Robot
/
blocklist-ipsets
mirror of https://github.com/firehol/blocklist-ipsets.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mon Nov 21 13:15:22 UTC 2016 update

This commit is contained in:
Costa Tsaousis 2016-11-21 13:15:22 +00:00
parent 0397c55108
commit 7a1b51bba7
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -220,7 +220,7 @@ This script will update each ipset and call firehol to update the ipset while th
# List of ipsets included
The following list was automatically generated on Mon Nov 21 13:09:21 UTC 2016.
The following list was automatically generated on Mon Nov 21 13:15:21 UTC 2016.
The update frequency is the maximum allowed by internal configuration. A list will never be downloaded sooner than the update frequency stated. A list may also not be downloaded, after this frequency expired, if it has not been modified on the server (as reported by HTTP `IF_MODIFIED_SINCE` method).
@ -269,7 +269,7 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[bambenek_qakbot](http://iplists.firehol.org/?ipset=bambenek_qakbot)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of qakbot C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/qakbot-iplist.txt)
[bambenek_ramnit](http://iplists.firehol.org/?ipset=bambenek_ramnit)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ramnit C&Cs with 90 minute lookback|ipv4 hash:ip|12 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ramnit-iplist.txt)
[bambenek_ranbyus](http://iplists.firehol.org/?ipset=bambenek_ranbyus)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ranbyus C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ranbyus-iplist.txt)
[bambenek_simda](http://iplists.firehol.org/?ipset=bambenek_simda)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of simda C&Cs with 90 minute lookback|ipv4 hash:ip|112 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/simda-iplist.txt)
[bambenek_simda](http://iplists.firehol.org/?ipset=bambenek_simda)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of simda C&Cs with 90 minute lookback|ipv4 hash:ip|109 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/simda-iplist.txt)
[bambenek_suppobox](http://iplists.firehol.org/?ipset=bambenek_suppobox)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of suppobox C&Cs with 90 minute lookback|ipv4 hash:ip|54 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/suppobox-iplist.txt)
[bambenek_symmi](http://iplists.firehol.org/?ipset=bambenek_symmi)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of symmi C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/symmi-iplist.txt)
[bambenek_tinba](http://iplists.firehol.org/?ipset=bambenek_tinba)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of tinba C&Cs with 90 minute lookback|ipv4 hash:ip|24 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/tinba-iplist.txt)
@ -331,18 +331,18 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[cleanmx_phishing](http://iplists.firehol.org/?ipset=cleanmx_phishing)|[Clean-MX.de](http://support.clean-mx.de/) IPs sending phishing messages|ipv4 hash:ip|4519 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlphishing?response=alive&format=csv&domain=)
[cleanmx_viruses](http://iplists.firehol.org/?ipset=cleanmx_viruses)|[Clean-MX.de](http://support.clean-mx.de/clean-mx/viruses.php) IPs with viruses|ipv4 hash:ip|12190 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlviruses.php?response=alive&fields=ip)
[cleantalk](http://iplists.firehol.org/?ipset=cleantalk)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new cleantalk_updated)|ipv4 hash:ip|3146 unique IPs|
[cleantalk_1d](http://iplists.firehol.org/?ipset=cleantalk_1d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_1d cleantalk_updated_1d)|ipv4 hash:ip|7542 unique IPs|
[cleantalk_30d](http://iplists.firehol.org/?ipset=cleantalk_30d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_30d cleantalk_updated_30d)|ipv4 hash:ip|66517 unique IPs|
[cleantalk_7d](http://iplists.firehol.org/?ipset=cleantalk_7d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_7d cleantalk_updated_7d)|ipv4 hash:ip|20531 unique IPs|
[cleantalk_1d](http://iplists.firehol.org/?ipset=cleantalk_1d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_1d cleantalk_updated_1d)|ipv4 hash:ip|7556 unique IPs|
[cleantalk_30d](http://iplists.firehol.org/?ipset=cleantalk_30d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_30d cleantalk_updated_30d)|ipv4 hash:ip|66522 unique IPs|
[cleantalk_7d](http://iplists.firehol.org/?ipset=cleantalk_7d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_7d cleantalk_updated_7d)|ipv4 hash:ip|20528 unique IPs|
[cleantalk_new](http://iplists.firehol.org/?ipset=cleantalk_new)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|1146 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_1d](http://iplists.firehol.org/?ipset=cleantalk_new_1d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|2263 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_30d](http://iplists.firehol.org/?ipset=cleantalk_new_30d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|42972 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_7d](http://iplists.firehol.org/?ipset=cleantalk_new_7d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|9558 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_top20](http://iplists.firehol.org/?ipset=cleantalk_top20)|[CleanTalk](https://cleantalk.org/) Top 20 HTTP Spammers|ipv4 hash:ip|20 unique IPs|updated every 1 day from [this link](https://cleantalk.org/blacklists/top20)
[cleantalk_updated](http://iplists.firehol.org/?ipset=cleantalk_updated)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|2000 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_1d](http://iplists.firehol.org/?ipset=cleantalk_updated_1d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|6325 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_30d](http://iplists.firehol.org/?ipset=cleantalk_updated_30d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|31436 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_7d](http://iplists.firehol.org/?ipset=cleantalk_updated_7d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|14420 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_1d](http://iplists.firehol.org/?ipset=cleantalk_updated_1d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|6343 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_30d](http://iplists.firehol.org/?ipset=cleantalk_updated_30d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|31441 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_7d](http://iplists.firehol.org/?ipset=cleantalk_updated_7d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|14415 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[continent_af](http://iplists.firehol.org/?ipset=continent_af)|Africa (AF), with countries: Rwanda (RW), Somalia (SO), Tanzania (TZ), Kenya (KE), Congo (CD), Djibouti (DJ), Uganda (UG), Central African Republic (CF), Seychelles (SC), Ethiopia (ET), Eritrea (ER), Egypt (EG), Sudan (SD), Burundi (BI), Zimbabwe (ZW), Zambia (ZM), Comoros (KM), Malawi (MW), Lesotho (LS), Botswana (BW), Mauritius (MU), Swaziland (SZ), Réunion (RE), South Africa (ZA), Mayotte (YT), Mozambique (MZ), Madagascar (MG), Libya (LY), Cameroon (CM), Senegal (SN), Republic of the Congo (CG), Liberia (LR), Ivory Coast (CI), Ghana (GH), Equatorial Guinea (GQ), Nigeria (NG), Burkina Faso (BF), Togo (TG), Guinea-Bissau (GW), Mauritania (MR), Benin (BJ), Gabon (GA), Sierra Leone (SL), São Tomé and Príncipe (ST), Gambia (GM), Guinea (GN), Chad (TD), Niger (NE), Mali (ML), Tunisia (TN), Morocco (MA), Algeria (DZ), Angola (AO), Namibia (NA), Saint Helena (SH), Cape Verde (CV), South Sudan (SS), -- [MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|2744 subnets, 94817313 unique IPs|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
[continent_an](http://iplists.firehol.org/?ipset=continent_an)|Antarctica (AN), with countries: French Southern Territories (TF), South Georgia and the South Sandwich Islands (GS), Antarctica (AQ), -- [MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|14 subnets, 1331 unique IPs|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
[continent_as](http://iplists.firehol.org/?ipset=continent_as)|Asia (AS), with countries: Yemen (YE), Iraq (IQ), Saudi Arabia (SA), Iran (IR), Syria (SY), Armenia (AM), Hashemite Kingdom of Jordan (JO), Lebanon (LB), Kuwait (KW), Oman (OM), Qatar (QA), Bahrain (BH), United Arab Emirates (AE), Israel (IL), Turkey (TR), Azerbaijan (AZ), Georgia (GE), Afghanistan (AF), Pakistan (PK), Bangladesh (BD), Turkmenistan (TM), Tajikistan (TJ), Sri Lanka (LK), Bhutan (BT), India (IN), Maldives (MV), British Indian Ocean Territory (IO), Nepal (NP), Myanmar (Burma) (MM), Uzbekistan (UZ), Kazakhstan (KZ), Kyrgyzstan (KG), Cocos (Keeling) Islands (CC), Vietnam (VN), Thailand (TH), Indonesia (ID), Laos (LA), Taiwan (TW), Philippines (PH), Malaysia (MY), China (CN), Hong Kong (HK), Brunei (BN), Macao (MO), Cambodia (KH), Republic of Korea (KR), Japan (JP), North Korea (KP), Singapore (SG), Mongolia (MN), Christmas Island (CX), Palestine (PS), (), -- [MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|22181 subnets, 883382437 unique IPs|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
@ -656,14 +656,14 @@ esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every
[et_tor](http://iplists.firehol.org/?ipset=et_tor)|[EmergingThreats.net TOR list](http://doc.emergingthreats.net/bin/view/Main/TorRules) of TOR network IPs|ipv4 hash:ip|6880 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/blockrules/emerging-tor.rules)
[feodo](http://iplists.firehol.org/?ipset=feodo)|[Abuse.ch Feodo tracker](https://feodotracker.abuse.ch) trojan includes IPs which are being used by Feodo (also known as Cridex or Bugat) which commits ebanking fraud|ipv4 hash:ip|715 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=ipblocklist)
[feodo_badips](http://iplists.firehol.org/?ipset=feodo_badips)|[Abuse.ch Feodo tracker BadIPs](https://feodotracker.abuse.ch) The Feodo Tracker Feodo BadIP Blocklist only contains IP addresses (IPv4) used as C&C communication channel by the Feodo Trojan version B. These IP addresses are usually servers rented by cybercriminals directly and used for the exclusive purpose of hosting a Feodo C&C server. Hence you should expect no legit traffic to those IP addresses. The site highly recommends you to block/drop any traffic towards any Feodo C&C using the Feodo BadIP Blocklist. Please consider that this blocklist only contains IP addresses used by version B of the Feodo Trojan. C&C communication channels used by version A, version C and version D are not covered by this blocklist.|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=badips)
[firehol_abusers_1d](http://iplists.firehol.org/?ipset=firehol_abusers_1d)|An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)|ipv4 hash:net|12598 subnets, 13120 unique IPs|
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|199906 subnets, 212736 unique IPs|
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|39284 subnets, 46334 unique IPs|
[firehol_abusers_1d](http://iplists.firehol.org/?ipset=firehol_abusers_1d)|An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)|ipv4 hash:net|12615 subnets, 13139 unique IPs|
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|199613 subnets, 212450 unique IPs|
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|39281 subnets, 46331 unique IPs|
[firehol_level1](http://iplists.firehol.org/?ipset=firehol_level1)|A firewall blacklist composed from IP lists, providing maximum protection with minimum false positives. Suitable for basic protection on all internet facing servers, routers and firewalls. (includes: bambenek_c2 dshield feodo fullbogons palevo spamhaus_drop spamhaus_edrop sslbl zeus_badips ransomware_rw)|ipv4 hash:net|17231 subnets, 662542743 unique IPs|
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow openbl_1d virbl)|ipv4 hash:net|15271 subnets, 32351 unique IPs|
[firehol_level3](http://iplists.firehol.org/?ipset=firehol_level3)|An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dragon_http dragon_sshpauth dragon_vncprobe dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip openbl_30d shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter zeus vxvault)|ipv4 hash:net|23829 subnets, 128173 unique IPs|
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|75162 subnets, 9570913 unique IPs|
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|32530 subnets, 33347 unique IPs|
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|75163 subnets, 9570914 unique IPs|
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|32527 subnets, 33344 unique IPs|
[firehol_webclient](http://iplists.firehol.org/?ipset=firehol_webclient)|An IP blacklist made from blocklists that track IPs that a web client should never talk to. This list is to be used on top of firehol_level1. (includes: ransomware_online sslbl_aggressive cybercrime atlas_phishing_2d atlas_fastflux_2d dyndns_ponmocup maxmind_proxy_fraud)|ipv4 hash:net|11945 subnets, 12025 unique IPs|
[firehol_webserver](http://iplists.firehol.org/?ipset=firehol_webserver)|A web server IP blacklist made from blocklists that track IPs that should never be your web users. (This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history. This list is to be used on top of firehol_level1, firehol_level2, firehol_level3 and possibly firehol_proxies or firehol_anonymous). (includes: hphosts_emd hphosts_exp hphosts_fsa hphosts_hjk hphosts_psh hphosts_wrz maxmind_proxy_fraud myip pushing_inertia_blocklist stopforumspam_toxic)|ipv4 hash:net|50631 subnets, 50960199 unique IPs|
[fullbogons](http://iplists.firehol.org/?ipset=fullbogons)|[Team-Cymru.org](http://www.team-cymru.org) IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user|ipv4 hash:net|3760 subnets, 636477992 unique IPs|updated every 1 day from [this link](http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt)
@ -673,7 +673,7 @@ esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every
[graphiclineweb](http://iplists.firehol.org/?ipset=graphiclineweb)|[GraphiclineWeb](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/) The IPs, Hosts and Domains listed in this table are banned universally from accessing websites controlled by the maintainer. Some form of bad activity has been seen from the addresses listed. Bad activity includes: unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organisations spying on websites for commercial reasons.|ipv4 hash:net|2579 subnets, 330527 unique IPs|updated every 1 day from [this link](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/)
[graphiclineweb](http://iplists.firehol.org/?ipset=graphiclineweb)|[GraphiclineWeb](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/) The IPs, Hosts and Domains listed in this table are banned universally from accessing websites controlled by the maintainer. Some form of bad activity has been seen from the addresses listed. Bad activity includes: unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organisations spying on websites for commercial reasons.|ipv4 hash:net|2579 subnets, 330527 unique IPs|updated every 1 day from [this link](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/)
[greensnow](http://iplists.firehol.org/?ipset=greensnow)|[GreenSnow](https://greensnow.co/) is a team harvesting a large number of IPs from different computers located around the world. GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam. Their list is updated automatically and you can withdraw at any time your IP address if it has been listed. Attacks / bruteforce that are monitored are: Scan Port, FTP, POP3, mod_security, IMAP, SMTP, SSH, cPanel, etc.|ipv4 hash:ip|1299 unique IPs|updated every 30 mins from [this link](http://blocklist.greensnow.co/greensnow.txt)
[haley_ssh](http://iplists.firehol.org/?ipset=haley_ssh)|[Charles Haley](http://charles.the-haleys.org) IPs launching SSH dictionary attacks.|ipv4 hash:ip|22549 unique IPs|updated every 4 hours from [this link](http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt)
[haley_ssh](http://iplists.firehol.org/?ipset=haley_ssh)|[Charles Haley](http://charles.the-haleys.org) IPs launching SSH dictionary attacks.|ipv4 hash:ip|22550 unique IPs|updated every 4 hours from [this link](http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt)
[hphosts_ats](http://iplists.firehol.org/?ipset=hphosts_ats)|[hpHosts](http://hosts-file.net/?s=Download) ad/tracking servers listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|15711 unique IPs|updated every 1 day from [this link](http://hosts-file.net/ad_servers.txt)
[hphosts_emd](http://iplists.firehol.org/?ipset=hphosts_emd)|[hpHosts](http://hosts-file.net/?s=Download) malware sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|22077 unique IPs|updated every 1 day from [this link](http://hosts-file.net/emd.txt)
[hphosts_exp](http://iplists.firehol.org/?ipset=hphosts_exp)|[hpHosts](http://hosts-file.net/?s=Download) exploit sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|303 unique IPs|updated every 1 day from [this link](http://hosts-file.net/exp.txt)
@ -1289,7 +1289,7 @@ php_bad|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) bad web
[proxz_7d](http://iplists.firehol.org/?ipset=proxz_7d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|963 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[pushing_inertia_blocklist](http://iplists.firehol.org/?ipset=pushing_inertia_blocklist)|[Pushing Inertia](https://github.com/pushinginertia/ip-blacklist) IPs of hosting providers that are known to host various bots, spiders, scrapers, etc. to block access from these providers to web servers.|ipv4 hash:net|864 subnets, 50729096 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/pushinginertia/ip-blacklist/master/ip_blacklist.conf)
[ransomware_cryptowall_ps](http://iplists.firehol.org/?ipset=ransomware_cryptowall_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. This list is CW_PS_IPBL: CryptoWall Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt)
[ransomware_feed](http://iplists.firehol.org/?ipset=ransomware_feed)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. The IPs in this list have been extracted from the tracker data feed.|ipv4 hash:ip|4033 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_feed](http://iplists.firehol.org/?ipset=ransomware_feed)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. The IPs in this list have been extracted from the tracker data feed.|ipv4 hash:ip|4034 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_locky_c2](http://iplists.firehol.org/?ipset=ransomware_locky_c2)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. This list is LY_C2_IPBL: Locky Ransomware C2 URL blocklist.|ipv4 hash:ip|213 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_C2_IPBL.txt)
[ransomware_locky_ps](http://iplists.firehol.org/?ipset=ransomware_locky_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. This list is LY_PS_IPBL: Locky Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|6 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt)
[ransomware_online](http://iplists.firehol.org/?ipset=ransomware_online)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. The IPs in this list have been extracted from the tracker data feed, filtering only online IPs.|ipv4 hash:ip|947 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
@ -1332,9 +1332,9 @@ sorbs_block|[Sorbs.net](https://www.sorbs.net/) List of hosts demanding that the
[sslbl_aggressive](http://iplists.firehol.org/?ipset=sslbl_aggressive)|[Abuse.ch SSL Blacklist](https://sslbl.abuse.ch/) The aggressive version of the SSL IP Blacklist contains all IPs that SSLBL ever detected being associated with a malicious SSL certificate. Since IP addresses can be reused (e.g. when the customer changes), this blacklist may cause false positives. Hence I highly recommend you to use the standard version instead of the aggressive one.|ipv4 hash:ip|2322 unique IPs|updated every 30 mins from [this link](https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv)
[sslproxies](http://iplists.firehol.org/?ipset=sslproxies)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|100 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_1d](http://iplists.firehol.org/?ipset=sslproxies_1d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|215 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_30d](http://iplists.firehol.org/?ipset=sslproxies_30d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|2670 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_30d](http://iplists.firehol.org/?ipset=sslproxies_30d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|2667 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_7d](http://iplists.firehol.org/?ipset=sslproxies_7d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|740 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[stopforumspam](http://iplists.firehol.org/?ipset=stopforumspam)|[StopForumSpam.com](http://www.stopforumspam.com) Banned IPs used by forum spammers|ipv4 hash:ip|147470 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/bannedips.zip)
[stopforumspam](http://iplists.firehol.org/?ipset=stopforumspam)|[StopForumSpam.com](http://www.stopforumspam.com) Banned IPs used by forum spammers|ipv4 hash:ip|147439 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/bannedips.zip)
[stopforumspam_180d](http://iplists.firehol.org/?ipset=stopforumspam_180d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 180 days)|ipv4 hash:ip|289408 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_180.zip)
[stopforumspam_1d](http://iplists.firehol.org/?ipset=stopforumspam_1d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers in the last 24 hours|ipv4 hash:ip|4320 unique IPs|updated every 1 hour from [this link](http://www.stopforumspam.com/downloads/listed_ip_1.zip)
[stopforumspam_30d](http://iplists.firehol.org/?ipset=stopforumspam_30d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 30 days)|ipv4 hash:ip|59183 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_30.zip)