642 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_30d](http://iplists.firehol.org/?ipset=socks_proxy_30d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|19899 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_7d](http://iplists.firehol.org/?ipset=socks_proxy_7d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|9170 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_1d](http://iplists.firehol.org/?ipset=socks_proxy_1d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|4658 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_30d](http://iplists.firehol.org/?ipset=socks_proxy_30d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|19889 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_7d](http://iplists.firehol.org/?ipset=socks_proxy_7d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|9173 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[sorbs_anonymizers](http://iplists.firehol.org/?ipset=sorbs_anonymizers)|[Sorbs.net](https://www.sorbs.net/) List of open HTTP and SOCKS proxies.|ipv4 hash:net|595861 subnets, 607896 unique IPs|
sorbs_block|[Sorbs.net](https://www.sorbs.net/) List of hosts demanding that they never be tested by SORBS.|ipv4 hash:net|disabled|
[sorbs_dul](http://iplists.firehol.org/?ipset=sorbs_dul)|[Sorbs.net](https://www.sorbs.net/) Dynamic IP Addresses.|ipv4 hash:net|546167 subnets, 375579559 unique IPs|