Robot
/
blocklist-ipsets
mirror of https://github.com/firehol/blocklist-ipsets.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Thu May 9 10:22:25 UTC 2024 update

This commit is contained in:
Costa Tsaousis 2024-05-05 06:42:00 +01:00
commit c5a4735e04
1358 changed files with 7116303 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
.gitignore vendored Normal file
View File

@ -0,0 +1,106 @@
bogons.netset
.cache
.cache.old
dragon_http.netset
dragon_*.ipset
dragon_*.netset
dragon_sshpauth.netset
dragon_vncprobe.netset
dronebl_anonymizers.netset
dronebl_auto_botnets.netset
dronebl_autorooting_worms.netset
dronebl_compromised.netset
dronebl_ddos_drones.netset
dronebl_dns_mx_on_irc.netset
dronebl_*.ipset
dronebl_irc_drones.netset
dronebl_*.netset
dronebl_unknown.netset
dronebl_worms_bots.netset
errors/
fullbogons.netset
history/
ib_*.ipset
iblocklist_ads.netset
iblocklist_ads.*set
iblocklist_badpeers.ipset
iblocklist_badpeers.*set
iblocklist_bogons.netset
iblocklist_bogons.*set
iblocklist_dshield.netset
iblocklist_dshield.*set
iblocklist_edu.netset
iblocklist_edu.*set
iblocklist_exclusions.netset
iblocklist_exclusions.*set
iblocklist_fornonlancomputers.netset
iblocklist_fornonlancomputers.*set
iblocklist_forumspam.netset
iblocklist_forumspam.*set
iblocklist_hijacked.netset
iblocklist_hijacked.*set
iblocklist_iana_multicast.netset
iblocklist_iana_multicast.*set
iblocklist_iana_private.netset
iblocklist_iana_private.*set
iblocklist_iana_reserved.netset
iblocklist_iana_reserved.*set
iblocklist_level1.netset
iblocklist_level1.*set
iblocklist_level2.netset
iblocklist_level2.*set
iblocklist_level3.netset
iblocklist_level3.*set
iblocklist_org_microsoft.netset
iblocklist_org_microsoft.*set
iblocklist_proxies.ipset
iblocklist_proxies.*set
iblocklist_rangetest.netset
iblocklist_rangetest.*set
iblocklist_spider.netset
iblocklist_spider.*set
iblocklist_spyware.netset
iblocklist_spyware.*set
iblocklist_webexploit.ipset
iblocklist_webexploit.*set
ib_*.netset
iprange*
ipv4_range_to_cidr.awk
*.lastchecked
*.setinfo
sorbs_anonymizers.netset
sorbs_dul.netset
sorbs_escalations.netset
sorbs_*.ipset
sorbs_*.netset
sorbs_new_spam.netset
sorbs_noserver.netset
sorbs_recent_spam.netset
sorbs_smtp.netset
sorbs_web.netset
sorbs_zombie.netset
*.source
*.tmp
update-ipsets*
.warn_if_last_downloaded_before_this
blueliv*.ipset
blueliv*.netset
blueliv_crimeserver_online.ipset
blueliv_crimeserver_recent.ipset
blueliv_crimeserver_last.ipset
blueliv_crimeserver_last_1d.ipset
blueliv_crimeserver_last_2d.ipset
blueliv_crimeserver_last_7d.ipset
blueliv_crimeserver_last_30d.ipset
iblocklist_badpeers.netset
dataplane_sipquery.ipset
dataplane_sshpwauth.ipset
dataplane_sshclient.ipset
dataplane_sipregistration.ipset
dataplane_sipinvitation.ipset
dataplane_vncrfb.ipset
dataplane_dnsrd.ipset
dataplane_dnsrdany.ipset
dataplane_dnsversion.ipset
shunlist.ipset
ip2proxy_px1lite.netset

228
README-EDIT.md Normal file
View File

@ -0,0 +1,228 @@
> Due to the amount of data and the frequency of the updates on this repo,
> github has requested to limit the number of updates.
> The site [https://iplists.firehol.org](https://iplists.firehol.org) has direct links
> to all the files in this repo. **This repo is now updated once per day.**
---
### Contents
- [About this repo](#about-this-repo)
- [Using these ipsets](#using-these-ipsets)
- [Which ones to use?](#which-ones-to-use)
- [Why are open proxy lists included](#why-are-open-proxy-lists-included)
- [Using them in FireHOL](#using-them-in-firehol)
* [Adding the ipsets in your firehol.conf](#adding-the-ipsets-in-your-fireholconf)
* [Updating the ipsets while the firewall is running](#updating-the-ipsets-while-the-firewall-is-running)
- [Dynamic List of ipsets included](#list-of-ipsets-included)
- [Comparison of ipsets](#comparison-of-ipsets)
---
# About this repo
This repository includes a list of ipsets dynamically updated with
[FireHOL](https://github.com/firehol/firehol)'s `update-ipsets.sh`
[documented in this wiki](https://github.com/firehol/blocklist-ipsets/wiki).
This repo is self maintained. It it updated automatically from the script via a cron job.
This repo has a site: [http://iplists.firehol.org](http://iplists.firehol.org).
## Why do we need blocklists?
As time passes and the internet matures in our life, cybercrime is becoming increasingly sophisticated.
Although there are many tools (detection of malware, viruses, intrusion detection and prevention systems,
etc) to help us isolate the bad guys, there are now a lot more than just such attacks.
What is more interesting is that the fraudsters or attackers in many cases are not going to do a direct
damage to you or your systems. They will use you and your systems to gain something else, possibly not
related or indirectly related to your business. Nowadays the attacks cannot be identified easily. They are
distributed and come to our systems from a vast amount of IPs around the world.
To get an idea, check for example the [XRumer](http://en.wikipedia.org/wiki/XRumer) software. This thing
mimics human behavior to post ads, it creates email accounts, responds to emails it receives, bypasses
captchas, it goes gently to stay unnoticed, etc.
To increase our effectiveness we need to complement our security solutions with our shared knowledge, our
shared experience in this fight.
Hopefully, there are many teams out there that do their best to identify the attacks and pinpoint the
attackers. These teams release blocklists. Blocklists of IPs (for use in firewalls), domains & URLs
(for use in proxies), etc.
What we are interested here is IPs.
Using IP blocklists at the internet side of your firewall is a key component of internet security. These
lists share key knowledge between us, allowing us to learn from each other and effectively isolate
fraudsters and attackers from our services.
I decided to upload these lists to a github repo because:
1. They are freely available on the internet. The intention of their creators is to help internet security.
Keep in mind though that a few of these lists may have special licences attached. Before using them, please check their source site for any information regarding proper use.
2. Github provides (via `git pull`) a unified way of updating all the lists together.
Pulling this repo regularly on your machines, you will update all the IP lists at once.
3. Github also provides a unified version control. Using it we can have a history of what each list has
done, which IPs or subnets were added and which were removed.
## DNSBLs
Check also another tool included in FireHOL v3+, called `dnsbl-ipset.sh`.
This tool is capable of creating an ipset based on your traffic by looking up information on DNSBLs and
scoring it according to your preferences.
More information [here](https://github.com/firehol/firehol/wiki/dnsbl-ipset.sh).
---
# Using these ipsets
Please be very careful what you choose to use and how you use it. If you blacklist traffic using these
lists you may end up blocking your users, your customers, even yourself (!) from accessing your services.
1. Go to to the site of each list and read how each list is maintained. You are going to trust these guys for doing their job right.
2. Most sites have either a donation system or commercial lists of higher quality. Try to support them.
3. I have included the TOR network in these lists (`bm_tor`, `dm_tor`, `et_tor`). The TOR network is not necessarily bad and you should not block it if you want to allow your users be anonymous. I have included it because for certain cases, allowing an anonymity network might be a risky thing (such as eCommerce).
4. Apply any blacklist at the internet side of your firewall. Be very careful. The `bogons` and `fullbogons` lists contain private, unrouteable IPs that should not be routed on the internet. If you apply such a blocklist on your DMZ or LAN side, you will be blocked out of your firewall.
5. Always have a whitelist too, containing the IP addresses or subnets you trust. Try to build the rules in such a way that if an IP is in the whitelist, it should not be blocked by these blocklists.
## Which ones to use
### Level 1 - Basic
These are the ones I trust. **Level 1** provides basic security against the most well-known attackers, with the minimum of false positives.
1. **Abuse.ch** lists `feodo`, `palevo`, `sslbl`, `zeus`, `zeus_badips`
These folks are doing a great job tracking crime ware. Their blocklists are very focused.
Keep in mind `zeus` may include some false positives. You can use `zeus_badips` instead.
2. **DShield.org** list `dshield`
It contains the top 20 attacking class C (/24) subnets, over the last three days.
3. **Spamhaus.org** lists `spamhaus_drop`, `spamhaus_edrop`
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
According to Spamhaus.org:
> When implemented at a network or ISP's 'core routers', DROP and EDROP will help protect the network's users from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.
>
> Spamhaus strongly encourages the use of DROP and EDROP by tier-1s and backbones.
Spamhaus is very responsive to adapt these lists when a network owner updates them that the issue has been solved (I had one such incident with one of my users).
4. **Team-Cymru.org** list `bogons` or `fullbogons`
These are lists of IPs that should not be routed on the internet. No one should be using them.
Be very careful to apply either of the two on the internet side of your network.
### Level 2 - Essentials
**Level 2** provide protection against current brute force attacks. This level may have a small percentage of false positives, mainly due to dynamic IPs being re-used by other users.
1. **OpenBL.org** lists `openbl*`
The team of OpenBL tracks brute force attacks on their hosts. They have a very short list for hosts, under their own control, collecting this information, to eliminate false positives.
They suggest to use the default blacklist which has a retention policy of 90 days (`openbl`), but they also provide lists with different retention policies (from 1 day to 1 year).
Their goal is to report abuse to the responsible provider so that the infection is disabled.
2. **Blocklist.de** lists `blocklist_de*`
Is a network of users reporting abuse mainly using `fail2ban`. They eliminate false positives using other lists available. Since they collect information from their users, their lists may be subject to poisoning, or false positives.
I asked them about poisoning. [Here](https://forum.blocklist.de/viewtopic.php?f=4&t=244&sid=847d00d26b0735add3518ff515242cad) you can find their answer. In short, they track it down so that they have an ignorable rate of false positives.
Also, they only include individual IPs (no subnets) which have attacked their users the last 48 hours and their list contains 20.000 to 40.000 IPs (which is small enough considering the size of the internet).
Like `openbl`, their goal is to report abuse back, so that the infection is disabled.
They also provide their blocklist per type of attack (mail, web, etc).
Of course, there are more lists included. You can check them and decide if they fit for your needs.
## Why are open proxy lists included
Of course, I haven't included them for you to use the open proxies. The port the proxy is listening, or the type of proxy, are not included (although most of them use the standard proxy ports and do serve web requests).
If you check the comparisons for the open proxy lists (`ri_connect_proxies`, `ri_web_proxies`, `xroxy`, `proxz`, `proxyrss`, etc)
you will find that they overlap to a great degree with other blocklists, like `blocklist_de`, `stopforumspam`, etc.
> This means the attackers also use open proxies to execute attacks.
So, if you are under attack, blocking the open proxies may help isolate a large part of the attack.
I don't suggest to permanently block IPs using the proxy lists. Their purpose of existence is questionable.
Their quality though may be acceptable, since lot of these sites advertise that they test open proxies before including them in their lists, so that there are no false positives, at least at the time they tested them.
---
## Using them in FireHOL
`update-ipsets.sh` itself does not alter your firewall. It can be used to update ipsets both on disk and in the kernel for any firewall solution you use.
The information below, shows you how to configure FireHOL to use the provides ipsets.
### Adding the ipsets in your firehol.conf
I use something like this:
```sh
# our wan interface
wan="dsl0"
# our whitelist
ipset4 create whitelist hash:net
ipset4 add whitelist A.B.C.D/E # A.B.C.D/E is whitelisted
# subnets - netsets
for x in fullbogons dshield spamhaus_drop spamhaus_edrop
do
ipset4 create ${x} hash:net
ipset4 addfile ${x} ipsets/${x}.netset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
# individual IPs - ipsets
for x in feodo palevo sslbl zeus openbl blocklist_de
do
ipset4 create ${x} hash:ip
ipset4 addfile ${x} ipsets/${x}.ipset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
... rest of firehol.conf ...
```
If you are concerned about iptables performance, change the `blacklist4` keyword `full` to `input`.
This will block only inbound NEW connections, i.e. only the first packet for every NEW inbound connection will be checked.
All other traffic passes through unchecked.
> Before adding these rules to your `firehol.conf` you should run `update-ipsets.sh` to enable them.
### Updating the ipsets while the firewall is running
Just use the `update-ipsets.sh` script from the firehol distribution.
This script will update each ipset and call firehol to update the ipset while the firewall is running.
> You can add `update-ipsets.sh` to cron, to run every 10 mins. `update-ipsets.sh` is smart enough to download
> a list only when it needs to.
---
# List of ipsets included

626
README.md Normal file
View File

@ -0,0 +1,626 @@
> Due to the amount of data and the frequency of the updates on this repo,
> github has requested to limit the number of updates.
> The site [https://iplists.firehol.org](https://iplists.firehol.org) has direct links
> to all the files in this repo. **This repo is now updated once per day.**
---
### Contents
- [About this repo](#about-this-repo)
- [Using these ipsets](#using-these-ipsets)
- [Which ones to use?](#which-ones-to-use)
- [Why are open proxy lists included](#why-are-open-proxy-lists-included)
- [Using them in FireHOL](#using-them-in-firehol)
* [Adding the ipsets in your firehol.conf](#adding-the-ipsets-in-your-fireholconf)
* [Updating the ipsets while the firewall is running](#updating-the-ipsets-while-the-firewall-is-running)
- [Dynamic List of ipsets included](#list-of-ipsets-included)
- [Comparison of ipsets](#comparison-of-ipsets)
---
# About this repo
This repository includes a list of ipsets dynamically updated with
[FireHOL](https://github.com/firehol/firehol)'s `update-ipsets.sh`
[documented in this wiki](https://github.com/firehol/blocklist-ipsets/wiki).
This repo is self maintained. It it updated automatically from the script via a cron job.
This repo has a site: [http://iplists.firehol.org](http://iplists.firehol.org).
## Why do we need blocklists?
As time passes and the internet matures in our life, cybercrime is becoming increasingly sophisticated.
Although there are many tools (detection of malware, viruses, intrusion detection and prevention systems,
etc) to help us isolate the bad guys, there are now a lot more than just such attacks.
What is more interesting is that the fraudsters or attackers in many cases are not going to do a direct
damage to you or your systems. They will use you and your systems to gain something else, possibly not
related or indirectly related to your business. Nowadays the attacks cannot be identified easily. They are
distributed and come to our systems from a vast amount of IPs around the world.
To get an idea, check for example the [XRumer](http://en.wikipedia.org/wiki/XRumer) software. This thing
mimics human behavior to post ads, it creates email accounts, responds to emails it receives, bypasses
captchas, it goes gently to stay unnoticed, etc.
To increase our effectiveness we need to complement our security solutions with our shared knowledge, our
shared experience in this fight.
Hopefully, there are many teams out there that do their best to identify the attacks and pinpoint the
attackers. These teams release blocklists. Blocklists of IPs (for use in firewalls), domains & URLs
(for use in proxies), etc.
What we are interested here is IPs.
Using IP blocklists at the internet side of your firewall is a key component of internet security. These
lists share key knowledge between us, allowing us to learn from each other and effectively isolate
fraudsters and attackers from our services.
I decided to upload these lists to a github repo because:
1. They are freely available on the internet. The intention of their creators is to help internet security.
Keep in mind though that a few of these lists may have special licences attached. Before using them, please check their source site for any information regarding proper use.
2. Github provides (via `git pull`) a unified way of updating all the lists together.
Pulling this repo regularly on your machines, you will update all the IP lists at once.
3. Github also provides a unified version control. Using it we can have a history of what each list has
done, which IPs or subnets were added and which were removed.
## DNSBLs
Check also another tool included in FireHOL v3+, called `dnsbl-ipset.sh`.
This tool is capable of creating an ipset based on your traffic by looking up information on DNSBLs and
scoring it according to your preferences.
More information [here](https://github.com/firehol/firehol/wiki/dnsbl-ipset.sh).
---
# Using these ipsets
Please be very careful what you choose to use and how you use it. If you blacklist traffic using these
lists you may end up blocking your users, your customers, even yourself (!) from accessing your services.
1. Go to to the site of each list and read how each list is maintained. You are going to trust these guys for doing their job right.
2. Most sites have either a donation system or commercial lists of higher quality. Try to support them.
3. I have included the TOR network in these lists (`bm_tor`, `dm_tor`, `et_tor`). The TOR network is not necessarily bad and you should not block it if you want to allow your users be anonymous. I have included it because for certain cases, allowing an anonymity network might be a risky thing (such as eCommerce).
4. Apply any blacklist at the internet side of your firewall. Be very careful. The `bogons` and `fullbogons` lists contain private, unrouteable IPs that should not be routed on the internet. If you apply such a blocklist on your DMZ or LAN side, you will be blocked out of your firewall.
5. Always have a whitelist too, containing the IP addresses or subnets you trust. Try to build the rules in such a way that if an IP is in the whitelist, it should not be blocked by these blocklists.
## Which ones to use
### Level 1 - Basic
These are the ones I trust. **Level 1** provides basic security against the most well-known attackers, with the minimum of false positives.
1. **Abuse.ch** lists `feodo`, `palevo`, `sslbl`, `zeus`, `zeus_badips`
These folks are doing a great job tracking crime ware. Their blocklists are very focused.
Keep in mind `zeus` may include some false positives. You can use `zeus_badips` instead.
2. **DShield.org** list `dshield`
It contains the top 20 attacking class C (/24) subnets, over the last three days.
3. **Spamhaus.org** lists `spamhaus_drop`, `spamhaus_edrop`
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
According to Spamhaus.org:
> When implemented at a network or ISP's 'core routers', DROP and EDROP will help protect the network's users from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.
>
> Spamhaus strongly encourages the use of DROP and EDROP by tier-1s and backbones.
Spamhaus is very responsive to adapt these lists when a network owner updates them that the issue has been solved (I had one such incident with one of my users).
4. **Team-Cymru.org** list `bogons` or `fullbogons`
These are lists of IPs that should not be routed on the internet. No one should be using them.
Be very careful to apply either of the two on the internet side of your network.
### Level 2 - Essentials
**Level 2** provide protection against current brute force attacks. This level may have a small percentage of false positives, mainly due to dynamic IPs being re-used by other users.
1. **OpenBL.org** lists `openbl*`
The team of OpenBL tracks brute force attacks on their hosts. They have a very short list for hosts, under their own control, collecting this information, to eliminate false positives.
They suggest to use the default blacklist which has a retention policy of 90 days (`openbl`), but they also provide lists with different retention policies (from 1 day to 1 year).
Their goal is to report abuse to the responsible provider so that the infection is disabled.
2. **Blocklist.de** lists `blocklist_de*`
Is a network of users reporting abuse mainly using `fail2ban`. They eliminate false positives using other lists available. Since they collect information from their users, their lists may be subject to poisoning, or false positives.
I asked them about poisoning. [Here](https://forum.blocklist.de/viewtopic.php?f=4&t=244&sid=847d00d26b0735add3518ff515242cad) you can find their answer. In short, they track it down so that they have an ignorable rate of false positives.
Also, they only include individual IPs (no subnets) which have attacked their users the last 48 hours and their list contains 20.000 to 40.000 IPs (which is small enough considering the size of the internet).
Like `openbl`, their goal is to report abuse back, so that the infection is disabled.
They also provide their blocklist per type of attack (mail, web, etc).
Of course, there are more lists included. You can check them and decide if they fit for your needs.
## Why are open proxy lists included
Of course, I haven't included them for you to use the open proxies. The port the proxy is listening, or the type of proxy, are not included (although most of them use the standard proxy ports and do serve web requests).
If you check the comparisons for the open proxy lists (`ri_connect_proxies`, `ri_web_proxies`, `xroxy`, `proxz`, `proxyrss`, etc)
you will find that they overlap to a great degree with other blocklists, like `blocklist_de`, `stopforumspam`, etc.
> This means the attackers also use open proxies to execute attacks.
So, if you are under attack, blocking the open proxies may help isolate a large part of the attack.
I don't suggest to permanently block IPs using the proxy lists. Their purpose of existence is questionable.
Their quality though may be acceptable, since lot of these sites advertise that they test open proxies before including them in their lists, so that there are no false positives, at least at the time they tested them.
---
## Using them in FireHOL
`update-ipsets.sh` itself does not alter your firewall. It can be used to update ipsets both on disk and in the kernel for any firewall solution you use.
The information below, shows you how to configure FireHOL to use the provides ipsets.
### Adding the ipsets in your firehol.conf
I use something like this:
```sh
# our wan interface
wan="dsl0"
# our whitelist
ipset4 create whitelist hash:net
ipset4 add whitelist A.B.C.D/E # A.B.C.D/E is whitelisted
# subnets - netsets
for x in fullbogons dshield spamhaus_drop spamhaus_edrop
do
ipset4 create ${x} hash:net
ipset4 addfile ${x} ipsets/${x}.netset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
# individual IPs - ipsets
for x in feodo palevo sslbl zeus openbl blocklist_de
do
ipset4 create ${x} hash:ip
ipset4 addfile ${x} ipsets/${x}.ipset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
... rest of firehol.conf ...
```
If you are concerned about iptables performance, change the `blacklist4` keyword `full` to `input`.
This will block only inbound NEW connections, i.e. only the first packet for every NEW inbound connection will be checked.
All other traffic passes through unchecked.
> Before adding these rules to your `firehol.conf` you should run `update-ipsets.sh` to enable them.
### Updating the ipsets while the firewall is running
Just use the `update-ipsets.sh` script from the firehol distribution.
This script will update each ipset and call firehol to update the ipset while the firewall is running.
> You can add `update-ipsets.sh` to cron, to run every 10 mins. `update-ipsets.sh` is smart enough to download
> a list only when it needs to.
---
# List of ipsets included
The following list was automatically generated on Thu May 9 10:22:25 UTC 2024.
The update frequency is the maximum allowed by internal configuration. A list will never be downloaded sooner than the update frequency stated. A list may also not be downloaded, after this frequency expired, if it has not been modified on the server (as reported by HTTP `IF_MODIFIED_SINCE` method).
name|info|type|entries|update|
:--:|:--:|:--:|:-----:|:----:|
[alienvault_reputation](http://iplists.firehol.org/?ipset=alienvault_reputation)|[AlienVault.com](https://www.alienvault.com/) IP reputation database|ipv4 hash:ip|609 unique IPs|updated every 6 hours from [this link](https://reputation.alienvault.com/reputation.generic)
[asprox_c2](http://iplists.firehol.org/?ipset=asprox_c2)|[h3x.eu](http://atrack.h3x.eu/) ASPROX Tracker - Asprox C&C Sites|ipv4 hash:ip|0 unique IPs|updated every 1 day from [this link](http://atrack.h3x.eu/c2)
[bambenek_banjori](http://iplists.firehol.org/?ipset=bambenek_banjori)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of banjori C&Cs with 90 minute lookback|ipv4 hash:ip|136 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/banjori-iplist.txt)
[bambenek_bebloh](http://iplists.firehol.org/?ipset=bambenek_bebloh)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of bebloh C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/bebloh-iplist.txt)
[bambenek_c2](http://iplists.firehol.org/?ipset=bambenek_c2)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) master feed of known, active and non-sinkholed C&Cs IP addresses|ipv4 hash:ip|1 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt)
[bambenek_cl](http://iplists.firehol.org/?ipset=bambenek_cl)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of cl C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/cl-iplist.txt)
[bambenek_cryptowall](http://iplists.firehol.org/?ipset=bambenek_cryptowall)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of cryptowall C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/cryptowall-iplist.txt)
[bambenek_dircrypt](http://iplists.firehol.org/?ipset=bambenek_dircrypt)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of dircrypt C&Cs with 90 minute lookback|ipv4 hash:ip|2 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/dircrypt-iplist.txt)
[bambenek_dyre](http://iplists.firehol.org/?ipset=bambenek_dyre)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of dyre C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/dyre-iplist.txt)
[bambenek_geodo](http://iplists.firehol.org/?ipset=bambenek_geodo)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of geodo C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/geodo-iplist.txt)
[bambenek_hesperbot](http://iplists.firehol.org/?ipset=bambenek_hesperbot)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of hesperbot C&Cs with 90 minute lookback|ipv4 hash:ip|2 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/hesperbot-iplist.txt)
[bambenek_matsnu](http://iplists.firehol.org/?ipset=bambenek_matsnu)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of matsnu C&Cs with 90 minute lookback|ipv4 hash:ip|1 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/matsnu-iplist.txt)
[bambenek_necurs](http://iplists.firehol.org/?ipset=bambenek_necurs)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of necurs C&Cs with 90 minute lookback|ipv4 hash:ip|13 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/necurs-iplist.txt)
[bambenek_p2pgoz](http://iplists.firehol.org/?ipset=bambenek_p2pgoz)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of p2pgoz C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/p2pgoz-iplist.txt)
[bambenek_pushdo](http://iplists.firehol.org/?ipset=bambenek_pushdo)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of pushdo C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/pushdo-iplist.txt)
[bambenek_pykspa](http://iplists.firehol.org/?ipset=bambenek_pykspa)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of pykspa C&Cs with 90 minute lookback|ipv4 hash:ip|5 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/pykspa-iplist.txt)
[bambenek_qakbot](http://iplists.firehol.org/?ipset=bambenek_qakbot)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of qakbot C&Cs with 90 minute lookback|ipv4 hash:ip|2 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/qakbot-iplist.txt)
[bambenek_ramnit](http://iplists.firehol.org/?ipset=bambenek_ramnit)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ramnit C&Cs with 90 minute lookback|ipv4 hash:ip|98 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ramnit-iplist.txt)
[bambenek_ranbyus](http://iplists.firehol.org/?ipset=bambenek_ranbyus)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ranbyus C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ranbyus-iplist.txt)
[bambenek_simda](http://iplists.firehol.org/?ipset=bambenek_simda)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of simda C&Cs with 90 minute lookback|ipv4 hash:ip|131 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/simda-iplist.txt)
[bambenek_suppobox](http://iplists.firehol.org/?ipset=bambenek_suppobox)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of suppobox C&Cs with 90 minute lookback|ipv4 hash:ip|108 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/suppobox-iplist.txt)
[bambenek_symmi](http://iplists.firehol.org/?ipset=bambenek_symmi)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of symmi C&Cs with 90 minute lookback|ipv4 hash:ip|1 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/symmi-iplist.txt)
[bambenek_tinba](http://iplists.firehol.org/?ipset=bambenek_tinba)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of tinba C&Cs with 90 minute lookback|ipv4 hash:ip|4 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/tinba-iplist.txt)
[bambenek_volatile](http://iplists.firehol.org/?ipset=bambenek_volatile)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of volatile C&Cs with 90 minute lookback|ipv4 hash:ip|1 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/volatile-iplist.txt)
[bbcan177_ms1](http://iplists.firehol.org/?ipset=bbcan177_ms1)|pfBlockerNG Malicious Threats|ipv4 hash:net|2688 subnets, 5269973 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw)
[bbcan177_ms3](http://iplists.firehol.org/?ipset=bbcan177_ms3)|pfBlockerNG Malicious Threats|ipv4 hash:net|1146 subnets, 30151694 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/d7105c242f17f4498f81/raw)
[bds_atif](http://iplists.firehol.org/?ipset=bds_atif)|Artillery Threat Intelligence Feed and Banlist Feed|ipv4 hash:ip|1210 unique IPs|updated every 1 day from [this link](https://www.binarydefense.com/banlist.txt)
[bitcoin_blockchain_info_1d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_1d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|988 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_30d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_30d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|8196 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_7d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_7d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|2636 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_nodes](http://iplists.firehol.org/?ipset=bitcoin_nodes)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|5811 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_1d](http://iplists.firehol.org/?ipset=bitcoin_nodes_1d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|7242 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_30d](http://iplists.firehol.org/?ipset=bitcoin_nodes_30d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|13897 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_7d](http://iplists.firehol.org/?ipset=bitcoin_nodes_7d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|8859 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[blocklist_de](http://iplists.firehol.org/?ipset=blocklist_de)|[Blocklist.de](https://www.blocklist.de/) IPs that have been detected by fail2ban in the last 48 hours|ipv4 hash:ip|22522 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/all.txt)
[blocklist_de_apache](http://iplists.firehol.org/?ipset=blocklist_de_apache)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.|ipv4 hash:ip|8487 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/apache.txt)
[blocklist_de_bots](http://iplists.firehol.org/?ipset=blocklist_de_bots)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = it has posted a Spam-Comment on a open Forum or Wiki).|ipv4 hash:ip|141 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/bots.txt)
[blocklist_de_bruteforce](http://iplists.firehol.org/?ipset=blocklist_de_bruteforce)|[Blocklist.de](https://www.blocklist.de/) All IPs which attacks Joomla, Wordpress and other Web-Logins with Brute-Force Logins.|ipv4 hash:ip|441 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/bruteforcelogin.txt)
[blocklist_de_ftp](http://iplists.firehol.org/?ipset=blocklist_de_ftp)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours for attacks on the Service FTP.|ipv4 hash:ip|282 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/ftp.txt)
[blocklist_de_imap](http://iplists.firehol.org/?ipset=blocklist_de_imap)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours for attacks on the Service imap, sasl, pop3, etc.|ipv4 hash:ip|3494 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/imap.txt)
[blocklist_de_mail](http://iplists.firehol.org/?ipset=blocklist_de_mail)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix.|ipv4 hash:ip|12081 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/mail.txt)
[blocklist_de_sip](http://iplists.firehol.org/?ipset=blocklist_de_sip)|[Blocklist.de](https://www.blocklist.de/) All IP addresses that tried to login in a SIP, VOIP or Asterisk Server and are included in the IPs list from infiltrated.net|ipv4 hash:ip|47 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/sip.txt)
[blocklist_de_ssh](http://iplists.firehol.org/?ipset=blocklist_de_ssh)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service SSH.|ipv4 hash:ip|9446 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/ssh.txt)
[blocklist_de_strongips](http://iplists.firehol.org/?ipset=blocklist_de_strongips)|[Blocklist.de](https://www.blocklist.de/) All IPs which are older then 2 month and have more then 5.000 attacks.|ipv4 hash:ip|336 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/strongips.txt)
[blocklist_net_ua](http://iplists.firehol.org/?ipset=blocklist_net_ua)|[blocklist.net.ua](https://blocklist.net.ua) The BlockList project was created to become protection against negative influence of the harmful and potentially dangerous events on the Internet. First of all this service will help internet and hosting providers to protect subscribers sites from being hacked. BlockList will help to stop receiving a large amount of spam from dubious SMTP relays or from attempts of brute force passwords to servers and network equipment.|ipv4 hash:ip|81715 unique IPs|updated every 10 mins from [this link](https://blocklist.net.ua/blocklist.csv)
[blueliv_crimeserver_last](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|24381 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_1d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_1d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|58312 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_2d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_2d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|71293 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_30d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_30d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|87551 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_7d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_7d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|77098 unique IPs|updated every 6 hours
[blueliv_crimeserver_online](http://iplists.firehol.org/?ipset=blueliv_crimeserver_online)|[blueliv.com](https://www.blueliv.com/) Online Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|15628 unique IPs|updated every 1 day
[blueliv_crimeserver_recent](http://iplists.firehol.org/?ipset=blueliv_crimeserver_recent)|[blueliv.com](https://www.blueliv.com/) Recent Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|64076 unique IPs|updated every 1 day
bm_tor|[torstatus.blutmagie.de](https://torstatus.blutmagie.de) list of all TOR network servers|ipv4 hash:ip|disabled|updated every 30 mins from [this link](https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv)
[bogons](http://iplists.firehol.org/?ipset=bogons)|[Team-Cymru.org](http://www.team-cymru.org) private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598 and netblocks that have not been allocated to a regional internet registry|ipv4 hash:net|13 subnets, 592708608 unique IPs|updated every 1 day
[botscout](http://iplists.firehol.org/?ipset=botscout)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|52 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_1d](http://iplists.firehol.org/?ipset=botscout_1d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|811 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_30d](http://iplists.firehol.org/?ipset=botscout_30d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|14444 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_7d](http://iplists.firehol.org/?ipset=botscout_7d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|4506 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botvrij_dst](http://iplists.firehol.org/?ipset=botvrij_dst)|[botvrij.eu](http://www.botvrij.eu/) Indicators of Compromise (IOCS) about malicious destination IPs, gathered via open source information feeds (blog pages and PDF documents) and then consolidated into different datasets. To ensure the quality of the data all entries older than approx. 6 months are removed.|ipv4 hash:ip|215 unique IPs|updated every 1 day from [this link](http://www.botvrij.eu/data/ioclist.ip-dst.raw)
[botvrij_src](http://iplists.firehol.org/?ipset=botvrij_src)|[botvrij.eu](http://www.botvrij.eu/) Indicators of Compromise (IOCS) about malicious source IPs, gathered via open source information feeds (blog pages and PDF documents) and then consolidated into different datasets. To ensure the quality of the data all entries older than approx. 6 months are removed.|ipv4 hash:ip|0 unique IPs|updated every 1 day from [this link](http://www.botvrij.eu/data/ioclist.ip-src.raw)
[bruteforceblocker](http://iplists.firehol.org/?ipset=bruteforceblocker)|[danger.rulez.sk bruteforceblocker](http://danger.rulez.sk/index.php/bruteforceblocker/) (fail2ban alternative for SSH on OpenBSD). This is an automatically generated list from users reporting failed authentication attempts. An IP seems to be included if 3 or more users report it. Its retention pocily seems 30 days.|ipv4 hash:ip|321 unique IPs|updated every 3 hours from [this link](http://danger.rulez.sk/projects/bruteforceblocker/blist.php)
[ciarmy](http://iplists.firehol.org/?ipset=ciarmy)|[CIArmy.com](http://ciarmy.com/) IPs with poor Rogue Packet score that have not yet been identified as malicious by the community|ipv4 hash:ip|15000 unique IPs|updated every 3 hours from [this link](http://cinsscore.com/list/ci-badguys.txt)
[cidr_report_bogons](http://iplists.firehol.org/?ipset=cidr_report_bogons)|Unallocated (Free) Address Space, generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data.|ipv4 hash:net|9114 subnets, 602953664 unique IPs|updated every 1 day from [this link](http://www.cidr-report.org/bogons/freespace-prefix.txt)
[cleanmx_phishing](http://iplists.firehol.org/?ipset=cleanmx_phishing)|[Clean-MX.de](http://support.clean-mx.de/) IPs sending phishing messages|ipv4 hash:ip|4519 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlphishing?response=alive&format=csv&domain=)
[cleanmx_viruses](http://iplists.firehol.org/?ipset=cleanmx_viruses)|[Clean-MX.de](http://support.clean-mx.de/clean-mx/viruses.php) IPs with viruses|ipv4 hash:ip|12190 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlviruses.php?response=alive&fields=ip)
[cleantalk](http://iplists.firehol.org/?ipset=cleantalk)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new cleantalk_updated)|ipv4 hash:ip|492 unique IPs|updated every 1 min
[cleantalk_1d](http://iplists.firehol.org/?ipset=cleantalk_1d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_1d cleantalk_updated_1d)|ipv4 hash:ip|1823 unique IPs|updated every 1 min
[cleantalk_30d](http://iplists.firehol.org/?ipset=cleantalk_30d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_30d cleantalk_updated_30d)|ipv4 hash:ip|56919 unique IPs|updated every 1 min
[cleantalk_7d](http://iplists.firehol.org/?ipset=cleantalk_7d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_7d cleantalk_updated_7d)|ipv4 hash:ip|7098 unique IPs|updated every 1 min
[cleantalk_new](http://iplists.firehol.org/?ipset=cleantalk_new)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|250 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_1d](http://iplists.firehol.org/?ipset=cleantalk_new_1d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|679 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_30d](http://iplists.firehol.org/?ipset=cleantalk_new_30d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|15937 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_7d](http://iplists.firehol.org/?ipset=cleantalk_new_7d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|3250 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_top20](http://iplists.firehol.org/?ipset=cleantalk_top20)|[CleanTalk](https://cleantalk.org/) Top 20 HTTP Spammers|ipv4 hash:ip|20 unique IPs|updated every 1 day from [this link](https://cleantalk.org/blacklists/top20)
[cleantalk_updated](http://iplists.firehol.org/?ipset=cleantalk_updated)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|250 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_1d](http://iplists.firehol.org/?ipset=cleantalk_updated_1d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|1238 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_30d](http://iplists.firehol.org/?ipset=cleantalk_updated_30d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|53799 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_7d](http://iplists.firehol.org/?ipset=cleantalk_updated_7d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|4341 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[coinbl_hosts](http://iplists.firehol.org/?ipset=coinbl_hosts)|[CoinBlockerLists](https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists that can help prevent cryptomining in the browser or other applications. This list contains all domains - A list for administrators to prevent mining in networks. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|10429 unique IPs|updated every 1 day from [this link](https://zerodot1.gitlab.io/CoinBlockerLists/hosts)
[coinbl_hosts_browser](http://iplists.firehol.org/?ipset=coinbl_hosts_browser)|[CoinBlockerLists](https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists that can help prevent cryptomining in the browser or other applications. A hosts list to prevent browser mining only. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|627 unique IPs|updated every 1 day from [this link](https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser)
[coinbl_hosts_optional](http://iplists.firehol.org/?ipset=coinbl_hosts_optional)|[CoinBlockerLists](https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists that can help prevent cryptomining in the browser or other applications. This list contains additional domains, for administrators to prevent mining in networks. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|471 unique IPs|updated every 1 day from [this link](https://zerodot1.gitlab.io/CoinBlockerLists/hosts_optional)
[coinbl_ips](http://iplists.firehol.org/?ipset=coinbl_ips)|[CoinBlockerLists](https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists that can help prevent cryptomining in the browser or other applications. This list contains all IPs - An additional list for administrators to prevent mining in networks. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|1390 unique IPs|updated every 1 day from [this link](https://zerodot1.gitlab.io/CoinBlockerLists/MiningServerIPList.txt)
[cruzit_web_attacks](http://iplists.firehol.org/?ipset=cruzit_web_attacks)|[CruzIt.com](http://www.cruzit.com/wbl.php) IPs of compromised machines scanning for vulnerabilities and DDOS attacks|ipv4 hash:ip|13878 unique IPs|updated every 12 hours from [this link](http://www.cruzit.com/xwbl2txt.php)
[cta_cryptowall](http://iplists.firehol.org/?ipset=cta_cryptowall)|[Cyber Threat Alliance](http://www.cyberthreatalliance.org/cryptowall-dashboard.html) CryptoWall is one of the most lucrative and broad-reaching ransomware campaigns affecting Internet users today. Sharing intelligence and analysis resources, the CTA profiled the latest version of CryptoWall, which impacted hundreds of thousands of users, resulting in over US $325 million in damages worldwide.|ipv4 hash:ip|1360 unique IPs|updated every 1 day from [this link](https://public.tableau.com/views/CTAOnlineViz/DashboardData.csv?:embed=y&:showVizHome=no&:showTabs=y&:display_count=y&:display_static_image=y&:bootstrapWhenNotified=true)
[cybercrime](http://iplists.firehol.org/?ipset=cybercrime)|[CyberCrime](http://cybercrime-tracker.net/) A project tracking Command and Control.|ipv4 hash:ip|1391 unique IPs|updated every 12 hours from [this link](http://cybercrime-tracker.net/fuckerz.php)
[darklist_de](http://iplists.firehol.org/?ipset=darklist_de)|[darklist.de](http://www.darklist.de/) ssh fail2ban reporting|ipv4 hash:net|6008 subnets, 274857 unique IPs|updated every 1 day from [this link](http://www.darklist.de/raw.php)
[datacenters](http://iplists.firehol.org/?ipset=datacenters)|[Nick Galbreath](https://github.com/client9/ipcat) This is a list of IPv4 address that correspond to datacenters, co-location centers, shared and virtual webhosting providers. In other words, ip addresses that end web consumers should not be using.|ipv4 hash:net|4224 subnets, 95959476 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/client9/ipcat/master/datacenters.csv)
[dataplane_dnsrd](http://iplists.firehol.org/?ipset=dataplane_dnsrd)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending recursive DNS queries to a remote host. This report lists addresses that may be cataloging open DNS resolvers or evaluating cache entries.|ipv4 hash:ip|4249 unique IPs|updated every 1 hour
[dataplane_dnsrdany](http://iplists.firehol.org/?ipset=dataplane_dnsrdany)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending recursive DNS IN ANY queries to a remote host. This report lists addresses that may be cataloging open DNS resolvers for the purpose of later using them to facilitate DNS amplification and reflection attacks.|ipv4 hash:ip|41 unique IPs|updated every 1 hour
[dataplane_dnsversion](http://iplists.firehol.org/?ipset=dataplane_dnsversion)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending DNS CH TXT VERSION.BIND queries to a remote host. This report lists addresses that may be cataloging DNS software.|ipv4 hash:ip|3801 unique IPs|updated every 1 hour
[dataplane_sipinvitation](http://iplists.firehol.org/?ipset=dataplane_sipinvitation)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a SIP INVITE operation to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP client cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|21 unique IPs|updated every 1 hour
[dataplane_sipquery](http://iplists.firehol.org/?ipset=dataplane_sipquery)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen initiating a SIP OPTIONS query to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP server cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|2684 unique IPs|updated every 1 hour
[dataplane_sipregistration](http://iplists.firehol.org/?ipset=dataplane_sipregistration)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a SIP REGISTER operation to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP client cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|160 unique IPs|updated every 1 hour
[dataplane_sshclient](http://iplists.firehol.org/?ipset=dataplane_sshclient)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen initiating an SSH connection to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SSH server cataloging or conducting authentication attack attempts.|ipv4 hash:ip|23441 unique IPs|updated every 1 hour
[dataplane_sshpwauth](http://iplists.firehol.org/?ipset=dataplane_sshpwauth)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen attempting to remotely login to a host using SSH password authentication. This report lists hosts that are highly suspicious and are likely conducting malicious SSH password authentication attacks.|ipv4 hash:ip|17508 unique IPs|updated every 1 hour
[dataplane_vncrfb](http://iplists.firehol.org/?ipset=dataplane_vncrfb)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a VNC remote frame buffer (RFB) session to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be VNC server cataloging or conducting various forms of remote access abuse.|ipv4 hash:ip|3378 unique IPs|updated every 1 hour
[dm_tor](http://iplists.firehol.org/?ipset=dm_tor)|[dan.me.uk](https://www.dan.me.uk) dynamic list of TOR nodes|ipv4 hash:ip|5471 unique IPs|updated every 30 mins from [this link](https://www.dan.me.uk/torlist/)
[dronebl_anonymizers](http://iplists.firehol.org/?ipset=dronebl_anonymizers)|[DroneBL.org](https://dronebl.org) List of open proxies. It includes IPs which DroneBL categorizes as SOCKS proxies (8), HTTP proxies (9), web page proxies (11), WinGate proxies (14), proxy chains (10).|ipv4 hash:net|1119852 subnets, 1210301 unique IPs|updated every 1 min
[dronebl_auto_botnets](http://iplists.firehol.org/?ipset=dronebl_auto_botnets)|[DroneBL.org](https://dronebl.org) IPs of automatically detected botnets. It includes IPs for which DroneBL responds with 17.|ipv4 hash:net|3992 subnets, 4007 unique IPs|updated every 1 min
[dronebl_autorooting_worms](http://iplists.firehol.org/?ipset=dronebl_autorooting_worms)|[DroneBL.org](https://dronebl.org) IPs of autorooting worms. It includes IPs for which DroneBL responds with 16. These are usually SSH bruteforce attacks.|ipv4 hash:net|36 subnets, 36 unique IPs|updated every 1 min
[dronebl_compromised](http://iplists.firehol.org/?ipset=dronebl_compromised)|[DroneBL.org](https://dronebl.org) IPs of compromised routers / gateways. It includes IPs for which DroneBL responds with 15 (BOPM detected).|ipv4 hash:net|44317 subnets, 45779 unique IPs|updated every 1 min
[dronebl_ddos_drones](http://iplists.firehol.org/?ipset=dronebl_ddos_drones)|[DroneBL.org](https://dronebl.org) IPs of DDoS drones. It includes IPs for which DroneBL responds with 7.|ipv4 hash:net|7667 subnets, 7826 unique IPs|updated every 1 min
[dronebl_dns_mx_on_irc](http://iplists.firehol.org/?ipset=dronebl_dns_mx_on_irc)|[DroneBL.org](https://dronebl.org) List of IPs of DNS / MX hostname detected on IRC. It includes IPs for which DroneBL responds with 18.|ipv4 hash:net|18 subnets, 18 unique IPs|updated every 1 min
[dronebl_irc_drones](http://iplists.firehol.org/?ipset=dronebl_irc_drones)|[DroneBL.org](https://dronebl.org) List of IRC spam drones (litmus/sdbot/fyle). It includes IPs for which DroneBL responds with 3.|ipv4 hash:net|813294 subnets, 982853 unique IPs|updated every 1 min
[dronebl_unknown](http://iplists.firehol.org/?ipset=dronebl_unknown)|[DroneBL.org](https://dronebl.org) List of IPs of uncategorized threats. It includes IPs for which DroneBL responds with 255.|ipv4 hash:net|152 subnets, 152 unique IPs|updated every 1 min
[dronebl_worms_bots](http://iplists.firehol.org/?ipset=dronebl_worms_bots)|[DroneBL.org](https://dronebl.org) IPs of unknown worms or spambots. It includes IPs for which DroneBL responds with 6|ipv4 hash:net|164756 subnets, 174593 unique IPs|updated every 1 min
[dshield](http://iplists.firehol.org/?ipset=dshield)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|19 subnets, 5120 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_1d](http://iplists.firehol.org/?ipset=dshield_1d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|21 subnets, 5632 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_30d](http://iplists.firehol.org/?ipset=dshield_30d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|42 subnets, 11776 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_7d](http://iplists.firehol.org/?ipset=dshield_7d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|29 subnets, 7936 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_top_1000](http://iplists.firehol.org/?ipset=dshield_top_1000)|[DShield.org](https://dshield.org/) top 1000 attacking hosts in the last 30 days|ipv4 hash:ip|1000 unique IPs|updated every 1 hour from [this link](https://isc.sans.edu/api/sources/attacks/1000/)
[dyndns_ponmocup](http://iplists.firehol.org/?ipset=dyndns_ponmocup)|[DynDNS.org](http://security-research.dyndns.org/pub/malware-feeds/) Ponmocup. The malware powering the botnet has been around since 2006 and its known under various names, including Ponmocup, Vundo, Virtumonde, Milicenso and Swisyn. It has been used for ad fraud, data theft and downloading additional threats to infected systems. Ponmocup is one of the largest currently active and, with nine consecutive years, also one of the longest running, but it is rarely noticed as the operators take care to keep it operating under the radar.|ipv4 hash:ip|35 unique IPs|updated every 1 day from [this link](http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv)
[esentire_14072015_com](http://iplists.firehol.org/?ipset=esentire_14072015_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|579 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/14072015.com_watch_ip.lst)
[esentire_14072015q_com](http://iplists.firehol.org/?ipset=esentire_14072015q_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|575 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/14072015q.com_watch_ip.lst)
[esentire_22072014a_com](http://iplists.firehol.org/?ipset=esentire_22072014a_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1290 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014a.com_watch_ip.lst)
[esentire_22072014b_com](http://iplists.firehol.org/?ipset=esentire_22072014b_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1288 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014b.com_watch_ip.lst)
[esentire_22072014c_com](http://iplists.firehol.org/?ipset=esentire_22072014c_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1289 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014c.com_watch_ip.lst)
[esentire_atomictrivia_ru](http://iplists.firehol.org/?ipset=esentire_atomictrivia_ru)|Andromeda/Gamarue Checkin|ipv4 hash:ip|7 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/atomictrivia.ru_watch_ip.lst)
[esentire_auth_update_ru](http://iplists.firehol.org/?ipset=esentire_auth_update_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1306 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/auth-update.ru_watch_ip.lst)
[esentire_burmundisoul_ru](http://iplists.firehol.org/?ipset=esentire_burmundisoul_ru)|Ursnif Variant CnC|ipv4 hash:ip|2551 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/burmundisoul.ru_watch_ip.lst)
[esentire_crazyerror_su](http://iplists.firehol.org/?ipset=esentire_crazyerror_su)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|18613 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/crazyerror.su_watch_ip.lst)
[esentire_dagestanskiiviskis_ru](http://iplists.firehol.org/?ipset=esentire_dagestanskiiviskis_ru)|Ursnif Variant CnC|ipv4 hash:ip|517 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/dagestanskiiviskis.ru_watch_ip.lst)
[esentire_differentia_ru](http://iplists.firehol.org/?ipset=esentire_differentia_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|12 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/differentia.ru_watch_ip.lst)
[esentire_disorderstatus_ru](http://iplists.firehol.org/?ipset=esentire_disorderstatus_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|7 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/disorderstatus.ru_watch_ip.lst)
[esentire_dorttlokolrt_com](http://iplists.firehol.org/?ipset=esentire_dorttlokolrt_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|23664 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/dorttlokolrt.com_watch_ip.lst)
[esentire_downs1_ru](http://iplists.firehol.org/?ipset=esentire_downs1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|7231 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/downs1.ru_watch_ip.lst)
[esentire_ebankoalalusys_ru](http://iplists.firehol.org/?ipset=esentire_ebankoalalusys_ru)|Ursnif Variant CnC|ipv4 hash:ip|898 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/ebankoalalusys.ru_watch_ip.lst)
[esentire_emptyarray_ru](http://iplists.firehol.org/?ipset=esentire_emptyarray_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|20139 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/emptyarray.ru_watch_ip.lst)
[esentire_fioartd_com](http://iplists.firehol.org/?ipset=esentire_fioartd_com)|Andromeda/Gamarue Checkin|ipv4 hash:ip|601 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/fioartd.com_watch_ip.lst)
[esentire_getarohirodrons_com](http://iplists.firehol.org/?ipset=esentire_getarohirodrons_com)|Andromeda/Gamarue Checkin|ipv4 hash:ip|2156 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/getarohirodrons.com_watch_ip.lst)
[esentire_hasanhashsde_ru](http://iplists.firehol.org/?ipset=esentire_hasanhashsde_ru)|Ursnif Variant CnC|ipv4 hash:ip|1184 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/hasanhashsde.ru_watch_ip.lst)
[esentire_inleet_ru](http://iplists.firehol.org/?ipset=esentire_inleet_ru)|Ursnif Variant CnC|ipv4 hash:ip|4219 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/inleet.ru_watch_ip.lst)
[esentire_islamislamdi_ru](http://iplists.firehol.org/?ipset=esentire_islamislamdi_ru)|Ursnif Variant CnC|ipv4 hash:ip|673 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/islamislamdi.ru_watch_ip.lst)
[esentire_krnqlwlplttc_com](http://iplists.firehol.org/?ipset=esentire_krnqlwlplttc_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|2 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/krnqlwlplttc.com_watch_ip.lst)
[esentire_maddox1_ru](http://iplists.firehol.org/?ipset=esentire_maddox1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|11345 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/maddox1.ru_watch_ip.lst)
[esentire_manning1_ru](http://iplists.firehol.org/?ipset=esentire_manning1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|6824 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/manning1.ru_watch_ip.lst)
[esentire_misteryherson_ru](http://iplists.firehol.org/?ipset=esentire_misteryherson_ru)|Ursnif Variant CnC|ipv4 hash:ip|176 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/misteryherson.ru_watch_ip.lst)
[esentire_mysebstarion_ru](http://iplists.firehol.org/?ipset=esentire_mysebstarion_ru)|Ursnif Variant CnC|ipv4 hash:ip|1058 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/mysebstarion.ru_watch_ip.lst)
[esentire_smartfoodsglutenfree_kz](http://iplists.firehol.org/?ipset=esentire_smartfoodsglutenfree_kz)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|2674 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/smartfoodsglutenfree.kz_watch_ip.lst)
[esentire_venerologvasan93_ru](http://iplists.firehol.org/?ipset=esentire_venerologvasan93_ru)|Ursnif Variant CnC|ipv4 hash:ip|1263 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/venerologvasan93.ru_watch_ip.lst)
[esentire_volaya_ru](http://iplists.firehol.org/?ipset=esentire_volaya_ru)|Win32/PSW.Papras.CK CnC|ipv4 hash:ip|5080 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/volaya.ru_watch_ip.lst)
[et_block](http://iplists.firehol.org/?ipset=et_block)|[EmergingThreats.net](http://www.emergingthreats.net/) default blacklist (at the time of writing includes spamhaus DROP, dshield and abuse.ch trackers, which are available separately too - prefer to use the direct ipsets instead of this, they seem to lag a bit in updates)|ipv4 hash:net|1352 subnets, 16309260 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt)
[et_botcc](http://iplists.firehol.org/?ipset=et_botcc)|[EmergingThreats.net Command and Control IPs](http://doc.emergingthreats.net/bin/view/Main/BotCC) These IPs are updates every 24 hours and should be considered VERY highly reliable indications that a host is communicating with a known and active Bot or Malware command and control server - (although they say this includes abuse.ch trackers, it does not - check its overlaps)|ipv4 hash:ip|67 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-CC.rules)
[et_compromised](http://iplists.firehol.org/?ipset=et_compromised)|[EmergingThreats.net compromised hosts](http://doc.emergingthreats.net/bin/view/Main/CompromisedHost)|ipv4 hash:ip|315 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/blockrules/compromised-ips.txt)
[et_dshield](http://iplists.firehol.org/?ipset=et_dshield)|[EmergingThreats.net](http://www.emergingthreats.net/) dshield blocklist|ipv4 hash:net|20 subnets, 5120 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-DSHIELD.rules)
[et_spamhaus](http://iplists.firehol.org/?ipset=et_spamhaus)|[EmergingThreats.net](http://www.emergingthreats.net/) spamhaus blocklist|ipv4 hash:net|1321 subnets, 16304384 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-DROP.rules)
[et_tor](http://iplists.firehol.org/?ipset=et_tor)|[EmergingThreats.net TOR list](http://doc.emergingthreats.net/bin/view/Main/TorRules) of TOR network IPs|ipv4 hash:ip|5507 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/blockrules/emerging-tor.rules)
[feodo](http://iplists.firehol.org/?ipset=feodo)|[Abuse.ch Feodo tracker](https://feodotracker.abuse.ch) trojan includes IPs which are being used by Feodo (also known as Cridex or Bugat) which commits ebanking fraud|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=ipblocklist)
[feodo_badips](http://iplists.firehol.org/?ipset=feodo_badips)|[Abuse.ch Feodo tracker BadIPs](https://feodotracker.abuse.ch) The Feodo Tracker Feodo BadIP Blocklist only contains IP addresses (IPv4) used as C&C communication channel by the Feodo Trojan version B. These IP addresses are usually servers rented by cybercriminals directly and used for the exclusive purpose of hosting a Feodo C&C server. Hence you should expect no legit traffic to those IP addresses. The site highly recommends you to block/drop any traffic towards any Feodo C&C using the Feodo BadIP Blocklist. Please consider that this blocklist only contains IP addresses used by version B of the Feodo Trojan. C&C communication channels used by version A, version C and version D are not covered by this blocklist.|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=badips)
[firehol_abusers_1d](http://iplists.firehol.org/?ipset=firehol_abusers_1d)|An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)|ipv4 hash:net|6914 subnets, 7044 unique IPs|updated every 1 min
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|182108 subnets, 198997 unique IPs|updated every 1 min
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous dm_tor firehol_proxies tor_exits)|ipv4 hash:net|994905 subnets, 1119674 unique IPs|updated every 1 min
[firehol_level1](http://iplists.firehol.org/?ipset=firehol_level1)|A firewall blacklist composed from IP lists, providing maximum protection with minimum false positives. Suitable for basic protection on all internet facing servers, routers and firewalls. (includes: bambenek_c2 dshield feodo fullbogons spamhaus_drop spamhaus_edrop sslbl ransomware_rw)|ipv4 hash:net|2188 subnets, 612597504 unique IPs|updated every 1 min
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow)|ipv4 hash:net|16665 subnets, 30548 unique IPs|updated every 1 min
[firehol_level3](http://iplists.firehol.org/?ipset=firehol_level3)|An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter vxvault)|ipv4 hash:net|16731 subnets, 31410 unique IPs|updated every 1 min
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|150477 subnets, 9246335 unique IPs|updated every 1 min
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud ip2proxy_px1lite proxylists_30d proxz_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|990074 subnets, 1108457 unique IPs|updated every 1 min
[firehol_webclient](http://iplists.firehol.org/?ipset=firehol_webclient)|An IP blacklist made from blocklists that track IPs that a web client should never talk to. This list is to be used on top of firehol_level1. (includes: ransomware_online sslbl_aggressive cybercrime dyndns_ponmocup maxmind_proxy_fraud)|ipv4 hash:net|1845 subnets, 2006 unique IPs|updated every 1 min
[firehol_webserver](http://iplists.firehol.org/?ipset=firehol_webserver)|A web server IP blacklist made from blocklists that track IPs that should never be used by your web users. (This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history. This list is to be used on top of firehol_level1, firehol_level2, firehol_level3 and possibly firehol_proxies or firehol_anonymous). (includes: maxmind_proxy_fraud myip pushing_inertia_blocklist stopforumspam_toxic)|ipv4 hash:net|2720 subnets, 60487994 unique IPs|updated every 1 min
[fullbogons](http://iplists.firehol.org/?ipset=fullbogons)|[Team-Cymru.org](http://www.team-cymru.org) IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user|ipv4 hash:net|830 subnets, 596232192 unique IPs|updated every 1 day
geolite2_asn|[MaxMind GeoLite2 ASN](https://dev.maxmind.com/geoip/geoip2/geolite2/)|ipv4 hash:net|disabled|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-ASN-CSV.zip)
[geolite2_country](https://github.com/firehol/blocklist-ipsets/tree/master/geolite2_country)|[MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/) databases are free IP geolocation databases comparable to, but less accurate than, MaxMinds GeoIP2 databases. They include IPs per country, IPs per continent, IPs used by anonymous services (VPNs, Proxies, etc) and Satellite Providers.|ipv4 hash:net|All the world|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
gofferje_sip|[Stefan Gofferje](http://stefan.gofferje.net/it-stuff/sipfraud/sip-attacker-blacklist) A personal blacklist of networks and IPs of SIP attackers. To end up here, the IP or network must have been the origin of considerable and repeated attacks on my PBX and additionally, the ISP didn't react to any complaint. Note from the author: I don't give any guarantees of accuracy, completeness or even usability! USE AT YOUR OWN RISK! Also note that I block complete countries, namely China, Korea and Palestine with blocklists from ipdeny.com, so some attackers will never even get the chance to get noticed by me to be put on this blacklist. I also don't accept any liabilities related to this blocklist. If you're an ISP and don't like your IPs being listed here, too bad! You should have done something about your customers' behavior and reacted to my complaints. This blocklist is nothing but an expression of my personal opinion and exercising my right of free speech.|ipv4 hash:net|disabled|updated every 6 hours from [this link](http://stefan.gofferje.net/sipblocklist.zone)
[gpf_comics](http://iplists.firehol.org/?ipset=gpf_comics)|The GPF DNS Block List is a list of IP addresses on the Internet that have attacked the [GPF Comics](http://www.gpf-comics.com/) family of Web sites. IPs on this block list have been banned from accessing all of our servers because they were caught in the act of spamming, attempting to exploit our scripts, scanning for vulnerabilities, or consuming resources to the detriment of our human visitors.|ipv4 hash:ip|2904 unique IPs|updated every 1 day from [this link](https://www.gpf-comics.com/dnsbl/export.php)
[graphiclineweb](http://iplists.firehol.org/?ipset=graphiclineweb)|[GraphiclineWeb](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/) The IPs, Hosts and Domains listed in this table are banned universally from accessing websites controlled by the maintainer. Some form of bad activity has been seen from the addresses listed. Bad activity includes: unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organizations spying on websites for commercial reasons.|ipv4 hash:net|2579 subnets, 330527 unique IPs|updated every 1 day from [this link](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/)
[greensnow](http://iplists.firehol.org/?ipset=greensnow)|[GreenSnow](https://greensnow.co/) is a team harvesting a large number of IPs from different computers located around the world. GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam. Their list is updated automatically and you can withdraw at any time your IP address if it has been listed. Attacks / bruteforce that are monitored are: Scan Port, FTP, POP3, mod_security, IMAP, SMTP, SSH, cPanel, etc.|ipv4 hash:ip|6944 unique IPs|updated every 30 mins from [this link](http://blocklist.greensnow.co/greensnow.txt)
[haley_ssh](http://iplists.firehol.org/?ipset=haley_ssh)|[Charles Haley](http://charles.the-haleys.org) IPs launching SSH dictionary attacks.|ipv4 hash:ip|51417 unique IPs|updated every 4 hours from [this link](http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt)
[hphosts_ats](http://iplists.firehol.org/?ipset=hphosts_ats)|[hpHosts](http://hosts-file.net/?s=Download) ad/tracking servers listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|13037 unique IPs|updated every 1 day from [this link](http://hosts-file.net/ad_servers.txt)
[hphosts_emd](http://iplists.firehol.org/?ipset=hphosts_emd)|[hpHosts](http://hosts-file.net/?s=Download) malware sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|59204 unique IPs|updated every 1 day from [this link](http://hosts-file.net/emd.txt)
[hphosts_exp](http://iplists.firehol.org/?ipset=hphosts_exp)|[hpHosts](http://hosts-file.net/?s=Download) exploit sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|196 unique IPs|updated every 1 day from [this link](http://hosts-file.net/exp.txt)
[hphosts_fsa](http://iplists.firehol.org/?ipset=hphosts_fsa)|[hpHosts](http://hosts-file.net/?s=Download) fraud sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|24764 unique IPs|updated every 1 day from [this link](http://hosts-file.net/fsa.txt)
[hphosts_grm](http://iplists.firehol.org/?ipset=hphosts_grm)|[hpHosts](http://hosts-file.net/?s=Download) sites involved in spam (that do not otherwise meet any other classification criteria) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|293 unique IPs|updated every 1 day from [this link](http://hosts-file.net/grm.txt)
[hphosts_hfs](http://iplists.firehol.org/?ipset=hphosts_hfs)|[hpHosts](http://hosts-file.net/?s=Download) sites spamming the hpHosts forums (and not meeting any other classification criteria) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|245 unique IPs|updated every 1 day from [this link](http://hosts-file.net/hfs.txt)
[hphosts_hjk](http://iplists.firehol.org/?ipset=hphosts_hjk)|[hpHosts](http://hosts-file.net/?s=Download) hijack sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|152 unique IPs|updated every 1 day from [this link](http://hosts-file.net/hjk.txt)
[hphosts_mmt](http://iplists.firehol.org/?ipset=hphosts_mmt)|[hpHosts](http://hosts-file.net/?s=Download) sites involved in misleading marketing (e.g. fake Flash update adverts) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|960 unique IPs|updated every 1 day from [this link](http://hosts-file.net/mmt.txt)
[hphosts_pha](http://iplists.firehol.org/?ipset=hphosts_pha)|[hpHosts](http://hosts-file.net/?s=Download) illegal pharmacy sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|2474 unique IPs|updated every 1 day from [this link](http://hosts-file.net/pha.txt)
[hphosts_psh](http://iplists.firehol.org/?ipset=hphosts_psh)|[hpHosts](http://hosts-file.net/?s=Download) phishing sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|44781 unique IPs|updated every 1 day from [this link](http://hosts-file.net/psh.txt)
[hphosts_wrz](http://iplists.firehol.org/?ipset=hphosts_wrz)|[hpHosts](http://hosts-file.net/?s=Download) warez/piracy sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|905 unique IPs|updated every 1 day from [this link](http://hosts-file.net/wrz.txt)
[iblocklist_abuse_palevo](http://iplists.firehol.org/?ipset=iblocklist_abuse_palevo)|palevotracker.abuse.ch IP blocklist.|ipv4 hash:net|12 subnets, 12 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=erqajhwrxiuvjxqrrwfj&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_spyeye](http://iplists.firehol.org/?ipset=iblocklist_abuse_spyeye)|spyeyetracker.abuse.ch IP blocklist.|ipv4 hash:net|83 subnets, 84 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zvjxsfuvdhoxktpeiokq&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_zeus](http://iplists.firehol.org/?ipset=iblocklist_abuse_zeus)|zeustracker.abuse.ch IP blocklist that contains IP addresses which are currently beeing tracked on the abuse.ch ZeuS Tracker.|ipv4 hash:net|209 subnets, 212 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf&fileformat=p2p&archiveformat=gz)
[iblocklist_ads](http://iplists.firehol.org/?ipset=iblocklist_ads)|Advertising trackers and a short list of bad/intrusive porn sites.|ipv4 hash:net|3386 subnets, 888782 unique IPs|updated every 12 hours
[iblocklist_badpeers](http://iplists.firehol.org/?ipset=iblocklist_badpeers)|IPs that have been reported for bad deeds in p2p.|ipv4 hash:net|48578 subnets, 1569289 unique IPs|updated every 12 hours
[iblocklist_bogons](http://iplists.firehol.org/?ipset=iblocklist_bogons)|Unallocated address space.|ipv4 hash:net|2692 subnets, 645673639 unique IPs|updated every 12 hours
[iblocklist_ciarmy_malicious](http://iplists.firehol.org/?ipset=iblocklist_ciarmy_malicious)|ciarmy.com IP blocklist. Based on information from a network of Sentinel devices deployed around the world, they compile a list of known bad IP addresses. Sentinel devices are uniquely positioned to pick up traffic from bad guys without requiring any type of signature-based or rate-based identification. If an IP is identified in this way by a significant number of Sentinels, the IP is malicious and should be blocked.|ipv4 hash:net|12826 subnets, 15000 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=npkuuhuxcsllnhoamkvm&fileformat=p2p&archiveformat=gz)
[iblocklist_cidr_report_bogons](http://iplists.firehol.org/?ipset=iblocklist_cidr_report_bogons)|cidr-report.org IP list of Unallocated address space.|ipv4 hash:net|9166 subnets, 603182784 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=lujdnbasfaaixitgmxpp&fileformat=p2p&archiveformat=gz)
[iblocklist_cruzit_web_attacks](http://iplists.firehol.org/?ipset=iblocklist_cruzit_web_attacks)|CruzIT IP list with individual IP addresses of compromised machines scanning for vulnerabilities and DDOS attacks.|ipv4 hash:net|14096 subnets, 14397 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=czvaehmjpsnwwttrdoyl&fileformat=p2p&archiveformat=gz)
[iblocklist_dshield](http://iplists.firehol.org/?ipset=iblocklist_dshield)|known Hackers and such people.|ipv4 hash:net|16 subnets, 2566 unique IPs|updated every 12 hours
[iblocklist_edu](http://iplists.firehol.org/?ipset=iblocklist_edu)|IPs used by Educational Institutions.|ipv4 hash:net|43896 subnets, 227929548 unique IPs|updated every 12 hours
[iblocklist_exclusions](http://iplists.firehol.org/?ipset=iblocklist_exclusions)|Exclusions.|ipv4 hash:net|313 subnets, 7488 unique IPs|updated every 12 hours
[iblocklist_fornonlancomputers](http://iplists.firehol.org/?ipset=iblocklist_fornonlancomputers)|IP blocklist for non-LAN computers.|ipv4 hash:net|4 subnets, 302055424 unique IPs|updated every 12 hours
[iblocklist_forumspam](http://iplists.firehol.org/?ipset=iblocklist_forumspam)|Forum spam.|ipv4 hash:net|455 subnets, 479 unique IPs|updated every 12 hours
[iblocklist_hijacked](http://iplists.firehol.org/?ipset=iblocklist_hijacked)|Hijacked IP-Blocks. Contains hijacked IP-Blocks and known IP-Blocks that are used to deliver Spam. This list is a combination of lists with hijacked IP-Blocks. Hijacked IP space are IP blocks that are being used without permission by organizations that have no relation to original organization (or its legal successor) that received the IP block. In essence it's stealing of somebody else's IP resources.|ipv4 hash:net|512 subnets, 8736512 unique IPs|updated every 12 hours
[iblocklist_iana_multicast](http://iplists.firehol.org/?ipset=iblocklist_iana_multicast)|IANA Multicast IPs.|ipv4 hash:net|1 subnets, 268435456 unique IPs|updated every 12 hours
[iblocklist_iana_private](http://iplists.firehol.org/?ipset=iblocklist_iana_private)|IANA Private IPs.|ipv4 hash:net|58 subnets, 51643646 unique IPs|updated every 12 hours
[iblocklist_iana_reserved](http://iplists.firehol.org/?ipset=iblocklist_iana_reserved)|IANA Reserved IPs.|ipv4 hash:net|1 subnets, 536870912 unique IPs|updated every 12 hours
[iblocklist_isp_aol](http://iplists.firehol.org/?ipset=iblocklist_isp_aol)|AOL IPs.|ipv4 hash:net|16 subnets, 6627584 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=toboaiysofkflwgrttmb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_att](http://iplists.firehol.org/?ipset=iblocklist_isp_att)|AT&T IPs.|ipv4 hash:net|35 subnets, 55845128 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=grbtkzijgrowvobvessf&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_cablevision](http://iplists.firehol.org/?ipset=iblocklist_isp_cablevision)|Cablevision IPs.|ipv4 hash:net|11 subnets, 1787136 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=dwwbsmzirrykdlvpqozb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_charter](http://iplists.firehol.org/?ipset=iblocklist_isp_charter)|Charter IPs.|ipv4 hash:net|21 subnets, 6138112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=htnzojgossawhpkbulqw&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_comcast](http://iplists.firehol.org/?ipset=iblocklist_isp_comcast)|Comcast IPs.|ipv4 hash:net|33 subnets, 45121536 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=rsgyxvuklicibautguia&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_embarq](http://iplists.firehol.org/?ipset=iblocklist_isp_embarq)|Embarq IPs.|ipv4 hash:net|14 subnets, 2703360 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=twdblifaysaqtypevvdp&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_qwest](http://iplists.firehol.org/?ipset=iblocklist_isp_qwest)|Qwest IPs.|ipv4 hash:net|73 subnets, 15777552 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=jezlifrpefawuoawnfez&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_sprint](http://iplists.firehol.org/?ipset=iblocklist_isp_sprint)|Sprint IPs.|ipv4 hash:net|73 subnets, 6310570 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=hngtqrhhuadlceqxbrob&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_suddenlink](http://iplists.firehol.org/?ipset=iblocklist_isp_suddenlink)|Suddenlink IPs.|ipv4 hash:net|3 subnets, 458752 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=psaoblrwylfrdsspfuiq&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_twc](http://iplists.firehol.org/?ipset=iblocklist_isp_twc)|Time Warner Cable IPs.|ipv4 hash:net|56 subnets, 15015936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aqtsnttnqmcucwrjmohd&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_verizon](http://iplists.firehol.org/?ipset=iblocklist_isp_verizon)|Verizon IPs.|ipv4 hash:net|22 subnets, 18087936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cdmdbprvldivlqsaqjol&fileformat=p2p&archiveformat=gz)
[iblocklist_level1](http://iplists.firehol.org/?ipset=iblocklist_level1)|Level 1 (for use in p2p): Companies or organizations who are clearly involved with trying to stop filesharing (e.g. Baytsp, MediaDefender, Mediasentry). Companies which anti-p2p activity has been seen from. Companies that produce or have a strong financial interest in copyrighted material (e.g. music, movie, software industries a.o.). Government ranges or companies that have a strong financial interest in doing work for governments. Legal industry ranges. IPs or ranges of ISPs from which anti-p2p activity has been observed. Basically this list will block all kinds of internet connections that most people would rather not have during their internet travels.|ipv4 hash:net|235640 subnets, 725210704 unique IPs|updated every 12 hours
[iblocklist_level2](http://iplists.firehol.org/?ipset=iblocklist_level2)|Level 2 (for use in p2p). General corporate ranges. Ranges used by labs or researchers. Proxies.|ipv4 hash:net|78373 subnets, 337818690 unique IPs|updated every 12 hours
[iblocklist_level3](http://iplists.firehol.org/?ipset=iblocklist_level3)|Level 3 (for use in p2p). Many portal-type websites. ISP ranges that may be dodgy for some reason. Ranges that belong to an individual, but which have not been determined to be used by a particular company. Ranges for things that are unusual in some way. The L3 list is aka the paranoid list.|ipv4 hash:net|18872 subnets, 137068987 unique IPs|updated every 12 hours
[iblocklist_malc0de](http://iplists.firehol.org/?ipset=iblocklist_malc0de)|malc0de.com IP blocklist. Addresses that have been identified distributing malware during the past 30 days.|ipv4 hash:net|21 subnets, 21 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=pbqcylkejciyhmwttify&fileformat=p2p&archiveformat=gz)
[iblocklist_onion_router](http://iplists.firehol.org/?ipset=iblocklist_onion_router)|The Onion Router IP addresses.|ipv4 hash:net|827 subnets, 1196 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz)
[iblocklist_org_activision](http://iplists.firehol.org/?ipset=iblocklist_org_activision)|Activision IPs.|ipv4 hash:net|49 subnets, 4902 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=gfnxlhxsijzrcuxwzebb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_apple](http://iplists.firehol.org/?ipset=iblocklist_org_apple)|Apple IPs.|ipv4 hash:net|1 subnets, 16777216 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aphcqvpxuqgrkgufjruj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_blizzard](http://iplists.firehol.org/?ipset=iblocklist_org_blizzard)|Blizzard IPs.|ipv4 hash:net|8 subnets, 16795139 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ercbntshuthyykfkmhxc&fileformat=p2p&archiveformat=gz)
[iblocklist_org_crowd_control](http://iplists.firehol.org/?ipset=iblocklist_org_crowd_control)|Crowd Control Productions IPs.|ipv4 hash:net|2 subnets, 768 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=eveiyhgmusglurfmjyag&fileformat=p2p&archiveformat=gz)
[iblocklist_org_electronic_arts](http://iplists.firehol.org/?ipset=iblocklist_org_electronic_arts)|Electronic Arts IPs.|ipv4 hash:net|42 subnets, 69720 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ejqebpcdmffinaetsvxj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_joost](http://iplists.firehol.org/?ipset=iblocklist_org_joost)|Joost IPs.|ipv4 hash:net|4 subnets, 16779456 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=alxugfmeszbhpxqfdits&fileformat=p2p&archiveformat=gz)
[iblocklist_org_linden_lab](http://iplists.firehol.org/?ipset=iblocklist_org_linden_lab)|Linden Lab IPs.|ipv4 hash:net|11 subnets, 23600 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=qnjdimxnaupjmpqolxcv&fileformat=p2p&archiveformat=gz)
[iblocklist_org_logmein](http://iplists.firehol.org/?ipset=iblocklist_org_logmein)|LogMeIn IPs.|ipv4 hash:net|13 subnets, 16781568 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tgbankumtwtrzllndbmb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_microsoft](http://iplists.firehol.org/?ipset=iblocklist_org_microsoft)|Microsoft IP ranges.|ipv4 hash:net|901 subnets, 1848599 unique IPs|updated every 12 hours
[iblocklist_org_ncsoft](http://iplists.firehol.org/?ipset=iblocklist_org_ncsoft)|NCsoft IPs.|ipv4 hash:net|5 subnets, 12560 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=mwjuwmebrnzyyxpbezxu&fileformat=p2p&archiveformat=gz)
[iblocklist_org_nintendo](http://iplists.firehol.org/?ipset=iblocklist_org_nintendo)|Nintendo IPs.|ipv4 hash:net|45 subnets, 3927 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=pevkykuhgaegqyayzbnr&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pandora](http://iplists.firehol.org/?ipset=iblocklist_org_pandora)|Pandora IPs.|ipv4 hash:net|1 subnets, 2048 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aevzidimyvwybzkletsg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pirate_bay](http://iplists.firehol.org/?ipset=iblocklist_org_pirate_bay)|The Pirate Bay IPs.|ipv4 hash:net|5 subnets, 323 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_punkbuster](http://iplists.firehol.org/?ipset=iblocklist_org_punkbuster)|Punkbuster IPs.|ipv4 hash:net|1 subnets, 1 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=zvwwndvzulqcltsicwdg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_riot_games](http://iplists.firehol.org/?ipset=iblocklist_org_riot_games)|Riot Games IPs.|ipv4 hash:net|6 subnets, 1792 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=sdlvfabdjvrdttfjotcy&fileformat=p2p&archiveformat=gz)
[iblocklist_org_sony_online](http://iplists.firehol.org/?ipset=iblocklist_org_sony_online)|Sony Online Entertainment IPs.|ipv4 hash:net|7 subnets, 24616 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tukpvrvlubsputmkmiwg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_square_enix](http://iplists.firehol.org/?ipset=iblocklist_org_square_enix)|Square Enix IPs.|ipv4 hash:net|2 subnets, 4112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=odyaqontcydnodrlyina&fileformat=p2p&archiveformat=gz)
[iblocklist_org_steam](http://iplists.firehol.org/?ipset=iblocklist_org_steam)|Steam IPs.|ipv4 hash:net|53 subnets, 596448 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cnxkgiklecdaihzukrud&fileformat=p2p&archiveformat=gz)
[iblocklist_org_ubisoft](http://iplists.firehol.org/?ipset=iblocklist_org_ubisoft)|Ubisoft IPs.|ipv4 hash:net|10 subnets, 5308 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=etmcrglomupyxtaebzht&fileformat=p2p&archiveformat=gz)
[iblocklist_org_xfire](http://iplists.firehol.org/?ipset=iblocklist_org_xfire)|XFire IPs.|ipv4 hash:net|3 subnets, 3328 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ppqqnyihmcrryraaqsjo&fileformat=p2p&archiveformat=gz)
[iblocklist_pedophiles](http://iplists.firehol.org/?ipset=iblocklist_pedophiles)|IP ranges of people who we have found to be sharing child pornography in the p2p community.|ipv4 hash:net|29188 subnets, 847889 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=dufcxgnbjsdwmwctgfuj&fileformat=p2p&archiveformat=gz)
[iblocklist_proxies](http://iplists.firehol.org/?ipset=iblocklist_proxies)|Open Proxies IPs list (without TOR)|ipv4 hash:ip|672 unique IPs|updated every 12 hours
[iblocklist_rangetest](http://iplists.firehol.org/?ipset=iblocklist_rangetest)|Suspicious IPs that are under investigation.|ipv4 hash:net|576 subnets, 4280758 unique IPs|updated every 12 hours
[iblocklist_spamhaus_drop](http://iplists.firehol.org/?ipset=iblocklist_spamhaus_drop)|Spamhaus.org DROP (Don't Route Or Peer) list.|ipv4 hash:net|900 subnets, 17338368 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zbdlwrqkabxbcppvrnos&fileformat=p2p&archiveformat=gz)
[iblocklist_spider](http://iplists.firehol.org/?ipset=iblocklist_spider)|IP list intended to be used by webmasters to block hostile spiders from their web sites.|ipv4 hash:net|773 subnets, 846788 unique IPs|updated every 12 hours
[iblocklist_spyware](http://iplists.firehol.org/?ipset=iblocklist_spyware)|Known malicious SPYWARE and ADWARE IP Address ranges. It is compiled from various sources, including other available spyware blacklists, HOSTS files, from research found at many of the top anti-spyware forums, logs of spyware victims, etc.|ipv4 hash:net|3359 subnets, 339046 unique IPs|updated every 12 hours
[iblocklist_webexploit](http://iplists.firehol.org/?ipset=iblocklist_webexploit)|Web server hack and exploit attempts. IP addresses related to current web server hack and exploit attempts that have been logged or can be found in and cross referenced with other related IP databases. Malicious and other non search engine bots will also be listed here, along with anything found that can have a negative impact on a website or webserver such as proxies being used for negative SEO hijacks, unauthorised site mirroring, harvesting, scraping, snooping and data mining / spy bot / security & copyright enforcement companies that target and continuosly scan webservers.|ipv4 hash:ip|15382 unique IPs|updated every 12 hours
[iblocklist_yoyo_adservers](http://iplists.firehol.org/?ipset=iblocklist_yoyo_adservers)|pgl.yoyo.org ad servers|ipv4 hash:net|7826 subnets, 9220 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zhogegszwduurnvsyhdf&fileformat=p2p&archiveformat=gz)
[ip2location_country](https://github.com/ktsaou/blocklist-ipsets/tree/master/ip2location_country)|[IP2Location.com](http://lite.ip2location.com/database-ip-country) geolocation database|ipv4 hash:net|All the world|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2location_country_eh](http://iplists.firehol.org/?ipset=ip2location_country_eh)|Western Sahara (EH) -- [IP2Location.com](http://lite.ip2location.com/database-ip-country)|ipv4 hash:net|1 subnets, 256 unique IPs|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2proxy_px1lite](http://iplists.firehol.org/?ipset=ip2proxy_px1lite)|[IP2Location.com](https://lite.ip2location.com/database/px1-ip-country) IP2Proxy LITE IP-COUNTRY Database contains IP addresses which are used as public proxies. The LITE edition is a free version of database that is limited to public proxies IP address.|ipv4 hash:net|978086 subnets, 1095898 unique IPs|updated every 1 day
[ipblacklistcloud_recent](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|32 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_1d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_1d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|32 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_30d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_30d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|196 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_7d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_7d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|64 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_top](http://iplists.firehol.org/?ipset=ipblacklistcloud_top)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the top IP addresses that have been blacklisted by many websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|200 unique IPs|updated every 1 day from [this link](http://www.ip-finder.me/ip-full-list/)
[ipdeny_country](https://github.com/firehol/blocklist-ipsets/tree/master/ipdeny_country)|[IPDeny.com](http://www.ipdeny.com/) geolocation database|ipv4 hash:net|All the world|updated every 1 day from [this link](http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz)
[iw_spamlist](http://iplists.firehol.org/?ipset=iw_spamlist)|[ImproWare Antispam](http://antispam.imp.ch/) IPs sending spam, in the last 3 days|ipv4 hash:ip|0 unique IPs|updated every 1 hour from [this link](http://antispam.imp.ch/spamlist)
[iw_wormlist](http://iplists.firehol.org/?ipset=iw_wormlist)|[ImproWare Antispam](http://antispam.imp.ch/) IPs sending emails with viruses or worms, in the last 3 days|ipv4 hash:ip|0 unique IPs|updated every 1 hour from [this link](http://antispam.imp.ch/wormlist)
[lashback_ubl](http://iplists.firehol.org/?ipset=lashback_ubl)|[The LashBack UBL](http://blacklist.lashback.com/) The Unsubscribe Blacklist (UBL) is a real-time blacklist of IP addresses which are sending email to names harvested from suppression files (this is a big list, more than 500.000 IPs)|ipv4 hash:ip|37994 unique IPs|updated every 1 day from [this link](http://www.unsubscore.com/blacklist.txt)
[malc0de](http://iplists.firehol.org/?ipset=malc0de)|[Malc0de.com](http://malc0de.com) malicious IPs of the last 30 days|ipv4 hash:ip|21 unique IPs|updated every 1 day from [this link](http://malc0de.com/bl/IP_Blacklist.txt)
[malwaredomainlist](http://iplists.firehol.org/?ipset=malwaredomainlist)|[malwaredomainlist.com](http://www.malwaredomainlist.com) list of malware active ip addresses|ipv4 hash:ip|996 unique IPs|updated every 12 hours from [this link](http://www.malwaredomainlist.com/hostslist/ip.txt)
[maxmind_proxy_fraud](http://iplists.firehol.org/?ipset=maxmind_proxy_fraud)|[MaxMind.com](https://www.maxmind.com/en/high-risk-ip-sample-list) sample list of high-risk IP addresses.|ipv4 hash:ip|583 unique IPs|updated every 4 hours from [this link](https://www.maxmind.com/en/high-risk-ip-sample-list)
[myip](http://iplists.firehol.org/?ipset=myip)|[myip.ms](http://www.myip.ms/info/about) IPs identified as web bots in the last 10 days, using several sites that require human action|ipv4 hash:ip|1502 unique IPs|updated every 1 day from [this link](http://www.myip.ms/files/blacklist/csf/latest_blacklist.txt)
[nixspam](http://iplists.firehol.org/?ipset=nixspam)|[NiX Spam](http://www.heise.de/ix/NiX-Spam-DNSBL-and-blacklist-for-download-499637.html) IP addresses that sent spam in the last hour - automatically generated entries without distinguishing open proxies from relays, dialup gateways, and so on. All IPs are removed after 12 hours if there is no spam from there.|ipv4 hash:ip|17135 unique IPs|updated every 15 mins from [this link](http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz)
[normshield_all_attack](http://iplists.firehol.org/?ipset=normshield_all_attack)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category attack with severity all|ipv4 hash:ip|549 unique IPs|updated every 12 hours
[normshield_all_bruteforce](http://iplists.firehol.org/?ipset=normshield_all_bruteforce)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category bruteforce with severity all|ipv4 hash:ip|196 unique IPs|updated every 12 hours
[normshield_all_ddosbot](http://iplists.firehol.org/?ipset=normshield_all_ddosbot)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category ddosbot with severity all|ipv4 hash:ip|1 unique IPs|updated every 12 hours
[normshield_all_dnsscan](http://iplists.firehol.org/?ipset=normshield_all_dnsscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category dnsscan with severity all|ipv4 hash:ip|1 unique IPs|updated every 12 hours
[normshield_all_spam](http://iplists.firehol.org/?ipset=normshield_all_spam)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category spam with severity all|ipv4 hash:ip|17 unique IPs|updated every 12 hours
[normshield_all_suspicious](http://iplists.firehol.org/?ipset=normshield_all_suspicious)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category suspicious with severity all|ipv4 hash:ip|11 unique IPs|updated every 12 hours
[normshield_all_wannacry](http://iplists.firehol.org/?ipset=normshield_all_wannacry)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category wannacry with severity all|ipv4 hash:ip|1165 unique IPs|updated every 12 hours
[normshield_all_webscan](http://iplists.firehol.org/?ipset=normshield_all_webscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category webscan with severity all|ipv4 hash:ip|46 unique IPs|updated every 12 hours
[normshield_all_wormscan](http://iplists.firehol.org/?ipset=normshield_all_wormscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category wormscan with severity all|ipv4 hash:ip|28 unique IPs|updated every 12 hours
[normshield_high_attack](http://iplists.firehol.org/?ipset=normshield_high_attack)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category attack with severity high|ipv4 hash:ip|549 unique IPs|updated every 12 hours
[normshield_high_bruteforce](http://iplists.firehol.org/?ipset=normshield_high_bruteforce)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category bruteforce with severity high|ipv4 hash:ip|196 unique IPs|updated every 12 hours
[normshield_high_ddosbot](http://iplists.firehol.org/?ipset=normshield_high_ddosbot)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category ddosbot with severity high|ipv4 hash:ip|1 unique IPs|updated every 12 hours
[normshield_high_dnsscan](http://iplists.firehol.org/?ipset=normshield_high_dnsscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category dnsscan with severity high|ipv4 hash:ip|1 unique IPs|updated every 12 hours
[normshield_high_spam](http://iplists.firehol.org/?ipset=normshield_high_spam)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category spam with severity high|ipv4 hash:ip|17 unique IPs|updated every 12 hours
[normshield_high_suspicious](http://iplists.firehol.org/?ipset=normshield_high_suspicious)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category suspicious with severity high|ipv4 hash:ip|11 unique IPs|updated every 12 hours
[normshield_high_wannacry](http://iplists.firehol.org/?ipset=normshield_high_wannacry)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category wannacry with severity high|ipv4 hash:ip|1165 unique IPs|updated every 12 hours
[normshield_high_webscan](http://iplists.firehol.org/?ipset=normshield_high_webscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category webscan with severity high|ipv4 hash:ip|46 unique IPs|updated every 12 hours
[normshield_high_wormscan](http://iplists.firehol.org/?ipset=normshield_high_wormscan)|[NormShield.com](https://services.normshield.com/threatfeed) IPs in category wormscan with severity high|ipv4 hash:ip|28 unique IPs|updated every 12 hours
[nt_malware_dns](http://iplists.firehol.org/?ipset=nt_malware_dns)|[No Think](http://www.nothink.org/) Malware DNS (the original list includes hostnames and domains, which are ignored)|ipv4 hash:ip|235 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_dns.txt)
[nt_malware_http](http://iplists.firehol.org/?ipset=nt_malware_http)|[No Think](http://www.nothink.org/) Malware HTTP|ipv4 hash:ip|69 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_http.txt)
[nt_malware_irc](http://iplists.firehol.org/?ipset=nt_malware_irc)|[No Think](http://www.nothink.org/) Malware IRC|ipv4 hash:ip|42 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_irc.txt)
[nt_ssh_7d](http://iplists.firehol.org/?ipset=nt_ssh_7d)|[NoThink](http://www.nothink.org/) Last 7 days SSH attacks|ipv4 hash:ip|169 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_ssh_week.txt)
[nullsecure](http://iplists.firehol.org/?ipset=nullsecure)|[nullsecure.org](http://nullsecure.org/) This is a free threat feed provided for use in any acceptable manner. This feed was aggregated using the [Tango Honeypot Intelligence Splunk App](https://github.com/aplura/Tango) by Brian Warehime, a Senior Security Analyst at Defense Point Security.|ipv4 hash:ip|1 unique IPs|updated every 8 hours from [this link](http://nullsecure.org/threatfeed/master.txt)
[packetmail](http://iplists.firehol.org/?ipset=packetmail)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing TCP SYN to 206.82.85.196/30 to a non-listening service or daemon. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|3986 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep.txt)
[packetmail_emerging_ips](http://iplists.firehol.org/?ipset=packetmail_emerging_ips)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected as potentially of interest based on the number of unique users of the packetmail IP Reputation system. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|26 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_emerging_ips.txt)
[packetmail_mail](http://iplists.firehol.org/?ipset=packetmail_mail)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing behavior not in compliance with the requirements this system enforces for email acceptance. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|73 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_mail.txt)
[packetmail_ramnode](http://iplists.firehol.org/?ipset=packetmail_ramnode)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing TCP SYN to 81.4.103.251 to a non-listening service or daemon. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|2502 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_ramnode.txt)
php_bad|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) bad web hosts (this list is composed using an RSS feed)|ipv4 hash:ip|disabled|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=b&rss=1)
[php_commenters](http://iplists.firehol.org/?ipset=php_commenters)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_1d](http://iplists.firehol.org/?ipset=php_commenters_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|97 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_30d](http://iplists.firehol.org/?ipset=php_commenters_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|1122 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_7d](http://iplists.firehol.org/?ipset=php_commenters_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|312 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_dictionary](http://iplists.firehol.org/?ipset=php_dictionary)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_1d](http://iplists.firehol.org/?ipset=php_dictionary_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|98 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_30d](http://iplists.firehol.org/?ipset=php_dictionary_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|1153 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_7d](http://iplists.firehol.org/?ipset=php_dictionary_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|309 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_harvesters](http://iplists.firehol.org/?ipset=php_harvesters)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|49 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_1d](http://iplists.firehol.org/?ipset=php_harvesters_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|49 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_30d](http://iplists.firehol.org/?ipset=php_harvesters_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|354 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_7d](http://iplists.firehol.org/?ipset=php_harvesters_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|149 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_spammers](http://iplists.firehol.org/?ipset=php_spammers)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_1d](http://iplists.firehol.org/?ipset=php_spammers_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|97 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_30d](http://iplists.firehol.org/?ipset=php_spammers_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|991 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_7d](http://iplists.firehol.org/?ipset=php_spammers_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|288 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[proxylists](http://iplists.firehol.org/?ipset=proxylists)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|2668 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_1d](http://iplists.firehol.org/?ipset=proxylists_1d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|5094 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_30d](http://iplists.firehol.org/?ipset=proxylists_30d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|10138 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_7d](http://iplists.firehol.org/?ipset=proxylists_7d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|8263 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
proxyrss|[proxyrss.com](http://www.proxyrss.com) open proxies syndicated from multiple sources.|ipv4 hash:ip|disabled|updated every 4 hours from [this link](http://www.proxyrss.com/proxylists/all.gz)
[proxyspy_1d](http://iplists.firehol.org/?ipset=proxyspy_1d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|300 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxyspy_30d](http://iplists.firehol.org/?ipset=proxyspy_30d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|6720 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxyspy_7d](http://iplists.firehol.org/?ipset=proxyspy_7d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|2828 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxz](http://iplists.firehol.org/?ipset=proxz)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|26 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_1d](http://iplists.firehol.org/?ipset=proxz_1d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|266 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_30d](http://iplists.firehol.org/?ipset=proxz_30d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|3338 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_7d](http://iplists.firehol.org/?ipset=proxz_7d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|1201 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[pushing_inertia_blocklist](http://iplists.firehol.org/?ipset=pushing_inertia_blocklist)|[Pushing Inertia](https://github.com/pushinginertia/ip-blacklist) IPs of hosting providers that are known to host various bots, spiders, scrapers, etc. to block access from these providers to web servers.|ipv4 hash:net|1309 subnets, 60462830 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/pushinginertia/ip-blacklist/master/ip_blacklist.conf)
[ransomware_cryptowall_ps](http://iplists.firehol.org/?ipset=ransomware_cryptowall_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is CW_PS_IPBL: CryptoWall Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt)
[ransomware_feed](http://iplists.firehol.org/?ipset=ransomware_feed)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. The IPs in this list have been extracted from the tracker data feed.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_locky_c2](http://iplists.firehol.org/?ipset=ransomware_locky_c2)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is LY_C2_IPBL: Locky Ransomware C2 URL blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_C2_IPBL.txt)
[ransomware_locky_ps](http://iplists.firehol.org/?ipset=ransomware_locky_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is LY_PS_IPBL: Locky Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt)
[ransomware_online](http://iplists.firehol.org/?ipset=ransomware_online)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. The IPs in this list have been extracted from the tracker data feed, filtering only online IPs.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_rw](http://iplists.firehol.org/?ipset=ransomware_rw)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list includes TC_PS_IPBL, LY_C2_IPBL, TL_C2_IPBL, TL_PS_IPBL and it is the recommended blocklist. It might not catch everything, but the false positive rate should be low. However, false positives are possible, especially with regards to RW_IPBL. IP addresses associated with Ransomware Payment Sites (*_PS_IPBL) or Locky botnet C&Cs (LY_C2_IPBL) stay listed on RW_IPBL for a time of 30 days after the last appearance. This means that an IP address stays listed on RW_IPBL even after the threat has been eliminated (e.g. the VPS / server has been suspended by the hosting provider) for another 30 days.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt)
[ransomware_teslacrypt_ps](http://iplists.firehol.org/?ipset=ransomware_teslacrypt_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TC_PS_IPBL: TeslaCrypt Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt)
[ransomware_torrentlocker_c2](http://iplists.firehol.org/?ipset=ransomware_torrentlocker_c2)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TL_C2_IPBL: TorrentLocker Ransomware C2 IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt)
[ransomware_torrentlocker_ps](http://iplists.firehol.org/?ipset=ransomware_torrentlocker_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TL_PS_IPBL: TorrentLocker Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt)
ri_connect_proxies|[rosinstrument.com](http://www.rosinstrument.com) open CONNECT proxies (this list is composed using an RSS feed)|ipv4 hash:ip|disabled|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/plab100.xml)
ri_web_proxies|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|disabled|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[sblam](http://iplists.firehol.org/?ipset=sblam)|[sblam.com](http://sblam.com) IPs used by web form spammers, during the last month|ipv4 hash:ip|3141 unique IPs|updated every 1 day from [this link](http://sblam.com/blacklist.txt)
[shunlist](http://iplists.firehol.org/?ipset=shunlist)|[AutoShun.org](http://autoshun.org/) IPs identified as hostile by correlating logs from distributed snort installations running the autoshun plugin|ipv4 hash:ip|500 unique IPs|updated every 4 hours
[snort_ipfilter](http://iplists.firehol.org/?ipset=snort_ipfilter)|[labs.snort.org](https://labs.snort.org/) supplied IP blacklist (this list seems to be updated frequently, but we found no information about it)|ipv4 hash:ip|836 unique IPs|updated every 12 hours from [this link](http://labs.snort.org/feeds/ip-filter.blf)
[socks_proxy](http://iplists.firehol.org/?ipset=socks_proxy)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|302 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_1d](http://iplists.firehol.org/?ipset=socks_proxy_1d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|2075 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_30d](http://iplists.firehol.org/?ipset=socks_proxy_30d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|5889 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_7d](http://iplists.firehol.org/?ipset=socks_proxy_7d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|2747 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[sorbs_anonymizers](http://iplists.firehol.org/?ipset=sorbs_anonymizers)|[Sorbs.net](https://www.sorbs.net/) List of open HTTP and SOCKS proxies.|ipv4 hash:net|597391 subnets, 610263 unique IPs|updated every 1 min
sorbs_block|[Sorbs.net](https://www.sorbs.net/) List of hosts demanding that they never be tested by SORBS.|ipv4 hash:net|disabled|
[sorbs_dul](http://iplists.firehol.org/?ipset=sorbs_dul)|[Sorbs.net](https://www.sorbs.net/) Dynamic IP Addresses.|ipv4 hash:net|607718 subnets, 375474210 unique IPs|updated every 1 min
[sorbs_escalations](http://iplists.firehol.org/?ipset=sorbs_escalations)|[Sorbs.net](https://www.sorbs.net/) Netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list.|ipv4 hash:net|8 subnets, 2304 unique IPs|updated every 1 min
[sorbs_new_spam](http://iplists.firehol.org/?ipset=sorbs_new_spam)|[Sorbs.net](https://www.sorbs.net/) List of hosts that have been noted as sending spam/UCE/UBE within the last 48 hours|ipv4 hash:net|33977 subnets, 35967 unique IPs|updated every 1 min
[sorbs_noserver](http://iplists.firehol.org/?ipset=sorbs_noserver)|[Sorbs.net](https://www.sorbs.net/) IP addresses and netblocks of where system administrators and ISPs owning the network have indicated that servers should not be present.|ipv4 hash:net|15066 subnets, 22951270 unique IPs|updated every 1 min
[sorbs_recent_spam](http://iplists.firehol.org/?ipset=sorbs_recent_spam)|[Sorbs.net](https://www.sorbs.net/) List of hosts that have been noted as sending spam/UCE/UBE within the last 28 days (includes sorbs_new_spam)|ipv4 hash:net|522240 subnets, 555438 unique IPs|updated every 1 min
[sorbs_smtp](http://iplists.firehol.org/?ipset=sorbs_smtp)|[Sorbs.net](https://www.sorbs.net/) List of SMTP Open Relays.|ipv4 hash:net|1968 subnets, 1976 unique IPs|updated every 1 min
[sorbs_web](http://iplists.firehol.org/?ipset=sorbs_web)|[Sorbs.net](https://www.sorbs.net/) List of IPs which have spammer abusable vulnerabilities (e.g. FormMail scripts)|ipv4 hash:net|5895259 subnets, 6375029 unique IPs|updated every 1 min
[sorbs_zombie](http://iplists.firehol.org/?ipset=sorbs_zombie)|[Sorbs.net](https://www.sorbs.net/) List of networks hijacked from their original owners, some of which have already used for spamming.|ipv4 hash:net|78 subnets, 1903876 unique IPs|updated every 1 min
[spamhaus_drop](http://iplists.firehol.org/?ipset=spamhaus_drop)|[Spamhaus.org](http://www.spamhaus.org) DROP list (according to their site this list should be dropped at tier-1 ISPs globally)|ipv4 hash:net|1319 subnets, 16296192 unique IPs|updated every 12 hours from [this link](http://www.spamhaus.org/drop/drop.txt)
[spamhaus_edrop](http://iplists.firehol.org/?ipset=spamhaus_edrop)|[Spamhaus.org](http://www.spamhaus.org) EDROP (extended matches that should be used with DROP)|ipv4 hash:net|336 subnets, 731392 unique IPs|updated every 12 hours from [this link](http://www.spamhaus.org/drop/edrop.txt)
[sslbl](http://iplists.firehol.org/?ipset=sslbl)|[Abuse.ch SSL Blacklist](https://sslbl.abuse.ch/) bad SSL traffic related to malware or botnet activities|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://sslbl.abuse.ch/blacklist/sslipblacklist.csv)
[sslbl_aggressive](http://iplists.firehol.org/?ipset=sslbl_aggressive)|[Abuse.ch SSL Blacklist](https://sslbl.abuse.ch/) The aggressive version of the SSL IP Blacklist contains all IPs that SSLBL ever detected being associated with a malicious SSL certificate. Since IP addresses can be reused (e.g. when the customer changes), this blacklist may cause false positives. Hence I highly recommend you to use the standard version instead of the aggressive one.|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv)
[sslproxies](http://iplists.firehol.org/?ipset=sslproxies)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|102 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_1d](http://iplists.firehol.org/?ipset=sslproxies_1d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|194 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_30d](http://iplists.firehol.org/?ipset=sslproxies_30d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|1185 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_7d](http://iplists.firehol.org/?ipset=sslproxies_7d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|507 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[stopforumspam](http://iplists.firehol.org/?ipset=stopforumspam)|[StopForumSpam.com](http://www.stopforumspam.com) Banned IPs used by forum spammers|ipv4 hash:ip|147367 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/bannedips.zip)
[stopforumspam_180d](http://iplists.firehol.org/?ipset=stopforumspam_180d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 180 days)|ipv4 hash:ip|263941 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_180.zip)
[stopforumspam_1d](http://iplists.firehol.org/?ipset=stopforumspam_1d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers in the last 24 hours|ipv4 hash:ip|4422 unique IPs|updated every 1 hour from [this link](http://www.stopforumspam.com/downloads/listed_ip_1.zip)
[stopforumspam_30d](http://iplists.firehol.org/?ipset=stopforumspam_30d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 30 days)|ipv4 hash:ip|54121 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_30.zip)
[stopforumspam_365d](http://iplists.firehol.org/?ipset=stopforumspam_365d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 365 days)|ipv4 hash:ip|481898 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_365.zip)
[stopforumspam_7d](http://iplists.firehol.org/?ipset=stopforumspam_7d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 7 days)|ipv4 hash:ip|17269 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_7.zip)
[stopforumspam_90d](http://iplists.firehol.org/?ipset=stopforumspam_90d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 90 days)|ipv4 hash:ip|148409 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_90.zip)
[stopforumspam_toxic](http://iplists.firehol.org/?ipset=stopforumspam_toxic)|[StopForumSpam.com](http://www.stopforumspam.com) Networks that have large amounts of spambots and are flagged as toxic. Toxic IP ranges are infrequently changed.|ipv4 hash:net|46 subnets, 120411 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt)
[taichung](http://iplists.firehol.org/?ipset=taichung)|[Taichung Education Center](https://www.tc.edu.tw/net/netflow/lkout/recent/30) Blocked IP Addresses (attacks and bots).|ipv4 hash:ip|2658 unique IPs|updated every 1 day from [this link](https://www.tc.edu.tw/net/netflow/lkout/recent/30)
[talosintel_ipfilter](http://iplists.firehol.org/?ipset=talosintel_ipfilter)|[TalosIntel.com](http://talosintel.com/additional-resources/) List of known malicious network threats|ipv4 hash:ip|732 unique IPs|updated every 15 mins from [this link](http://talosintel.com/feeds/ip-filter.blf)
[threatcrowd](http://iplists.firehol.org/?ipset=threatcrowd)|[Crowdsourced IP feed from ThreatCrowd](http://threatcrowd.blogspot.gr/2016/02/crowdsourced-feeds-from-threatcrowd.html). These feeds are not a substitute for the scale of auto-extracted command and control domains or the quality of some commercially provided feeds. But crowd-sourcing does go some way towards the quick sharing of threat intelligence between the community.|ipv4 hash:ip|977 unique IPs|updated every 1 hour from [this link](https://www.threatcrowd.org/feeds/ips.txt)
[tor_exits](http://iplists.firehol.org/?ipset=tor_exits)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1198 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_1d](http://iplists.firehol.org/?ipset=tor_exits_1d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1205 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_30d](http://iplists.firehol.org/?ipset=tor_exits_30d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1588 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_7d](http://iplists.firehol.org/?ipset=tor_exits_7d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1289 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[turris_greylist](http://iplists.firehol.org/?ipset=turris_greylist)|[Turris Greylist](https://www.turris.cz/en/greylist) IPs that are blocked on the firewalls of Turris routers. The data is processed and clasified every week and behaviour of IP addresses that accessed a larger number of Turris routers is evaluated. The result is a list of addresses that have tried to obtain information about services on the router or tried to gain access to them. We do not recommend to use these data as a list of addresses that should be blocked but it can be used for example in analysis of the traffic in other networks.|ipv4 hash:ip|9614 unique IPs|updated every 7 days from [this link](https://www.turris.cz/greylist-data/greylist-latest.csv)
[urandomusto_dns](http://iplists.firehol.org/?ipset=urandomusto_dns)|IP Feed about dns, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|67 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=dns&out=txt&submit=go)
[urandomusto_ftp](http://iplists.firehol.org/?ipset=urandomusto_ftp)|IP Feed about ftp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|152 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ftp&out=txt&submit=go)
[urandomusto_http](http://iplists.firehol.org/?ipset=urandomusto_http)|IP Feed about http, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|289 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=http&out=txt&submit=go)
[urandomusto_mailer](http://iplists.firehol.org/?ipset=urandomusto_mailer)|IP Feed about mailer, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|259 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=mailer&out=txt&submit=go)
[urandomusto_malware](http://iplists.firehol.org/?ipset=urandomusto_malware)|IP Feed about malware, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|1 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=malware&out=txt&submit=go)
[urandomusto_ntp](http://iplists.firehol.org/?ipset=urandomusto_ntp)|IP Feed about ntp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|72 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ntp&out=txt&submit=go)
[urandomusto_rdp](http://iplists.firehol.org/?ipset=urandomusto_rdp)|IP Feed about rdp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|133 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=rdp&out=txt&submit=go)
[urandomusto_smb](http://iplists.firehol.org/?ipset=urandomusto_smb)|IP Feed about smb, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|45 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=smb&out=txt&submit=go)
[urandomusto_spam](http://iplists.firehol.org/?ipset=urandomusto_spam)|IP Feed about spam, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|4 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=spam&out=txt&submit=go)
[urandomusto_ssh](http://iplists.firehol.org/?ipset=urandomusto_ssh)|IP Feed about ssh, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|126 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ssh&out=txt&submit=go)
[urandomusto_telnet](http://iplists.firehol.org/?ipset=urandomusto_telnet)|IP Feed about telnet, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|299 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=telnet&out=txt&submit=go)
[urandomusto_unspecified](http://iplists.firehol.org/?ipset=urandomusto_unspecified)|IP Feed about unspecified, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|178 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=unspecified&out=txt&submit=go)
[urandomusto_vnc](http://iplists.firehol.org/?ipset=urandomusto_vnc)|IP Feed about vnc, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|27 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=vnc&out=txt&submit=go)
[urlvir](http://iplists.firehol.org/?ipset=urlvir)|[URLVir.com](http://www.urlvir.com/) Active Malicious IP Addresses Hosting Malware. URLVir is an online security service developed by NoVirusThanks Company Srl that automatically monitors changes of malicious URLs (executable files).|ipv4 hash:ip|171 unique IPs|updated every 1 day from [this link](http://www.urlvir.com/export-ip-addresses/)
[uscert_hidden_cobra](http://iplists.firehol.org/?ipset=uscert_hidden_cobra)|Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their governments military and strategic objectives. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Wild Positron/Duuzer and Hangman.|ipv4 hash:ip|627 unique IPs|updated every 1 day from [this link](https://www.us-cert.gov/sites/default/files/publications/TA-17-164A_csv.csv)
[voipbl](http://iplists.firehol.org/?ipset=voipbl)|[VoIPBL.org](http://www.voipbl.org/) a distributed VoIP blacklist that is aimed to protects against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's. Several algorithms, external sources and manual confirmation are used before they categorize something as an attack and determine the threat level.|ipv4 hash:net|57978 subnets, 76250 unique IPs|updated every 4 hours from [this link](http://www.voipbl.org/update/)
[vxvault](http://iplists.firehol.org/?ipset=vxvault)|[VxVault](http://vxvault.net) The latest 100 additions of VxVault.|ipv4 hash:ip|52 unique IPs|updated every 12 hours from [this link](http://vxvault.net/ViriList.php?s=0&m=100)
[xforce_bccs](http://iplists.firehol.org/?ipset=xforce_bccs)|[IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/) Botnet Command and Control Servers|ipv4 hash:ip|416 unique IPs|updated every 1 day from [this link](https://api.xforce.ibmcloud.com/taxii)
[xroxy](http://iplists.firehol.org/?ipset=xroxy)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|17 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_1d](http://iplists.firehol.org/?ipset=xroxy_1d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|17 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_30d](http://iplists.firehol.org/?ipset=xroxy_30d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|76 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_7d](http://iplists.firehol.org/?ipset=xroxy_7d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|45 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[yoyo_adservers](http://iplists.firehol.org/?ipset=yoyo_adservers)|[Yoyo.org](http://pgl.yoyo.org/adservers/) IPs of ad servers|ipv4 hash:ip|9220 unique IPs|updated every 12 hours from [this link](http://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext)
zeus|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) standard, contains the same data as the ZeuS IP blocklist (zeus_badips) but with the slight difference that it doesn't exclude hijacked websites (level 2) and free web hosting providers (level 3). This means that this blocklist contains all IPv4 addresses associated with ZeuS C&Cs which are currently being tracked by ZeuS Tracker. Hence this blocklist will likely cause some false positives.|ipv4 hash:ip|disabled|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist)
zeus_badips|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) badips includes IPv4 addresses that are used by the ZeuS trojan. It is the recommened blocklist if you want to block only ZeuS IPs. It excludes IP addresses that ZeuS Tracker believes to be hijacked (level 2) or belong to a free web hosting provider (level 3). Hence the false postive rate should be much lower compared to the standard ZeuS IP blocklist.|ipv4 hash:ip|disabled|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=badips)

639
alienvault_reputation.ipset Normal file
View File

@ -0,0 +1,639 @@
#
# alienvault_reputation
#
# ipv4 hash:ip ipset
#
# [AlienVault.com] (https://www.alienvault.com/) IP
# reputation database
#
# Maintainer : Alien Vault
# Maintainer URL : https://www.alienvault.com/
# List source URL : https://reputation.alienvault.com/reputation.generic
# Source File Date: Fri Nov 12 14:10:50 UTC 2021
#
# Category : reputation
# Version : 4236
#
# This File Date : Fri Nov 12 15:52:25 UTC 2021
# Update Frequency: 6 hours
# Aggregation : none
# Entries : 609 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=alienvault_reputation
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.34.58.110
1.34.226.50
1.161.219.86
1.171.103.192
1.173.242.161
1.246.222.20
1.246.222.134
1.246.222.234
1.246.223.191
2.106.156.53
3.21.74.31
4.71.37.45
4.71.37.46
14.34.157.101
14.42.145.172
14.111.220.134
14.241.244.250
18.117.69.135
18.188.148.80
23.247.108.44
24.188.100.85
27.21.147.209
27.35.154.75
27.38.61.75
27.38.61.120
27.41.36.239
27.43.119.144
27.43.178.112
27.47.116.249
27.158.79.129
27.159.92.181
27.194.89.189
27.194.122.23
27.197.24.223
27.199.237.162
27.203.233.132
27.207.195.126
27.215.53.111
27.215.109.196
27.215.114.223
27.215.122.160
27.217.163.40
27.217.243.163
36.228.50.77
36.231.35.185
37.0.10.31
39.66.73.50
39.74.177.167
39.81.71.78
41.86.5.232
41.86.18.34
41.86.18.165
41.86.19.146
42.51.55.157
42.115.33.98
42.228.193.67
42.231.171.245
43.251.99.6
44.192.244.178
45.146.164.110
45.229.54.55
45.229.54.83
45.229.54.143
45.229.54.193
45.229.54.199
45.229.54.212
45.229.55.57
45.229.55.69
45.229.55.112
45.248.192.48
46.4.123.15
46.101.13.94
46.183.218.151
49.76.60.132
49.89.62.252
49.89.90.173
49.89.93.21
49.89.95.159
49.143.32.6
49.158.196.18
49.213.183.219
49.213.187.246
51.15.228.117
51.15.246.104
51.158.64.113
51.158.102.132
51.158.108.237
51.158.117.164
51.158.125.226
51.211.24.160
51.211.112.79
51.211.117.109
58.58.41.106
58.99.99.34
58.219.232.140
58.248.147.64
58.248.193.3
58.248.193.50
58.248.193.88
58.248.193.97
58.248.193.105
58.248.193.132
58.248.193.141
58.248.193.232
58.248.193.246
58.249.12.95
58.249.87.78
58.249.110.198
58.253.12.9
59.63.204.76
59.63.204.245
59.63.207.69
59.126.96.5
59.127.209.88
59.175.63.89
60.212.108.240
60.244.133.195
61.0.168.149
61.129.101.38
61.152.197.56
61.219.98.43
61.224.147.178
61.242.40.14
61.242.40.17
61.242.40.204
61.242.40.206
61.242.40.212
61.242.40.225
61.242.40.229
61.242.40.245
61.242.54.5
61.242.54.16
61.242.54.48
61.242.54.49
61.242.54.60
61.242.54.62
61.242.54.126
61.242.54.137
61.242.54.170
61.242.54.175
61.242.54.203
61.242.54.211
61.242.54.214
61.242.54.239
61.242.54.242
61.242.54.249
61.242.58.12
61.242.58.14
61.242.58.47
61.242.58.66
61.242.58.67
61.242.58.104
61.242.58.135
61.242.58.178
61.242.58.197
61.242.58.200
61.242.58.239
61.242.58.246
62.4.14.198
62.16.41.210
62.171.159.207
62.219.229.190
64.39.108.94
65.108.11.163
68.183.107.64
69.55.55.230
69.176.89.226
70.50.152.130
70.50.155.251
71.68.229.247
78.142.18.56
78.154.219.169
78.186.248.243
78.187.196.38
78.188.240.230
79.170.30.142
80.14.216.204
80.82.65.247
80.243.181.81
80.243.181.119
81.214.72.215
81.250.169.249
83.138.53.128
84.53.229.12
85.71.26.28
86.157.2.211
86.161.0.86
86.175.105.80
86.181.4.169
89.40.73.14
89.208.122.213
91.104.31.56
91.188.215.198
91.234.62.231
93.51.27.113
93.65.23.221
93.112.152.134
94.156.58.17
95.137.248.182
100.27.42.241
100.27.42.242
100.27.42.243
100.27.42.244
101.0.32.22
101.0.41.25
101.0.57.60
101.0.57.158
101.22.144.130
101.65.131.144
101.181.0.198
101.181.17.112
101.181.17.137
101.181.26.186
101.181.27.80
101.181.34.69
101.181.40.233
101.181.60.181
101.181.68.79
101.181.73.91
101.181.82.102
101.181.98.158
101.181.102.108
101.181.104.241
101.181.114.172
101.181.132.37
103.37.3.58
103.40.172.173
103.40.172.189
103.40.196.2
103.40.196.24
103.40.197.24
103.40.197.175
103.91.19.231
103.91.245.48
103.104.106.98
103.104.106.223
103.119.55.151
103.136.82.50
103.170.92.5
103.170.92.7
103.170.92.10
103.170.92.11
103.170.92.22
103.206.21.107
103.215.240.1
103.231.172.42
104.131.14.192
104.131.82.45
104.248.162.33
106.104.116.79
109.116.204.63
109.123.118.38
110.25.95.241
110.35.227.222
110.89.11.143
110.251.198.23
111.38.106.48
111.92.75.188
111.92.75.217
111.92.116.45
111.165.36.134
111.185.227.109
111.185.228.37
111.202.167.22
111.202.190.6
111.252.213.245
112.5.37.160
112.6.221.37
112.27.124.111
112.27.124.130
112.27.124.145
112.27.124.158
112.30.4.73
112.30.4.118
112.31.87.98
112.31.211.135
112.86.255.100
112.94.96.114
112.94.97.85
112.94.97.166
112.94.98.6
112.94.98.57
112.94.98.71
112.94.98.151
112.94.99.84
112.94.99.86
112.94.99.93
112.94.99.139
112.94.101.190
112.94.101.203
112.94.101.235
112.105.10.251
112.235.46.128
112.237.2.80
112.239.103.43
112.239.120.150
112.248.109.159
112.250.243.72
112.251.18.12
112.255.126.89
113.170.128.242
113.246.130.182
113.251.235.19
114.33.64.24
114.33.190.246
114.34.135.57
114.35.131.161
114.35.175.239
114.35.194.18
114.36.34.63
114.41.226.96
114.236.52.101
114.239.51.77
114.246.35.129
115.51.122.143
115.58.202.92
115.62.58.10
115.165.221.95
116.2.173.20
116.68.99.71
116.211.100.26
116.212.156.31
117.36.199.38
117.87.18.27
117.95.137.93
117.204.149.200
117.208.51.51
117.240.142.212
118.79.140.135
118.161.210.248
118.250.154.242
119.29.119.174
119.122.114.138
119.165.111.147
119.179.238.100
119.191.160.221
119.191.217.155
119.224.91.233
120.1.140.25
120.85.92.40
120.85.93.174
120.85.94.182
120.85.97.71
120.85.112.124
120.85.112.128
120.85.112.133
120.85.113.42
120.85.113.55
120.85.113.120
120.85.113.253
120.85.114.64
120.85.114.146
120.85.114.164
120.85.114.188
120.85.115.2
120.85.115.46
120.85.115.49
120.85.115.60
120.85.115.75
120.85.115.104
120.85.115.148
120.85.115.175
120.85.115.197
120.85.115.225
120.85.116.17
120.85.116.69
120.85.116.70
120.85.116.133
120.85.116.230
120.85.116.238
120.85.117.207
120.85.118.78
120.85.118.161
120.85.118.169
120.85.118.195
120.85.118.219
120.85.118.227
120.85.118.235
120.85.118.238
120.85.148.26
120.85.149.112
120.85.172.249
120.86.236.214
120.86.236.217
120.86.237.94
120.86.237.166
120.86.238.47
120.86.238.188
120.86.239.97
120.86.239.154
120.86.254.133
120.86.254.188
120.86.255.109
120.86.255.247
120.193.91.183
120.193.91.190
120.193.91.215
120.226.28.53
120.226.28.55
120.226.28.56
120.238.189.72
120.240.48.83
120.240.48.91
121.5.155.158
121.46.232.130
121.61.98.22
121.206.154.132
122.96.12.203
122.116.229.208
122.116.240.129
122.117.28.200
122.117.212.66
122.147.22.146
122.147.62.76
122.173.23.55
122.188.150.21
122.254.29.23
123.10.15.34
123.11.152.93
123.12.23.5
123.110.213.41
123.205.156.212
124.131.55.15
124.153.136.175
125.44.11.69
125.63.105.55
125.127.132.112
125.127.139.69
125.128.28.181
125.168.147.202
125.224.126.41
125.228.33.211
125.228.43.197
125.228.89.178
125.228.90.229
134.209.218.203
137.184.62.180
140.206.86.124
146.70.34.2
156.251.136.4
157.61.212.1
157.61.212.29
157.61.212.37
157.61.212.41
157.61.212.44
157.61.212.47
157.61.212.55
157.61.212.57
157.61.212.59
157.61.212.64
157.61.212.78
157.61.212.82
157.61.212.84
157.61.212.85
157.61.212.87
157.61.212.88
157.61.212.95
157.61.212.101
157.61.212.104
157.61.212.109
157.61.212.111
157.61.212.117
157.61.212.122
157.61.213.140
157.61.213.146
157.61.213.149
157.61.213.165
157.61.213.174
157.61.213.179
157.61.213.238
157.61.213.240
159.203.186.159
160.124.138.190
161.22.34.116
161.97.143.54
163.125.211.103
163.125.211.119
163.125.211.144
163.172.140.20
163.172.176.168
163.179.167.155
163.204.211.80
164.155.88.34
165.227.74.61
165.227.84.230
167.71.249.184
167.172.59.207
170.247.76.178
170.247.76.179
174.83.73.163
175.9.135.33
175.10.19.32
175.11.64.24
175.183.4.23
175.183.16.135
176.103.88.57
176.111.173.122
176.111.173.139
176.221.206.115
177.149.164.24
178.18.254.229
178.72.69.78
178.72.70.88
178.72.70.112
178.72.70.124
178.72.70.207
178.72.70.239
178.72.76.2
178.72.78.156
178.72.78.202
178.141.14.216
180.151.24.60
180.176.99.48
180.188.232.122
180.188.232.137
180.188.237.170
181.176.155.25
181.199.162.7
181.199.170.222
182.52.136.45
182.115.173.95
182.124.92.70
182.155.120.143
182.166.180.194
182.235.208.124
183.82.144.126
183.161.1.19
183.237.146.175
183.237.146.206
184.58.233.179
185.68.230.207
185.128.41.50
185.142.239.135
185.191.32.158
185.191.246.45
185.232.64.32
186.33.90.249
186.250.115.93
187.45.116.162
188.169.36.27
188.169.174.166
190.180.154.227
192.3.194.202
193.169.252.158
193.169.252.166
193.169.252.245
195.208.154.9
198.98.62.43
201.71.186.178
201.184.16.244
201.184.49.234
201.184.54.178
201.184.54.179
201.184.54.180
201.184.64.238
201.184.89.98
202.129.58.130
202.164.138.157
202.164.139.168
202.164.139.218
202.164.139.229
203.176.129.73
203.248.175.71
203.248.175.72
206.189.111.16
207.180.219.238
210.13.110.60
210.89.63.21
210.89.63.231
210.89.63.245
210.108.70.119
210.180.237.212
211.47.83.200
211.149.191.209
212.129.26.4
212.193.30.144
213.5.47.43
216.4.95.61
216.4.95.62
218.29.126.53
218.31.123.90
218.161.106.26
219.68.238.49
219.69.110.206
219.136.172.161
219.138.140.114
219.157.139.165
220.133.64.233
220.134.64.169
220.134.206.134
220.134.236.78
220.135.135.44
220.135.241.12
220.143.33.129
221.1.225.191
221.1.226.15
221.160.177.119
221.231.169.141
222.77.181.28
222.118.4.29
222.138.119.194
222.240.117.88
222.247.5.78
222.253.45.141
223.130.31.57
223.149.1.211
223.149.140.37
223.155.34.126
223.159.88.8

30
asprox_c2.ipset Normal file
View File

@ -0,0 +1,30 @@
#
# asprox_c2
#
# ipv4 hash:ip ipset
#
# [h3x.eu] (http://atrack.h3x.eu/) ASPROX Tracker - Asprox
# C&C Sites
#
# Maintainer : h3x.eu
# Maintainer URL : http://atrack.h3x.eu/
# List source URL : http://atrack.h3x.eu/c2
# Source File Date: Mon Nov 6 03:04:11 UTC 2017
#
# Category : malware
# Version : 1
#
# This File Date : Sun Jun 3 05:36:21 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=asprox_c2
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

167
bambenek_banjori.ipset Normal file
View File

@ -0,0 +1,167 @@
#
# bambenek_banjori
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of banjori C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/banjori-iplist.txt
# Source File Date: Wed Jul 29 20:05:53 UTC 2020
#
# Category : malware
# Version : 17534
#
# This File Date : Wed Jul 29 20:12:14 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 136 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_banjori
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
3.216.121.17
5.79.79.212
13.59.74.74
14.192.4.75
18.213.250.117
18.215.128.143
23.89.20.107
23.89.102.123
23.107.124.53
23.110.15.74
23.226.53.226
23.227.38.65
23.231.218.195
23.236.62.147
34.98.99.30
34.102.136.180
35.186.238.101
35.226.69.129
43.230.142.125
43.241.196.105
43.249.76.176
47.91.170.222
47.245.10.59
50.117.86.130
52.4.209.250
52.25.92.0
52.58.78.16
54.65.172.3
54.85.65.140
62.149.142.219
67.20.112.155
74.208.236.219
74.220.199.8
78.24.9.52
78.46.156.194
81.169.145.88
81.169.145.159
81.169.145.160
81.169.145.161
89.188.24.70
92.53.96.22
94.130.109.30
95.211.75.10
96.30.52.60
103.70.226.182
104.24.102.57
104.24.103.57
104.24.108.92
104.24.109.92
104.164.181.36
104.171.23.69
104.171.23.70
107.165.137.88
107.180.26.185
108.59.12.99
108.59.12.101
109.70.4.246
109.71.54.17
112.78.125.29
112.121.187.246
119.3.179.174
119.188.157.23
121.40.153.149
121.54.175.96
122.10.99.22
130.211.40.170
133.130.35.90
133.242.195.32
134.73.61.187
137.175.15.6
145.131.10.247
149.255.58.42
150.95.255.38
154.95.106.131
154.195.133.14
154.195.209.90
154.201.77.14
154.213.139.148
154.216.122.13
154.216.243.104
156.224.61.139
156.225.101.57
156.238.79.182
156.247.12.40
156.250.218.137
158.177.208.8
160.121.36.178
160.153.96.67
162.209.205.67
162.210.102.66
162.210.195.111
163.43.102.74
169.50.13.61
169.50.57.89
172.67.143.254
172.67.211.10
172.106.32.42
175.29.102.46
178.22.59.66
180.153.100.94
185.104.45.33
185.135.241.4
185.216.113.170
186.202.153.222
192.169.243.26
192.190.87.140
193.222.100.37
196.22.132.17
198.23.48.104
198.38.83.24
198.54.117.197
198.54.117.198
198.54.117.199
198.54.117.200
198.54.121.133
199.58.179.10
199.59.242.153
202.124.241.178
202.181.97.76
202.254.234.152
203.156.192.80
208.73.210.202
208.73.210.217
208.73.211.165
208.73.211.177
208.91.197.91
208.109.80.14
212.12.54.87
213.176.50.208
213.186.33.5
216.40.47.17
217.26.53.16
217.26.63.20
217.70.184.38
219.118.71.121
219.235.5.224

31
bambenek_bebloh.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_bebloh
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of bebloh C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/bebloh-iplist.txt
# Source File Date: Thu Jun 7 00:02:37 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:33 UTC 2018
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_bebloh
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

32
bambenek_c2.ipset Normal file
View File

@ -0,0 +1,32 @@
#
# bambenek_c2
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) master feed of
# known, active and non-sinkholed C&Cs IP addresses
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
# Source File Date: Wed Jan 5 14:31:38 UTC 2022
#
# Category : malware
# Version : 16213
#
# This File Date : Thu Jan 6 06:56:05 UTC 2022
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_c2
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
127.200.200.200

31
bambenek_cl.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_cl
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of cl C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/cl-iplist.txt
# Source File Date: Fri Dec 14 00:05:01 UTC 2018
#
# Category : malware
# Version : 18
#
# This File Date : Fri Dec 14 00:08:08 UTC 2018
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_cl
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_cryptowall.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_cryptowall
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of cryptowall C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/cryptowall-iplist.txt
# Source File Date: Thu Dec 3 12:25:05 UTC 2015
#
# Category : malware
# Version : 5
#
# This File Date : Thu Jun 7 00:08:34 UTC 2018
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_cryptowall
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

33
bambenek_dircrypt.ipset Normal file
View File

@ -0,0 +1,33 @@
#
# bambenek_dircrypt
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of dircrypt C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/dircrypt-iplist.txt
# Source File Date: Sat Jul 18 09:06:23 UTC 2020
#
# Category : malware
# Version : 260
#
# This File Date : Sat Jul 18 09:08:07 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 2 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_dircrypt
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
164.155.216.36
169.50.13.61

31
bambenek_dyre.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_dyre
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of dyre C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/dyre-iplist.txt
# Source File Date: Thu Jun 7 00:03:08 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:34 UTC 2018
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_dyre
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_geodo.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_geodo
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of geodo C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/geodo-iplist.txt
# Source File Date: Thu Jun 7 00:02:33 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:34 UTC 2018
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_geodo
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

33
bambenek_hesperbot.ipset Normal file
View File

@ -0,0 +1,33 @@
#
# bambenek_hesperbot
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of hesperbot C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/hesperbot-iplist.txt
# Source File Date: Sat Jul 18 10:07:53 UTC 2020
#
# Category : malware
# Version : 234
#
# This File Date : Sat Jul 18 10:12:32 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 2 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_hesperbot
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
72.5.161.7
164.155.219.11

32
bambenek_matsnu.ipset Normal file
View File

@ -0,0 +1,32 @@
#
# bambenek_matsnu
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of matsnu C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/matsnu-iplist.txt
# Source File Date: Mon Jul 27 04:09:06 UTC 2020
#
# Category : malware
# Version : 522
#
# This File Date : Mon Jul 27 04:12:41 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_matsnu
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
64.207.152.130

44
bambenek_necurs.ipset Normal file
View File

@ -0,0 +1,44 @@
#
# bambenek_necurs
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of necurs C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/necurs-iplist.txt
# Source File Date: Wed Jul 29 01:11:02 UTC 2020
#
# Category : malware
# Version : 10186
#
# This File Date : Wed Jul 29 01:16:08 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 13 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_necurs
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
40.121.206.97
64.47.209.23
64.63.188.85
64.231.250.149
65.79.10.48
65.159.138.178
66.7.34.215
66.247.157.54
68.199.246.20
69.47.125.180
69.79.159.208
70.23.145.183
70.63.91.183

31
bambenek_p2pgoz.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_p2pgoz
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of p2pgoz C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/p2pgoz-iplist.txt
# Source File Date: Sun Jul 26 15:10:57 UTC 2020
#
# Category : malware
# Version : 478
#
# This File Date : Sun Jul 26 15:16:09 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_p2pgoz
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_pushdo.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_pushdo
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of pushdo C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/pushdo-iplist.txt
# Source File Date: Sat Jun 20 05:15:31 UTC 2020
#
# Category : malware
# Version : 12
#
# This File Date : Sat Jun 20 05:20:06 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_pushdo
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

36
bambenek_pykspa.ipset Normal file
View File

@ -0,0 +1,36 @@
#
# bambenek_pykspa
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of pykspa C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/pykspa-iplist.txt
# Source File Date: Wed Jul 29 04:13:10 UTC 2020
#
# Category : malware
# Version : 1373
#
# This File Date : Wed Jul 29 04:16:06 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 5 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_pykspa
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
40.255.0.62
78.47.106.15
169.50.13.61
189.50.110.40
193.146.253.37

33
bambenek_qakbot.ipset Normal file
View File

@ -0,0 +1,33 @@
#
# bambenek_qakbot
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of qakbot C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/qakbot-iplist.txt
# Source File Date: Sun Jul 26 12:13:39 UTC 2020
#
# Category : malware
# Version : 453
#
# This File Date : Sun Jul 26 12:16:47 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 2 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_qakbot
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
72.26.218.72
199.21.76.82

129
bambenek_ramnit.ipset Normal file
View File

@ -0,0 +1,129 @@
#
# bambenek_ramnit
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of ramnit C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/ramnit-iplist.txt
# Source File Date: Wed Jul 29 20:18:04 UTC 2020
#
# Category : malware
# Version : 3671
#
# This File Date : Wed Jul 29 20:24:06 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 98 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_ramnit
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.180.102.147
13.90.196.81
18.213.250.117
18.215.128.143
34.197.76.50
34.225.182.233
35.224.11.86
46.17.47.67
46.165.220.141
46.165.220.142
46.165.220.143
46.165.220.144
46.165.220.145
46.165.220.146
46.165.220.147
46.165.220.148
46.165.220.149
46.165.220.150
46.165.220.151
46.165.220.152
46.165.220.153
46.165.220.154
46.165.220.155
46.165.221.136
46.165.221.144
46.165.221.154
46.165.229.164
46.165.229.165
46.165.229.166
46.165.229.167
46.165.254.193
46.165.254.194
46.165.254.195
46.165.254.196
46.165.254.197
46.165.254.198
46.165.254.199
46.165.254.200
46.165.254.201
46.165.254.202
46.165.254.203
46.165.254.204
46.165.254.205
46.165.254.206
46.165.254.207
46.165.254.208
46.165.254.209
46.165.254.210
46.165.254.211
46.165.254.212
46.165.254.213
46.165.254.214
47.91.170.222
52.4.209.250
72.26.218.70
82.112.184.197
88.212.208.67
109.248.10.176
154.216.211.122
160.16.199.126
160.16.223.90
164.155.216.31
169.50.13.61
173.239.5.6
173.239.8.164
178.33.69.68
193.146.253.36
193.146.253.38
193.146.253.44
194.67.71.41
194.67.71.114
208.91.197.66
213.186.33.19
213.247.47.190
217.20.116.129
217.20.116.130
217.20.116.131
217.20.116.132
217.20.116.133
217.20.116.134
217.20.116.135
217.20.116.136
217.20.116.137
217.20.116.138
217.20.116.139
217.20.116.140
217.20.116.141
217.20.116.142
217.20.116.143
217.20.116.145
217.20.116.146
217.20.116.147
217.20.116.148
217.20.116.149
217.20.116.150
217.20.116.151
217.20.116.152
217.20.116.153

31
bambenek_ranbyus.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_ranbyus
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of ranbyus C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/ranbyus-iplist.txt
# Source File Date: Thu Feb 14 14:06:27 UTC 2019
#
# Category : malware
# Version : 101
#
# This File Date : Thu Feb 14 14:12:10 UTC 2019
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_ranbyus
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

162
bambenek_simda.ipset Normal file
View File

@ -0,0 +1,162 @@
#
# bambenek_simda
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of simda C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/simda-iplist.txt
# Source File Date: Wed Jul 29 20:19:03 UTC 2020
#
# Category : malware
# Version : 17362
#
# This File Date : Wed Jul 29 20:24:07 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 131 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_simda
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.157.84.170
14.128.136.68
23.89.102.127
23.236.62.147
31.11.32.144
31.186.169.41
31.217.192.121
34.98.99.30
34.102.136.180
45.82.253.244
46.28.105.107
46.30.215.127
46.30.215.202
46.242.242.252
46.249.43.105
52.25.92.0
52.58.78.16
54.65.172.3
62.97.115.37
62.129.200.14
62.149.128.72
62.149.128.74
62.149.128.151
62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.163
62.149.128.166
62.149.181.236
62.153.122.95
67.229.36.115
69.162.80.54
69.162.80.58
77.111.240.49
77.111.240.59
79.170.40.236
80.85.86.6
80.237.132.180
81.2.194.62
81.2.194.128
81.2.194.176
81.169.145.68
81.169.145.84
81.169.145.93
81.169.145.94
81.169.145.105
81.169.145.161
81.177.165.51
82.98.135.43
82.100.220.53
84.38.224.155
85.13.129.76
85.13.132.239
85.114.135.128
85.128.185.12
85.236.47.218
87.98.230.60
88.198.56.106
89.31.143.1
89.46.108.57
91.121.59.137
91.121.154.229
91.174.205.10
91.195.241.136
91.199.77.50
91.212.28.29
91.223.145.130
92.43.203.171
92.61.39.239
93.185.103.42
93.190.48.3
94.152.8.56
95.211.117.215
95.211.219.65
104.27.180.160
104.27.181.160
104.28.26.243
104.28.27.243
104.28.28.252
104.28.29.252
116.202.231.184
141.105.126.87
146.148.34.125
149.216.106.61
157.7.188.207
162.217.99.134
162.255.119.102
163.172.86.124
169.50.13.61
172.67.156.67
172.67.157.206
172.67.184.127
173.236.178.74
178.254.10.14
185.26.105.244
185.51.65.38
185.66.237.14
185.114.108.15
185.181.104.74
185.183.8.67
185.232.248.163
188.93.150.101
188.165.143.5
192.64.147.231
193.41.64.176
194.9.94.85
194.9.94.86
194.150.113.18
194.242.61.31
195.74.38.62
195.110.124.188
199.34.228.76
199.59.242.153
205.144.171.124
208.91.197.91
209.140.30.61
210.172.183.32
211.43.203.53
212.57.32.149
212.85.106.71
213.186.33.5
217.70.184.38
217.74.71.168
217.116.16.235
217.160.0.59
217.160.0.97
217.160.0.169
217.160.0.225
217.160.0.239
217.160.122.61
217.160.233.84

139
bambenek_suppobox.ipset Normal file
View File

@ -0,0 +1,139 @@
#
# bambenek_suppobox
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of suppobox C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/suppobox-iplist.txt
# Source File Date: Wed Jul 29 20:19:32 UTC 2020
#
# Category : malware
# Version : 9682
#
# This File Date : Wed Jul 29 20:24:08 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 108 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_suppobox
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
18.216.20.136
23.83.35.75
23.227.38.65
23.236.62.147
34.102.136.180
34.198.7.77
34.202.122.77
34.225.38.128
35.169.225.248
35.186.238.101
35.231.184.193
39.106.40.57
43.226.23.42
45.133.2.132
45.192.23.245
45.199.245.19
46.30.213.209
46.166.189.98
52.0.7.30
54.36.56.87
54.84.104.245
62.233.121.5
63.251.235.71
66.6.44.4
66.96.161.157
67.195.197.24
67.227.226.240
69.163.184.176
69.172.201.218
72.26.218.72
74.96.70.52
74.208.236.135
75.2.37.224
80.77.123.65
81.28.232.67
83.140.241.13
84.49.232.107
87.98.242.65
89.106.12.49
94.136.40.82
95.143.172.148
97.74.182.1
98.124.199.77
103.67.235.120
104.16.12.194
104.16.13.194
104.16.14.194
104.16.15.194
104.16.16.194
104.27.188.229
104.27.189.229
104.248.50.87
104.248.60.43
104.248.63.231
104.248.63.248
106.249.28.73
112.216.156.206
121.42.239.99
121.78.197.82
121.254.178.233
137.220.193.208
138.207.69.72
139.129.156.33
150.95.255.38
151.80.184.231
154.208.167.236
157.65.171.29
157.245.130.6
159.8.210.35
161.47.102.211
162.217.99.134
162.217.99.139
162.217.99.141
162.241.194.34
162.241.224.134
162.241.224.200
162.243.212.245
162.255.119.8
162.255.119.250
172.67.154.177
173.231.184.119
173.231.189.30
173.236.166.37
185.55.85.123
192.64.119.20
192.64.119.148
192.64.119.202
192.227.107.19
193.93.253.54
194.59.222.76
198.54.117.197
198.54.117.198
198.54.117.199
198.54.117.200
199.34.228.69
199.59.242.153
206.191.152.37
206.191.152.49
207.96.1.77
208.91.197.26
208.91.197.27
208.91.197.46
208.91.197.91
208.91.197.194
212.96.137.160
213.186.33.5
213.250.113.193
217.160.0.16

32
bambenek_symmi.ipset Normal file
View File

@ -0,0 +1,32 @@
#
# bambenek_symmi
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of symmi C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/symmi-iplist.txt
# Source File Date: Fri Jun 26 10:49:11 UTC 2020
#
# Category : malware
# Version : 14
#
# This File Date : Fri Jun 26 10:56:26 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_symmi
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
208.100.26.245

35
bambenek_tinba.ipset Normal file
View File

@ -0,0 +1,35 @@
#
# bambenek_tinba
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of tinba C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/tinba-iplist.txt
# Source File Date: Wed Jul 29 16:20:23 UTC 2020
#
# Category : malware
# Version : 3576
#
# This File Date : Wed Jul 29 16:24:10 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 4 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_tinba
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
198.54.117.197
198.54.117.198
198.54.117.199
198.54.117.200

32
bambenek_volatile.ipset Normal file
View File

@ -0,0 +1,32 @@
#
# bambenek_volatile
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of volatile C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/volatile-iplist.txt
# Source File Date: Fri Feb 7 15:08:38 UTC 2020
#
# Category : malware
# Version : 10
#
# This File Date : Fri Feb 7 15:12:21 UTC 2020
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_volatile
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
169.50.13.61

2717
bbcan177_ms1.netset Normal file
View File

File diff suppressed because it is too large Load Diff

1175
bbcan177_ms3.netset Normal file
View File

File diff suppressed because it is too large Load Diff

1239
bds_atif.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1016
bitcoin_blockchain_info_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

8148
bitcoin_blockchain_info_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

2653
bitcoin_blockchain_info_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

5841
bitcoin_nodes.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

7237
bitcoin_nodes_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

13863
bitcoin_nodes_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

8851
bitcoin_nodes_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

22552
blocklist_de.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

8518
blocklist_de_apache.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

174
blocklist_de_bots.ipset Normal file
View File

@ -0,0 +1,174 @@
#
# blocklist_de_bots
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# which have been reported within the last 48 hours as having
# run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or
# BadBots (BadBots = it has posted a Spam-Comment on a open
# Forum or Wiki).
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/bots.txt
# Source File Date: Thu May 9 10:08:03 UTC 2024
#
# Category : attacks
# Version : 80760
#
# This File Date : Thu May 9 10:08:11 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 141 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_bots
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.56.132.84
5.188.62.140
5.188.87.47
14.18.120.74
20.205.110.167
23.26.220.11
23.26.220.14
27.147.136.161
34.175.145.201
35.79.222.1
35.219.66.183
39.105.120.190
39.163.152.32
39.165.158.177
43.136.39.92
44.192.92.158
44.210.69.173
45.15.18.72
45.80.158.89
45.135.241.228
47.115.225.21
49.235.133.12
51.124.190.250
66.115.142.157
67.222.157.170
68.178.225.104
68.183.227.17
72.167.209.248
77.77.222.105
80.251.219.111
81.181.55.54
81.181.55.108
81.181.60.61
81.181.62.44
84.247.105.106
84.247.105.108
85.119.122.23
89.117.151.34
91.92.242.55
91.92.243.107
91.92.244.2
91.92.248.15
91.92.250.23
91.205.17.174
91.229.245.57
91.236.168.249
92.204.139.118
93.183.131.53
94.156.65.8
94.156.68.28
95.217.109.26
102.129.40.35
102.129.252.152
102.165.48.97
102.215.33.72
103.102.228.23
103.104.118.206
103.108.45.105
103.130.218.13
104.200.151.147
104.200.151.155
104.200.151.171
104.200.151.176
110.154.103.191
112.175.184.32
116.179.32.68
116.179.37.5
116.179.37.92
116.179.37.139
116.179.37.167
116.179.37.182
116.179.37.186
116.179.37.230
116.179.37.239
119.188.246.142
120.227.159.62
123.57.10.186
123.57.192.127
123.186.72.251
123.186.73.103
123.186.73.176
123.186.74.53
123.186.75.22
123.186.75.83
123.186.75.192
123.186.76.240
123.244.129.217
128.199.26.235
135.181.74.243
135.181.213.219
135.181.213.220
139.59.6.125
139.213.43.226
140.83.49.168
140.228.21.67
142.93.216.20
142.171.116.231
143.110.250.227
143.110.254.81
148.72.245.234
149.56.151.201
150.230.58.58
152.42.180.180
157.245.33.108
157.245.200.20
158.220.123.227
165.84.162.121
167.71.226.207
167.71.232.30
167.172.92.134
170.64.183.233
170.231.236.158
174.138.28.93
175.22.148.29
175.178.35.245
178.25.242.225
178.128.59.49
182.43.78.115
182.201.217.190
182.204.140.200
182.204.141.124
182.204.143.195
185.66.90.243
185.211.6.82
185.241.208.122
185.241.208.144
188.165.204.144
191.96.227.209
193.176.86.41
193.176.86.61
194.60.87.189
194.76.26.63
195.175.22.38
203.55.81.29
207.244.250.20
208.109.188.30
208.109.203.225
210.16.189.15
212.224.98.109
213.232.124.78
221.236.22.20

472
blocklist_de_bruteforce.ipset Normal file
View File

@ -0,0 +1,472 @@
#
# blocklist_de_bruteforce
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IPs which
# attacks Joomla, Wordpress and other Web-Logins with
# Brute-Force Logins.
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/bruteforcelogin.txt
# Source File Date: Thu May 9 09:30:04 UTC 2024
#
# Category : attacks
# Version : 141452
#
# This File Date : Thu May 9 09:36:11 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 441 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_bruteforce
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.12.232.221
1.13.253.53
2.57.122.161
3.104.64.207
4.237.64.173
5.61.25.34
5.61.51.143
5.121.161.113
5.189.148.71
5.255.98.23
8.130.135.141
8.138.104.46
8.217.129.114
8.217.209.92
8.218.30.127
8.218.115.242
8.218.250.31
13.127.139.93
14.18.80.54
14.162.96.73
20.92.138.57
23.19.255.215
23.26.220.24
23.97.205.210
23.108.191.235
23.235.214.66
23.237.44.162
24.199.121.227
34.1.20.228
34.1.24.43
34.65.234.0
34.74.7.203
34.75.65.218
34.93.16.66
34.94.93.133
34.94.103.172
34.106.49.173
34.106.72.82
34.106.169.106
34.116.118.211
34.124.221.136
34.143.140.159
34.162.92.50
34.162.174.112
34.174.81.173
34.174.230.254
34.255.242.96
35.204.172.12
35.212.241.96
35.223.17.18
35.230.161.150
35.235.66.67
35.237.106.121
37.60.251.68
37.97.201.80
37.157.255.193
37.187.71.44
39.98.44.46
39.103.225.8
40.77.167.25
40.233.83.245
41.57.124.54
41.222.112.93
42.96.43.183
42.193.223.101
43.128.88.133
43.129.185.154
43.132.184.117
43.132.204.17
43.142.164.252
43.155.89.190
43.228.213.33
43.228.214.166
45.8.17.2
45.8.17.10
45.10.156.39
45.11.96.45
45.61.184.25
45.80.158.69
45.80.158.70
45.80.158.103
45.94.31.191
45.117.179.159
45.122.221.29
45.141.215.39
45.141.215.245
45.148.232.192
45.148.234.236
45.148.235.238
45.154.26.87
45.195.204.97
46.105.29.21
46.246.8.164
47.75.171.239
47.99.136.132
47.100.73.174
47.106.201.134
47.107.131.133
47.111.116.44
47.122.1.41
47.244.50.243
49.235.81.143
51.38.41.215
51.75.91.32
51.77.222.16
51.89.153.66
51.89.220.51
51.91.151.60
51.91.208.166
51.91.220.7
51.103.210.240
51.158.37.190
51.159.111.112
51.210.234.90
52.167.144.136
52.167.144.219
52.173.28.95
54.36.126.202
54.37.156.240
54.166.233.220
61.246.6.91
61.246.38.5
62.171.134.22
64.23.226.80
64.227.47.33
64.227.146.23
66.181.72.85
67.222.134.13
68.178.145.4
68.178.145.44
68.178.145.118
68.178.145.184
68.178.149.226
68.178.195.38
68.178.231.250
68.178.244.212
68.178.246.137
68.183.210.185
70.32.74.232
72.167.104.249
72.167.210.93
72.167.254.247
74.48.118.155
77.92.156.145
78.131.12.248
78.135.107.100
79.3.212.241
80.94.92.60
80.98.98.161
81.69.170.51
81.69.176.253
81.69.197.181
81.70.248.169
82.165.215.24
82.211.3.77
85.239.33.117
89.43.66.107
89.46.106.134
89.187.163.211
89.187.182.13
91.92.244.199
91.92.252.42
91.121.100.49
91.121.168.91
91.203.111.18
91.238.165.176
92.42.33.77
92.204.138.28
92.205.2.99
92.205.144.130
92.205.238.99
93.93.202.44
93.195.215.36
94.177.253.31
101.33.210.56
101.43.173.214
102.219.189.140
102.223.7.56
103.20.82.161
103.20.220.48
103.27.238.251
103.28.52.66
103.38.236.203
103.57.178.82
103.67.163.199
103.74.116.72
103.83.81.221
103.98.6.150
103.118.28.120
103.120.242.158
103.130.219.128
103.132.183.121
103.159.85.205
103.159.239.202
103.171.181.119
103.176.179.125
104.28.203.247
104.28.235.247
104.131.181.172
104.152.110.114
104.155.168.189
104.198.37.199
104.244.78.186
106.14.0.195
106.15.54.35
106.58.213.76
106.58.220.118
107.170.72.201
107.170.253.8
107.174.145.78
107.180.117.184
107.180.118.175
107.189.1.142
107.189.2.216
107.189.7.25
107.189.7.155
107.189.14.184
109.70.100.70
109.74.192.57
109.235.174.4
109.235.174.18
110.42.217.219
111.90.141.180
111.90.158.66
113.43.208.207
115.127.35.125
115.233.218.202
116.118.48.75
118.69.147.183
118.123.4.248
118.139.161.199
118.139.181.184
119.45.26.99
119.235.221.63
119.246.21.229
120.25.104.120
120.77.35.242
120.77.202.101
122.224.129.234
123.30.234.70
123.178.210.182
124.71.61.46
124.217.226.207
125.88.207.79
125.212.209.171
125.212.218.5
128.199.28.186
128.199.163.83
130.180.75.42
132.148.110.101
132.148.121.195
132.148.185.11
132.148.185.12
132.148.185.14
132.148.185.17
132.148.185.33
134.122.27.24
134.122.98.216
134.122.123.193
134.209.39.24
134.209.104.76
134.209.158.44
135.125.1.9
137.116.153.238
137.117.65.231
137.184.37.249
137.220.106.99
138.68.76.25
138.68.129.241
138.68.188.84
138.128.245.84
138.197.154.201
138.199.36.214
138.199.52.243
139.59.10.149
139.59.20.111
139.59.97.220
139.196.113.223
139.196.136.166
142.4.25.179
142.93.215.22
142.132.180.152
143.110.177.0
143.198.110.43
143.198.211.185
143.244.134.222
143.244.139.242
144.217.181.137
145.239.2.113
145.239.39.128
146.59.71.198
146.70.15.43
146.190.40.30
146.190.217.185
147.182.225.187
148.66.130.195
148.72.84.18
148.72.214.194
148.153.56.82
149.102.132.103
150.95.31.43
150.162.233.150
152.70.81.7
152.231.105.33
153.122.170.34
154.0.169.64
157.245.47.176
158.69.255.26
159.65.132.141
159.89.103.107
159.89.104.182
159.89.194.195
159.89.203.182
159.89.224.247
159.223.102.228
159.223.217.53
160.153.158.27
161.35.23.58
161.35.100.107
161.97.148.58
162.144.135.175
162.212.152.110
162.241.201.42
162.243.128.11
162.243.132.15
162.243.147.4
164.68.127.196
164.92.80.194
164.92.210.253
165.22.70.82
165.232.180.240
165.232.191.9
167.71.102.193
167.71.233.39
167.99.66.166
167.99.113.123
171.244.0.91
171.244.49.8
172.104.131.24
172.104.146.213
172.233.171.52
173.201.186.239
173.201.190.138
173.205.81.73
173.236.141.101
173.249.19.204
177.130.249.153
178.32.110.73
178.62.126.208
178.218.144.51
178.236.246.60
178.238.10.177
179.43.191.18
182.43.69.56
182.43.69.247
182.43.76.198
182.75.112.226
184.168.96.165
184.168.100.235
184.168.102.202
184.168.113.58
184.168.114.92
184.168.124.43
185.9.19.107
185.61.221.41
185.98.5.122
185.103.16.188
185.107.113.247
185.156.174.27
185.159.80.80
185.182.56.165
185.185.80.64
185.198.190.113
185.217.126.94
185.253.219.219
187.102.16.15
188.166.1.163
188.166.6.199
188.166.67.239
188.166.249.216
191.98.133.194
192.42.116.185
192.42.116.191
192.42.116.219
193.118.55.74
193.122.6.102
193.151.143.72
193.168.3.20
193.202.81.189
193.202.110.21
193.223.105.214
194.36.108.89
195.26.241.51
195.26.243.28
195.26.250.126
195.94.230.222
198.12.212.165
198.12.222.107
198.12.233.41
198.12.233.238
198.12.237.172
198.12.238.222
198.12.243.17
198.54.128.124
198.71.229.177
198.71.237.3
198.71.237.5
198.98.50.195
198.167.193.51
198.199.105.84
199.195.252.237
200.55.198.234
202.95.9.249
202.172.26.28
203.122.21.62
203.124.33.211
204.8.96.154
206.189.59.247
206.189.144.7
206.189.153.173
206.189.154.75
207.180.228.139
208.109.39.84
208.109.227.196
209.58.132.244
209.141.32.50
209.141.32.149
209.141.42.189
209.141.46.94
209.141.62.71
210.16.189.4
212.18.46.166
212.38.40.210
213.152.161.149
213.163.113.46
213.175.200.188
213.175.217.81
216.250.106.188
217.133.221.210
217.182.76.192
222.252.31.98

313
blocklist_de_ftp.ipset Normal file
View File

@ -0,0 +1,313 @@
#
# blocklist_de_ftp
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# which have been reported within the last 48 hours for
# attacks on the Service FTP.
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/ftp.txt
# Source File Date: Thu May 9 10:08:03 UTC 2024
#
# Category : attacks
# Version : 97689
#
# This File Date : Thu May 9 10:08:09 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 282 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_ftp
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.55.142.84
1.160.70.195
1.163.242.164
3.84.233.107
3.110.186.40
5.100.81.200
8.210.192.176
8.218.173.88
14.37.12.17
14.225.74.30
14.233.140.81
14.243.126.15
20.2.69.82
20.84.86.140
20.213.17.82
27.188.63.198
27.254.87.202
34.16.96.98
34.22.192.129
34.22.208.68
34.38.151.7
34.76.96.55
34.76.158.233
34.77.127.183
34.78.6.216
34.78.68.58
34.78.249.41
34.79.162.186
34.140.58.13
34.140.108.54
34.140.130.61
34.175.214.170
35.187.98.121
35.190.199.12
35.195.93.98
35.205.205.158
35.216.225.42
35.240.121.17
36.90.41.29
36.90.41.255
36.148.8.214
37.59.56.90
37.237.216.89
39.106.182.147
40.65.151.51
41.59.113.138
41.226.34.5
42.84.151.32
43.128.11.242
43.163.206.246
43.248.139.2
44.204.149.87
44.205.255.220
45.119.84.144
46.105.116.86
46.148.50.30
47.57.1.153
47.57.168.50
47.93.143.177
47.98.170.47
47.103.60.185
47.238.210.242
47.238.231.2
47.238.240.199
49.149.97.203
50.63.17.213
52.40.234.105
52.203.27.149
58.34.196.12
58.226.181.97
59.33.205.168
59.52.177.211
59.58.147.234
59.60.113.184
59.103.58.210
60.51.152.123
61.80.110.108
61.130.96.154
61.180.116.224
61.184.119.32
61.189.123.104
64.227.105.207
64.250.121.161
70.53.84.26
78.37.239.16
78.137.4.173
80.65.162.78
82.59.101.140
82.65.175.26
82.115.21.23
84.17.47.99
84.46.99.56
85.208.22.19
87.106.246.127
88.135.80.99
89.182.27.36
89.182.50.97
89.183.99.98
89.237.198.73
89.255.71.12
91.92.240.217
91.92.251.69
91.225.163.42
93.87.73.210
94.31.84.30
94.102.15.162
94.156.65.124
95.37.64.71
95.71.125.11
101.36.117.15
103.11.217.141
103.20.243.120
103.45.68.8
103.74.116.44
103.74.117.111
103.74.117.160
103.75.187.249
103.110.85.153
103.154.185.150
103.164.63.147
103.171.181.214
103.179.191.151
103.194.186.170
103.203.47.209
103.209.108.32
103.212.99.34
103.212.99.82
103.224.156.243
103.237.147.21
103.248.33.11
103.251.2.17
104.199.31.214
106.14.135.153
106.14.226.102
106.55.158.56
106.75.128.158
109.74.204.123
109.174.62.79
110.82.145.13
110.137.193.93
111.40.18.248
112.36.21.203
112.51.214.7
113.4.118.47
113.4.118.48
113.88.108.116
113.116.244.43
113.172.13.131
113.205.148.148
114.55.54.35
115.28.158.180
115.78.225.181
115.206.106.16
115.244.46.70
116.213.36.178
116.213.39.202
116.213.39.218
117.33.169.73
118.123.105.99
118.193.64.188
118.193.73.8
118.194.251.141
119.42.148.122
119.45.161.174
119.161.98.14
120.55.99.107
120.77.11.122
121.35.98.103
121.35.98.108
121.35.98.122
121.35.98.143
121.35.99.112
121.35.99.127
121.196.55.134
121.229.40.225
122.3.177.141
122.51.110.114
122.155.167.246
122.222.120.125
123.56.237.242
123.59.105.78
123.231.167.142
123.241.66.140
123.241.94.55
124.221.52.72
124.226.219.166
125.120.172.219
125.120.210.142
125.212.243.14
125.212.243.150
125.228.230.78
128.14.239.217
130.211.54.158
136.158.51.103
138.128.180.226
138.197.116.132
139.59.114.254
139.186.77.75
139.199.212.85
139.199.220.72
146.70.65.144
146.70.111.86
146.70.111.110
146.120.164.13
146.148.113.189
148.66.146.16
148.72.84.101
149.102.233.236
150.138.83.30
152.32.139.9
152.32.153.228
152.32.216.172
152.32.233.95
152.32.235.96
153.122.148.17
153.122.156.7
154.212.145.29
160.153.235.195
161.35.37.70
162.43.121.174
162.144.63.211
162.215.13.76
165.154.10.250
165.154.12.9
165.154.33.91
165.154.36.107
165.154.36.177
165.154.134.152
165.154.138.34
165.154.164.112
165.154.182.72
165.154.182.207
169.150.196.240
169.150.220.169
171.115.220.45
172.104.234.144
175.138.65.57
176.59.14.105
177.207.68.73
178.32.197.88
179.61.251.195
179.108.3.15
181.66.147.159
181.214.218.138
181.214.218.165
182.16.25.34
182.89.110.176
182.210.63.101
182.223.190.12
183.7.156.150
183.132.50.152
183.162.230.118
185.37.70.47
185.37.71.31
185.165.191.27
185.193.206.21
185.196.8.161
185.224.128.254
187.191.54.162
188.134.90.60
188.162.72.162
191.31.164.9
193.32.248.132
193.169.255.34
193.201.186.127
194.169.175.107
194.233.73.228
198.16.58.241
200.79.187.122
202.59.168.151
202.146.241.44
203.192.198.37
210.116.101.160
213.230.71.159
217.150.210.141
218.75.12.30
221.212.121.105
222.209.59.8
222.223.111.31
222.243.156.40
223.15.176.123
223.94.46.145

3525
blocklist_de_imap.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

12112
blocklist_de_mail.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

78
blocklist_de_sip.ipset Normal file
View File

@ -0,0 +1,78 @@
#
# blocklist_de_sip
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# that tried to login in a SIP, VOIP or Asterisk Server and
# are included in the IPs list from infiltrated.net
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/sip.txt
# Source File Date: Thu May 9 10:08:03 UTC 2024
#
# Category : attacks
# Version : 133501
#
# This File Date : Thu May 9 10:08:10 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 47 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_sip
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.253.246.42
5.253.246.70
23.94.82.17
37.221.92.37
43.133.58.65
43.134.104.198
43.153.24.194
43.153.32.102
43.155.147.150
43.155.186.231
43.156.97.98
43.156.110.3
43.163.238.175
43.241.132.10
45.95.147.233
45.117.177.103
45.172.152.74
49.51.231.176
58.210.98.130
68.183.81.164
101.91.225.182
104.234.168.239
107.180.105.183
113.141.171.139
120.48.137.162
122.114.8.215
124.156.192.13
134.175.198.193
138.2.229.118
143.198.103.190
143.198.203.33
146.190.162.83
147.78.103.31
165.232.171.101
170.64.147.114
174.138.14.89
174.138.78.213
175.203.61.33
180.101.88.252
185.51.246.197
185.176.220.108
194.169.172.46
195.154.51.46
206.188.197.159
218.55.114.94
218.92.0.122
223.171.90.190

9477
blocklist_de_ssh.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

366
blocklist_de_strongips.ipset Normal file
View File

@ -0,0 +1,366 @@
#
# blocklist_de_strongips
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IPs which
# are older then 2 month and have more then 5.000 attacks.
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/strongips.txt
# Source File Date: Thu May 9 06:00:35 UTC 2024
#
# Category : attacks
# Version : 54017
#
# This File Date : Thu May 9 06:01:52 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 336 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_strongips
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
13.74.46.65
13.80.7.122
14.63.162.98
14.102.74.99
14.177.239.168
20.194.60.135
27.254.137.144
27.254.149.199
31.184.198.71
34.91.0.68
34.92.176.182
35.207.98.222
35.209.160.244
35.219.62.194
35.223.246.35
35.244.25.124
36.66.151.17
36.91.166.34
36.110.228.254
36.155.130.6
40.115.18.231
41.72.105.171
41.72.219.102
41.82.208.182
41.191.116.18
42.200.66.164
42.200.78.78
45.129.14.128
45.129.14.173
45.161.176.1
45.232.244.5
46.101.5.100
46.101.23.51
46.101.171.235
47.180.114.229
49.51.183.1
49.247.198.162
50.214.100.27
51.91.111.73
51.178.137.178
52.160.46.145
52.183.128.237
52.227.167.147
58.27.95.2
59.3.76.218
61.80.179.118
61.83.148.111
61.93.186.125
61.177.172.136
61.177.172.140
61.177.172.160
61.177.172.179
61.177.172.181
62.28.222.221
64.227.122.198
64.227.126.250
65.73.231.122
65.181.73.155
65.190.102.226
68.116.41.2
68.183.88.186
72.167.52.254
72.167.55.58
72.240.125.133
74.94.234.151
79.104.0.82
81.28.167.30
81.192.87.130
82.200.65.218
84.2.226.70
85.209.11.27
85.209.11.227
85.209.11.254
88.214.25.16
89.97.218.142
90.168.201.25
91.144.20.198
91.238.181.247
92.118.39.240
93.190.106.139
96.67.59.65
96.69.13.140
96.78.175.36
101.207.113.73
103.16.202.187
103.26.136.173
103.48.192.48
103.48.193.7
103.63.108.25
103.86.180.10
103.92.24.242
103.226.248.146
103.231.46.66
103.240.110.130
103.248.60.70
103.255.216.43
104.248.159.207
105.96.11.65
106.51.3.214
106.241.54.211
107.0.200.227
107.175.33.240
107.180.88.176
111.68.98.152
111.93.200.50
111.161.41.156
112.31.56.247
112.133.228.250
112.217.207.26
113.31.116.250
113.200.60.74
114.199.123.211
114.204.218.154
114.206.23.151
116.92.213.114
117.220.15.119
118.40.248.20
118.69.161.67
118.70.170.120
118.101.192.62
118.201.79.222
119.28.105.34
119.28.118.4
119.29.136.114
119.73.179.114
119.252.143.6
120.88.46.226
120.224.50.233
121.142.87.218
122.155.0.205
122.176.52.13
123.30.249.49
123.31.29.192
124.152.118.194
124.160.96.242
125.99.173.162
128.199.33.46
128.199.73.168
128.199.80.214
128.199.95.60
128.199.120.146
128.199.150.10
128.199.179.36
128.199.182.19
128.199.194.1
128.199.225.7
128.201.78.253
129.226.158.246
134.17.16.40
134.17.17.32
134.17.94.229
134.122.8.241
134.122.17.178
136.228.161.66
136.228.161.67
138.68.9.83
138.68.91.192
139.59.23.154
139.59.25.164
139.59.127.73
139.59.127.178
139.59.188.13
140.86.12.31
140.86.39.162
143.244.144.227
143.244.162.174
146.190.227.169
148.66.132.190
154.68.39.6
154.72.194.207
156.54.180.33
157.230.113.181
157.230.185.9
157.245.157.93
157.245.218.29
159.65.41.104
159.65.91.105
159.65.220.18
159.203.170.197
160.153.234.75
161.35.108.241
164.77.117.10
164.177.31.66
165.22.16.134
165.22.101.75
165.22.217.96
165.22.242.64
165.227.68.95
165.227.84.172
165.227.85.21
165.227.87.78
165.227.101.226
165.227.166.247
165.227.228.212
165.232.158.187
167.172.112.115
171.244.140.174
175.203.61.33
175.207.13.22
177.91.80.11
179.43.180.108
180.71.47.198
180.101.88.196
180.101.88.197
180.101.88.200
180.101.88.205
180.101.88.219
180.101.88.220
180.101.88.221
180.101.88.222
180.101.88.223
180.101.88.224
180.101.88.236
180.101.88.239
180.101.88.240
180.101.88.241
180.101.88.244
180.101.88.245
180.101.88.246
180.101.88.248
180.101.88.254
180.149.242.18
180.167.207.234
180.168.95.234
181.48.60.50
181.48.99.155
182.16.245.79
182.16.245.85
182.75.216.74
182.93.50.90
183.81.169.238
183.240.157.2
185.17.229.65
185.74.4.17
185.74.4.20
185.74.4.189
185.217.1.246
185.246.130.20
186.10.86.130
186.10.125.209
186.38.26.5
186.67.248.5
186.67.248.6
186.67.248.8
186.147.129.110
187.102.174.154
188.166.211.7
189.6.45.130
189.240.225.205
190.12.102.58
190.85.15.251
190.104.25.210
190.128.230.98
190.129.60.125
190.144.14.170
190.145.192.106
190.153.249.99
190.181.25.210
190.210.182.179
191.242.105.133
192.241.157.126
194.152.206.17
194.169.175.10
194.169.175.17
195.19.4.22
195.88.120.62
197.5.145.68
197.5.145.102
197.227.8.186
198.12.85.199
198.12.114.231
200.105.183.118
201.116.3.194
201.149.49.146
201.163.162.179
201.226.239.98
201.234.66.133
202.21.123.124
202.21.123.196
202.55.175.236
202.158.139.57
203.66.168.81
203.98.76.172
203.106.164.74
203.113.167.3
203.172.76.4
203.205.37.233
205.185.113.140
206.217.131.233
208.109.34.15
209.97.186.17
210.3.92.14
210.65.88.51
210.187.80.132
211.21.113.128
211.75.19.210
211.115.93.98
211.193.31.52
211.253.9.49
211.253.10.96
212.49.70.200
212.70.149.150
212.83.144.11
213.109.202.127
218.56.160.82
218.92.0.22
218.92.0.24
218.92.0.27
218.92.0.29
218.92.0.31
218.92.0.32
218.92.0.34
218.92.0.39
218.92.0.48
218.92.0.56
218.92.0.76
218.92.0.100
218.92.0.102
218.92.0.107
218.92.0.112
218.92.0.113
218.92.0.118
218.92.0.123
218.92.0.124
218.150.246.42
218.255.245.10
220.80.223.144
220.86.29.35
221.156.126.1
221.213.129.46
222.107.156.227
222.124.214.10
223.197.151.55
223.197.175.91
223.197.186.7
223.197.188.206

81752
blocklist_net_ua.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

89
botscout.ipset Normal file
View File

@ -0,0 +1,89 @@
#
# botscout
#
# ipv4 hash:ip ipset
#
# [BotScout] (http://botscout.com/) helps prevent automated
# web scripts, known as bots, from registering on forums,
# polluting databases, spreading spam, and abusing forms on
# web sites. They do this by tracking the names, IPs, and
# email addresses that bots use and logging them as unique
# signatures for future reference. They also provide a simple
# yet powerful API that you can use to test forms when
# they're submitted on your site. This list is composed of
# the most recently-caught bots.
#
# Maintainer : BotScout.com
# Maintainer URL : http://botscout.com/
# List source URL : http://botscout.com/last_caught_cache.htm
# Source File Date: Thu May 9 09:52:26 UTC 2024
#
# Category : abuse
# Version : 88147
#
# This File Date : Thu May 9 09:52:27 UTC 2024
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 52 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botscout
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.157.27.55
5.253.161.54
5.253.161.62
23.236.214.91
37.19.217.86
38.152.41.232
38.152.154.204
38.152.253.13
38.152.253.36
38.152.253.135
38.152.253.215
38.153.135.159
84.239.47.77
89.22.237.210
103.221.235.217
104.233.51.119
104.233.54.4
107.172.146.162
107.172.238.152
107.175.119.63
120.40.130.70
134.73.69.25
135.181.125.113
154.12.200.135
154.13.99.149
154.13.102.233
154.13.103.182
154.13.106.39
154.13.109.96
154.13.110.232
154.30.194.117
154.30.213.74
172.96.92.160
185.196.191.84
185.220.101.89
186.179.52.21
193.188.20.238
194.110.114.22
196.51.141.39
196.51.141.196
196.51.201.74
196.51.201.116
196.51.204.229
196.51.252.44
196.51.252.238
196.58.225.63
196.243.240.37
198.245.69.91
209.99.137.200
209.242.209.155
216.24.212.15
216.180.106.55

842
botscout_1d.ipset Normal file
View File

@ -0,0 +1,842 @@
#
# botscout_1d
#
# ipv4 hash:ip ipset
#
# [BotScout] (http://botscout.com/) helps prevent automated
# web scripts, known as bots, from registering on forums,
# polluting databases, spreading spam, and abusing forms on
# web sites. They do this by tracking the names, IPs, and
# email addresses that bots use and logging them as unique
# signatures for future reference. They also provide a simple
# yet powerful API that you can use to test forms when
# they're submitted on your site. This list is composed of
# the most recently-caught bots.
#
# Maintainer : BotScout.com
# Maintainer URL : http://botscout.com/
# List source URL : http://botscout.com/last_caught_cache.htm
# Source File Date: Thu May 9 09:52:26 UTC 2024
#
# Category : abuse
# Version : 88147
#
# This File Date : Thu May 9 09:52:27 UTC 2024
# Update Frequency: 30 mins
# Aggregation : 1 day
# Entries : 811 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botscout_1d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.57.122.215
5.35.32.114
5.42.65.19
5.42.65.99
5.45.36.244
5.45.36.248
5.45.37.248
5.78.67.73
5.157.0.107
5.157.0.169
5.157.20.132
5.157.27.55
5.161.197.144
5.180.79.195
5.183.130.123
5.183.130.172
5.188.210.38
5.188.210.84
5.188.210.93
5.253.161.54
5.253.161.62
5.253.161.94
5.253.161.128
5.253.161.134
5.253.161.140
5.253.161.174
5.253.161.182
5.253.161.194
14.54.45.199
14.225.210.186
14.241.237.119
23.81.228.162
23.81.229.92
23.81.231.155
23.83.87.85
23.83.87.190
23.83.87.241
23.83.179.61
23.94.153.9
23.94.153.50
23.94.229.197
23.94.229.214
23.94.230.252
23.95.81.75
23.95.99.117
23.95.224.30
23.105.159.234
23.137.250.83
23.154.177.6/31
23.228.108.187
23.229.14.218
23.229.22.5
23.229.53.60
23.229.73.87
23.229.81.110
23.229.110.92
23.231.34.17
23.236.142.196
23.236.152.117
23.236.156.97
23.236.214.91
23.236.228.192
27.71.174.34
27.213.210.38
31.44.59.224
31.173.83.189
31.173.86.14
31.186.137.7
31.223.189.210
35.247.44.173
35.247.84.183
37.6.3.8
37.19.198.200
37.19.200.162
37.19.217.86
37.19.221.175
37.27.56.54
37.46.113.177
37.46.113.179
37.115.189.95
37.120.210.219
37.139.53.25
37.139.53.32
37.139.53.166
37.143.62.93
37.143.62.161
37.143.63.26
38.46.219.107
38.152.12.219
38.152.14.115
38.152.41.232
38.152.154.83
38.152.154.204
38.152.253.8
38.152.253.13
38.152.253.36
38.152.253.41
38.152.253.104
38.152.253.122
38.152.253.135
38.152.253.212
38.152.253.215
38.153.135.159
38.154.5.203
38.154.6.113
38.154.6.181
38.154.7.64
38.154.7.197
38.154.160.80
38.154.161.35
38.154.164.35
38.154.172.123
38.154.173.202
38.154.194.226
38.170.161.29
38.170.190.211
38.183.20.64
39.62.2.226
42.0.7.235
45.8.17.142
45.8.17.148
45.43.167.64
45.56.174.181
45.67.229.87
45.81.136.220
45.86.1.172
45.87.60.42
45.125.245.131
45.138.117.176
45.151.161.250
45.154.138.145
46.8.15.181
46.8.22.230
46.8.111.119
46.8.223.80
46.117.65.97
46.117.100.253
46.146.230.89
46.175.155.217
46.246.8.127
46.246.8.164
46.246.122.76
46.246.122.91
46.246.122.166
47.31.145.124
47.91.22.18
49.37.113.156
49.255.11.50
50.2.39.84
50.3.183.136
51.178.45.216
54.37.7.235
58.6.237.106
58.20.248.139
58.246.58.150
59.103.109.227
62.128.217.86
64.137.30.30
64.137.31.153
64.137.97.40
64.137.106.84
66.84.92.35
67.201.33.10
67.227.119.34
69.58.4.96
69.58.13.179
69.61.200.104
69.141.179.52
77.83.1.163
77.83.1.205
77.94.1.134
77.232.41.202
77.237.229.237
79.117.228.11
80.95.44.0
80.239.140.196
80.244.44.217
82.144.66.59
82.149.76.7
83.166.205.43
83.220.237.102
84.16.224.227
84.17.62.147
84.33.210.58
84.239.47.10
84.239.47.26
84.239.47.71
84.239.47.77
84.247.116.224
85.115.195.167
85.203.44.239
86.97.89.93
89.22.233.74
89.22.237.210
89.41.190.5
89.113.145.239
89.113.157.143
89.149.26.175
89.149.26.177
89.149.87.81
91.103.252.64
91.139.160.150
91.149.233.252
91.193.178.129
91.195.98.52
91.223.102.110
91.223.102.184
91.246.195.110
92.38.148.53
92.204.174.93
93.82.140.137
93.92.229.133
93.118.100.67
94.16.121.91
94.23.247.129
94.25.169.180
94.25.171.162
94.25.225.39
94.131.80.67
94.131.80.83
94.131.89.204
94.140.8.112
94.158.20.87
94.158.20.238
95.104.193.129
95.142.121.29
95.142.121.54
101.10.3.16
102.129.152.105
102.129.252.117
102.165.1.40
102.165.1.135
102.165.1.230
103.47.53.109
103.67.187.236
103.72.61.16
103.75.229.115
103.87.142.141
103.105.176.250
103.115.101.13
103.120.134.84/31
103.136.203.128
103.155.118.190
103.172.28.133
103.210.54.22
103.221.234.17
103.221.235.38
103.221.235.71
103.221.235.112
103.221.235.217
103.225.202.218
103.225.203.5
103.225.203.212
103.229.45.7
103.239.172.246
104.28.198.34
104.28.222.238
104.28.230.34
104.28.237.72
104.28.254.73
104.129.17.220
104.143.229.48
104.168.25.112
104.168.135.207
104.168.218.65
104.196.234.174
104.196.236.45
104.206.81.174
104.233.26.1
104.233.51.119
104.233.53.46
104.233.54.4
104.239.76.240
104.239.126.193
104.244.73.43
106.10.0.7
107.150.71.77
107.150.71.144
107.172.18.63
107.172.71.87
107.172.132.66
107.172.146.162
107.172.238.152
107.173.204.149
107.174.150.45
107.174.150.50
107.174.150.150
107.174.249.163
107.175.32.123
107.175.34.58
107.175.65.13
107.175.65.87
107.175.119.63
107.178.107.182
107.179.26.107
108.48.40.253
109.70.100.2
109.248.14.67
109.248.15.27
109.248.15.132
109.248.142.60
109.248.143.37
112.51.96.118
113.61.48.70
113.61.48.86
113.61.48.97
113.174.234.83
114.131.14.73
116.212.148.215
116.230.30.105
117.54.114.50
118.69.72.241
118.99.116.103
120.40.130.70
123.13.58.236
123.13.60.231
123.13.62.63
123.13.62.178
125.99.220.190
125.228.216.16
130.44.200.152
130.44.201.110
130.44.202.232
134.73.68.99
134.73.69.25
135.181.125.113
136.144.19.172
136.144.19.206
139.99.68.203
140.213.200.10
141.101.104.116
141.164.91.61
142.147.242.169
143.244.41.154
144.76.159.163
146.70.57.2
146.70.111.146
147.53.116.3
147.53.120.163
148.163.102.178
149.34.245.207
149.40.50.17
149.71.176.190
149.71.177.149
149.71.180.42
149.71.180.56
149.71.181.124
149.71.181.228
149.86.141.139
149.102.232.19
149.102.244.24
152.42.204.1
152.44.104.74
152.58.86.156
152.89.8.62
152.89.8.92
154.9.177.244
154.9.201.87
154.12.143.72
154.12.162.29
154.12.200.135
154.13.96.76
154.13.97.103
154.13.98.174
154.13.98.207
154.13.99.149
154.13.101.17
154.13.101.250
154.13.102.150
154.13.102.233
154.13.103.182
154.13.104.254
154.13.105.66
154.13.106.39
154.13.106.233
154.13.107.198
154.13.109.96
154.13.110.232
154.13.126.245
154.16.192.89
154.21.39.0
154.21.116.63
154.21.116.159
154.21.117.88
154.21.119.156
154.22.61.128
154.30.59.26
154.30.194.117
154.30.213.51
154.30.213.53
154.30.213.65
154.30.213.74
154.30.213.78
154.30.213.109
154.30.213.123
154.30.213.140
154.30.213.149
154.30.213.168
154.30.213.225
154.30.213.247
154.30.213.251
154.30.241.251
154.37.250.6
154.37.250.101
154.38.22.238
154.47.27.105
154.53.82.6
154.53.82.15
154.53.82.37
154.53.82.116
154.53.82.211
154.57.3.36
154.118.228.210
154.194.9.190
154.194.11.12
155.94.171.80
155.94.220.159
155.94.240.230
156.146.41.72
156.146.60.133
157.52.233.109
158.140.180.126
159.65.139.62
159.242.227.128
162.208.126.176
162.212.170.253
162.212.172.254
162.244.150.27
165.231.37.35
165.231.45.248
165.231.84.148
165.231.84.211
165.231.97.50
165.231.98.41
165.231.101.48
165.231.108.91
165.231.165.215
165.231.193.118
166.0.228.50
168.81.46.100
168.81.46.151
168.81.46.236
168.151.226.10
168.151.227.142
168.228.46.76
170.246.53.56
170.247.221.51
171.22.250.2
171.25.193.77
171.225.192.18
171.234.9.174
171.251.236.117
171.251.237.249
171.252.189.28
172.64.236.166
172.68.10.10
172.68.10.78
172.68.10.190
172.68.23.147
172.68.27.132
172.68.27.220
172.68.50.20
172.68.134.127
172.68.138.71
172.68.194.138
172.68.195.184
172.68.243.41
172.69.22.22/31
172.69.22.39
172.69.22.230
172.69.22.244/31
172.69.22.249
172.69.23.164
172.69.23.205
172.69.50.182
172.69.70.54
172.69.130.206
172.69.130.229
172.69.134.57
172.69.134.122
172.69.135.21
172.69.135.23
172.69.135.82
172.69.135.159
172.69.150.244
172.69.151.47
172.69.151.48
172.69.151.138
172.69.151.162
172.69.194.60
172.69.214.141
172.69.214.241
172.69.234.166
172.69.234.168
172.70.46.183
172.70.49.211
172.70.110.18
172.70.110.224
172.70.114.173
172.70.115.37
172.70.207.20
172.70.242.69
172.70.247.173
172.70.250.176
172.71.22.140
172.71.22.152
172.71.30.114
172.71.103.108
172.71.126.48/31
172.71.126.192
172.71.130.64
172.71.131.53
172.71.131.183
172.71.147.52
172.71.154.27
172.71.154.59
172.71.154.127
172.71.154.177
172.71.158.118
172.71.158.185
172.71.166.217
172.71.170.105
172.71.174.238
172.71.182.198
172.71.183.5
172.71.184.140
172.71.184.143
172.71.184.147
172.81.113.33
172.96.81.170
172.96.92.160
172.96.93.163
172.96.95.132
172.245.60.243
172.245.73.22
172.245.107.228
172.245.193.100
172.245.250.169
173.44.223.122
173.206.137.135
173.211.0.29
173.213.93.92
173.234.154.124
173.234.194.59
173.234.194.143
173.239.196.193
173.239.196.195
173.239.196.196
174.167.44.90
176.8.89.36
176.125.230.4
176.125.230.41
178.155.5.25
178.159.37.83
178.159.37.156
178.175.128.41
179.61.241.48/31
181.176.103.230
181.177.67.229
181.214.165.44
181.214.218.52
181.215.182.15
182.182.103.151
183.199.125.225
184.164.84.175
184.164.94.155
184.170.248.5
184.174.25.215
185.46.84.158
185.108.106.251
185.118.220.176
185.135.78.16
185.166.85.242
185.191.204.254
185.196.191.84
185.196.191.94
185.196.191.157
185.199.118.249
185.207.107.216
185.220.101.50
185.220.101.84
185.220.101.89
185.234.216.56
186.91.41.74
186.179.6.97
186.179.6.122
186.179.35.38
186.179.52.21
186.179.52.56
188.74.138.240
188.74.182.18
188.126.89.147
188.130.143.245
188.130.184.167
188.130.185.41
188.130.185.118
188.241.178.19
191.96.37.127
191.96.106.42
191.96.249.208
191.101.109.48
191.102.132.27
191.102.132.28
191.102.132.220
191.102.154.62
191.102.156.87
192.3.183.39
192.3.240.197
192.3.255.194
192.42.116.174
192.126.160.164
192.126.160.197
192.126.160.240
192.126.203.26
192.126.203.72
192.126.203.121
192.171.81.64
192.171.83.7
192.171.89.81
192.186.159.221
192.198.124.188
192.210.188.133
192.210.188.134
192.227.128.203
192.241.65.151
192.241.70.51
192.241.84.96
192.241.87.212
192.241.119.55
193.28.182.12
193.36.224.17
193.36.224.19
193.56.252.235
193.160.237.223
193.188.20.238
194.32.122.34
194.34.248.168
194.35.113.118
194.39.33.210
194.71.126.163
194.110.114.22
194.113.106.9
194.113.113.174
194.213.123.51
195.2.67.223
195.154.61.146
195.191.79.83
195.201.29.129
196.51.35.80
196.51.112.120
196.51.117.132
196.51.140.2
196.51.140.20
196.51.140.99
196.51.140.102
196.51.140.136
196.51.140.166
196.51.140.175
196.51.140.222
196.51.141.29
196.51.141.39
196.51.141.116
196.51.141.196
196.51.186.117
196.51.197.109
196.51.197.110
196.51.197.167
196.51.201.47
196.51.201.74
196.51.201.96
196.51.201.116
196.51.201.161
196.51.201.170
196.51.201.187
196.51.201.240
196.51.204.50
196.51.204.86
196.51.204.94
196.51.204.124
196.51.204.138
196.51.204.159
196.51.204.175
196.51.204.205
196.51.204.229
196.51.249.35
196.51.249.66
196.51.249.89
196.51.249.93
196.51.249.102
196.51.249.155
196.51.249.170
196.51.249.219
196.51.249.255
196.51.252.44
196.51.252.88
196.51.252.121
196.51.252.125
196.51.252.131
196.51.252.151
196.51.252.182
196.51.252.221
196.51.252.238
196.57.217.15
196.58.225.63
196.58.225.72
196.196.31.149
196.196.35.226
196.196.53.102
196.196.164.31
196.196.169.62
196.196.169.76
196.197.10.216
196.198.13.198
196.198.13.225
196.198.16.77
196.198.211.71
196.199.40.146
196.199.104.221
196.240.51.186
196.240.51.240
196.240.105.146
196.240.105.190
196.240.143.23
196.240.173.33
196.240.254.85
196.240.254.177
196.241.86.253
196.242.4.248
196.242.57.123
196.242.70.41
196.242.70.167
196.242.89.29
196.242.89.248
196.242.134.68
196.242.141.84
196.242.141.183
196.242.178.162
196.242.178.198
196.242.178.220
196.242.195.55
196.242.195.109
196.242.195.187
196.243.240.37
196.243.240.82
196.244.4.149
196.244.71.152
196.244.200.41
196.244.200.244
196.245.187.207
196.245.251.114
196.247.212.185
198.16.76.29
198.20.178.107
198.20.180.216
198.20.182.29
198.20.182.114
198.44.136.78
198.44.136.120
198.154.89.55
198.240.91.17
198.245.67.27
198.245.69.91
199.188.102.41
199.188.102.82
202.62.84.210
203.21.72.32
203.106.170.107
206.206.73.219
206.220.175.2
206.232.13.179
209.35.5.215
209.99.137.200
209.99.137.233
209.127.17.171
209.127.17.176
209.127.28.161
209.141.62.71
209.242.209.155
209.242.209.203
209.251.22.43
211.226.157.133
212.30.33.110
212.30.33.121
212.30.33.131
212.30.33.137
212.30.33.141
212.30.33.178
212.30.33.203
212.30.33.234
212.30.33.240
212.102.49.72
216.24.212.15
216.24.212.29
216.24.212.33
216.173.78.233
216.173.103.155
216.180.106.55
217.170.202.237
217.212.244.67
218.6.121.111
220.134.249.220
222.138.76.6
223.26.212.3
223.29.254.96
224.181.124.117

13685
botscout_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

4415
botscout_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

249
botvrij_dst.ipset Normal file
View File

@ -0,0 +1,249 @@
#
# botvrij_dst
#
# ipv4 hash:ip ipset
#
# [botvrij.eu] (http://www.botvrij.eu/) Indicators of
# Compromise (IOCS) about malicious destination IPs, gathered
# via open source information feeds (blog pages and PDF
# documents) and then consolidated into different datasets.
# To ensure the quality of the data all entries older than
# approx. 6 months are removed.
#
# Maintainer : botvrij.eu
# Maintainer URL : http://www.botvrij.eu/
# List source URL : http://www.botvrij.eu/data/ioclist.ip-dst.raw
# Source File Date: Sat May 4 11:22:52 UTC 2024
#
# Category : attacks
# Version : 82
#
# This File Date : Sat May 4 21:36:05 UTC 2024
# Update Frequency: 1 day
# Aggregation : none
# Entries : 215 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botvrij_dst
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.92.240.113
3.144.135.247
5.183.95.95
14.225.210.97
14.225.210.98
14.225.210.209
14.225.210.222
18.215.238.53
20.120.249.43
20.151.89.252
20.237.166.161
23.95.209.148
23.159.160.88
23.224.99.242
23.224.99.243
23.224.99.244
23.224.99.245
23.224.99.246
23.225.35.234
23.225.35.235
23.225.35.236
23.225.35.237
23.225.35.238
34.135.1.100
37.120.237.204
37.120.237.248
37.139.129.145
38.180.2.23
38.180.3.57
38.180.76.31
43.153.75.48
43.153.106.236
43.155.173.104
43.157.58.203
43.157.63.199
43.163.221.160
43.254.217.165
45.9.148.193
45.9.149.215
45.63.119.131
45.67.230.91
45.76.118.87
45.77.52.253
45.77.54.14
45.86.163.224
45.86.163.244
45.89.106.147
45.95.11.134
45.128.134.189
45.128.232.143
45.142.166.112
45.153.240.73
45.251.240.55
46.8.198.196
49.51.49.54
51.15.145.37
51.79.208.192
52.161.154.239
54.219.169.167
62.84.100.225
62.115.255.163
63.79.171.112
64.31.63.70
64.31.63.194
65.20.97.203
65.21.51.58
66.70.160.251
70.62.153.174
74.124.219.71
77.246.96.204
79.134.225.17
82.102.19.88
82.180.150.197
84.32.189.74
85.239.54.190
86.105.18.113
89.44.198.16
89.44.198.189
89.44.198.196
91.92.247.212
91.92.254.31
91.235.234.81
91.235.234.251
93.115.22.212
94.131.3.160
94.131.98.14
94.131.109.65
94.156.71.115
95.164.38.99
95.164.46.199
95.179.176.250
96.44.159.46
103.20.222.218
103.27.132.69
103.27.202.85
103.51.140.101
103.56.53.46
103.76.128.34
103.114.200.230
103.119.3.230
103.125.218.198
103.127.43.208
103.212.81.155
103.212.81.157
104.156.232.22
104.193.88.123
107.148.19.88
107.148.41.146
107.172.16.208
107.172.79.5
107.173.140.111
118.193.40.42
121.37.174.139
121.227.168.69
131.196.252.148
134.122.197.80
139.99.23.9
139.162.135.12
145.239.54.169
146.70.124.102
146.70.149.61
149.28.166.244
152.70.83.47
154.22.235.13
154.22.235.17
154.39.142.47
156.241.86.2
162.62.225.65
167.114.4.175
167.114.138.249
170.106.196.76
172.86.66.165
172.105.90.154
172.105.94.93
172.105.124.34
172.233.245.241
173.233.137.36
173.233.137.44
173.233.137.52
173.233.137.60
173.233.139.164
176.31.18.153
176.97.66.57
176.97.76.118
176.97.76.129
176.99.6.152
176.119.195.113
176.119.195.115
176.124.32.84
178.21.13.3
178.21.13.32
178.21.13.33
178.21.13.34
178.21.13.35
178.21.14.92
178.21.14.93
178.21.15.41
178.21.15.42
178.21.15.85
178.21.15.183
178.21.15.204
178.162.227.180
179.43.172.127
179.43.172.191
183.134.93.171
185.44.81.147
185.123.101.250
185.162.235.206
185.167.60.85
185.180.223.48
185.220.101.58
185.227.111.17
185.228.72.38
185.241.208.83
185.241.208.104
185.244.30.218
185.244.210.65
185.244.210.120
190.2.145.24
192.36.57.181
192.210.137.35
192.243.59.12
192.243.59.13
192.243.59.20
192.243.61.225
192.243.61.227
193.34.167.245
193.142.58.126
194.4.49.6
194.32.78.183
195.10.205.23
198.50.170.72
198.98.56.93
198.244.174.214
199.34.27.196
203.95.8.98
203.95.9.54
205.147.101.170
205.209.102.218
205.234.232.196
207.148.74.250
212.193.2.48
213.156.138.68
213.156.138.77
213.156.138.78
216.155.157.136
216.238.66.251
216.238.71.49
216.238.72.201
216.238.74.95
216.238.75.155
216.238.81.149
216.238.85.220
216.238.86.24
217.57.80.18

34
botvrij_src.ipset Normal file
View File

@ -0,0 +1,34 @@
#
# botvrij_src
#
# ipv4 hash:ip ipset
#
# [botvrij.eu] (http://www.botvrij.eu/) Indicators of
# Compromise (IOCS) about malicious source IPs, gathered via
# open source information feeds (blog pages and PDF
# documents) and then consolidated into different datasets.
# To ensure the quality of the data all entries older than
# approx. 6 months are removed.
#
# Maintainer : botvrij.eu
# Maintainer URL : http://www.botvrij.eu/
# List source URL : http://www.botvrij.eu/data/ioclist.ip-src.raw
# Source File Date: Tue Mar 8 13:55:10 UTC 2022
#
# Category : attacks
# Version : 7
#
# This File Date : Tue Mar 8 16:40:02 UTC 2022
# Update Frequency: 1 day
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botvrij_src
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

355
bruteforceblocker.ipset Normal file
View File

@ -0,0 +1,355 @@
#
# bruteforceblocker
#
# ipv4 hash:ip ipset
#
# [danger.rulez.sk bruteforceblocker]
# (http://danger.rulez.sk/index.php/bruteforceblocker/)
# (fail2ban alternative for SSH on OpenBSD). This is an
# automatically generated list from users reporting failed
# authentication attempts. An IP seems to be included if 3 or
# more users report it. Its retention pocily seems 30 days.
#
# Maintainer : danger.rulez.sk
# Maintainer URL : http://danger.rulez.sk/index.php/bruteforceblocker/
# List source URL : http://danger.rulez.sk/projects/bruteforceblocker/blist.php
# Source File Date: Thu May 9 09:48:41 UTC 2024
#
# Category : attacks
# Version : 11369
#
# This File Date : Thu May 9 09:52:24 UTC 2024
# Update Frequency: 3 hours
# Aggregation : none
# Entries : 321 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bruteforceblocker
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.189.151.15
8.222.151.199
18.144.155.44
23.90.23.234
34.219.85.230
36.64.232.117
36.85.110.5
37.9.170.115
42.112.26.170
45.125.66.43
45.137.198.64
45.155.91.99
51.81.165.111
51.159.17.182
54.67.0.252
54.193.167.244
54.212.192.235
54.244.62.166
58.144.233.25
62.171.137.67
64.23.145.49
64.23.174.32
64.23.190.155
64.23.199.247
64.23.244.28
64.227.132.252
64.227.162.229
67.205.169.229
68.183.158.20
76.187.181.62
77.91.84.247
80.216.158.15
85.208.117.104
87.246.7.206
89.32.41.104
92.53.82.117
92.118.39.120
92.118.39.229
92.118.39.245
94.154.33.37
94.156.10.90
94.156.10.184
94.156.79.60
94.156.79.135
101.96.119.195
102.64.66.222
103.155.193.186
103.156.178.219
104.248.10.89
106.105.212.133
115.241.74.34
116.98.160.8
116.98.165.5
116.98.165.43
116.98.166.152
116.98.168.115
116.98.169.138
116.98.172.248
116.98.173.91
116.98.174.78
116.105.209.191
116.105.211.185
116.105.213.181
116.105.216.92
116.110.2.185
116.110.4.113
116.110.70.16
116.110.81.51
116.110.87.144
116.110.87.230
116.110.90.217
116.110.91.36
116.110.92.146
116.110.95.253
116.110.113.80
116.110.123.235
116.110.215.63
121.123.29.141
121.135.41.52
122.151.59.40
122.255.0.85
128.199.255.247
134.209.152.32
134.209.169.16
137.184.7.237
137.184.116.244
137.184.172.91
137.184.224.6
137.184.231.177
138.197.126.79
138.197.135.93
138.197.138.89
138.197.142.73
138.197.146.41
138.197.163.28
141.98.10.44
141.98.10.96
141.255.167.250
143.110.223.32
143.110.248.193
143.198.140.5
143.244.130.0
144.126.232.226
146.190.53.250
146.190.55.2
146.190.130.11
146.190.250.240
147.182.204.147
149.202.90.68
152.89.245.140
157.230.32.23
157.245.98.202
158.174.168.185
159.65.129.182
159.65.171.74
159.65.171.117
159.203.1.160
159.203.44.5
159.223.221.13
161.35.33.123
161.35.154.16
161.35.181.61
161.35.185.128
161.35.235.140
164.90.237.98
165.227.206.84
165.232.137.13
165.232.165.149
167.71.13.205
167.94.138.2
170.64.131.133
170.64.134.116
170.64.137.171
170.64.139.24
170.64.139.130
170.64.143.168
170.64.145.115
170.64.147.57
170.64.150.213
170.64.151.128
170.64.151.131
170.64.151.137
170.64.151.148
170.64.151.153
170.64.151.182
170.64.152.11
170.64.152.106
170.64.152.245
170.64.156.146
170.64.157.31
170.64.157.42
170.64.158.147
170.64.158.169
170.64.159.4
170.64.159.129
170.64.159.223
170.64.159.243
170.64.161.61
170.64.161.109
170.64.165.18
170.64.165.29
170.64.166.132
170.64.169.157
170.64.173.99
170.64.175.115
170.64.178.151
170.64.179.184
170.64.179.186
170.64.183.131
170.64.187.22
170.64.188.83
170.64.190.158
170.64.192.54
170.64.194.45
170.64.195.5
170.64.195.7
170.64.195.135
170.64.195.147
170.64.195.157
170.64.195.167
170.64.195.236
170.64.195.237
170.64.196.95
170.64.197.57
170.64.198.228
170.64.201.55
170.64.202.235
170.64.204.77
170.64.204.203
170.64.205.5
170.64.206.32
170.64.206.184
170.64.211.56
170.64.211.58
170.64.211.59
170.64.213.4
170.64.213.30
170.64.214.23
170.64.216.63
170.64.216.179
170.64.218.4
170.64.218.246
170.64.220.63
170.64.220.211
170.64.221.103
170.64.221.234
170.64.221.251
170.64.222.10
170.64.222.78
170.64.225.53
170.64.225.105
170.64.226.37
170.64.226.55
170.64.227.75
170.64.227.140
170.64.228.80
170.64.228.179
170.64.229.96
170.64.229.109
170.64.229.110
170.64.229.112
170.64.229.130
170.64.229.134
170.64.229.236
170.64.229.237
170.64.229.249
170.64.229.250
170.64.229.252
170.64.230.42
170.64.230.103
170.64.230.134
170.64.230.238
170.64.231.52
170.64.232.57
170.64.232.213
170.64.232.236
170.64.233.15
170.64.233.43
170.64.233.87
170.64.233.88
170.64.233.90
170.64.234.114
170.64.234.117
170.64.234.173
170.64.234.181
170.64.234.198
170.64.234.216
170.64.236.66
170.64.236.155
170.64.236.252
170.64.237.127
170.64.238.12
170.64.238.15
171.251.16.109
171.251.17.22
171.251.18.42
171.251.19.8
171.251.20.185
171.251.21.233
171.251.22.0
171.251.29.39
171.251.29.139
172.233.57.39
172.233.57.157
172.233.58.223
174.138.5.127
174.138.14.89
174.138.73.2
176.10.248.195
178.62.10.177
178.128.37.192
179.43.180.106
179.43.180.108
179.43.190.218
180.232.75.76
183.14.90.94
183.81.169.139
183.81.169.238
185.22.65.186
185.74.6.22
185.161.248.247
185.196.11.132
188.166.27.237
188.166.29.90
188.166.31.47
188.166.155.155
192.42.116.179
192.42.116.209
192.42.116.211
192.42.116.212
192.227.148.214
193.32.162.29
193.32.162.38
193.32.162.63
193.32.162.76
193.32.162.79
193.32.162.83
193.222.96.163
194.147.58.73
194.187.48.251
197.248.193.134
199.45.154.4
200.58.107.201
206.189.17.193
206.189.33.119
206.189.123.161
209.38.16.105
209.38.16.160
209.38.24.51
209.38.24.74
209.38.24.148
209.38.24.193
209.38.24.200
209.38.24.227
209.38.28.46
209.38.28.251
209.38.32.79
209.38.144.4
209.97.134.50
212.233.49.104
213.168.248.141

15031
ciarmy.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

9146
cidr_report_bogons.netset Normal file
View File

File diff suppressed because it is too large Load Diff

4549
cleanmx_phishing.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

12221
cleanmx_viruses.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

522
cleantalk.ipset Normal file
View File

@ -0,0 +1,522 @@
#
# cleantalk
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Today's HTTP Spammers
# (includes: cleantalk_new cleantalk_updated)
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL :
# Source File Date: Thu May 9 07:44:51 UTC 2024
#
# Category : abuse
# Version : 28819
#
# This File Date : Thu May 9 07:44:53 UTC 2024
# Update Frequency: 1 min
# Aggregation : none
# Entries : 492 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.189.143.101
2.101.194.165
2.176.81.164
3.14.70.163
3.17.64.47
3.22.171.136
3.23.63.252
3.23.130.108
3.80.253.232
3.81.45.243
3.81.171.245
3.85.45.117
3.85.78.17
3.85.230.164
3.86.64.38
3.88.180.183
3.94.108.247
3.141.165.180
3.142.97.219
3.214.224.152
3.216.46.22
3.220.230.110
3.239.34.136
5.78.84.109
5.181.156.253
5.181.168.128
5.183.130.172
8.210.156.199
12.53.238.155
13.59.43.17
13.59.217.167
13.59.231.155
14.166.189.5
14.187.119.5
14.216.232.107
14.226.50.237
16.163.140.171
18.118.29.224
18.118.99.7
18.119.11.28
18.134.154.195
18.188.29.73
18.188.255.116
18.191.109.201
18.191.166.122
18.212.107.249
18.217.139.162
18.218.15.248
18.218.172.210
18.218.194.84
18.219.36.249
18.221.149.231
18.223.151.158
18.224.215.188
18.225.10.116
18.225.31.77
18.232.99.169
18.234.199.71
18.236.163.169
20.185.156.86
23.94.29.194
23.94.251.237
23.95.157.85
23.109.232.88
23.224.111.139
23.225.72.125
23.230.167.65
23.236.156.206
23.254.229.225
27.42.97.111
27.68.79.106
27.73.17.12
27.77.237.253
27.147.180.70
27.190.122.65
34.73.124.95
34.206.211.209
34.215.106.159
34.217.38.69
34.219.54.86
34.222.215.58
34.229.42.221
35.90.97.183
35.91.3.120
35.91.22.218
35.93.198.201
35.93.198.241
35.93.224.196
35.94.204.95
35.94.236.215
35.94.253.184
35.95.1.216
35.95.62.32
35.167.54.118
35.171.24.142
35.172.234.86
35.240.4.127
36.95.45.146
37.17.11.182
37.19.221.37
37.45.152.252
37.46.113.210
37.99.3.118
37.140.254.158
38.46.223.90
38.46.223.91
38.46.223.92
38.57.149.207
38.152.11.53
38.152.11.69
38.154.191.218
38.170.109.110
38.170.176.165
40.117.85.135
42.231.23.77
43.155.182.247
43.225.148.130
43.225.148.150
43.242.203.80
44.195.91.30
45.8.17.124
45.8.25.92
45.41.160.69
45.41.171.145
45.41.177.233
45.61.100.225
45.77.149.238
45.79.52.194
45.87.253.214
45.127.248.6
45.135.139.179
45.139.125.100
45.140.121.49
45.141.81.113
45.141.81.117
45.143.99.251
45.150.44.21
45.150.44.40
45.150.44.156
45.151.161.194
45.192.138.81
45.192.147.108
45.199.142.66
45.199.142.68
45.199.142.69
45.199.142.70
45.199.142.71
45.199.142.72
46.8.154.94
46.8.155.22
46.8.213.237
46.116.213.27
46.246.8.102
47.76.209.138
47.238.209.241
47.238.238.251
49.64.241.59
49.72.81.25
49.145.10.175
50.3.222.171
50.63.12.101
51.195.216.60
51.254.27.215
52.0.6.57
52.15.128.243
52.19.36.109
52.51.120.9
52.70.60.89
52.79.52.192
52.90.58.172
52.91.73.193
52.176.58.119
54.80.142.249
54.82.191.212
54.88.137.77
54.144.117.128
54.147.158.204
54.152.202.218
54.152.244.118
54.158.133.3
54.165.132.67
54.174.156.101
54.175.54.237
54.185.144.223
54.191.206.214
54.197.195.100
54.212.87.249
54.213.253.217
54.221.82.163
54.221.105.173
58.187.20.72
59.103.244.194
61.3.231.114
61.7.154.109
62.56.197.217
62.149.24.50
64.23.206.217
64.64.118.77
65.20.97.34
65.21.101.239
66.165.245.18
66.165.246.34
66.165.246.49
67.87.22.114
67.222.142.146
67.227.119.125
67.227.123.116
71.95.156.239
76.128.187.219
76.136.255.13
77.10.88.207
78.148.243.127
79.118.161.8
80.44.242.240
80.70.109.90
81.21.233.230
81.38.197.42
84.241.12.84
84.247.114.91
84.247.116.198
84.247.135.185
85.163.113.115
85.190.239.28
85.190.239.45
85.192.188.25
86.38.234.75
86.102.21.130
88.236.103.204
88.252.144.181
89.113.152.117
89.187.39.25
89.241.147.129
90.176.247.254
91.84.102.133
91.84.118.245
91.84.126.135
91.223.126.217
92.118.60.88
92.119.237.197
93.126.84.15
94.131.13.37
94.158.246.232
95.24.220.85
95.107.160.235
95.107.170.167
95.163.242.163
96.77.206.178
99.102.229.151
101.44.250.84
101.108.43.103
101.108.136.212
102.129.235.209
103.59.207.130
103.73.92.96
103.139.17.26
103.213.112.77
103.235.198.72
104.129.58.197
104.143.250.60
104.143.252.144
104.143.252.201
104.164.183.242
104.223.222.125
104.224.90.142
104.239.106.5
106.110.94.20
106.110.94.36
106.110.94.62
107.158.118.184
107.158.200.212
107.172.156.41
107.175.58.163
107.175.119.168
109.248.15.27
110.34.1.165
110.38.253.107
110.38.253.164
110.38.253.226
110.138.83.66
113.4.160.61
113.180.240.154
114.218.29.33
115.77.59.105
116.48.145.186
116.105.66.57
116.105.67.23
116.105.67.69
116.107.186.45
116.110.104.238
118.128.70.79
119.41.193.244
119.41.200.26
119.41.200.171
119.41.203.98
120.78.238.225
121.224.140.57
121.239.249.15
122.163.1.148
122.180.182.202
122.180.183.144
123.13.58.23
123.25.121.108
123.58.196.129
123.253.234.203
125.83.115.68
128.201.138.48
134.73.68.20
134.236.8.81
136.0.109.72
136.144.19.200
136.243.59.237
138.229.108.29
139.5.231.106
139.99.221.141
139.180.4.5
141.164.84.1
142.132.128.37
142.147.106.16
145.14.139.150
146.190.13.187
147.45.69.84
147.45.69.209
147.124.198.50
148.59.146.82
149.71.181.41
149.74.129.61
149.102.254.30
151.242.225.45
152.69.235.66
154.12.109.87
154.12.109.166
154.12.109.252
154.16.192.117
154.21.239.98
154.21.239.188
154.22.138.80
154.22.138.171
154.26.175.139
154.26.175.248
154.26.210.78
154.53.82.15
154.53.82.126
154.54.249.194
154.65.24.115
154.79.251.166
154.194.9.190
154.202.99.85
154.202.107.238
154.202.127.111
156.146.60.14
156.239.49.168
156.239.49.183
156.239.51.22
156.239.52.72
157.10.93.174
159.192.238.2
161.35.137.92
161.123.93.57
161.123.151.188
161.123.215.206
162.19.95.31
162.84.157.186
163.5.71.100
165.231.103.80
165.231.182.58
167.160.78.33
167.160.180.72
168.91.46.10
170.78.226.48
170.247.220.74
171.4.212.157
171.233.176.127
171.234.59.70
172.105.35.60
172.245.1.79
173.234.194.211
176.35.166.136
176.97.114.202
176.124.198.18
176.124.198.22
176.221.255.134
176.236.29.214
177.66.117.224
177.125.222.21
177.152.106.51
177.191.108.178
177.208.1.112
178.22.59.201
178.128.100.206
178.131.168.239
178.131.170.94
178.131.170.112
178.175.129.36
178.176.73.124
178.221.101.38
178.222.229.118
179.48.196.225
179.63.48.45
180.158.16.148
181.214.166.225
182.139.198.166
182.176.222.118
182.190.212.69
184.72.73.215
184.174.44.199
185.14.233.252
185.129.104.177
185.162.53.171
185.166.173.134
185.174.121.7
185.189.67.220
185.202.74.121
185.214.96.58
185.219.118.141
185.253.97.249
186.179.100.181
186.231.241.130
187.16.109.136
187.108.42.198
187.143.88.142
188.50.169.87
188.74.182.18
188.119.88.203
188.121.118.32
190.2.209.237
190.145.14.169
191.37.181.62
191.96.37.16
191.102.155.26
192.177.93.170
192.186.157.97
192.186.169.61
192.210.128.231
192.241.72.85
193.3.167.202
193.36.224.16
193.58.169.108
193.148.92.65
193.176.86.172
193.203.22.72
194.195.219.198
196.50.81.102
196.51.117.96
196.51.117.149
196.51.197.29
196.51.249.66
196.89.224.66
196.202.86.77
196.240.51.113
197.211.58.119
197.248.62.158
198.46.202.251
198.202.171.54
199.34.84.8
199.34.87.13
199.250.188.38
202.68.181.33
202.184.124.222
203.166.129.129
203.166.129.220
203.166.131.70
203.166.131.218
204.15.110.166
204.236.246.34
206.198.216.36
206.206.118.82
206.232.13.224
207.241.237.22
208.122.223.244
209.35.5.219
209.124.84.223
209.127.143.158
209.242.210.215
211.118.11.29
212.30.36.174
212.154.66.82
216.10.27.172
216.24.212.76
216.118.244.156
216.130.237.97
216.173.76.211
217.113.194.21
217.113.194.28
217.113.194.37
217.113.194.42
217.113.194.46
217.113.194.49
217.113.194.69
217.113.194.76
217.113.194.168
223.29.254.166
223.224.7.222

1853
cleantalk_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

56949
cleantalk_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

7128
cleantalk_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

279
cleantalk_new.ipset Normal file
View File

@ -0,0 +1,279 @@
#
# cleantalk_new
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Recent HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/submited_today
# Source File Date: Thu May 9 07:44:44 UTC 2024
#
# Category : abuse
# Version : 27141
#
# This File Date : Thu May 9 07:44:44 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 250 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_new
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.189.143.101
2.101.194.165
2.176.81.164
3.14.70.163
3.17.64.47
3.23.63.252
3.23.130.108
3.80.253.232
3.81.171.245
3.85.45.117
3.85.78.17
3.85.230.164
3.86.64.38
3.88.180.183
3.94.108.247
3.141.165.180
3.142.97.219
3.214.224.152
3.220.230.110
3.239.34.136
5.183.130.172
13.59.43.17
13.59.217.167
14.166.189.5
14.187.119.5
14.216.232.107
14.226.50.237
16.163.140.171
18.118.29.224
18.118.99.7
18.119.11.28
18.134.154.195
18.188.29.73
18.188.255.116
18.191.109.201
18.191.166.122
18.217.139.162
18.218.15.248
18.218.172.210
18.218.194.84
18.219.36.249
18.221.149.231
18.223.151.158
18.224.215.188
18.225.10.116
18.225.31.77
18.232.99.169
18.234.199.71
18.236.163.169
23.109.232.88
27.42.97.111
27.68.79.106
27.73.17.12
27.77.237.253
27.190.122.65
34.215.106.159
34.217.38.69
34.219.54.86
34.222.215.58
35.90.97.183
35.91.3.120
35.91.22.218
35.93.198.201
35.93.198.241
35.93.224.196
35.94.204.95
35.94.236.215
35.94.253.184
35.95.1.216
35.95.62.32
35.167.54.118
35.171.24.142
35.172.234.86
35.240.4.127
37.17.11.182
37.45.152.252
37.99.3.118
38.170.109.110
40.117.85.135
42.231.23.77
44.195.91.30
45.41.171.145
45.61.100.225
45.77.149.238
45.135.139.179
45.139.125.100
45.143.99.251
45.150.44.21
45.150.44.40
45.150.44.156
45.199.142.66
45.199.142.68
45.199.142.69
45.199.142.70
45.199.142.71
45.199.142.72
46.8.155.22
46.116.213.27
49.64.241.59
49.72.81.25
49.145.10.175
50.3.222.171
52.15.128.243
52.19.36.109
52.51.120.9
52.70.60.89
52.79.52.192
52.90.58.172
52.91.73.193
52.176.58.119
54.80.142.249
54.82.191.212
54.88.137.77
54.144.117.128
54.147.158.204
54.152.202.218
54.152.244.118
54.158.133.3
54.174.156.101
54.175.54.237
54.185.144.223
54.191.206.214
54.197.195.100
54.212.87.249
54.213.253.217
54.221.82.163
54.221.105.173
58.187.20.72
61.3.231.114
62.56.197.217
64.23.206.217
65.21.101.239
67.87.22.114
71.95.156.239
76.128.187.219
76.136.255.13
77.10.88.207
78.148.243.127
79.118.161.8
80.44.242.240
80.70.109.90
81.38.197.42
85.190.239.28
85.190.239.45
86.38.234.75
86.102.21.130
88.236.103.204
88.252.144.181
89.241.147.129
91.84.102.133
91.84.126.135
91.223.126.217
99.102.229.151
101.108.43.103
101.108.136.212
103.59.207.130
103.73.92.96
103.139.17.26
103.213.112.77
106.110.94.20
106.110.94.36
106.110.94.62
109.248.15.27
110.38.253.107
110.38.253.164
110.38.253.226
110.138.83.66
113.4.160.61
113.180.240.154
114.218.29.33
115.77.59.105
116.105.66.57
116.105.67.23
116.105.67.69
116.107.186.45
116.110.104.238
118.128.70.79
119.41.193.244
119.41.200.26
119.41.200.171
119.41.203.98
120.78.238.225
121.224.140.57
121.239.249.15
122.163.1.148
122.180.182.202
122.180.183.144
123.253.234.203
125.83.115.68
139.5.231.106
145.14.139.150
149.71.181.41
149.102.254.30
151.242.225.45
154.12.109.87
154.12.109.166
154.12.109.252
154.22.138.80
154.22.138.171
154.26.175.139
154.26.175.248
154.26.210.78
154.53.82.15
154.53.82.126
157.10.93.174
159.192.238.2
162.84.157.186
170.78.226.48
171.4.212.157
171.233.176.127
171.234.59.70
176.35.166.136
176.97.114.202
176.221.255.134
177.191.108.178
178.131.168.239
178.131.170.94
178.131.170.112
178.221.101.38
180.158.16.148
182.139.198.166
182.190.212.69
184.72.73.215
185.129.104.177
185.166.173.134
185.202.74.121
185.214.96.58
186.231.241.130
187.143.88.142
188.50.169.87
190.2.209.237
193.3.167.202
196.51.117.96
196.51.117.149
196.51.197.29
196.89.224.66
202.68.181.33
202.184.124.222
203.166.129.129
203.166.129.220
203.166.131.70
203.166.131.218
206.206.118.82
206.232.13.224
207.241.237.22
208.122.223.244
209.124.84.223
211.118.11.29
212.154.66.82
223.224.7.222

704
cleantalk_new_1d.ipset Normal file
View File

@ -0,0 +1,704 @@
#
# cleantalk_new_1d
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Recent HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/submited_today
# Source File Date: Thu May 9 07:44:44 UTC 2024
#
# Category : abuse
# Version : 27089
#
# This File Date : Thu May 9 07:44:44 UTC 2024
# Update Frequency: 15 mins
# Aggregation : 1 day
# Entries : 679 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_new_1d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.189.143.101
2.101.194.165
2.176.81.164
2.177.143.17
3.14.70.163
3.17.64.47
3.23.63.252
3.23.130.108
3.38.135.174
3.80.176.170
3.80.253.232
3.81.76.65
3.81.92.142
3.81.171.245
3.82.41.88
3.84.246.76
3.85.45.117
3.85.78.17
3.85.133.101
3.85.230.164
3.86.64.38
3.87.135.212
3.88.180.183
3.89.191.155
3.90.47.160
3.91.89.186
3.94.108.247
3.141.165.180
3.142.97.219
3.214.224.152
3.220.230.110
3.237.103.105
3.239.34.136
5.29.10.195
5.143.9.164
5.183.130.172
5.239.78.204
5.252.30.130
13.40.36.119
13.59.43.17
13.59.217.167
14.145.40.42
14.166.189.5
14.187.119.5
14.216.232.107
14.226.50.237
16.163.140.171
18.118.29.224
18.118.99.7
18.119.11.28
18.132.64.219
18.132.245.65
18.134.154.195
18.169.133.252
18.188.29.73
18.188.200.93
18.188.255.116
18.191.109.201
18.191.117.75
18.191.166.122
18.207.164.148
18.212.119.201
18.217.139.162
18.218.15.248
18.218.172.210
18.218.194.84
18.219.36.249
18.221.149.231
18.223.151.158
18.224.215.188
18.225.10.116
18.225.31.77
18.232.99.169
18.234.199.71
18.236.163.169
20.185.156.86
23.109.232.88
23.226.16.20
23.226.16.109
23.226.17.129
23.226.17.190
23.226.17.240
23.226.18.125
23.226.18.188
23.226.18.245
24.190.71.88
27.42.97.111
27.68.79.106
27.73.17.12
27.73.163.119
27.74.167.185
27.75.144.126
27.77.237.253
27.78.198.148
27.124.9.89
27.190.122.65
34.78.162.118
34.204.70.61
34.206.211.209
34.207.246.86
34.215.106.159
34.217.38.69
34.219.54.86
34.221.26.148
34.222.215.58
34.228.210.81
34.229.45.56
34.229.53.132
34.229.83.214
34.238.168.110
35.87.157.144
35.88.116.135
35.90.97.183
35.91.3.120
35.91.22.218
35.91.251.209
35.93.198.201
35.93.198.241
35.93.224.196
35.94.204.95
35.94.229.62
35.94.236.215
35.94.253.184
35.95.1.216
35.95.62.32
35.151.16.157
35.158.36.197
35.167.54.118
35.171.24.142
35.172.234.86
35.173.251.114
35.175.225.244
35.204.150.219
35.240.4.127
35.241.185.223
36.133.183.200
37.17.11.182
37.45.152.252
37.78.232.74
37.99.3.118
37.212.33.12
37.212.91.255
38.152.15.121
38.170.109.28
38.170.109.86
38.170.109.110
38.170.109.137
39.35.7.72
39.35.186.149
39.44.35.231
39.46.218.141
39.57.192.14
40.117.85.135
40.117.195.32
41.60.68.196
41.77.207.22
41.79.132.129
41.79.133.61
41.144.68.215
41.155.6.57
41.174.120.152
41.174.122.109
41.174.123.77
42.114.178.156
42.119.2.152
42.231.16.172
42.231.20.101
42.231.23.77
43.132.190.59
43.133.72.141
43.163.234.95
43.229.11.57
44.195.91.30
44.221.44.43
45.41.171.145
45.41.172.235
45.61.97.47
45.61.100.225
45.62.121.197
45.77.149.238
45.86.73.22
45.94.31.204
45.135.139.179
45.139.125.100
45.143.99.251
45.150.44.21
45.150.44.40
45.150.44.156
45.199.142.66
45.199.142.68/30
45.199.142.72
46.2.169.2
46.8.155.22
46.101.133.115
46.116.213.27
46.148.36.141
46.197.34.48
47.184.156.29
49.36.238.252
49.64.241.21
49.64.241.59
49.72.81.25
49.72.81.172
49.73.78.64
49.145.10.175
49.245.104.90
50.3.183.127
50.3.222.171
50.16.175.176
50.17.14.56
50.158.149.64
51.195.203.178
52.12.211.248
52.15.128.243
52.19.36.109
52.48.175.113
52.51.120.9
52.70.60.89
52.79.52.192
52.87.194.138
52.87.210.106
52.90.58.172
52.90.167.28
52.90.192.61
52.91.40.235
52.91.42.152
52.91.73.193
52.176.58.119
52.207.223.179
54.80.17.70
54.80.142.249
54.80.173.24
54.81.226.17
54.82.191.212
54.82.231.179
54.88.137.77
54.89.94.89
54.89.128.90
54.91.33.90
54.92.148.200
54.144.117.128
54.145.63.248
54.147.158.204
54.147.199.83
54.152.202.218
54.152.244.118
54.156.92.179
54.158.133.3
54.159.52.97
54.160.229.128
54.160.250.251
54.163.40.95
54.164.117.14
54.165.113.40
54.166.165.237
54.166.168.73
54.174.133.196
54.174.156.101
54.175.54.237
54.175.161.120
54.185.144.223
54.187.222.168
54.190.242.215
54.191.206.214
54.196.66.17
54.196.143.238
54.197.195.100
54.198.183.242
54.205.50.164
54.210.148.165
54.211.105.212
54.212.87.249
54.213.253.217
54.218.84.80
54.219.223.145
54.221.82.163
54.221.105.173
54.224.34.26
54.237.175.94
58.187.20.72
59.33.205.168
59.38.62.92
59.55.147.219
59.95.112.31
59.95.123.94
61.2.16.64
61.3.20.63
61.3.231.114
62.56.197.217
62.171.181.21
64.23.206.217
64.64.118.141
64.64.127.175
64.222.210.54
64.223.125.254
65.21.101.239
67.87.22.114
68.36.47.87
69.1.192.70
69.67.131.163
70.182.231.199
71.95.156.239
71.181.57.65
73.141.104.247
76.128.187.219
76.136.255.13
77.10.88.207
77.221.157.237
77.238.252.161
77.242.156.111
77.242.156.173
78.47.203.36
78.148.243.127
79.116.232.181
79.117.212.42
79.118.161.8
79.155.168.2
80.44.151.84
80.44.242.240
80.70.109.90
81.38.197.42
81.88.197.177
81.103.20.198
84.2.98.75
85.10.194.254
85.12.7.177
85.190.239.28
85.190.239.45
86.38.26.228
86.38.234.75
86.38.236.243
86.102.21.130
87.160.133.37
88.151.58.191
88.232.174.37
88.236.103.204
88.244.156.36
88.252.144.181
89.58.72.245
89.185.25.246
89.239.155.84
89.240.107.81
89.241.147.129
89.242.190.49
89.243.109.110
91.84.102.133
91.84.126.135
91.103.253.102
91.223.126.217
92.23.206.115
92.37.169.246
92.49.167.255
93.124.104.99
94.131.113.239
94.134.183.0
95.24.220.85
95.67.211.48
95.70.42.35
95.70.207.176
98.235.42.98
99.102.229.151
100.26.207.241
100.26.213.139
100.27.194.26
101.108.43.103
101.108.136.212
102.129.43.5
103.4.93.178
103.59.207.130
103.73.92.96
103.87.25.38
103.93.33.132
103.126.173.200
103.139.17.26
103.146.233.152
103.157.160.181
103.164.192.125
103.170.177.20
103.184.4.125
103.213.112.77
103.225.200.253
103.237.37.86/31
104.28.125.4
104.168.112.40
105.214.81.94
106.110.94.20
106.110.94.36
106.110.94.62
107.22.71.133
107.181.245.162
107.181.245.164
109.248.15.27
110.38.253.107
110.38.253.164
110.38.253.226
110.83.19.195
110.138.83.66
110.227.80.102
111.88.36.215
111.88.38.52
111.88.42.58
113.4.118.47
113.4.160.61
113.116.221.26
113.180.240.154
114.218.29.33
114.218.72.202
114.218.152.20
115.77.59.105
116.99.241.211
116.101.134.3
116.105.66.57
116.105.67.23
116.105.67.69
116.105.67.79
116.107.186.45
116.110.104.238
116.214.113.151
117.60.60.200
117.81.108.72
117.213.250.1
117.213.251.132
117.214.190.32
117.216.221.193
117.217.49.33
117.221.227.54
117.233.137.18
117.233.148.109
117.233.157.4
117.241.2.56
117.254.179.35
118.71.74.222
118.128.70.79
119.4.174.211
119.41.193.244
119.41.200.26
119.41.200.65
119.41.200.171
119.41.203.98
120.11.92.67
120.11.96.235
120.78.238.225
121.224.140.57
121.224.140.127
121.239.67.136
121.239.67.198
121.239.249.15
122.163.1.148
122.176.202.250
122.180.182.202
122.180.183.144
122.180.185.178
123.241.66.140
123.241.77.216
123.244.129.91
123.253.234.203
125.83.115.68
128.90.101.24
128.140.65.218
134.73.187.113
134.236.8.81
135.181.27.79
138.201.153.212
139.5.231.106
140.213.15.178
141.11.87.205
141.196.88.141
142.214.182.21
145.14.139.150
149.71.181.41
149.102.254.30
151.60.250.4
151.242.225.45
154.9.60.46
154.9.60.80
154.12.109.87
154.12.109.118
154.12.109.166
154.12.109.210
154.12.109.252
154.13.98.97
154.13.101.86
154.21.117.3
154.21.117.16
154.21.117.29
154.21.117.124
154.21.117.172
154.21.117.190
154.21.117.224
154.22.61.25
154.22.138.40
154.22.138.80
154.22.138.148
154.22.138.162
154.22.138.171
154.22.138.183
154.22.138.234
154.26.175.39
154.26.175.139
154.26.175.242
154.26.175.248
154.26.210.78
154.28.75.112
154.28.75.166
154.28.75.175
154.29.233.154
154.36.82.90
154.36.83.152
154.53.82.6
154.53.82.15
154.53.82.23
154.53.82.126
154.53.82.230
154.72.73.174
154.212.145.29
156.252.23.8
157.10.93.174
159.146.74.210
159.192.238.2
159.203.101.13
160.179.232.197
162.19.241.220
162.84.157.186
165.51.103.71
167.160.75.21
168.91.45.8
168.245.143.6
170.78.226.48
170.106.180.206
171.4.212.157
171.5.23.34
171.6.102.32
171.233.176.127
171.234.59.70
171.241.5.141
171.243.120.24
171.243.252.16
172.56.40.234
172.56.92.178
172.81.59.32
173.216.241.15
173.239.91.24
176.35.166.136
176.97.114.202
176.109.52.20
176.221.255.134
177.71.161.64
177.106.172.179
177.136.109.119
177.191.108.178
178.42.149.38
178.70.58.151
178.128.100.206
178.131.168.232
178.131.168.239
178.131.170.94
178.131.170.112
178.131.171.158
178.131.171.238
178.141.4.20
178.221.101.38
179.126.5.135
180.106.246.166
180.117.58.252
180.158.16.148
180.158.17.241
180.158.18.90
181.177.103.11
181.177.103.59
181.177.130.52
182.139.198.166
182.139.199.246
182.178.246.240
182.190.212.25
182.190.212.69
182.190.214.3
182.219.67.214
184.72.73.215
185.72.240.6
185.101.145.243
185.105.12.79
185.105.13.133
185.107.154.124
185.117.29.95
185.129.104.177
185.166.173.134
185.189.67.244
185.202.74.121
185.214.96.58
186.105.25.233
186.231.241.130
187.143.88.142
188.3.11.21
188.20.229.130
188.27.231.7
188.50.169.87
188.54.238.0
188.119.88.203
188.119.88.216
188.119.91.181
188.131.126.251
188.132.192.179
190.2.209.237
191.101.31.27
193.3.167.202
194.26.178.20
194.26.211.176
194.26.211.201
194.113.113.104
194.113.113.174
194.156.238.200
196.51.40.5
196.51.40.52
196.51.40.86
196.51.40.160
196.51.43.52
196.51.43.71
196.51.43.72
196.51.43.78
196.51.117.96
196.51.117.120
196.51.117.149
196.51.197.29
196.51.197.38
196.51.197.43
196.51.197.77
196.51.246.115
196.58.13.185
196.89.224.66
196.198.13.10
196.198.13.45
196.198.13.112
196.198.13.174
196.198.16.59
196.241.86.14
199.195.251.148
202.68.181.4
202.68.181.33
202.68.181.71
202.68.189.54
202.179.70.254
202.184.124.222
203.166.129.129
203.166.129.220
203.166.131.70
203.166.131.218
203.166.140.111
203.166.141.188
203.166.143.114
204.217.164.226
204.217.165.56
206.206.118.82
206.206.118.118
206.232.13.224
207.241.237.22
208.122.223.244
209.124.84.223
209.242.209.42
210.23.226.212
211.118.11.29
211.118.11.97
211.118.123.18
211.118.151.44
212.118.43.109
212.154.66.82
213.142.156.232
218.21.88.115
221.200.223.213
222.90.215.237
222.136.163.121
222.253.87.87
223.206.230.125
223.224.7.222
223.235.121.5
223.235.123.22

15623
cleantalk_new_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

3259
cleantalk_new_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

49
cleantalk_top20.ipset Normal file
View File

@ -0,0 +1,49 @@
#
# cleantalk_top20
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Top 20 HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/top20
# Source File Date: Wed May 8 10:41:56 UTC 2024
#
# Category : abuse
# Version : 1666
#
# This File Date : Wed May 8 10:41:57 UTC 2024
# Update Frequency: 1 day
# Aggregation : none
# Entries : 20 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_top20
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.210.25
5.188.210.87
45.133.172.46
62.122.184.194
62.210.80.33
85.203.44.82
89.234.157.254
178.159.37.4
178.159.37.15
178.159.37.34
178.159.37.60
185.125.50.5
185.190.42.200
188.126.94.176
188.126.94.179
188.126.94.189
191.101.31.29
199.167.138.22
212.102.57.4
212.102.57.17

279
cleantalk_updated.ipset Normal file
View File

@ -0,0 +1,279 @@
#
# cleantalk_updated
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Recurring HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/updated_today
# Source File Date: Thu May 9 07:44:51 UTC 2024
#
# Category : abuse
# Version : 27088
#
# This File Date : Thu May 9 07:44:51 UTC 2024
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 250 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_updated
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
3.22.171.136
3.81.45.243
3.216.46.22
5.78.84.109
5.181.156.253
5.181.168.128
8.210.156.199
12.53.238.155
13.59.231.155
14.187.119.5
18.212.107.249
20.185.156.86
23.94.29.194
23.94.251.237
23.95.157.85
23.224.111.139
23.225.72.125
23.230.167.65
23.236.156.206
23.254.229.225
27.147.180.70
27.190.122.65
34.73.124.95
34.206.211.209
34.229.42.221
35.167.54.118
36.95.45.146
37.19.221.37
37.46.113.210
37.140.254.158
38.46.223.90
38.46.223.91
38.46.223.92
38.57.149.207
38.152.11.53
38.152.11.69
38.154.191.218
38.170.176.165
43.155.182.247
43.225.148.130
43.225.148.150
43.242.203.80
45.8.17.124
45.8.25.92
45.41.160.69
45.41.177.233
45.79.52.194
45.87.253.214
45.127.248.6
45.140.121.49
45.141.81.113
45.141.81.117
45.143.99.251
45.151.161.194
45.192.138.81
45.192.147.108
46.8.154.94
46.8.213.237
46.116.213.27
46.246.8.102
47.76.209.138
47.238.209.241
47.238.238.251
50.63.12.101
51.195.216.60
51.254.27.215
52.0.6.57
54.165.132.67
59.103.244.194
61.7.154.109
62.149.24.50
64.64.118.77
65.20.97.34
66.165.245.18
66.165.246.34
66.165.246.49
67.222.142.146
67.227.119.125
67.227.123.116
71.95.156.239
81.21.233.230
84.241.12.84
84.247.114.91
84.247.116.198
84.247.135.185
85.163.113.115
85.192.188.25
89.113.152.117
89.187.39.25
90.176.247.254
91.84.118.245
92.118.60.88
92.119.237.197
93.126.84.15
94.131.13.37
94.158.246.232
95.24.220.85
95.107.160.235
95.107.170.167
95.163.242.163
96.77.206.178
101.44.250.84
102.129.235.209
103.235.198.72
104.129.58.197
104.143.250.60
104.143.252.144
104.143.252.201
104.164.183.242
104.223.222.125
104.224.90.142
104.239.106.5
107.158.118.184
107.158.200.212
107.172.156.41
107.175.58.163
107.175.119.168
110.34.1.165
116.48.145.186
123.13.58.23
123.25.121.108
123.58.196.129
128.201.138.48
134.73.68.20
134.236.8.81
136.0.109.72
136.144.19.200
136.243.59.237
138.229.108.29
139.99.221.141
139.180.4.5
141.164.84.1
142.132.128.37
142.147.106.16
146.190.13.187
147.45.69.84
147.45.69.209
147.124.198.50
148.59.146.82
149.74.129.61
152.69.235.66
154.16.192.117
154.21.239.98
154.21.239.188
154.54.249.194
154.65.24.115
154.79.251.166
154.194.9.190
154.202.99.85
154.202.107.238
154.202.127.111
156.146.60.14
156.239.49.168
156.239.49.183
156.239.51.22
156.239.52.72
161.35.137.92
161.123.93.57
161.123.151.188
161.123.215.206
162.19.95.31
163.5.71.100
165.231.103.80
165.231.182.58
167.160.78.33
167.160.180.72
168.91.46.10
170.247.220.74
172.105.35.60
172.245.1.79
173.234.194.211
176.124.198.18
176.124.198.22
176.236.29.214
177.66.117.224
177.125.222.21
177.152.106.51
177.208.1.112
178.22.59.201
178.128.100.206
178.175.129.36
178.176.73.124
178.222.229.118
179.48.196.225
179.63.48.45
181.214.166.225
182.176.222.118
184.174.44.199
185.14.233.252
185.162.53.171
185.174.121.7
185.189.67.220
185.219.118.141
185.253.97.249
186.179.100.181
187.16.109.136
187.108.42.198
188.74.182.18
188.119.88.203
188.121.118.32
190.145.14.169
191.37.181.62
191.96.37.16
191.102.155.26
192.177.93.170
192.186.157.97
192.186.169.61
192.210.128.231
192.241.72.85
193.36.224.16
193.58.169.108
193.148.92.65
193.176.86.172
193.203.22.72
194.195.219.198
196.50.81.102
196.51.249.66
196.89.224.66
196.202.86.77
196.240.51.113
197.211.58.119
197.248.62.158
198.46.202.251
198.202.171.54
199.34.84.8
199.34.87.13
199.250.188.38
204.15.110.166
204.236.246.34
206.198.216.36
207.241.237.22
209.35.5.219
209.127.143.158
209.242.210.215
212.30.36.174
216.10.27.172
216.24.212.76
216.118.244.156
216.130.237.97
216.173.76.211
217.113.194.21
217.113.194.28
217.113.194.37
217.113.194.42
217.113.194.46
217.113.194.49
217.113.194.69
217.113.194.76
217.113.194.168
223.29.254.166

1246
cleantalk_updated_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

49475
cleantalk_updated_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

4256
cleantalk_updated_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

10464
coinbl_hosts.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

661
coinbl_hosts_browser.ipset Normal file
View File

@ -0,0 +1,661 @@
#
# coinbl_hosts_browser
#
# ipv4 hash:ip ipset
#
# [CoinBlockerLists]
# (https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists
# that can help prevent cryptomining in the browser or other
# applications. A hosts list to prevent browser mining only.
# The maintainer's file contains hostnames, which have been
# DNS resolved to IP addresses.
#
# Maintainer : CoinBlockerLists
# Maintainer URL : https://gitlab.com/ZeroDot1/CoinBlockerLists
# List source URL : https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
# Source File Date: Mon Mar 4 10:58:09 UTC 2024
#
# Category : organizations
# Version : 53
#
# This File Date : Mon Mar 4 20:32:08 UTC 2024
# Update Frequency: 1 day
# Aggregation : none
# Entries : 627 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=coinbl_hosts_browser
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
3.5.3.185
3.5.20.209
3.18.7.81
3.19.116.195
3.20.137.44
3.33.130.190
3.33.152.147
3.33.243.145
3.64.163.50
3.70.101.28
3.72.140.173
3.130.204.160
3.130.253.23
3.140.13.188
3.141.96.53
3.209.172.72
3.210.192.5
3.216.88.24
3.219.96.23
3.229.186.102
5.35.170.72
5.79.79.211
5.135.131.112
5.206.224.162
5.252.178.30
13.32.99.92
13.32.172.43
13.32.172.77
13.32.172.85
13.32.172.122
13.39.145.251
13.58.215.234
13.224.222.15
13.224.222.25
13.224.222.33
13.224.222.109
13.224.227.45
13.224.227.87
13.224.227.131
13.224.227.205
13.248.148.254
13.248.169.48
13.248.213.45
15.188.219.54
15.197.142.173
15.197.148.33
15.197.192.55
15.197.204.56
18.119.154.66
18.192.94.96
18.192.231.252
18.193.115.229
18.208.60.216
18.211.231.38
18.220.2.62
18.233.173.50
18.244.115.31
18.244.115.84
18.244.115.91
18.244.115.150
23.22.52.7
23.22.130.173
23.22.144.165
23.82.12.30
23.88.53.29
23.101.76.219
23.236.55.104
23.239.5.88
31.11.36.28
31.31.196.245
34.128.82.12
34.203.33.230
34.241.115.67
34.249.160.71
35.156.224.161
35.157.241.235
35.181.89.222
35.184.126.39
35.186.223.180
35.187.160.226
35.192.89.115
35.197.8.113
35.198.107.58
35.199.54.100
35.229.196.203
35.231.101.114
37.48.65.136
37.48.65.144
37.48.65.149
37.48.65.150
37.48.65.151
37.48.65.152
37.48.65.155
37.48.76.140
37.221.212.115
38.48.131.173
44.196.193.227
44.227.65.245
44.227.76.166
45.33.2.79
45.33.18.44
45.33.20.235
45.33.23.183
45.33.28.34
45.33.30.197
45.33.110.230
45.56.79.23
45.56.81.204
45.58.190.82
45.79.0.55
45.79.19.196
45.79.70.13
45.79.73.145
45.79.81.15
45.79.81.196
45.79.97.218
45.79.130.66
45.79.163.250
45.79.199.14
45.79.203.37
45.79.218.212
45.126.210.34
46.4.34.174
46.8.8.100
46.8.8.200
46.38.243.234
46.105.88.234
47.254.33.193
49.212.235.29
50.28.56.190
50.116.24.178
51.75.146.174
51.91.14.108
51.138.9.198
52.5.82.174
52.20.84.62
52.29.9.68
52.57.47.41
52.57.140.222
52.58.3.82
52.58.78.16
52.58.254.253
52.59.100.80
52.59.171.33
52.59.174.115
52.71.57.184
52.216.217.185
52.217.13.124
52.217.133.177
52.217.207.41
54.36.108.36
54.36.108.37
54.36.108.38
54.36.108.39
54.36.168.61
54.36.168.211
54.36.168.213
54.36.175.162
54.36.175.163
54.37.83.70
54.37.84.221
54.37.206.58
54.38.33.16
54.38.192.132
54.38.192.133
54.38.226.140
54.39.52.205
54.39.243.181
54.67.42.145
54.78.134.111
54.83.6.65
54.146.248.82
54.159.116.102
54.165.58.209
54.205.8.205
54.205.31.215
54.209.32.212
54.228.42.199
54.231.162.89
54.231.171.49
54.235.77.118
54.243.238.66
62.138.18.13
64.32.22.102
64.70.19.203
64.91.248.15
64.91.248.18
64.91.249.20
64.190.63.222
64.225.91.73
65.21.140.250
65.21.240.245
66.254.114.211
69.16.230.42
69.16.230.227
69.85.85.20
69.162.95.2
70.32.1.32
70.39.125.243
72.14.178.174
72.14.185.43
72.52.179.174
74.63.241.21
74.207.247.136
75.2.37.224
76.76.21.9
76.76.21.22
76.76.21.61
76.76.21.93
76.76.21.98
76.76.21.123
76.76.21.142
76.76.21.164
76.76.21.241
76.223.26.96
76.223.54.146
76.223.67.189
77.247.182.242
78.46.5.205
78.47.161.84
80.209.230.221
81.171.8.143
81.171.28.43
82.180.157.75
82.192.82.226
83.242.236.76
84.22.115.32
84.32.84.33
84.255.242.136
85.17.26.67
86.105.245.69
87.236.16.207
88.80.191.137
88.86.123.38
88.191.185.113
89.46.102.6
89.58.14.251
89.58.15.35
89.58.15.169
89.252.133.125
91.193.180.124
91.195.240.12
91.195.240.19
91.195.240.123
91.239.200.44
92.222.94.129
93.115.28.104
93.190.139.217
94.23.29.144
94.23.161.19
94.130.138.161
94.229.72.122
94.237.99.118
94.237.103.119
95.168.216.7
95.168.216.9
95.216.77.205
95.216.161.60
95.217.57.182
96.45.82.32
96.45.82.215
96.45.83.19
96.45.83.223
96.126.123.244
100.38.9.220
103.224.182.240
103.224.182.250
103.224.182.253
103.224.212.210
103.224.212.211
103.224.212.213
103.224.212.214
103.224.212.215
103.224.212.216
103.224.212.217
104.16.164.101
104.17.151.12
104.21.3.251
104.21.5.136
104.21.6.144
104.21.14.18
104.21.25.12
104.21.25.70
104.21.25.184
104.21.25.228
104.21.27.195
104.21.28.242
104.21.30.41
104.21.30.115
104.21.32.63
104.21.33.141
104.21.33.168
104.21.34.227
104.21.38.104
104.21.38.218
104.21.39.74
104.21.39.244
104.21.44.248
104.21.45.44
104.21.46.157
104.21.46.191
104.21.48.22
104.21.48.175
104.21.51.238
104.21.53.92
104.21.56.113
104.21.57.121
104.21.57.186
104.21.58.10
104.21.58.197
104.21.59.245
104.21.60.32
104.21.61.200
104.21.63.111
104.21.66.19
104.21.66.49
104.21.66.61
104.21.70.6
104.21.72.157
104.21.75.140
104.21.76.5
104.21.81.117
104.21.82.45
104.21.83.69
104.21.85.170
104.21.86.88
104.21.86.114
104.21.86.228
104.21.88.26
104.21.92.20
104.21.92.27
104.21.92.144
104.21.93.72
104.21.233.213
104.21.233.214
104.22.56.80
104.22.57.80
104.26.0.139
104.26.1.139
104.26.4.31
104.26.5.31
104.31.16.1
104.155.138.21
104.198.14.52
104.198.108.234
104.238.249.57
104.248.84.141
107.6.169.59
107.22.57.98
107.161.23.204
107.178.223.183
108.58.121.94
108.198.190.75
109.123.254.50
116.202.9.166
116.202.21.136
116.203.213.72
127.0.0.1
127.0.0.2
130.211.161.97
134.122.109.150
134.122.174.133
136.243.80.170
138.68.36.34
138.68.67.193
138.68.71.37
138.68.112.220
138.201.35.59
138.201.83.215
139.45.197.250
139.45.197.251
139.99.121.222
139.162.223.125
141.94.96.71
141.94.96.144
141.94.96.195
141.95.72.59
141.95.72.60
141.95.72.61
141.95.206.77
142.44.138.161
142.132.202.70
142.250.200.33
143.204.192.134
143.204.192.161
143.204.192.166
143.204.192.225
143.244.42.32
144.76.35.207
145.239.0.218
145.239.7.163
145.239.70.127
145.239.70.128
145.239.70.129
145.239.141.5
145.239.206.122
145.239.244.5
145.239.244.9
145.239.244.13
145.239.244.74
145.239.253.103
145.239.253.125
146.59.26.8
146.148.34.125
147.135.253.210
148.251.139.94
148.251.178.132
149.56.19.3
149.56.19.43
149.56.20.201
149.56.89.160
149.102.143.109
149.202.83.240
149.202.84.228
154.41.237.70
154.222.233.225
156.224.207.148
156.232.219.34
157.90.144.85
157.230.168.89
157.245.174.176
159.69.42.212
159.69.83.207
159.69.112.37
159.69.152.150
159.69.186.9
162.19.139.184
162.55.172.212
162.240.48.238
162.254.207.52
162.255.119.213
163.172.103.102
164.132.95.123
165.22.209.237
165.232.114.226
168.119.141.228
168.119.185.228
168.119.245.137
168.235.88.209
169.47.130.72
170.39.226.155
170.178.183.18
172.66.41.13
172.66.42.243
172.67.5.10
172.67.68.60
172.67.71.15
172.67.131.100
172.67.133.127
172.67.133.197
172.67.134.118
172.67.134.218
172.67.137.109
172.67.139.83
172.67.140.108
172.67.141.144
172.67.143.168
172.67.145.100
172.67.145.205
172.67.147.232
172.67.150.137
172.67.152.116
172.67.153.103
172.67.153.223
172.67.155.39
172.67.155.78
172.67.159.208
172.67.165.9
172.67.165.117
172.67.165.240
172.67.169.161
172.67.171.251
172.67.172.43
172.67.172.224
172.67.176.30
172.67.177.121
172.67.184.61
172.67.184.200
172.67.184.223
172.67.184.252
172.67.185.87
172.67.186.72
172.67.187.107
172.67.190.93
172.67.191.29
172.67.191.181
172.67.195.50
172.67.201.29
172.67.201.133
172.67.202.6
172.67.206.103
172.67.206.152
172.67.207.56
172.67.208.133
172.67.209.176
172.67.211.53
172.67.214.70
172.67.216.92
172.67.217.49
172.67.217.69
172.67.218.149
172.67.221.141
172.67.221.252
172.98.192.36
172.104.11.229
172.104.21.26
172.104.153.105
172.105.77.223
172.217.16.244
172.234.25.151
173.44.37.208
173.176.230.167
173.255.194.134
173.255.253.174
174.129.128.48
176.9.147.178
178.32.111.67
178.63.8.69
178.79.150.219
178.79.180.12
185.39.18.98
185.53.177.13
185.53.177.31
185.53.177.51
185.53.177.52
185.53.177.53
185.53.177.54
185.53.178.50
185.53.178.51
185.53.178.52
185.107.56.54
185.107.56.194
185.107.56.199
185.107.56.200
185.166.141.7
185.166.141.8
185.166.141.9
185.173.160.140
185.173.160.141
185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153
185.240.242.35
188.40.2.4
188.40.87.121
188.165.1.80
188.165.36.206
188.165.223.152
190.2.139.23
192.64.119.58
192.134.5.38
192.169.69.26
192.171.18.197
192.185.4.93
193.29.105.150
193.77.224.191
193.238.27.24
194.58.112.174
194.190.130.86
195.20.43.36
195.20.43.198
195.20.44.138
195.20.46.118
195.20.47.173
195.20.49.172
195.20.50.170
195.20.51.116
195.20.55.30
195.154.222.63
195.154.243.212
195.161.41.222
195.181.172.26
195.201.74.132
195.201.83.239
195.201.105.119
195.201.124.255
195.201.162.230
195.201.162.231
198.58.118.167
198.58.126.31
198.251.81.30
198.251.84.49
198.251.84.92
199.59.243.225
202.61.204.169
202.61.225.215
204.11.56.48
204.16.169.54
204.145.90.53
204.188.203.154
207.60.41.68
207.148.248.143
208.80.122.40
208.80.122.139
208.80.123.4
208.80.123.142
208.100.26.250
208.116.56.2
209.17.116.160
209.42.197.18
209.97.140.241
209.126.123.11
209.141.38.71
212.32.237.90
212.32.237.92
212.32.237.101
212.32.255.4
212.32.255.5
212.32.255.6
212.32.255.12
212.32.255.13
212.32.255.72
212.32.255.137
212.32.255.139
212.32.255.141
212.32.255.148
212.32.255.198
212.32.255.212
212.83.168.39
212.129.44.155
212.129.44.156
212.129.44.157
213.186.33.5
216.155.158.140
216.189.56.129
217.160.0.82

506
coinbl_hosts_optional.ipset Normal file
View File

@ -0,0 +1,506 @@
#
# coinbl_hosts_optional
#
# ipv4 hash:ip ipset
#
# [CoinBlockerLists]
# (https://gitlab.com/ZeroDot1/CoinBlockerLists) Simple lists
# that can help prevent cryptomining in the browser or other
# applications. This list contains additional domains, for
# administrators to prevent mining in networks. The
# maintainer's file contains hostnames, which have been DNS
# resolved to IP addresses.
#
# Maintainer : CoinBlockerLists
# Maintainer URL : https://gitlab.com/ZeroDot1/CoinBlockerLists
# List source URL : https://zerodot1.gitlab.io/CoinBlockerLists/hosts_optional
# Source File Date: Mon Mar 4 10:58:09 UTC 2024
#
# Category : organizations
# Version : 35
#
# This File Date : Mon Mar 4 20:31:55 UTC 2024
# Update Frequency: 1 day
# Aggregation : none
# Entries : 471 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=coinbl_hosts_optional
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.16.128.122
2.16.128.202
2.18.66.120
2.18.66.138
2.19.117.68
2.19.117.69
2.19.117.70
2.19.117.72
2.19.117.74
2.19.117.78
2.19.117.81
2.19.117.90
2.19.117.94
2.19.117.96
2.19.117.99
2.19.117.104
2.19.117.106
2.22.156.233
3.20.137.44
3.33.130.190
3.33.152.147
3.35.88.113
3.36.156.26
3.93.123.68
3.94.41.167
3.140.13.188
3.141.96.53
3.209.224.13
3.210.221.105
3.212.210.237
3.218.85.198
3.225.137.152
3.234.186.113
4.194.208.209
13.112.244.197
13.114.246.229
13.115.46.163
13.224.135.12
13.224.222.2
13.224.222.10
13.224.222.42
13.224.222.78
13.224.222.79
13.224.222.84
13.224.222.96
13.224.222.122
13.224.245.2
13.224.245.42
13.224.245.64
13.224.245.70
13.224.245.71
13.224.245.77
13.224.245.84
13.224.245.96
13.229.36.104
13.248.169.48
13.248.213.45
15.197.142.173
15.197.148.33
18.119.154.66
18.164.68.16
18.164.68.23
18.164.68.38
18.164.68.91
18.165.201.11
18.165.201.86
18.165.201.91
18.165.201.123
18.165.227.9
18.165.227.10
18.165.227.13
18.165.227.33
18.165.227.34
18.165.227.38
18.165.227.91
18.165.227.117
18.172.153.36
18.172.153.38
18.172.153.48
18.172.153.83
18.178.24.173
18.178.240.248
18.204.200.228
18.239.236.9
18.239.236.12
18.239.236.18
18.239.236.21
18.239.236.50
18.239.236.54
18.239.236.115
18.239.236.129
18.245.218.59
18.245.218.83
18.245.218.89
18.245.218.102
23.44.64.218
23.227.38.74
34.102.239.211
34.193.227.67
34.203.99.107
34.205.242.146
34.225.59.56
34.236.52.129
34.244.67.113
34.245.84.181
34.252.240.199
35.72.42.247
35.73.106.176
35.76.35.125
35.76.35.223
35.168.141.127
35.172.157.117
35.173.176.69
35.176.92.19
35.176.92.20
35.176.92.21
35.194.162.135
35.234.28.23
35.234.86.61
35.236.135.177
37.48.65.136
43.206.57.92
44.193.54.110
44.205.223.88
44.207.20.63
44.210.169.104
45.162.168.175
47.91.167.174
49.50.108.72
49.50.108.73
52.1.179.177
52.3.130.236
52.18.13.109
52.21.111.192
52.22.200.146
52.23.22.9
52.44.138.87
52.45.205.8
52.48.160.204
52.68.7.163
52.71.57.184
52.71.91.166
52.84.150.36
52.84.150.48
52.84.150.52
52.84.150.65
52.86.6.113
52.92.1.28
52.92.2.148
52.92.16.36
52.92.19.164
52.92.35.44
52.97.146.184
52.97.211.216
52.97.211.248
52.97.219.248
52.98.207.40
52.98.207.168
52.98.207.184
52.98.227.104
52.193.113.187
52.195.45.65
52.196.250.127
52.203.29.35
52.207.181.104
52.213.196.130
52.218.36.68
52.218.96.252
52.218.108.100
52.219.8.167
52.219.16.148
52.219.68.196
52.219.136.4
52.219.150.159
52.219.152.67
52.219.152.115
52.219.200.35
54.64.215.50
54.77.119.238
54.89.42.45
54.89.43.13
54.156.9.35
54.157.239.184
54.161.222.85
54.173.84.248
54.178.166.59
54.209.32.212
54.238.90.11
57.181.12.48
58.228.236.210
58.228.236.211
58.228.236.212
58.228.236.213
58.228.236.214
58.228.236.215
63.33.16.125
64.91.248.15
66.22.39.88
66.23.195.156
66.235.200.146
72.14.191.28
74.220.199.8
76.76.21.9
76.76.21.21
76.76.21.22
76.76.21.61
76.76.21.98
76.76.21.123
76.76.21.142
76.76.21.164
76.76.21.241
76.223.54.146
76.223.67.189
78.46.32.91
79.125.84.18
82.192.82.228
88.198.54.148
91.195.241.232
94.23.50.33
99.84.9.22
99.84.9.36
99.84.9.38
99.84.9.44
99.84.9.51
99.84.9.57
99.84.9.59
99.84.9.71
99.84.9.96
99.84.9.98
99.84.9.110
103.224.212.213
104.16.51.111
104.16.53.111
104.16.145.58
104.16.146.58
104.16.155.13
104.16.156.13
104.16.157.13
104.16.158.13
104.16.159.13
104.16.214.13
104.16.241.118
104.16.242.118
104.16.247.71
104.16.248.71
104.17.70.206
104.17.71.206
104.17.72.206
104.17.73.206
104.17.74.206
104.17.86.98
104.17.97.53
104.18.18.23
104.18.19.23
104.18.32.222
104.18.33.123
104.18.35.15
104.18.36.178
104.18.37.73
104.18.37.145
104.18.38.60
104.18.39.123
104.18.39.184
104.18.40.248
104.18.42.136
104.18.42.203
104.18.82.103
104.18.172.197
104.18.173.197
104.18.174.197
104.18.175.197
104.18.176.197
104.20.0.37
104.20.1.37
104.20.80.175
104.20.81.175
104.21.1.165
104.21.12.149
104.21.13.111
104.21.40.202
104.21.48.5
104.21.49.161
104.21.53.208
104.21.54.180
104.21.58.139
104.21.58.197
104.21.68.9
104.21.74.183
104.21.75.130
104.21.78.247
104.21.85.183
104.21.88.73
104.21.89.253
104.21.91.134
104.21.91.204
104.21.94.110
104.21.96.110
104.22.10.221
104.22.11.221
104.22.28.145
104.22.29.145
104.22.68.176
104.22.69.176
104.22.78.220
104.22.79.220
104.26.2.224
104.26.2.240
104.26.3.224
104.26.3.240
104.26.4.159
104.26.5.159
104.26.6.20
104.26.7.20
104.26.8.106
104.26.9.106
104.26.10.219
104.26.11.219
104.26.12.88
104.26.12.198
104.26.13.88
104.26.13.198
104.26.14.247
104.26.15.247
104.128.239.75
104.199.134.19
104.248.121.107
107.21.169.51
107.180.124.16
108.156.39.12
108.156.39.21
108.156.39.31
108.156.39.44
108.156.39.68
108.156.39.79
108.156.39.86
108.156.39.88
108.156.39.89
108.156.39.116
108.156.39.128
109.109.135.110
110.10.90.180
116.203.46.114
116.203.78.40
121.242.224.82
121.242.224.83
121.242.224.84
121.242.224.85
121.242.224.86
121.242.224.87
121.242.224.88
121.242.224.89
121.242.224.90
121.242.224.91
134.122.6.5
138.113.149.153
143.204.68.8
143.204.68.21
143.204.68.31
143.204.68.47
143.204.68.69
143.204.68.97
143.204.68.99
143.204.68.104
143.204.68.110
143.204.68.115
143.204.68.124
143.204.68.128
143.204.191.51
143.204.191.79
143.204.191.120
143.204.191.127
143.244.42.33
145.14.145.245
162.214.217.188
162.241.194.182
162.241.218.88
163.171.146.42
167.89.115.56
167.89.115.120
167.89.115.150
167.89.123.54
167.89.123.124
167.89.123.204
167.114.97.165
172.64.145.53
172.64.145.120
172.64.147.8
172.64.148.72
172.64.148.133
172.64.149.196
172.64.150.111
172.64.150.183
172.64.151.78
172.64.152.241
172.64.154.133
172.64.155.34
172.66.40.231
172.66.43.25
172.67.14.95
172.67.21.61
172.67.25.63
172.67.33.208
172.67.40.154
172.67.68.82
172.67.69.167
172.67.70.52
172.67.70.65
172.67.72.162
172.67.73.73
172.67.73.151
172.67.75.36
172.67.75.45
172.67.129.162
172.67.138.225
172.67.141.5
172.67.150.125
172.67.155.224
172.67.157.5
172.67.161.56
172.67.164.245
172.67.174.6
172.67.175.39
172.67.177.24
172.67.177.70
172.67.179.87
172.67.184.32
172.67.194.235
172.67.204.125
172.67.207.56
172.67.208.227
172.67.218.212
172.67.220.84
172.67.222.187
172.104.233.20
176.34.2.176
178.62.70.245
178.63.62.94
185.26.156.18
185.85.241.244
185.178.208.185
185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153
185.225.115.110
190.210.186.207
192.3.11.20
192.64.119.92
192.99.12.221
192.124.249.52
192.185.5.105
192.243.100.192
192.254.232.90
193.70.122.58
193.160.66.104
194.36.191.196
195.39.222.84
195.181.172.27
198.23.50.77
198.37.155.136
198.245.62.172
199.16.172.126
199.48.210.115
199.127.61.148
206.189.144.244
208.87.98.37
216.58.204.83
216.137.44.31
216.137.44.56
216.137.44.58
216.137.44.119

1425
coinbl_ips.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

13909
cruzit_web_attacks.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1396
cta_cryptowall.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1421
cybercrime.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

6038
darklist_de.netset Normal file
View File

File diff suppressed because it is too large Load Diff

4257
datacenters.netset Normal file
View File

File diff suppressed because it is too large Load Diff

5501
dm_tor.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

49
dshield.netset Normal file
View File

@ -0,0 +1,49 @@
#
# dshield
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Mon Dec 5 16:00:11 UTC 2022
#
# Category : attacks
# Version : 8476
#
# This File Date : Mon Dec 5 16:28:02 UTC 2022
# Update Frequency: 10 mins
# Aggregation : none
# Entries : 19 subnets, 5120 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.206.0/24
45.95.146.0/24
45.142.192.0/24
45.143.200.0/24
62.204.41.0/24
62.233.50.0/24
64.62.197.0/24
78.128.113.0/24
87.246.7.0/24
89.248.163.0/24
89.248.165.0/24
91.191.209.0/24
92.63.196.0/23
94.102.61.0/24
146.88.240.0/24
173.214.175.0/24
185.81.68.0/24
185.156.73.0/24
193.163.125.0/24

51
dshield_1d.netset Normal file
View File

@ -0,0 +1,51 @@
#
# dshield_1d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Mon Dec 5 15:00:12 UTC 2022
#
# Category : attacks
# Version : 7698
#
# This File Date : Mon Dec 5 15:20:02 UTC 2022
# Update Frequency: 10 mins
# Aggregation : 1 day
# Entries : 21 subnets, 5632 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_1d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.206.0/24
45.95.146.0/24
45.142.192.0/24
45.143.200.0/24
62.204.41.0/24
62.233.50.0/24
64.62.197.0/24
78.128.113.0/24
80.82.77.0/24
87.246.7.0/24
89.248.163.0/24
89.248.165.0/24
91.191.209.0/24
92.63.196.0/23
94.102.61.0/24
146.88.240.0/24
173.214.175.0/24
185.81.68.0/24
185.156.73.0/24
192.241.212.0/24
193.163.125.0/24

72
dshield_30d.netset Normal file
View File

@ -0,0 +1,72 @@
#
# dshield_30d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Sun Dec 4 13:40:03 UTC 2022
#
# Category : attacks
# Version : 2569
#
# This File Date : Sun Dec 4 14:00:03 UTC 2022
# Update Frequency: 10 mins
# Aggregation : 30 days
# Entries : 42 subnets, 11776 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.57.122.0/24
5.8.18.0/24
5.188.206.0/24
45.95.146.0/23
45.142.192.0/24
45.143.200.0/24
45.143.203.0/24
62.204.41.0/24
62.233.50.0/24
64.62.197.0/24
78.128.112.0/23
80.82.77.0/24
87.246.7.0/24
89.190.156.0/24
89.248.163.0/24
89.248.165.0/24
91.191.209.0/24
91.240.118.0/24
92.63.196.0/23
92.118.39.0/24
94.102.61.0/24
104.156.155.0/24
109.205.213.0/24
138.99.216.0/24
141.255.166.0/24
146.88.240.0/24
154.89.5.0/24
173.214.175.0/24
185.81.68.0/24
185.156.73.0/24
185.196.220.0/24
185.224.128.0/24
192.241.197.0/24
192.241.205.0/24
192.241.206.0/23
192.241.212.0/24
193.56.146.0/24
193.163.125.0/24
194.26.29.0/24
198.235.24.0/24
205.210.31.0/24
213.226.123.0/24

59
dshield_7d.netset Normal file
View File

@ -0,0 +1,59 @@
#
# dshield_7d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Mon Dec 5 15:00:12 UTC 2022
#
# Category : attacks
# Version : 4179
#
# This File Date : Mon Dec 5 15:20:02 UTC 2022
# Update Frequency: 10 mins
# Aggregation : 7 days
# Entries : 29 subnets, 7936 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_7d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.57.122.0/24
5.8.18.0/24
5.188.206.0/24
45.95.146.0/24
45.142.192.0/24
45.143.200.0/24
62.204.41.0/24
62.233.50.0/24
64.62.197.0/24
78.128.112.0/23
80.82.77.0/24
87.246.7.0/24
89.248.163.0/24
89.248.165.0/24
91.191.209.0/24
92.63.196.0/23
92.118.39.0/24
94.102.61.0/24
104.156.155.0/24
146.88.240.0/24
154.89.5.0/24
173.214.175.0/24
185.81.68.0/24
185.156.73.0/24
185.224.128.0/24
192.241.212.0/24
193.163.125.0/24
198.235.24.0/24
205.210.31.0/24

1030
dshield_top_1000.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

74
dyndns_ponmocup.ipset Normal file
View File

@ -0,0 +1,74 @@
#
# dyndns_ponmocup
#
# ipv4 hash:ip ipset
#
# [DynDNS.org]
# (http://security-research.dyndns.org/pub/malware-feeds/)
# Ponmocup. The malware powering the botnet has been around
# since 2006 and its known under various names, including
# Ponmocup, Vundo, Virtumonde, Milicenso and Swisyn. It has
# been used for ad fraud, data theft and downloading
# additional threats to infected systems. Ponmocup is one of
# the largest currently active and, with nine consecutive
# years, also one of the longest running, but it is rarely
# noticed as the operators take care to keep it operating
# under the radar.
#
# Maintainer : DynDNS.org
# Maintainer URL : http://security-research.dyndns.org/pub/malware-feeds/
# List source URL : http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv
# Source File Date: Wed May 8 19:28:05 UTC 2024
#
# Category : malware
# Version : 2061
#
# This File Date : Wed May 8 19:52:26 UTC 2024
# Update Frequency: 1 day
# Aggregation : none
# Entries : 35 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dyndns_ponmocup
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
3.19.116.195
3.94.41.167
31.11.36.8
34.205.242.146
52.71.57.184
54.153.111.129
64.70.19.52
66.96.149.32
69.30.245.146
69.61.26.162
72.167.78.221
74.208.236.248
77.111.240.50
78.47.71.170
79.124.76.10
82.118.24.217
85.13.140.101
94.130.190.96
94.152.142.140
122.201.84.241
144.76.45.43
162.255.166.188
172.67.165.25
173.209.47.104
173.254.30.178
192.99.161.26
199.67.250.59
203.174.34.49
206.188.193.120
213.186.33.18
213.186.33.19
217.76.132.246
217.160.0.152
217.160.0.225
217.160.0.240

608
esentire_14072015_com.ipset Normal file
View File

@ -0,0 +1,608 @@
#
# esentire_14072015_com
#
# ipv4 hash:ip ipset
#
# Malicious Botnet Serving Various Malware Families
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/14072015.com_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:14 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:50 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 579 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_14072015_com
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.175.3.90
2.133.85.150
5.1.2.227
5.56.25.29
5.105.50.179
5.105.52.34
5.105.130.241
5.140.106.180
5.143.150.71
5.149.216.46
5.248.99.180
5.248.124.161
5.248.140.201
5.248.141.34
5.248.144.87
5.248.165.65
5.248.194.148
5.248.196.203
5.248.254.4
10.1.120.31
10.1.120.34
23.243.180.132
24.193.190.169
24.214.18.167
31.41.116.88
31.43.4.212
31.43.28.113
31.43.61.73
31.43.82.41
31.43.102.34
31.43.132.156
31.128.74.100
31.128.104.215
31.129.94.180
31.129.95.173
31.129.109.172
31.129.110.6
31.131.101.222
31.131.108.202
31.131.115.55
31.133.66.75
31.133.68.81
31.135.130.27
31.170.130.120
31.170.152.131
31.170.178.179
31.202.176.54
31.207.167.5
36.237.101.56
37.1.58.55
37.25.119.138
37.25.123.252
37.25.126.4
37.54.161.154
37.57.27.184
37.57.37.69
37.57.240.152
37.57.246.121
37.115.15.172
37.115.20.149
37.115.93.155
37.139.165.201
37.143.88.42
37.221.142.213
37.229.13.98
37.229.24.30
46.33.225.80
46.37.197.144
46.46.79.62
46.46.90.65
46.46.96.199
46.63.35.252
46.63.59.44
46.98.1.8
46.98.75.118
46.98.78.188
46.98.97.89
46.98.97.130
46.98.100.46
46.98.113.153
46.98.132.170
46.98.152.107
46.98.203.70
46.98.204.117
46.98.204.188
46.98.213.95
46.98.220.186
46.98.247.222
46.98.254.210
46.118.23.179
46.118.51.117
46.118.54.10
46.118.69.177
46.118.81.195
46.118.84.37
46.118.147.106
46.118.149.108
46.118.158.172
46.118.178.113
46.118.253.204
46.119.0.170
46.119.11.137
46.119.16.18
46.119.17.234
46.119.76.220
46.119.105.213
46.119.173.111
46.119.179.81
46.119.195.170
46.119.209.176
46.146.132.76
46.148.180.102
46.150.8.215
46.150.91.176
46.151.248.27
46.151.253.25
46.160.99.66
46.160.113.116
46.164.188.85
46.172.192.160
46.172.209.208
46.172.212.54
46.173.77.180
46.173.84.239
46.174.240.33
46.174.246.197
46.175.77.227
46.175.137.124
46.185.81.27
46.185.107.224
46.200.44.135
46.201.77.153
46.211.18.203
46.211.27.11
46.211.28.176
46.211.53.116
46.211.74.218
46.211.88.32
46.211.195.139
46.211.217.205
46.211.235.48
46.211.235.195
46.211.238.141
46.250.4.228
46.250.15.111
46.250.17.227
46.250.120.231
54.83.4.26
54.235.166.93
62.16.38.131
62.84.253.186
62.122.93.147
69.84.107.186
70.51.44.188
71.3.191.208
71.61.172.133
71.182.234.109
71.226.78.56
72.53.89.52
73.36.213.39
73.128.180.27
73.172.10.82
74.134.99.228
77.89.226.21
77.91.184.71
77.109.58.50
77.109.58.246
77.120.153.195
77.120.155.24
77.121.59.193
77.121.83.134
77.121.172.23
77.121.186.193
77.121.214.247
77.121.248.109
77.121.248.142
77.122.27.116
77.122.48.50
77.122.50.141
77.122.117.112
77.122.121.122
77.122.150.135
77.122.153.68
77.122.184.9
77.122.184.233
77.122.225.133
77.122.225.173
77.122.232.43
77.123.33.194
77.123.73.204
77.123.222.54
77.247.21.163
77.247.23.79
78.30.226.103
78.111.243.83
78.137.16.80
78.137.21.217
78.137.42.84
78.137.45.30
78.137.45.113
78.162.208.223
78.169.94.241
79.112.62.143
79.113.160.90
79.132.3.138
79.135.222.84
79.142.207.184
79.171.124.211
80.245.117.198
80.252.249.153
80.252.250.121
80.252.253.160
81.9.24.250
81.22.139.55
81.22.141.34
83.99.245.186
83.167.28.121
83.218.228.46
85.114.216.12
85.198.166.158
85.237.34.129
85.238.101.24
86.125.251.15
87.76.36.212
87.76.53.178
87.76.57.222
87.110.28.220
87.244.34.238
88.135.94.164
88.135.238.111
88.135.251.129
88.156.84.155
88.222.173.33
89.65.63.95
89.66.136.116
89.185.15.235
89.185.21.82
89.185.29.54
91.124.201.223
91.196.81.167
91.198.143.44
91.201.71.41
91.202.133.86
91.209.96.67
91.215.55.41
91.218.74.89
91.219.199.248
91.221.29.181
91.224.253.6
91.225.57.30
91.229.54.147
91.237.14.8
91.243.200.132
91.244.8.216
91.244.24.5
91.244.29.60
91.244.36.90
91.244.37.3
92.52.177.95
92.52.186.215
92.112.58.245
92.113.69.127
92.243.113.105
92.244.103.244
92.244.116.165
92.249.119.9
93.76.66.62
93.76.104.167
93.76.104.241
93.76.164.173
93.77.104.109
93.77.204.131
93.77.220.9
93.78.19.128
93.78.67.85
93.78.163.201
93.78.181.144
93.79.34.155
93.79.111.83
93.79.168.251
93.79.241.161
93.114.246.153
93.118.90.170
93.118.202.150
93.127.3.177
93.127.16.170
93.127.119.6
93.170.50.15
93.170.50.91
93.170.51.47
93.170.152.201
93.170.153.170
93.170.155.207
93.181.197.194
93.181.211.186
93.183.243.116
93.185.211.46
94.45.73.242
94.45.92.6
94.45.140.60
94.76.65.93
94.76.121.245
94.76.127.113
94.154.35.51
94.158.43.155
94.178.84.198
94.178.129.75
94.178.230.215
94.181.80.232
94.181.160.141
94.231.70.97
94.231.71.95
94.231.184.85
94.232.76.137
94.232.78.220
94.244.48.229
94.244.141.40
95.47.28.117
95.47.128.209
95.57.228.161
95.67.46.154
95.67.75.154
95.77.219.240
95.81.247.208
95.87.84.203
95.105.11.115
95.105.249.36
95.132.207.171
95.134.158.152
95.135.17.8
95.135.69.19
95.135.213.151
95.164.40.91
95.173.33.100
95.215.118.45
97.75.107.134
98.27.145.224
100.3.73.52
100.6.61.161
104.162.93.136
107.4.129.77
107.15.99.91
108.29.104.102
108.54.179.254
109.72.120.184
109.86.147.39
109.86.206.111
109.86.210.227
109.86.230.210
109.86.234.51
109.87.3.16
109.87.68.203
109.87.120.8
109.87.165.28
109.87.187.170
109.87.205.126
109.87.209.171
109.87.249.48
109.104.177.13
109.104.189.67
109.108.233.47
109.122.19.239
109.162.68.86
109.162.91.114
109.185.112.235
109.200.141.15
109.200.230.5
109.200.240.83
109.200.248.30
109.207.205.3
109.227.67.70
109.227.117.230
109.227.120.202
109.229.19.28
109.229.19.84
109.237.47.9
109.251.77.14
109.251.107.244
109.251.126.134
109.254.33.29
109.254.108.51
113.252.179.249
119.246.242.148
123.110.207.41
134.249.12.41
134.249.17.76
134.249.24.249
134.249.40.43
134.249.42.37
134.249.73.124
134.249.78.208
134.249.149.69
134.249.238.140
141.101.3.36
141.101.19.13
141.138.115.144
151.0.12.101
151.0.57.159
159.224.247.95
173.51.221.110
173.71.98.228
173.224.248.55
176.8.33.121
176.8.51.96
176.8.140.178
176.8.209.58
176.8.253.189
176.36.17.197
176.36.186.138
176.37.147.11
176.37.234.30
176.38.40.16
176.38.95.43
176.38.106.4
176.38.125.64
176.73.13.72
176.73.173.163
176.98.20.110
176.99.112.249
176.99.126.224
176.103.202.65
176.104.10.54
176.104.46.61
176.104.171.139
176.106.31.227
176.107.198.34
176.109.75.175
176.109.238.102
176.109.238.201
176.110.22.247
176.111.36.66
176.111.41.206
176.111.184.13
176.113.149.167
176.113.249.15
176.113.251.172
176.113.255.207
176.114.37.72
176.114.45.237
176.117.64.103
176.118.146.15
176.122.107.41
176.122.107.221
176.124.8.118
176.124.12.180
176.124.13.103
176.124.239.170
176.195.156.193
176.212.209.85
176.241.155.43
178.54.238.73
178.74.194.82
178.74.214.9
178.74.228.191
178.94.49.166
178.94.52.156
178.136.122.47
178.136.130.171
178.136.131.30
178.136.229.208
178.137.11.129
178.137.66.0
178.137.82.42
178.137.140.96
178.137.224.117
178.137.242.146
178.137.243.182
178.137.251.70
178.150.112.132
178.150.114.140
178.150.153.18
178.150.184.9
178.150.195.215
178.150.196.136
178.150.213.134
178.151.11.33
178.151.23.241
178.151.24.112
178.151.34.85
178.151.73.157
178.151.105.24
178.151.116.140
178.151.144.68
178.151.161.143
178.151.175.121
178.151.194.16
178.151.197.61
178.158.131.20
178.158.148.195
178.158.203.91
178.159.113.114
178.164.145.39
178.165.6.62
178.165.44.250
178.165.83.3
178.165.113.39
178.213.169.171
178.213.190.164
178.215.185.23
178.215.191.156
178.216.2.64
178.216.225.249
181.165.34.50
184.144.198.231
185.6.184.146
185.10.3.232
185.28.193.193
185.28.193.195
185.35.102.6
188.0.122.38
188.0.125.41
188.26.120.193
188.43.105.49
188.122.2.225
188.130.192.163
188.190.65.214
188.190.76.247
188.190.90.148
188.190.200.145
188.190.203.178
188.190.213.100
188.190.214.24
188.230.15.191
188.230.31.190
188.230.65.72
188.230.75.141
188.230.84.45
188.231.147.199
188.239.2.247
188.239.91.46
189.219.75.244
190.137.215.190
192.168.114.199
193.93.216.149
193.107.135.125
193.107.227.46
193.108.49.57
193.111.188.230
193.189.127.121
194.8.156.226
194.8.159.12
194.44.2.22
194.44.2.75
194.44.37.3
194.44.113.79
194.44.250.92
194.116.195.132
195.58.254.206
195.64.143.36
195.114.149.110
195.114.157.81
195.135.236.138
195.191.247.98
195.225.228.156
200.116.20.61
212.15.151.42
212.22.192.224
212.28.84.202
212.80.56.118
212.92.246.198
212.115.243.25
212.142.90.46
213.111.137.90
213.111.138.73
213.111.151.140
213.111.161.210
213.111.163.0
213.111.184.48
213.111.203.203
213.111.248.124
213.130.8.151
213.142.49.167
213.231.22.235
213.231.39.31
217.24.64.168
217.30.203.39
217.67.67.229
217.73.85.49
217.73.85.156

604
esentire_14072015q_com.ipset Normal file
View File

@ -0,0 +1,604 @@
#
# esentire_14072015q_com
#
# ipv4 hash:ip ipset
#
# Malicious Botnet Serving Various Malware Families
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/14072015q.com_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:14 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:50 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 575 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_14072015q_com
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.175.3.90
2.133.85.150
5.1.2.227
5.56.25.29
5.105.50.179
5.105.52.34
5.105.130.241
5.140.106.180
5.143.150.71
5.149.216.46
5.248.99.180
5.248.124.161
5.248.140.201
5.248.141.34
5.248.144.87
5.248.194.148
5.248.196.203
5.248.254.4
10.1.120.31
10.1.120.34
23.243.180.132
24.193.190.169
24.214.18.167
31.41.116.88
31.43.4.212
31.43.28.113
31.43.61.73
31.43.82.41
31.43.102.34
31.43.132.156
31.128.74.100
31.128.104.215
31.129.94.180
31.129.95.173
31.129.109.172
31.129.110.6
31.131.101.222
31.131.108.202
31.131.115.55
31.133.66.75
31.133.68.81
31.135.130.27
31.170.130.120
31.170.152.131
31.170.178.179
31.202.176.54
31.207.167.5
36.237.101.56
37.1.58.55
37.25.119.138
37.25.123.252
37.25.126.4
37.54.161.154
37.57.27.184
37.57.37.69
37.57.240.152
37.57.246.121
37.115.15.172
37.115.20.149
37.115.93.155
37.139.165.201
37.143.88.42
37.221.142.213
37.229.13.98
37.229.24.30
46.33.225.80
46.37.197.144
46.46.79.62
46.46.90.65
46.46.96.199
46.63.35.252
46.63.59.44
46.98.1.8
46.98.75.118
46.98.78.188
46.98.97.89
46.98.97.130
46.98.100.46
46.98.113.153
46.98.132.170
46.98.152.107
46.98.203.70
46.98.204.188
46.98.213.95
46.98.220.186
46.98.247.222
46.98.254.210
46.118.23.179
46.118.51.117
46.118.54.10
46.118.69.177
46.118.81.195
46.118.84.37
46.118.147.106
46.118.149.108
46.118.158.172
46.118.178.113
46.118.253.204
46.119.0.170
46.119.11.137
46.119.16.18
46.119.17.234
46.119.76.220
46.119.105.213
46.119.173.111
46.119.179.81
46.119.195.170
46.119.209.176
46.146.132.76
46.148.180.102
46.150.8.215
46.150.91.176
46.151.248.27
46.151.253.25
46.160.99.66
46.160.113.116
46.164.188.85
46.172.192.160
46.172.209.208
46.172.212.54
46.173.77.180
46.173.84.239
46.174.240.33
46.174.246.197
46.175.77.227
46.175.137.124
46.185.81.27
46.185.107.224
46.200.44.135
46.201.77.153
46.211.18.203
46.211.27.11
46.211.28.176
46.211.53.116
46.211.74.218
46.211.88.32
46.211.195.139
46.211.217.205
46.211.235.48
46.211.238.141
46.250.4.228
46.250.15.111
46.250.17.227
46.250.120.231
54.83.4.26
54.235.166.93
62.16.38.131
62.84.253.186
62.122.93.147
69.84.107.186
70.51.44.188
71.3.191.208
71.61.172.133
71.182.234.109
71.226.78.56
72.53.89.52
73.36.213.39
73.128.180.27
73.172.10.82
74.134.99.228
77.89.226.21
77.91.184.71
77.109.58.50
77.109.58.246
77.120.153.195
77.120.155.24
77.121.59.193
77.121.83.134
77.121.172.23
77.121.186.193
77.121.214.247
77.121.248.109
77.121.248.142
77.122.27.116
77.122.48.50
77.122.50.141
77.122.117.112
77.122.121.122
77.122.150.135
77.122.153.68
77.122.184.9
77.122.184.233
77.122.225.133
77.122.225.173
77.122.232.43
77.123.33.194
77.123.73.204
77.123.222.54
77.247.21.163
77.247.23.79
78.30.226.103
78.111.243.83
78.137.16.80
78.137.21.217
78.137.42.84
78.137.45.30
78.137.45.113
78.162.208.223
78.169.94.241
79.112.62.143
79.113.160.90
79.132.3.138
79.135.222.84
79.142.207.184
79.171.124.211
80.245.117.198
80.252.249.153
80.252.250.121
80.252.253.160
81.9.24.250
81.22.139.55
81.22.141.34
83.99.245.186
83.167.28.121
83.218.228.46
85.114.216.12
85.198.166.158
85.237.34.129
85.238.101.24
86.125.251.15
87.76.36.212
87.76.53.178
87.76.57.222
87.110.28.220
87.244.34.238
88.135.94.164
88.135.238.111
88.135.251.129
88.156.84.155
88.222.173.33
89.65.63.95
89.66.136.116
89.185.15.235
89.185.21.82
89.185.29.54
91.124.201.223
91.196.81.167
91.198.143.44
91.201.71.41
91.202.133.86
91.209.96.67
91.215.55.41
91.218.74.89
91.219.199.248
91.221.29.181
91.224.253.6
91.225.57.30
91.229.54.147
91.237.14.8
91.243.200.132
91.244.8.216
91.244.24.5
91.244.29.60
91.244.36.90
91.244.37.3
92.52.177.95
92.52.186.215
92.112.58.245
92.113.69.127
92.243.113.105
92.244.103.244
92.244.116.165
92.249.119.9
93.76.66.62
93.76.104.167
93.76.104.241
93.76.164.173
93.77.104.109
93.77.204.131
93.77.220.9
93.78.19.128
93.78.67.85
93.78.163.201
93.78.181.144
93.79.34.155
93.79.111.83
93.79.168.251
93.79.241.161
93.114.246.153
93.118.90.170
93.118.202.150
93.127.3.177
93.127.16.170
93.127.119.6
93.170.50.15
93.170.50.91
93.170.51.47
93.170.152.201
93.170.153.170
93.170.155.207
93.181.197.194
93.181.211.186
93.183.243.116
93.185.211.46
94.45.73.242
94.45.140.60
94.76.65.93
94.76.121.245
94.76.127.113
94.154.35.51
94.158.43.155
94.178.84.198
94.178.129.75
94.178.230.215
94.181.80.232
94.181.160.141
94.231.70.97
94.231.71.95
94.231.184.85
94.232.76.137
94.232.78.220
94.244.48.229
94.244.141.40
95.47.28.117
95.47.128.209
95.57.228.161
95.67.46.154
95.67.75.154
95.77.219.240
95.81.247.208
95.87.84.203
95.105.11.115
95.105.249.36
95.132.207.171
95.134.158.152
95.135.17.8
95.135.69.19
95.135.213.151
95.164.40.91
95.173.33.100
95.215.118.45
97.75.107.134
98.27.145.224
100.3.73.52
100.6.61.161
104.162.93.136
107.4.129.77
107.15.99.91
108.29.104.102
108.54.179.254
109.72.120.184
109.86.147.39
109.86.206.111
109.86.210.227
109.86.230.210
109.86.234.51
109.87.3.16
109.87.68.203
109.87.120.8
109.87.165.28
109.87.187.170
109.87.205.126
109.87.209.171
109.87.249.48
109.104.177.13
109.104.189.67
109.108.233.47
109.122.19.239
109.162.68.86
109.162.91.114
109.185.112.235
109.200.141.15
109.200.230.5
109.200.240.83
109.200.248.30
109.207.205.3
109.227.67.70
109.227.117.230
109.227.120.202
109.229.19.28
109.229.19.84
109.237.47.9
109.251.77.14
109.251.107.244
109.251.126.134
109.254.33.29
109.254.108.51
113.252.179.249
119.246.242.148
123.110.207.41
134.249.12.41
134.249.17.76
134.249.24.249
134.249.40.43
134.249.42.37
134.249.73.124
134.249.78.208
134.249.149.69
134.249.238.140
141.101.3.36
141.101.19.13
141.138.115.144
151.0.12.101
151.0.57.159
159.224.247.95
173.51.221.110
173.71.98.228
173.224.248.55
176.8.33.121
176.8.51.96
176.8.140.178
176.8.209.58
176.8.253.189
176.36.17.197
176.36.186.138
176.37.147.11
176.37.234.30
176.38.40.16
176.38.95.43
176.38.106.4
176.38.125.64
176.73.13.72
176.73.173.163
176.98.20.110
176.99.112.249
176.99.126.224
176.103.202.65
176.104.10.54
176.104.46.61
176.104.171.139
176.106.31.227
176.107.198.34
176.109.75.175
176.109.238.102
176.109.238.201
176.110.22.247
176.111.36.66
176.111.41.206
176.111.184.13
176.113.149.167
176.113.249.15
176.113.251.172
176.113.255.207
176.114.37.72
176.114.45.237
176.117.64.103
176.118.146.15
176.122.107.41
176.122.107.221
176.124.8.118
176.124.12.180
176.124.13.103
176.124.239.170
176.195.156.193
176.212.209.85
176.241.155.43
178.54.238.73
178.74.194.82
178.74.214.9
178.74.228.191
178.94.49.166
178.94.52.156
178.136.122.47
178.136.130.171
178.136.131.30
178.136.229.208
178.137.11.129
178.137.66.0
178.137.82.42
178.137.140.96
178.137.224.117
178.137.242.146
178.137.243.182
178.137.251.70
178.150.112.132
178.150.114.140
178.150.153.18
178.150.184.9
178.150.195.215
178.150.196.136
178.150.213.134
178.151.11.33
178.151.23.241
178.151.24.112
178.151.34.85
178.151.73.157
178.151.105.24
178.151.116.140
178.151.144.68
178.151.161.143
178.151.175.121
178.151.194.16
178.151.197.61
178.158.131.20
178.158.148.195
178.158.203.91
178.159.113.114
178.164.145.39
178.165.6.62
178.165.44.250
178.165.83.3
178.165.113.39
178.213.169.171
178.213.190.164
178.215.185.23
178.215.191.156
178.216.2.64
178.216.225.249
181.165.34.50
184.144.198.231
185.6.184.146
185.10.3.232
185.28.193.193
185.28.193.195
185.35.102.6
188.0.122.38
188.0.125.41
188.26.120.193
188.43.105.49
188.122.2.225
188.130.192.163
188.190.65.214
188.190.76.247
188.190.90.148
188.190.200.145
188.190.203.178
188.190.213.100
188.190.214.24
188.230.15.191
188.230.31.190
188.230.65.72
188.230.75.141
188.230.84.45
188.231.147.199
188.239.2.247
188.239.91.46
189.219.75.244
190.137.215.190
192.168.114.199
193.93.216.149
193.107.135.125
193.107.227.46
193.108.49.57
193.111.188.230
193.189.127.121
194.8.156.226
194.8.159.12
194.44.2.22
194.44.2.75
194.44.37.3
194.44.113.79
194.44.250.92
194.116.195.132
195.58.254.206
195.64.143.36
195.114.149.110
195.114.157.81
195.135.236.138
195.191.247.98
195.225.228.156
200.116.20.61
212.15.151.42
212.22.192.224
212.28.84.202
212.80.56.118
212.92.246.198
212.115.243.25
212.142.90.46
213.111.137.90
213.111.138.73
213.111.151.140
213.111.161.210
213.111.163.0
213.111.184.48
213.111.203.203
213.111.248.124
213.130.8.151
213.142.49.167
213.231.22.235
213.231.39.31
217.24.64.168
217.30.203.39
217.67.67.229
217.73.85.49
217.73.85.156

1319
esentire_22072014a_com.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1317
esentire_22072014b_com.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1318
esentire_22072014c_com.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

36
esentire_atomictrivia_ru.ipset Normal file
View File

@ -0,0 +1,36 @@
#
# esentire_atomictrivia_ru
#
# ipv4 hash:ip ipset
#
# Andromeda/Gamarue Checkin
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/atomictrivia.ru_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:13 UTC 2018
#
# Category : malware
# Version : 11
#
# This File Date : Thu Jun 7 00:08:51 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 7 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_atomictrivia_ru
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
46.4.114.61
54.83.4.26
54.235.166.93
95.213.192.71
176.9.48.86
176.9.82.215
178.63.12.207

1335
esentire_auth_update_ru.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

2580
esentire_burmundisoul_ru.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

18642
esentire_crazyerror_su.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

546
esentire_dagestanskiiviskis_ru.ipset Normal file
View File

@ -0,0 +1,546 @@
#
# esentire_dagestanskiiviskis_ru
#
# ipv4 hash:ip ipset
#
# Ursnif Variant CnC
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/dagestanskiiviskis.ru_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:15 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:51 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 517 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_dagestanskiiviskis_ru
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.62.23.234
5.2.216.120
5.12.168.83
5.14.69.38
5.14.172.95
5.79.191.198
5.105.98.241
5.105.130.241
5.136.100.50
5.143.140.236
5.143.166.83
5.153.129.193
5.164.66.183
5.164.207.221
5.165.232.191
5.167.9.135
5.189.221.99
5.199.233.176
5.228.106.212
5.248.51.11
5.248.58.154
5.248.106.201
5.248.124.161
5.248.126.218
5.248.175.139
5.248.186.248
5.248.198.111
5.248.235.69
5.248.242.211
5.255.161.252
14.42.158.45
24.70.124.49
24.96.222.4
24.136.95.254
31.6.123.150
31.6.125.172
31.8.144.14
31.8.161.217
31.8.175.111
31.23.21.219
31.41.116.88
31.42.125.15
31.43.75.153
31.44.11.217
31.47.122.245
31.47.167.142
31.128.44.20
31.128.74.100
31.128.104.215
31.129.95.173
31.131.101.222
31.131.137.63
31.133.77.119
31.134.21.170
31.134.69.230
31.135.38.197
31.135.48.147
31.135.114.203
31.135.133.237
31.135.136.176
31.162.8.8
31.170.130.120
31.170.152.131
31.202.223.141
31.207.178.78
31.207.228.197
31.207.229.67
37.1.128.96
37.19.78.212
37.21.23.21
37.25.109.92
37.25.114.125
37.25.116.19
37.25.117.182
37.46.249.235
37.54.230.239
37.57.28.153
37.57.37.69
37.57.240.187
37.113.204.90
37.115.24.106
37.115.90.157
37.115.134.56
37.115.171.164
37.115.231.247
37.194.118.106
37.221.142.213
37.229.43.110
37.229.247.52
37.229.249.54
37.235.161.13
46.0.18.88
46.0.105.75
46.33.240.159
46.33.251.145
46.35.240.81
46.37.197.134
46.43.224.57
46.48.147.97
46.50.179.195
46.63.1.192
46.63.6.16
46.98.18.231
46.98.37.161
46.98.73.53
46.98.86.240
46.98.105.164
46.98.117.134
46.98.202.20
46.98.202.163
46.98.219.38
46.118.29.25
46.118.84.22
46.118.130.60
46.118.155.53
46.118.239.72
46.118.252.166
46.119.35.231
46.119.89.198
46.119.94.122
46.119.155.141
46.119.173.111
46.146.3.235
46.147.179.93
46.148.182.219
46.148.183.5
46.150.91.176
46.162.36.98
46.164.164.200
46.164.170.15
46.164.189.238
46.172.207.21
46.172.232.202
46.172.238.213
46.172.252.79
46.173.74.179
46.175.77.186
46.175.98.254
46.181.215.20
46.185.9.53
46.185.18.158
46.185.51.76
46.185.73.44
46.185.94.136
46.185.119.82
46.211.60.80
46.237.30.185
50.83.33.15
50.161.246.210
61.244.34.238
62.80.161.74
62.84.253.186
62.84.255.35
62.244.60.154
67.161.171.204
73.143.88.158
73.182.13.78
73.209.189.206
74.139.176.131
77.52.183.30
77.75.135.92
77.78.210.179
77.91.184.71
77.93.62.84
77.120.25.214
77.120.159.89
77.120.170.83
77.121.47.43
77.121.58.49
77.121.114.54
77.121.161.66
77.122.125.49
77.122.152.5
77.122.154.230
77.122.189.45
77.122.226.163
77.122.235.183
77.232.214.172
77.239.190.247
78.27.183.113
78.29.101.224
78.96.153.47
78.97.195.40
79.114.76.25
79.116.111.187
79.117.27.88
79.119.76.40
79.119.81.24
79.119.192.205
79.142.200.140
79.171.124.211
80.240.40.174
80.243.155.25
80.252.252.7
80.252.252.171
80.252.255.128
81.9.24.250
81.22.135.82
81.163.46.209
81.163.54.83
81.163.93.101
82.76.65.108
82.77.43.35
82.79.21.91
82.209.117.176
83.234.253.227
84.53.214.22
84.117.156.67
84.232.210.248
85.237.35.122
86.100.133.94
86.121.248.49
86.124.111.205
86.125.184.115
86.125.231.223
88.85.206.166
88.135.121.221
88.203.3.130
88.233.78.205
89.32.218.56
89.42.87.41
89.121.205.190
89.185.10.36
89.252.7.39
89.252.8.138
89.252.41.9
91.104.21.62
91.190.235.194
91.198.143.44
91.204.250.227
91.211.175.7
91.218.89.197
91.219.251.28
91.221.179.42
91.225.161.106
91.225.161.207
91.237.14.19
91.241.227.106
91.243.218.240
91.244.12.138
91.246.7.211
92.52.165.90
92.52.181.125
92.52.188.52
92.113.29.192
92.113.143.87
92.248.135.141
92.248.136.100
92.248.216.12
92.248.242.249
92.249.212.75
93.76.72.58
93.76.104.226
93.76.164.173
93.76.181.42
93.76.205.64
93.77.115.10
93.77.204.131
93.77.221.41
93.78.54.197
93.78.96.225
93.78.217.148
93.79.24.199
93.79.65.222
93.79.168.251
93.79.199.156
93.79.200.105
93.88.57.78
93.113.90.28
93.113.176.105
93.118.209.118
93.119.139.39
93.119.155.220
93.124.44.131
93.127.89.112
93.170.153.170
93.171.21.27
93.171.253.155
93.183.246.105
94.28.137.173
94.45.92.6
94.45.140.60
94.76.65.93
94.76.127.113
94.125.51.117
94.179.47.27
94.181.97.145
94.240.165.141
94.243.14.31
94.244.141.40
94.253.13.174
95.67.46.154
95.67.75.154
95.79.217.131
95.105.249.36
95.106.203.206
95.106.214.42
95.110.24.171
95.139.66.62
95.139.212.72
95.139.253.60
95.190.15.238
95.190.16.138
95.215.209.73
96.50.181.81
98.116.11.226
100.6.61.161
104.162.93.136
107.15.99.91
108.7.231.42
108.183.203.14
109.63.193.84
109.86.76.58
109.86.143.188
109.86.230.210
109.86.234.51
109.87.131.54
109.87.148.237
109.87.165.28
109.87.204.143
109.87.249.48
109.104.189.67
109.105.78.238
109.120.5.115
109.161.41.46
109.162.118.190
109.184.213.234
109.196.71.193
109.200.230.148
109.200.232.184
109.201.76.89
109.201.198.206
109.227.200.151
109.236.217.151
109.251.77.14
109.251.148.252
109.254.58.99
109.254.108.51
109.254.116.68
113.252.180.74
119.247.219.135
123.202.249.155
130.204.240.145
134.249.30.72
134.249.31.13
134.249.81.148
136.169.169.63
136.169.169.197
145.249.167.167
146.120.25.65
151.0.61.118
151.249.101.99
159.224.62.162
159.224.101.52
159.224.140.219
159.224.253.208
176.36.23.31
176.36.68.13
176.36.174.59
176.36.202.68
176.37.109.5
176.37.122.224
176.37.172.33
176.49.142.86
176.77.24.129
176.77.111.200
176.98.2.232
176.99.106.204
176.99.176.112
176.101.193.179
176.101.207.64
176.102.211.159
176.103.205.207
176.104.41.120
176.104.102.59
176.104.185.139
176.105.131.208
176.106.31.227
176.113.246.139
176.113.251.1
176.114.44.50
176.116.221.106
176.116.221.246
176.116.222.84
176.117.72.184
176.118.113.253
176.124.13.36
176.195.253.219
176.210.68.73
176.212.97.227
176.212.185.229
176.213.67.155
176.213.75.210
176.213.239.205
176.213.253.173
176.226.147.109
178.34.19.159
178.35.161.136
178.45.197.114
178.46.96.169
178.54.167.147
178.54.182.27
178.74.203.125
178.93.163.70
178.136.222.214
178.136.241.135
178.137.11.129
178.137.61.90
178.137.80.252
178.137.82.42
178.137.115.109
178.137.156.59
178.137.158.86
178.137.186.180
178.137.213.13
178.137.224.117
178.150.172.207
178.150.213.134
178.151.11.33
178.151.73.157
178.151.114.33
178.151.139.25
178.151.144.68
178.151.241.177
178.158.148.195
178.158.201.252
178.158.228.24
178.159.113.246
178.165.36.80
178.165.98.17
178.165.106.161
178.165.107.138
178.206.127.150
178.207.168.102
178.211.185.203
178.217.163.77
178.219.253.37
178.234.243.161
178.234.247.85
181.45.0.138
185.17.17.111
185.22.17.85
185.27.103.79
185.86.3.171
187.240.23.29
188.0.122.38
188.0.125.41
188.18.80.50
188.24.15.92
188.24.182.130
188.25.68.106
188.25.185.202
188.27.58.58
188.27.224.223
188.27.236.220
188.75.198.19
188.75.240.44
188.75.243.36
188.123.45.117
188.168.146.203
188.190.66.19
188.190.67.242
188.190.195.238
188.191.235.161
188.191.238.171
188.191.239.79
188.209.109.154
188.212.158.206
188.230.84.45
188.231.147.199
188.231.244.193
188.234.116.93
188.234.119.59
188.239.6.96
188.239.21.192
188.240.0.34
188.241.106.118
188.241.131.14
188.242.4.131
188.255.93.37
190.19.48.93
190.190.179.2
192.162.232.198
192.166.113.83
193.111.188.230
193.242.156.56
193.254.233.26
195.18.43.216
195.160.220.110
197.7.101.165
197.9.198.102
204.195.156.186
212.2.142.108
212.3.107.202
212.21.7.79
212.22.192.224
212.34.126.162
212.91.214.42
212.92.225.115
212.92.240.222
212.92.254.38
212.115.239.200
212.115.250.13
213.111.140.203
213.111.155.155
213.111.167.62
213.111.168.163
213.111.232.28
213.111.251.240
213.154.205.150
213.231.10.126
213.231.15.11
213.231.28.245
213.231.61.231
217.73.81.60
217.73.85.49
217.73.93.154

41
esentire_differentia_ru.ipset Normal file
View File

@ -0,0 +1,41 @@
#
# esentire_differentia_ru
#
# ipv4 hash:ip ipset
#
# Malicious Botnet Serving Various Malware Families
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/differentia.ru_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:10 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:49 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 12 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_differentia_ru
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
46.4.114.61
54.83.4.26
54.235.166.93
95.213.186.51
95.213.192.71
109.70.26.37
109.206.186.164
176.9.48.86
176.9.82.215
176.9.174.220
178.63.12.207
194.85.61.76

36
esentire_disorderstatus_ru.ipset Normal file
View File

@ -0,0 +1,36 @@
#
# esentire_disorderstatus_ru
#
# ipv4 hash:ip ipset
#
# Malicious Botnet Serving Various Malware Families
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/disorderstatus.ru_watch_ip.lst
# Source File Date: Wed Jun 6 11:52:13 UTC 2018
#
# Category : malware
# Version : 6
#
# This File Date : Thu Jun 7 00:08:50 UTC 2018
# Update Frequency: 1 day
# Aggregation : none
# Entries : 7 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_disorderstatus_ru
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
46.4.114.61
54.83.4.26
54.235.166.93
95.213.192.71
109.206.186.164
176.9.48.86
176.9.82.215

Some files were not shown because too many files have changed in this diff Show More