Robot
/
blocklist-ipsets
mirror of https://github.com/firehol/blocklist-ipsets.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sun Nov 20 17:37:55 UTC 2016 update

This commit is contained in:
Costa Tsaousis 2016-11-20 17:37:55 +00:00
parent 4f4385b195
commit a26c72b427
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@ -220,13 +220,13 @@ This script will update each ipset and call firehol to update the ipset while th
# List of ipsets included
The following list was automatically generated on Sun Nov 20 17:33:29 UTC 2016.
The following list was automatically generated on Sun Nov 20 17:37:55 UTC 2016.
The update frequency is the maximum allowed by internal configuration. A list will never be downloaded sooner than the update frequency stated. A list may also not be downloaded, after this frequency expired, if it has not been modified on the server (as reported by HTTP `IF_MODIFIED_SINCE` method).
name|info|type|entries|update|
:--:|:--:|:--:|:-----:|:----:|
[alienvault_reputation](http://iplists.firehol.org/?ipset=alienvault_reputation)|[AlienVault.com](https://www.alienvault.com/) IP reputation database|ipv4 hash:ip|48338 unique IPs|updated every 6 hours from [this link](https://reputation.alienvault.com/reputation.generic)
[alienvault_reputation](http://iplists.firehol.org/?ipset=alienvault_reputation)|[AlienVault.com](https://www.alienvault.com/) IP reputation database|ipv4 hash:ip|48522 unique IPs|updated every 6 hours from [this link](https://reputation.alienvault.com/reputation.generic)
[anonymous](http://iplists.firehol.org/?ipset=anonymous)|Anonymous Service Providers -- [MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|32 subnets, 6159 unique IPs|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
[asprox_c2](http://iplists.firehol.org/?ipset=asprox_c2)|[h3x.eu](http://atrack.h3x.eu/) ASPROX Tracker - Asprox C&C Sites|ipv4 hash:ip|936 unique IPs|updated every 1 day from [this link](http://atrack.h3x.eu/c2)
[atlas_attacks](http://iplists.firehol.org/?ipset=atlas_attacks)|[ATLAS Attacks](https://atlas.arbor.net/summary/attacks) - ATLAS uses lightweight honeypot sensors to detect and fingerprint the attacks launched by malicious sources on the Internet. In most cases the attacker is trying to take control of the target via a published exploit for a known vulnerability. A variety of exploit tools exist and are usually written specifically for each attack vector. Exploit attempts and attacks are most often launched from bots (hosts under an attacker's control), which will automatically try to exploit any possible host on the Internet. Attack origins are usually not spoofed, although the source host may be compromised or infected with malware.|ipv4 hash:ip|10 unique IPs|updated every 1 day from [this link](https://atlas.arbor.net/summary/attacks.csv)
@ -290,12 +290,12 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[bi_voip_2_30d](http://iplists.firehol.org/?ipset=bi_voip_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category voip with score above 2 and age less than 30d|ipv4 hash:ip|86 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/voip/2?age=30d)
[bitcoin_blockchain_info](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|181 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_1d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_1d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|193 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_30d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_30d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|4421 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_30d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_30d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|4420 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_7d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_7d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|1753 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_nodes](http://iplists.firehol.org/?ipset=bitcoin_nodes)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|4340 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_1d](http://iplists.firehol.org/?ipset=bitcoin_nodes_1d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|5419 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_30d](http://iplists.firehol.org/?ipset=bitcoin_nodes_30d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|21313 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_7d](http://iplists.firehol.org/?ipset=bitcoin_nodes_7d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|9060 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes](http://iplists.firehol.org/?ipset=bitcoin_nodes)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|4343 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_1d](http://iplists.firehol.org/?ipset=bitcoin_nodes_1d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|5417 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_30d](http://iplists.firehol.org/?ipset=bitcoin_nodes_30d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|21310 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_7d](http://iplists.firehol.org/?ipset=bitcoin_nodes_7d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|9061 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[blocklist_de](http://iplists.firehol.org/?ipset=blocklist_de)|[Blocklist.de](https://www.blocklist.de/) IPs that have been detected by fail2ban in the last 48 hours|ipv4 hash:ip|23140 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/all.txt)
[blocklist_de_apache](http://iplists.firehol.org/?ipset=blocklist_de_apache)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.|ipv4 hash:ip|9395 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/apache.txt)
[blocklist_de_bots](http://iplists.firehol.org/?ipset=blocklist_de_bots)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = he has posted a Spam-Comment on a open Forum or Wiki).|ipv4 hash:ip|1802 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/bots.txt)
@ -306,7 +306,7 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[blocklist_de_sip](http://iplists.firehol.org/?ipset=blocklist_de_sip)|[Blocklist.de](https://www.blocklist.de/) All IP addresses that tried to login in a SIP, VOIP or Asterisk Server and are included in the IPs list from infiltrated.net|ipv4 hash:ip|140 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/sip.txt)
[blocklist_de_ssh](http://iplists.firehol.org/?ipset=blocklist_de_ssh)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service SSH.|ipv4 hash:ip|3096 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/ssh.txt)
[blocklist_de_strongips](http://iplists.firehol.org/?ipset=blocklist_de_strongips)|[Blocklist.de](https://www.blocklist.de/) All IPs which are older then 2 month and have more then 5.000 attacks.|ipv4 hash:ip|143 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/strongips.txt)
[blocklist_net_ua](http://iplists.firehol.org/?ipset=blocklist_net_ua)|[blocklist.net.ua](https://blocklist.net.ua) The BlockList project was created to become protection against negative influence of the harmful and potentially dangerous events on the Internet. First of all this service will help internet and hosting providers to protect subscribers sites from being hacked. BlockList will help to stop receiving a large amount of spam from dubious SMTP relays or from attempts of brute force passwords to servers and network equipment.|ipv4 hash:ip|11046 unique IPs|updated every 10 mins from [this link](https://blocklist.net.ua/blocklist.csv)
[blocklist_net_ua](http://iplists.firehol.org/?ipset=blocklist_net_ua)|[blocklist.net.ua](https://blocklist.net.ua) The BlockList project was created to become protection against negative influence of the harmful and potentially dangerous events on the Internet. First of all this service will help internet and hosting providers to protect subscribers sites from being hacked. BlockList will help to stop receiving a large amount of spam from dubious SMTP relays or from attempts of brute force passwords to servers and network equipment.|ipv4 hash:ip|11100 unique IPs|updated every 10 mins from [this link](https://blocklist.net.ua/blocklist.csv)
[blueliv_crimeserver_last](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|70 unique IPs|updated every 6 hours from [this link](https://freeapi.blueliv.com/v1/crimeserver/last)
[blueliv_crimeserver_last_1d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_1d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|274 unique IPs|updated every 6 hours from [this link](https://freeapi.blueliv.com/v1/crimeserver/last)
[blueliv_crimeserver_last_2d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_2d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|465 unique IPs|updated every 6 hours from [this link](https://freeapi.blueliv.com/v1/crimeserver/last)
@ -614,7 +614,7 @@ bambenek_p2pgoz|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/
[dronebl_unknown](http://iplists.firehol.org/?ipset=dronebl_unknown)|[DroneBL.org](https://dronebl.org) List of IPs of uncategorized threats. It includes IPs for which DroneBL responds with 255.|ipv4 hash:net|32 subnets, 33 unique IPs|
[dronebl_worms_bots](http://iplists.firehol.org/?ipset=dronebl_worms_bots)|[DroneBL.org](https://dronebl.org) IPs of unknown worms or spambots. It includes IPs for which DroneBL responds with 6|ipv4 hash:net|21587 subnets, 92698 unique IPs|
[dshield](http://iplists.firehol.org/?ipset=dshield)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|20 subnets, 5120 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_1d](http://iplists.firehol.org/?ipset=dshield_1d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|40 subnets, 10496 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_1d](http://iplists.firehol.org/?ipset=dshield_1d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|34 subnets, 8704 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_30d](http://iplists.firehol.org/?ipset=dshield_30d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|181 subnets, 47360 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_7d](http://iplists.firehol.org/?ipset=dshield_7d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|75 subnets, 19712 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_top_1000](http://iplists.firehol.org/?ipset=dshield_top_1000)|[DShield.org](https://dshield.org/) top 1000 attacking hosts in the last 30 days|ipv4 hash:ip|880 unique IPs|updated every 1 hour from [this link](https://isc.sans.edu/api/sources/attacks/1000/)
@ -660,9 +660,9 @@ esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|200595 subnets, 213403 unique IPs|
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|39714 subnets, 46759 unique IPs|
[firehol_level1](http://iplists.firehol.org/?ipset=firehol_level1)|A firewall blacklist composed from IP lists, providing maximum protection with minimum false positives. Suitable for basic protection on all internet facing servers, routers and firewalls. (includes: bambenek_c2 dshield feodo fullbogons palevo spamhaus_drop spamhaus_edrop sslbl zeus_badips ransomware_rw)|ipv4 hash:net|17219 subnets, 662542736 unique IPs|
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow openbl_1d virbl)|ipv4 hash:net|15770 subnets, 34912 unique IPs|
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow openbl_1d virbl)|ipv4 hash:net|15799 subnets, 33156 unique IPs|
[firehol_level3](http://iplists.firehol.org/?ipset=firehol_level3)|An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dragon_http dragon_sshpauth dragon_vncprobe dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip openbl_30d shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter zeus vxvault)|ipv4 hash:net|23813 subnets, 128670 unique IPs|
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|75362 subnets, 9571106 unique IPs|
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|75415 subnets, 9571160 unique IPs|
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|32946 subnets, 33758 unique IPs|
[firehol_webclient](http://iplists.firehol.org/?ipset=firehol_webclient)|An IP blacklist made from blocklists that track IPs that a web client should never talk to. This list is to be used on top of firehol_level1. (includes: ransomware_online sslbl_aggressive cybercrime atlas_phishing_2d atlas_fastflux_2d dyndns_ponmocup maxmind_proxy_fraud)|ipv4 hash:net|11890 subnets, 11970 unique IPs|
[firehol_webserver](http://iplists.firehol.org/?ipset=firehol_webserver)|A web server IP blacklist made from blocklists that track IPs that should never be your web users. (This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history. This list is to be used on top of firehol_level1, firehol_level2, firehol_level3 and possibly firehol_proxies or firehol_anonymous). (includes: hphosts_emd hphosts_exp hphosts_fsa hphosts_hjk hphosts_psh hphosts_wrz maxmind_proxy_fraud myip pushing_inertia_blocklist stopforumspam_toxic)|ipv4 hash:net|50516 subnets, 50960062 unique IPs|
@ -1241,7 +1241,7 @@ esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every
[nullsecure](http://iplists.firehol.org/?ipset=nullsecure)|[nullsecure.org](http://nullsecure.org/) This is a free threat feed provided for use in any acceptable manner. This feed was aggregated using the [Tango Honeypot Intelligence Splunk App](https://github.com/aplura/Tango) by Brian Warehime, a Senior Security Analyst at Defense Point Security.|ipv4 hash:ip|29439 unique IPs|updated every 8 hours from [this link](http://nullsecure.org/threatfeed/master.txt)
openbl|[OpenBL.org](http://www.openbl.org/) default blacklist (currently it is the same with 90 days). OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications|ipv4 hash:ip|disabled|updated every 4 hours from [this link](http://www.openbl.org/lists/base.txt)
[openbl_180d](http://iplists.firehol.org/?ipset=openbl_180d)|[OpenBL.org](http://www.openbl.org/) last 180 days IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|11556 unique IPs|updated every 4 hours from [this link](http://www.openbl.org/lists/base_180days.txt)
[openbl_1d](http://iplists.firehol.org/?ipset=openbl_1d)|[OpenBL.org](http://www.openbl.org/) last 24 hours IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|160 unique IPs|updated every 1 hour from [this link](http://www.openbl.org/lists/base_1days.txt)
[openbl_1d](http://iplists.firehol.org/?ipset=openbl_1d)|[OpenBL.org](http://www.openbl.org/) last 24 hours IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|157 unique IPs|updated every 1 hour from [this link](http://www.openbl.org/lists/base_1days.txt)
[openbl_30d](http://iplists.firehol.org/?ipset=openbl_30d)|[OpenBL.org](http://www.openbl.org/) last 30 days IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|3126 unique IPs|updated every 4 hours from [this link](http://www.openbl.org/lists/base_30days.txt)
[openbl_360d](http://iplists.firehol.org/?ipset=openbl_360d)|[OpenBL.org](http://www.openbl.org/) last 360 days IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|20150 unique IPs|updated every 4 hours from [this link](http://www.openbl.org/lists/base_360days.txt)
[openbl_60d](http://iplists.firehol.org/?ipset=openbl_60d)|[OpenBL.org](http://www.openbl.org/) last 60 days IPs. OpenBL.org is detecting, logging and reporting various types of internet abuse. Currently they monitor ports 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (Submission), 993 (IMAPS) and 995 (POP3S) for bruteforce login attacks as well as scans on ports 80 (HTTP) and 443 (HTTPS) for vulnerable installations of phpMyAdmin and other web applications.|ipv4 hash:ip|5158 unique IPs|updated every 4 hours from [this link](http://www.openbl.org/lists/base_60days.txt)
@ -1357,8 +1357,8 @@ sorbs_block|[Sorbs.net](https://www.sorbs.net/) List of hosts demanding that the
[vxvault](http://iplists.firehol.org/?ipset=vxvault)|[VxVault](http://vxvault.net) The latest 100 additions of VxVault.|ipv4 hash:ip|66 unique IPs|updated every 12 hours from [this link](http://vxvault.net/ViriList.php?s=0&m=100)
[xroxy](http://iplists.firehol.org/?ipset=xroxy)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|65 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_1d](http://iplists.firehol.org/?ipset=xroxy_1d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|199 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_30d](http://iplists.firehol.org/?ipset=xroxy_30d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|775 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_7d](http://iplists.firehol.org/?ipset=xroxy_7d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|358 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_30d](http://iplists.firehol.org/?ipset=xroxy_30d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|774 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_7d](http://iplists.firehol.org/?ipset=xroxy_7d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|355 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[yoyo_adservers](http://iplists.firehol.org/?ipset=yoyo_adservers)|[Yoyo.org](http://pgl.yoyo.org/adservers/) IPs of ad servers|ipv4 hash:ip|12870 unique IPs|updated every 12 hours from [this link](http://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext)
[zeus](http://iplists.firehol.org/?ipset=zeus)|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) standard, contains the same data as the ZeuS IP blocklist (zeus_badips) but with the slight difference that it doesn't exclude hijacked websites (level 2) and free web hosting providers (level 3). This means that this blocklist contains all IPv4 addresses associated with ZeuS C&Cs which are currently being tracked by ZeuS Tracker. Hence this blocklist will likely cause some false positives.|ipv4 hash:ip|155 unique IPs|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist)
[zeus_badips](http://iplists.firehol.org/?ipset=zeus_badips)|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) badips includes IPv4 addresses that are used by the ZeuS trojan. It is the recommened blocklist if you want to block only ZeuS IPs. It excludes IP addresses that ZeuS Tracker believes to be hijacked (level 2) or belong to a free web hosting provider (level 3). Hence the false postive rate should be much lower compared to the standard ZeuS IP blocklist.|ipv4 hash:ip|139 unique IPs|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=badips)