Robot
/
blocklist-ipsets
mirror of https://github.com/firehol/blocklist-ipsets.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sun Oct 15 10:29:05 UTC 2017 update

This commit is contained in:
Costa Tsaousis 2017-10-15 06:31:37 +01:00
commit f0eea97403
1349 changed files with 7479731 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
.gitignore vendored Normal file
View File

@ -0,0 +1,105 @@
bogons.netset
.cache
.cache.old
dragon_http.netset
dragon_*.ipset
dragon_*.netset
dragon_sshpauth.netset
dragon_vncprobe.netset
dronebl_anonymizers.netset
dronebl_auto_botnets.netset
dronebl_autorooting_worms.netset
dronebl_compromised.netset
dronebl_ddos_drones.netset
dronebl_dns_mx_on_irc.netset
dronebl_*.ipset
dronebl_irc_drones.netset
dronebl_*.netset
dronebl_unknown.netset
dronebl_worms_bots.netset
errors/
fullbogons.netset
history/
ib_*.ipset
iblocklist_ads.netset
iblocklist_ads.*set
iblocklist_badpeers.ipset
iblocklist_badpeers.*set
iblocklist_bogons.netset
iblocklist_bogons.*set
iblocklist_dshield.netset
iblocklist_dshield.*set
iblocklist_edu.netset
iblocklist_edu.*set
iblocklist_exclusions.netset
iblocklist_exclusions.*set
iblocklist_fornonlancomputers.netset
iblocklist_fornonlancomputers.*set
iblocklist_forumspam.netset
iblocklist_forumspam.*set
iblocklist_hijacked.netset
iblocklist_hijacked.*set
iblocklist_iana_multicast.netset
iblocklist_iana_multicast.*set
iblocklist_iana_private.netset
iblocklist_iana_private.*set
iblocklist_iana_reserved.netset
iblocklist_iana_reserved.*set
iblocklist_level1.netset
iblocklist_level1.*set
iblocklist_level2.netset
iblocklist_level2.*set
iblocklist_level3.netset
iblocklist_level3.*set
iblocklist_org_microsoft.netset
iblocklist_org_microsoft.*set
iblocklist_proxies.ipset
iblocklist_proxies.*set
iblocklist_rangetest.netset
iblocklist_rangetest.*set
iblocklist_spider.netset
iblocklist_spider.*set
iblocklist_spyware.netset
iblocklist_spyware.*set
iblocklist_webexploit.ipset
iblocklist_webexploit.*set
ib_*.netset
iprange*
ipv4_range_to_cidr.awk
*.lastchecked
*.setinfo
sorbs_anonymizers.netset
sorbs_dul.netset
sorbs_escalations.netset
sorbs_*.ipset
sorbs_*.netset
sorbs_new_spam.netset
sorbs_noserver.netset
sorbs_recent_spam.netset
sorbs_smtp.netset
sorbs_web.netset
sorbs_zombie.netset
*.source
*.tmp
update-ipsets*
.warn_if_last_downloaded_before_this
blueliv*.ipset
blueliv*.netset
blueliv_crimeserver_online.ipset
blueliv_crimeserver_recent.ipset
blueliv_crimeserver_last.ipset
blueliv_crimeserver_last_1d.ipset
blueliv_crimeserver_last_2d.ipset
blueliv_crimeserver_last_7d.ipset
blueliv_crimeserver_last_30d.ipset
iblocklist_badpeers.netset
dataplane_sipquery.ipset
dataplane_sshpwauth.ipset
dataplane_sshclient.ipset
dataplane_sipregistration.ipset
dataplane_sipinvitation.ipset
dataplane_vncrfb.ipset
dataplane_dnsrd.ipset
dataplane_dnsrdany.ipset
dataplane_dnsversion.ipset
shunlist.ipset

228
README-EDIT.md Normal file
View File

@ -0,0 +1,228 @@
> Due to the amount of data and the frequency of the updates on this repo,
> github has requested to limit the number of updates.
> The site [https://iplists.firehol.org](https://iplists.firehol.org) has direct links
> to all the files in this repo. **This repo is now updated once per day.**
---
### Contents
- [About this repo](#about-this-repo)
- [Using these ipsets](#using-these-ipsets)
- [Which ones to use?](#which-ones-to-use)
- [Why are open proxy lists included](#why-are-open-proxy-lists-included)
- [Using them in FireHOL](#using-them-in-firehol)
* [Adding the ipsets in your firehol.conf](#adding-the-ipsets-in-your-fireholconf)
* [Updating the ipsets while the firewall is running](#updating-the-ipsets-while-the-firewall-is-running)
- [Dynamic List of ipsets included](#list-of-ipsets-included)
- [Comparison of ipsets](#comparison-of-ipsets)
---
# About this repo
This repository includes a list of ipsets dynamically updated with
[FireHOL](https://github.com/firehol/firehol)'s `update-ipsets.sh`
[documented in this wiki](https://github.com/firehol/blocklist-ipsets/wiki).
This repo is self maintained. It it updated automatically from the script via a cron job.
This repo has a site: [http://iplists.firehol.org](http://iplists.firehol.org).
## Why do we need blocklists?
As time passes and the internet matures in our life, cybercrime is becoming increasingly sophisticated.
Although there are many tools (detection of malware, viruses, intrusion detection and prevention systems,
etc) to help us isolate the bad guys, there are now a lot more than just such attacks.
What is more interesting is that the fraudsters or attackers in many cases are not going to do a direct
damage to you or your systems. They will use you and your systems to gain something else, possibly not
related or indirectly related to your business. Nowadays the attacks cannot be identified easily. They are
distributed and come to our systems from a vast amount of IPs around the world.
To get an idea, check for example the [XRumer](http://en.wikipedia.org/wiki/XRumer) software. This thing
mimics human behavior to post ads, it creates email accounts, responds to emails it receives, bypasses
captchas, it goes gently to stay unnoticed, etc.
To increase our effectiveness we need to complement our security solutions with our shared knowledge, our
shared experience in this fight.
Hopefully, there are many teams out there that do their best to identify the attacks and pinpoint the
attackers. These teams release blocklists. Blocklists of IPs (for use in firewalls), domains & URLs
(for use in proxies), etc.
What we are interested here is IPs.
Using IP blocklists at the internet side of your firewall is a key component of internet security. These
lists share key knowledge between us, allowing us to learn from each other and effectively isolate
fraudsters and attackers from our services.
I decided to upload these lists to a github repo because:
1. They are freely available on the internet. The intention of their creators is to help internet security.
Keep in mind though that a few of these lists may have special licences attached. Before using them, please check their source site for any information regarding proper use.
2. Github provides (via `git pull`) a unified way of updating all the lists together.
Pulling this repo regularly on your machines, you will update all the IP lists at once.
3. Github also provides a unified version control. Using it we can have a history of what each list has
done, which IPs or subnets were added and which were removed.
## DNSBLs
Check also another tool included in FireHOL v3+, called `dnsbl-ipset.sh`.
This tool is capable of creating an ipset based on your traffic by looking up information on DNSBLs and
scoring it according to your preferences.
More information [here](https://github.com/firehol/firehol/wiki/dnsbl-ipset.sh).
---
# Using these ipsets
Please be very careful what you choose to use and how you use it. If you blacklist traffic using these
lists you may end up blocking your users, your customers, even yourself (!) from accessing your services.
1. Go to to the site of each list and read how each list is maintained. You are going to trust these guys for doing their job right.
2. Most sites have either a donation system or commercial lists of higher quality. Try to support them.
3. I have included the TOR network in these lists (`bm_tor`, `dm_tor`, `et_tor`). The TOR network is not necessarily bad and you should not block it if you want to allow your users be anonymous. I have included it because for certain cases, allowing an anonymity network might be a risky thing (such as eCommerce).
4. Apply any blacklist at the internet side of your firewall. Be very careful. The `bogons` and `fullbogons` lists contain private, unrouteable IPs that should not be routed on the internet. If you apply such a blocklist on your DMZ or LAN side, you will be blocked out of your firewall.
5. Always have a whitelist too, containing the IP addresses or subnets you trust. Try to build the rules in such a way that if an IP is in the whitelist, it should not be blocked by these blocklists.
## Which ones to use
### Level 1 - Basic
These are the ones I trust. **Level 1** provides basic security against the most well-known attackers, with the minimum of false positives.
1. **Abuse.ch** lists `feodo`, `palevo`, `sslbl`, `zeus`, `zeus_badips`
These folks are doing a great job tracking crime ware. Their blocklists are very focused.
Keep in mind `zeus` may include some false positives. You can use `zeus_badips` instead.
2. **DShield.org** list `dshield`
It contains the top 20 attacking class C (/24) subnets, over the last three days.
3. **Spamhaus.org** lists `spamhaus_drop`, `spamhaus_edrop`
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
According to Spamhaus.org:
> When implemented at a network or ISP's 'core routers', DROP and EDROP will help protect the network's users from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.
>
> Spamhaus strongly encourages the use of DROP and EDROP by tier-1s and backbones.
Spamhaus is very responsive to adapt these lists when a network owner updates them that the issue has been solved (I had one such incident with one of my users).
4. **Team-Cymru.org** list `bogons` or `fullbogons`
These are lists of IPs that should not be routed on the internet. No one should be using them.
Be very careful to apply either of the two on the internet side of your network.
### Level 2 - Essentials
**Level 2** provide protection against current brute force attacks. This level may have a small percentage of false positives, mainly due to dynamic IPs being re-used by other users.
1. **OpenBL.org** lists `openbl*`
The team of OpenBL tracks brute force attacks on their hosts. They have a very short list for hosts, under their own control, collecting this information, to eliminate false positives.
They suggest to use the default blacklist which has a retention policy of 90 days (`openbl`), but they also provide lists with different retention policies (from 1 day to 1 year).
Their goal is to report abuse to the responsible provider so that the infection is disabled.
2. **Blocklist.de** lists `blocklist_de*`
Is a network of users reporting abuse mainly using `fail2ban`. They eliminate false positives using other lists available. Since they collect information from their users, their lists may be subject to poisoning, or false positives.
I asked them about poisoning. [Here](https://forum.blocklist.de/viewtopic.php?f=4&t=244&sid=847d00d26b0735add3518ff515242cad) you can find their answer. In short, they track it down so that they have an ignorable rate of false positives.
Also, they only include individual IPs (no subnets) which have attacked their users the last 48 hours and their list contains 20.000 to 40.000 IPs (which is small enough considering the size of the internet).
Like `openbl`, their goal is to report abuse back, so that the infection is disabled.
They also provide their blocklist per type of attack (mail, web, etc).
Of course, there are more lists included. You can check them and decide if they fit for your needs.
## Why are open proxy lists included
Of course, I haven't included them for you to use the open proxies. The port the proxy is listening, or the type of proxy, are not included (although most of them use the standard proxy ports and do serve web requests).
If you check the comparisons for the open proxy lists (`ri_connect_proxies`, `ri_web_proxies`, `xroxy`, `proxz`, `proxyrss`, etc)
you will find that they overlap to a great degree with other blocklists, like `blocklist_de`, `stopforumspam`, etc.
> This means the attackers also use open proxies to execute attacks.
So, if you are under attack, blocking the open proxies may help isolate a large part of the attack.
I don't suggest to permanently block IPs using the proxy lists. Their purpose of existence is questionable.
Their quality though may be acceptable, since lot of these sites advertise that they test open proxies before including them in their lists, so that there are no false positives, at least at the time they tested them.
---
## Using them in FireHOL
`update-ipsets.sh` itself does not alter your firewall. It can be used to update ipsets both on disk and in the kernel for any firewall solution you use.
The information below, shows you how to configure FireHOL to use the provides ipsets.
### Adding the ipsets in your firehol.conf
I use something like this:
```sh
# our wan interface
wan="dsl0"
# our whitelist
ipset4 create whitelist hash:net
ipset4 add whitelist A.B.C.D/E # A.B.C.D/E is whitelisted
# subnets - netsets
for x in fullbogons dshield spamhaus_drop spamhaus_edrop
do
ipset4 create ${x} hash:net
ipset4 addfile ${x} ipsets/${x}.netset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
# individual IPs - ipsets
for x in feodo palevo sslbl zeus openbl blocklist_de
do
ipset4 create ${x} hash:ip
ipset4 addfile ${x} ipsets/${x}.ipset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
... rest of firehol.conf ...
```
If you are concerned about iptables performance, change the `blacklist4` keyword `full` to `input`.
This will block only inbound NEW connections, i.e. only the first packet for every NEW inbound connection will be checked.
All other traffic passes through unchecked.
> Before adding these rules to your `firehol.conf` you should run `update-ipsets.sh` to enable them.
### Updating the ipsets while the firewall is running
Just use the `update-ipsets.sh` script from the firehol distribution.
This script will update each ipset and call firehol to update the ipset while the firewall is running.
> You can add `update-ipsets.sh` to cron, to run every 10 mins. `update-ipsets.sh` is smart enough to download
> a list only when it needs to.
---
# List of ipsets included

672
README.md Normal file
View File

@ -0,0 +1,672 @@
> Due to the amount of data and the frequency of the updates on this repo,
> github has requested to limit the number of updates.
> The site [https://iplists.firehol.org](https://iplists.firehol.org) has direct links
> to all the files in this repo. **This repo is now updated once per day.**
---
### Contents
- [About this repo](#about-this-repo)
- [Using these ipsets](#using-these-ipsets)
- [Which ones to use?](#which-ones-to-use)
- [Why are open proxy lists included](#why-are-open-proxy-lists-included)
- [Using them in FireHOL](#using-them-in-firehol)
* [Adding the ipsets in your firehol.conf](#adding-the-ipsets-in-your-fireholconf)
* [Updating the ipsets while the firewall is running](#updating-the-ipsets-while-the-firewall-is-running)
- [Dynamic List of ipsets included](#list-of-ipsets-included)
- [Comparison of ipsets](#comparison-of-ipsets)
---
# About this repo
This repository includes a list of ipsets dynamically updated with
[FireHOL](https://github.com/firehol/firehol)'s `update-ipsets.sh`
[documented in this wiki](https://github.com/firehol/blocklist-ipsets/wiki).
This repo is self maintained. It it updated automatically from the script via a cron job.
This repo has a site: [http://iplists.firehol.org](http://iplists.firehol.org).
## Why do we need blocklists?
As time passes and the internet matures in our life, cybercrime is becoming increasingly sophisticated.
Although there are many tools (detection of malware, viruses, intrusion detection and prevention systems,
etc) to help us isolate the bad guys, there are now a lot more than just such attacks.
What is more interesting is that the fraudsters or attackers in many cases are not going to do a direct
damage to you or your systems. They will use you and your systems to gain something else, possibly not
related or indirectly related to your business. Nowadays the attacks cannot be identified easily. They are
distributed and come to our systems from a vast amount of IPs around the world.
To get an idea, check for example the [XRumer](http://en.wikipedia.org/wiki/XRumer) software. This thing
mimics human behavior to post ads, it creates email accounts, responds to emails it receives, bypasses
captchas, it goes gently to stay unnoticed, etc.
To increase our effectiveness we need to complement our security solutions with our shared knowledge, our
shared experience in this fight.
Hopefully, there are many teams out there that do their best to identify the attacks and pinpoint the
attackers. These teams release blocklists. Blocklists of IPs (for use in firewalls), domains & URLs
(for use in proxies), etc.
What we are interested here is IPs.
Using IP blocklists at the internet side of your firewall is a key component of internet security. These
lists share key knowledge between us, allowing us to learn from each other and effectively isolate
fraudsters and attackers from our services.
I decided to upload these lists to a github repo because:
1. They are freely available on the internet. The intention of their creators is to help internet security.
Keep in mind though that a few of these lists may have special licences attached. Before using them, please check their source site for any information regarding proper use.
2. Github provides (via `git pull`) a unified way of updating all the lists together.
Pulling this repo regularly on your machines, you will update all the IP lists at once.
3. Github also provides a unified version control. Using it we can have a history of what each list has
done, which IPs or subnets were added and which were removed.
## DNSBLs
Check also another tool included in FireHOL v3+, called `dnsbl-ipset.sh`.
This tool is capable of creating an ipset based on your traffic by looking up information on DNSBLs and
scoring it according to your preferences.
More information [here](https://github.com/firehol/firehol/wiki/dnsbl-ipset.sh).
---
# Using these ipsets
Please be very careful what you choose to use and how you use it. If you blacklist traffic using these
lists you may end up blocking your users, your customers, even yourself (!) from accessing your services.
1. Go to to the site of each list and read how each list is maintained. You are going to trust these guys for doing their job right.
2. Most sites have either a donation system or commercial lists of higher quality. Try to support them.
3. I have included the TOR network in these lists (`bm_tor`, `dm_tor`, `et_tor`). The TOR network is not necessarily bad and you should not block it if you want to allow your users be anonymous. I have included it because for certain cases, allowing an anonymity network might be a risky thing (such as eCommerce).
4. Apply any blacklist at the internet side of your firewall. Be very careful. The `bogons` and `fullbogons` lists contain private, unrouteable IPs that should not be routed on the internet. If you apply such a blocklist on your DMZ or LAN side, you will be blocked out of your firewall.
5. Always have a whitelist too, containing the IP addresses or subnets you trust. Try to build the rules in such a way that if an IP is in the whitelist, it should not be blocked by these blocklists.
## Which ones to use
### Level 1 - Basic
These are the ones I trust. **Level 1** provides basic security against the most well-known attackers, with the minimum of false positives.
1. **Abuse.ch** lists `feodo`, `palevo`, `sslbl`, `zeus`, `zeus_badips`
These folks are doing a great job tracking crime ware. Their blocklists are very focused.
Keep in mind `zeus` may include some false positives. You can use `zeus_badips` instead.
2. **DShield.org** list `dshield`
It contains the top 20 attacking class C (/24) subnets, over the last three days.
3. **Spamhaus.org** lists `spamhaus_drop`, `spamhaus_edrop`
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
According to Spamhaus.org:
> When implemented at a network or ISP's 'core routers', DROP and EDROP will help protect the network's users from spamming, scanning, harvesting, DNS-hijacking and DDoS attacks originating on rogue netblocks.
>
> Spamhaus strongly encourages the use of DROP and EDROP by tier-1s and backbones.
Spamhaus is very responsive to adapt these lists when a network owner updates them that the issue has been solved (I had one such incident with one of my users).
4. **Team-Cymru.org** list `bogons` or `fullbogons`
These are lists of IPs that should not be routed on the internet. No one should be using them.
Be very careful to apply either of the two on the internet side of your network.
### Level 2 - Essentials
**Level 2** provide protection against current brute force attacks. This level may have a small percentage of false positives, mainly due to dynamic IPs being re-used by other users.
1. **OpenBL.org** lists `openbl*`
The team of OpenBL tracks brute force attacks on their hosts. They have a very short list for hosts, under their own control, collecting this information, to eliminate false positives.
They suggest to use the default blacklist which has a retention policy of 90 days (`openbl`), but they also provide lists with different retention policies (from 1 day to 1 year).
Their goal is to report abuse to the responsible provider so that the infection is disabled.
2. **Blocklist.de** lists `blocklist_de*`
Is a network of users reporting abuse mainly using `fail2ban`. They eliminate false positives using other lists available. Since they collect information from their users, their lists may be subject to poisoning, or false positives.
I asked them about poisoning. [Here](https://forum.blocklist.de/viewtopic.php?f=4&t=244&sid=847d00d26b0735add3518ff515242cad) you can find their answer. In short, they track it down so that they have an ignorable rate of false positives.
Also, they only include individual IPs (no subnets) which have attacked their users the last 48 hours and their list contains 20.000 to 40.000 IPs (which is small enough considering the size of the internet).
Like `openbl`, their goal is to report abuse back, so that the infection is disabled.
They also provide their blocklist per type of attack (mail, web, etc).
Of course, there are more lists included. You can check them and decide if they fit for your needs.
## Why are open proxy lists included
Of course, I haven't included them for you to use the open proxies. The port the proxy is listening, or the type of proxy, are not included (although most of them use the standard proxy ports and do serve web requests).
If you check the comparisons for the open proxy lists (`ri_connect_proxies`, `ri_web_proxies`, `xroxy`, `proxz`, `proxyrss`, etc)
you will find that they overlap to a great degree with other blocklists, like `blocklist_de`, `stopforumspam`, etc.
> This means the attackers also use open proxies to execute attacks.
So, if you are under attack, blocking the open proxies may help isolate a large part of the attack.
I don't suggest to permanently block IPs using the proxy lists. Their purpose of existence is questionable.
Their quality though may be acceptable, since lot of these sites advertise that they test open proxies before including them in their lists, so that there are no false positives, at least at the time they tested them.
---
## Using them in FireHOL
`update-ipsets.sh` itself does not alter your firewall. It can be used to update ipsets both on disk and in the kernel for any firewall solution you use.
The information below, shows you how to configure FireHOL to use the provides ipsets.
### Adding the ipsets in your firehol.conf
I use something like this:
```sh
# our wan interface
wan="dsl0"
# our whitelist
ipset4 create whitelist hash:net
ipset4 add whitelist A.B.C.D/E # A.B.C.D/E is whitelisted
# subnets - netsets
for x in fullbogons dshield spamhaus_drop spamhaus_edrop
do
ipset4 create ${x} hash:net
ipset4 addfile ${x} ipsets/${x}.netset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
# individual IPs - ipsets
for x in feodo palevo sslbl zeus openbl blocklist_de
do
ipset4 create ${x} hash:ip
ipset4 addfile ${x} ipsets/${x}.ipset
blacklist4 full inface "${wan}" log "BLACKLIST ${x^^}" ipset:${x} \
except src ipset:whitelist
done
... rest of firehol.conf ...
```
If you are concerned about iptables performance, change the `blacklist4` keyword `full` to `input`.
This will block only inbound NEW connections, i.e. only the first packet for every NEW inbound connection will be checked.
All other traffic passes through unchecked.
> Before adding these rules to your `firehol.conf` you should run `update-ipsets.sh` to enable them.
### Updating the ipsets while the firewall is running
Just use the `update-ipsets.sh` script from the firehol distribution.
This script will update each ipset and call firehol to update the ipset while the firewall is running.
> You can add `update-ipsets.sh` to cron, to run every 10 mins. `update-ipsets.sh` is smart enough to download
> a list only when it needs to.
---
# List of ipsets included
The following list was automatically generated on Sun Oct 15 10:29:05 UTC 2017.
The update frequency is the maximum allowed by internal configuration. A list will never be downloaded sooner than the update frequency stated. A list may also not be downloaded, after this frequency expired, if it has not been modified on the server (as reported by HTTP `IF_MODIFIED_SINCE` method).
name|info|type|entries|update|
:--:|:--:|:--:|:-----:|:----:|
[alienvault_reputation](http://iplists.firehol.org/?ipset=alienvault_reputation)|[AlienVault.com](https://www.alienvault.com/) IP reputation database|ipv4 hash:ip|66438 unique IPs|updated every 6 hours from [this link](https://reputation.alienvault.com/reputation.generic)
[asprox_c2](http://iplists.firehol.org/?ipset=asprox_c2)|[h3x.eu](http://atrack.h3x.eu/) ASPROX Tracker - Asprox C&C Sites|ipv4 hash:ip|0 unique IPs|updated every 1 day from [this link](http://atrack.h3x.eu/c2)
[bambenek_banjori](http://iplists.firehol.org/?ipset=bambenek_banjori)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of banjori C&Cs with 90 minute lookback|ipv4 hash:ip|87 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/banjori-iplist.txt)
[bambenek_bebloh](http://iplists.firehol.org/?ipset=bambenek_bebloh)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of bebloh C&Cs with 90 minute lookback|ipv4 hash:ip|1 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/bebloh-iplist.txt)
[bambenek_c2](http://iplists.firehol.org/?ipset=bambenek_c2)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) master feed of known, active and non-sinkholed C&Cs IP addresses|ipv4 hash:ip|373 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt)
[bambenek_cl](http://iplists.firehol.org/?ipset=bambenek_cl)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of cl C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/cl-iplist.txt)
[bambenek_cryptowall](http://iplists.firehol.org/?ipset=bambenek_cryptowall)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of cryptowall C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/cryptowall-iplist.txt)
[bambenek_dircrypt](http://iplists.firehol.org/?ipset=bambenek_dircrypt)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of dircrypt C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/dircrypt-iplist.txt)
[bambenek_dyre](http://iplists.firehol.org/?ipset=bambenek_dyre)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of dyre C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/dyre-iplist.txt)
[bambenek_geodo](http://iplists.firehol.org/?ipset=bambenek_geodo)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of geodo C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/geodo-iplist.txt)
[bambenek_hesperbot](http://iplists.firehol.org/?ipset=bambenek_hesperbot)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of hesperbot C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/hesperbot-iplist.txt)
[bambenek_matsnu](http://iplists.firehol.org/?ipset=bambenek_matsnu)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of matsnu C&Cs with 90 minute lookback|ipv4 hash:ip|2 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/matsnu-iplist.txt)
[bambenek_necurs](http://iplists.firehol.org/?ipset=bambenek_necurs)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of necurs C&Cs with 90 minute lookback|ipv4 hash:ip|12 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/necurs-iplist.txt)
[bambenek_p2pgoz](http://iplists.firehol.org/?ipset=bambenek_p2pgoz)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of p2pgoz C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/p2pgoz-iplist.txt)
[bambenek_pushdo](http://iplists.firehol.org/?ipset=bambenek_pushdo)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of pushdo C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/pushdo-iplist.txt)
[bambenek_pykspa](http://iplists.firehol.org/?ipset=bambenek_pykspa)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of pykspa C&Cs with 90 minute lookback|ipv4 hash:ip|5 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/pykspa-iplist.txt)
[bambenek_qakbot](http://iplists.firehol.org/?ipset=bambenek_qakbot)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of qakbot C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/qakbot-iplist.txt)
[bambenek_ramnit](http://iplists.firehol.org/?ipset=bambenek_ramnit)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ramnit C&Cs with 90 minute lookback|ipv4 hash:ip|39 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ramnit-iplist.txt)
[bambenek_ranbyus](http://iplists.firehol.org/?ipset=bambenek_ranbyus)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of ranbyus C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/ranbyus-iplist.txt)
[bambenek_simda](http://iplists.firehol.org/?ipset=bambenek_simda)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of simda C&Cs with 90 minute lookback|ipv4 hash:ip|126 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/simda-iplist.txt)
[bambenek_suppobox](http://iplists.firehol.org/?ipset=bambenek_suppobox)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of suppobox C&Cs with 90 minute lookback|ipv4 hash:ip|68 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/suppobox-iplist.txt)
[bambenek_symmi](http://iplists.firehol.org/?ipset=bambenek_symmi)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of symmi C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/symmi-iplist.txt)
[bambenek_tinba](http://iplists.firehol.org/?ipset=bambenek_tinba)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of tinba C&Cs with 90 minute lookback|ipv4 hash:ip|3 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/tinba-iplist.txt)
[bambenek_volatile](http://iplists.firehol.org/?ipset=bambenek_volatile)|[Bambenek Consulting](http://osint.bambenekconsulting.com/feeds/) feed of current IPs of volatile C&Cs with 90 minute lookback|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](http://osint.bambenekconsulting.com/feeds/volatile-iplist.txt)
[bbcan177_ms1](http://iplists.firehol.org/?ipset=bbcan177_ms1)|pfBlockerNG Malicious Threats|ipv4 hash:net|2565 subnets, 5268567 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw)
[bbcan177_ms3](http://iplists.firehol.org/?ipset=bbcan177_ms3)|pfBlockerNG Malicious Threats|ipv4 hash:net|1146 subnets, 30151694 unique IPs|updated every 1 day from [this link](https://gist.githubusercontent.com/BBcan177/d7105c242f17f4498f81/raw)
[bds_atif](http://iplists.firehol.org/?ipset=bds_atif)|Artillery Threat Intelligence Feed and Banlist Feed|ipv4 hash:ip|4233 unique IPs|updated every 1 day from [this link](https://www.binarydefense.com/banlist.txt)
[bi_any_2_1d](http://iplists.firehol.org/?ipset=bi_any_2_1d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 1d|ipv4 hash:ip|321 unique IPs|updated every 30 mins from [this link](https://www.badips.com/get/list/any/2?age=1d)
[bi_any_2_30d](http://iplists.firehol.org/?ipset=bi_any_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 30d|ipv4 hash:ip|5916 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/any/2?age=30d)
[bi_any_2_7d](http://iplists.firehol.org/?ipset=bi_any_2_7d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category any with score above 2 and age less than 7d|ipv4 hash:ip|2036 unique IPs|updated every 6 hours from [this link](https://www.badips.com/get/list/any/2?age=7d)
[bi_bruteforce_2_30d](http://iplists.firehol.org/?ipset=bi_bruteforce_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category bruteforce with score above 2 and age less than 30d|ipv4 hash:ip|1 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/bruteforce/2?age=30d)
[bi_ftp_2_30d](http://iplists.firehol.org/?ipset=bi_ftp_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category ftp with score above 2 and age less than 30d|ipv4 hash:ip|17 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/ftp/2?age=30d)
[bi_http_2_30d](http://iplists.firehol.org/?ipset=bi_http_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category http with score above 2 and age less than 30d|ipv4 hash:ip|98 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/http/2?age=30d)
[bi_mail_2_30d](http://iplists.firehol.org/?ipset=bi_mail_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category mail with score above 2 and age less than 30d|ipv4 hash:ip|1310 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/mail/2?age=30d)
[bi_proxy_2_30d](http://iplists.firehol.org/?ipset=bi_proxy_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category proxy with score above 2 and age less than 30d|ipv4 hash:ip|0 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/proxy/2?age=30d)
[bi_sql_2_30d](http://iplists.firehol.org/?ipset=bi_sql_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category sql with score above 2 and age less than 30d|ipv4 hash:ip|0 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/sql/2?age=30d)
[bi_ssh_2_30d](http://iplists.firehol.org/?ipset=bi_ssh_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category ssh with score above 2 and age less than 30d|ipv4 hash:ip|4520 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/ssh/2?age=30d)
[bi_voip_2_30d](http://iplists.firehol.org/?ipset=bi_voip_2_30d)|[BadIPs.com](https://www.badips.com/) Bad IPs in category voip with score above 2 and age less than 30d|ipv4 hash:ip|6 unique IPs|updated every 1 day from [this link](https://www.badips.com/get/list/voip/2?age=30d)
[bitcoin_blockchain_info](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|646 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_1d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_1d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|988 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_30d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_30d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|8196 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_blockchain_info_7d](http://iplists.firehol.org/?ipset=bitcoin_blockchain_info_7d)|[Blockchain.info](https://blockchain.info/en/connected-nodes) Bitcoin nodes connected to Blockchain.info.|ipv4 hash:ip|2636 unique IPs|updated every 10 mins from [this link](https://blockchain.info/en/connected-nodes)
[bitcoin_nodes](http://iplists.firehol.org/?ipset=bitcoin_nodes)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|7768 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_1d](http://iplists.firehol.org/?ipset=bitcoin_nodes_1d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|9258 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_30d](http://iplists.firehol.org/?ipset=bitcoin_nodes_30d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|27326 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[bitcoin_nodes_7d](http://iplists.firehol.org/?ipset=bitcoin_nodes_7d)|[BitNodes](https://getaddr.bitnodes.io/) Bitcoin connected nodes, globally.|ipv4 hash:ip|14146 unique IPs|updated every 10 mins from [this link](https://getaddr.bitnodes.io/api/v1/snapshots/latest/)
[blocklist_de](http://iplists.firehol.org/?ipset=blocklist_de)|[Blocklist.de](https://www.blocklist.de/) IPs that have been detected by fail2ban in the last 48 hours|ipv4 hash:ip|26485 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/all.txt)
[blocklist_de_apache](http://iplists.firehol.org/?ipset=blocklist_de_apache)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.|ipv4 hash:ip|9845 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/apache.txt)
[blocklist_de_bots](http://iplists.firehol.org/?ipset=blocklist_de_bots)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = it has posted a Spam-Comment on a open Forum or Wiki).|ipv4 hash:ip|131 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/bots.txt)
[blocklist_de_bruteforce](http://iplists.firehol.org/?ipset=blocklist_de_bruteforce)|[Blocklist.de](https://www.blocklist.de/) All IPs which attacks Joomla, Wordpress and other Web-Logins with Brute-Force Logins.|ipv4 hash:ip|1404 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/bruteforcelogin.txt)
[blocklist_de_ftp](http://iplists.firehol.org/?ipset=blocklist_de_ftp)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours for attacks on the Service FTP.|ipv4 hash:ip|416 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/ftp.txt)
[blocklist_de_imap](http://iplists.firehol.org/?ipset=blocklist_de_imap)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours for attacks on the Service imap, sasl, pop3, etc.|ipv4 hash:ip|1984 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/imap.txt)
[blocklist_de_mail](http://iplists.firehol.org/?ipset=blocklist_de_mail)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix.|ipv4 hash:ip|14160 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/mail.txt)
[blocklist_de_sip](http://iplists.firehol.org/?ipset=blocklist_de_sip)|[Blocklist.de](https://www.blocklist.de/) All IP addresses that tried to login in a SIP, VOIP or Asterisk Server and are included in the IPs list from infiltrated.net|ipv4 hash:ip|156 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/sip.txt)
[blocklist_de_ssh](http://iplists.firehol.org/?ipset=blocklist_de_ssh)|[Blocklist.de](https://www.blocklist.de/) All IP addresses which have been reported within the last 48 hours as having run attacks on the service SSH.|ipv4 hash:ip|10057 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/ssh.txt)
[blocklist_de_strongips](http://iplists.firehol.org/?ipset=blocklist_de_strongips)|[Blocklist.de](https://www.blocklist.de/) All IPs which are older then 2 month and have more then 5.000 attacks.|ipv4 hash:ip|123 unique IPs|updated every 15 mins from [this link](http://lists.blocklist.de/lists/strongips.txt)
[blocklist_net_ua](http://iplists.firehol.org/?ipset=blocklist_net_ua)|[blocklist.net.ua](https://blocklist.net.ua) The BlockList project was created to become protection against negative influence of the harmful and potentially dangerous events on the Internet. First of all this service will help internet and hosting providers to protect subscribers sites from being hacked. BlockList will help to stop receiving a large amount of spam from dubious SMTP relays or from attempts of brute force passwords to servers and network equipment.|ipv4 hash:ip|9189 unique IPs|updated every 10 mins from [this link](https://blocklist.net.ua/blocklist.csv)
[blueliv_crimeserver_last](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|11511 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_1d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_1d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|13244 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_2d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_2d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|14883 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_30d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_30d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|21438 unique IPs|updated every 6 hours
[blueliv_crimeserver_last_7d](http://iplists.firehol.org/?ipset=blueliv_crimeserver_last_7d)|[blueliv.com](https://www.blueliv.com/) Last 6 hours Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|18991 unique IPs|updated every 6 hours
[blueliv_crimeserver_online](http://iplists.firehol.org/?ipset=blueliv_crimeserver_online)|[blueliv.com](https://www.blueliv.com/) Online Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|60194 unique IPs|updated every 1 day
[blueliv_crimeserver_recent](http://iplists.firehol.org/?ipset=blueliv_crimeserver_recent)|[blueliv.com](https://www.blueliv.com/) Recent Cybercrime IPs, in all categories: BACKDOOR, C_AND_C, EXPLOIT_KIT, MALWARE and PHISHING (to download the source data you need an API key from blueliv.com)|ipv4 hash:ip|12743 unique IPs|updated every 1 day
[bm_tor](http://iplists.firehol.org/?ipset=bm_tor)|[torstatus.blutmagie.de](https://torstatus.blutmagie.de) list of all TOR network servers|ipv4 hash:ip|6421 unique IPs|updated every 30 mins from [this link](https://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv)
[bogons](http://iplists.firehol.org/?ipset=bogons)|[Team-Cymru.org](http://www.team-cymru.org) private and reserved addresses defined by RFC 1918, RFC 5735, and RFC 6598 and netblocks that have not been allocated to a regional internet registry|ipv4 hash:net|13 subnets, 592708608 unique IPs|updated every 1 day from [this link](http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt)
[botscout](http://iplists.firehol.org/?ipset=botscout)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|24 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_1d](http://iplists.firehol.org/?ipset=botscout_1d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|1296 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_30d](http://iplists.firehol.org/?ipset=botscout_30d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|14456 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botscout_7d](http://iplists.firehol.org/?ipset=botscout_7d)|[BotScout](http://botscout.com/) helps prevent automated web scripts, known as bots, from registering on forums, polluting databases, spreading spam, and abusing forms on web sites. They do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference. They also provide a simple yet powerful API that you can use to test forms when they're submitted on your site. This list is composed of the most recently-caught bots.|ipv4 hash:ip|4926 unique IPs|updated every 30 mins from [this link](http://botscout.com/last_caught_cache.htm)
[botvrij_dst](http://iplists.firehol.org/?ipset=botvrij_dst)|[botvrij.eu](http://www.botvrij.eu/) Indicators of Compromise (IOCS) about malicious destination IPs, gathered via open source information feeds (blog pages and PDF documents) and then consolidated into different datasets. To ensure the quality of the data all entries older than approx. 6 months are removed.|ipv4 hash:ip|130 unique IPs|updated every 1 day from [this link](http://www.botvrij.eu/data/ioclist.ip-dst.raw)
[botvrij_src](http://iplists.firehol.org/?ipset=botvrij_src)|[botvrij.eu](http://www.botvrij.eu/) Indicators of Compromise (IOCS) about malicious source IPs, gathered via open source information feeds (blog pages and PDF documents) and then consolidated into different datasets. To ensure the quality of the data all entries older than approx. 6 months are removed.|ipv4 hash:ip|5 unique IPs|updated every 1 day from [this link](http://www.botvrij.eu/data/ioclist.ip-src.raw)
[bruteforceblocker](http://iplists.firehol.org/?ipset=bruteforceblocker)|[danger.rulez.sk bruteforceblocker](http://danger.rulez.sk/index.php/bruteforceblocker/) (fail2ban alternative for SSH on OpenBSD). This is an automatically generated list from users reporting failed authentication attempts. An IP seems to be included if 3 or more users report it. Its retention pocily seems 30 days.|ipv4 hash:ip|1621 unique IPs|updated every 3 hours from [this link](http://danger.rulez.sk/projects/bruteforceblocker/blist.php)
[chaosreigns_iprep0](http://iplists.firehol.org/?ipset=chaosreigns_iprep0)|[ChaosReigns.com](http://www.chaosreigns.com/iprep) The iprep0 list includes all IPs that sent only spam emails. This is an automated, free, public email IP reputation system. The primary goal is a whitelist. Other data is provided as a consequence.|ipv4 hash:ip|5323 unique IPs|updated every 1 day from [this link](http://www.chaosreigns.com/iprep/iprep.txt)
[chaosreigns_iprep100](http://iplists.firehol.org/?ipset=chaosreigns_iprep100)|[ChaosReigns.com](http://www.chaosreigns.com/iprep) The iprep100 list includes all IPs that sent 100% ham emails. This is an automated, free, public email IP reputation system. The primary goal is a whitelist. Other data is provided as a consequence.|ipv4 hash:ip|5323 unique IPs|updated every 1 day from [this link](http://www.chaosreigns.com/iprep/iprep.txt)
[chaosreigns_iprep50](http://iplists.firehol.org/?ipset=chaosreigns_iprep50)|[ChaosReigns.com](http://www.chaosreigns.com/iprep) The iprep50 list includes all IPs that sent both ham and spam emails. This is an automated, free, public email IP reputation system. The primary goal is a whitelist. Other data is provided as a consequence.|ipv4 hash:ip|5323 unique IPs|updated every 1 day from [this link](http://www.chaosreigns.com/iprep/iprep.txt)
[ciarmy](http://iplists.firehol.org/?ipset=ciarmy)|[CIArmy.com](http://ciarmy.com/) IPs with poor Rogue Packet score that have not yet been identified as malicious by the community|ipv4 hash:ip|15000 unique IPs|updated every 3 hours from [this link](http://cinsscore.com/list/ci-badguys.txt)
[cidr_report_bogons](http://iplists.firehol.org/?ipset=cidr_report_bogons)|Unallocated (Free) Address Space, generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data.|ipv4 hash:net|4088 subnets, 600851400 unique IPs|updated every 1 day from [this link](http://www.cidr-report.org/bogons/freespace-prefix.txt)
[cleanmx_phishing](http://iplists.firehol.org/?ipset=cleanmx_phishing)|[Clean-MX.de](http://support.clean-mx.de/) IPs sending phishing messages|ipv4 hash:ip|4519 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlphishing?response=alive&format=csv&domain=)
[cleanmx_viruses](http://iplists.firehol.org/?ipset=cleanmx_viruses)|[Clean-MX.de](http://support.clean-mx.de/clean-mx/viruses.php) IPs with viruses|ipv4 hash:ip|12190 unique IPs|updated every 30 mins from [this link](http://support.clean-mx.de/clean-mx/xmlviruses.php?response=alive&fields=ip)
[cleantalk](http://iplists.firehol.org/?ipset=cleantalk)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new cleantalk_updated)|ipv4 hash:ip|2602 unique IPs|updated every 1 min
[cleantalk_1d](http://iplists.firehol.org/?ipset=cleantalk_1d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_1d cleantalk_updated_1d)|ipv4 hash:ip|28301 unique IPs|updated every 1 min
[cleantalk_30d](http://iplists.firehol.org/?ipset=cleantalk_30d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_30d cleantalk_updated_30d)|ipv4 hash:ip|129216 unique IPs|updated every 1 min
[cleantalk_7d](http://iplists.firehol.org/?ipset=cleantalk_7d)|[CleanTalk](https://cleantalk.org/) Today's HTTP Spammers (includes: cleantalk_new_7d cleantalk_updated_7d)|ipv4 hash:ip|63477 unique IPs|updated every 1 min
[cleantalk_new](http://iplists.firehol.org/?ipset=cleantalk_new)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|663 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_1d](http://iplists.firehol.org/?ipset=cleantalk_new_1d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|1666 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_30d](http://iplists.firehol.org/?ipset=cleantalk_new_30d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|26851 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_new_7d](http://iplists.firehol.org/?ipset=cleantalk_new_7d)|[CleanTalk](https://cleantalk.org/) Recent HTTP Spammers|ipv4 hash:ip|7488 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/submited_today)
[cleantalk_top20](http://iplists.firehol.org/?ipset=cleantalk_top20)|[CleanTalk](https://cleantalk.org/) Top 20 HTTP Spammers|ipv4 hash:ip|20 unique IPs|updated every 1 day from [this link](https://cleantalk.org/blacklists/top20)
[cleantalk_updated](http://iplists.firehol.org/?ipset=cleantalk_updated)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|2000 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_1d](http://iplists.firehol.org/?ipset=cleantalk_updated_1d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|33451 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_30d](http://iplists.firehol.org/?ipset=cleantalk_updated_30d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|173190 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cleantalk_updated_7d](http://iplists.firehol.org/?ipset=cleantalk_updated_7d)|[CleanTalk](https://cleantalk.org/) Recurring HTTP Spammers|ipv4 hash:ip|83467 unique IPs|updated every 15 mins from [this link](https://cleantalk.org/blacklists/updated_today)
[cruzit_web_attacks](http://iplists.firehol.org/?ipset=cruzit_web_attacks)|[CruzIt.com](http://www.cruzit.com/wbl.php) IPs of compromised machines scanning for vulnerabilities and DDOS attacks|ipv4 hash:ip|7560 unique IPs|updated every 12 hours from [this link](http://www.cruzit.com/xwbl2txt.php)
[cta_cryptowall](http://iplists.firehol.org/?ipset=cta_cryptowall)|[Cyber Threat Alliance](http://www.cyberthreatalliance.org/cryptowall-dashboard.html) CryptoWall is one of the most lucrative and broad-reaching ransomware campaigns affecting Internet users today. Sharing intelligence and analysis resources, the CTA profiled the latest version of CryptoWall, which impacted hundreds of thousands of users, resulting in over US $325 million in damages worldwide.|ipv4 hash:ip|1360 unique IPs|updated every 1 day from [this link](https://public.tableau.com/views/CTAOnlineViz/DashboardData.csv?:embed=y&:showVizHome=no&:showTabs=y&:display_count=y&:display_static_image=y&:bootstrapWhenNotified=true)
[cta_cryptowall](http://iplists.firehol.org/?ipset=cta_cryptowall)|[Cyber Threat Alliance](http://www.cyberthreatalliance.org/cryptowall-dashboard.html) CryptoWall is one of the most lucrative and broad-reaching ransomware campaigns affecting Internet users today. Sharing intelligence and analysis resources, the CTA profiled the latest version of CryptoWall, which impacted hundreds of thousands of users, resulting in over US $325 million in damages worldwide.|ipv4 hash:ip|1229 unique IPs|updated every 1 day from [this link](https://public.tableau.com/views/CTAOnlineViz/DashboardData.csv?:embed=y&:showVizHome=no&:showTabs=y&:display_count=y&:display_static_image=y&:bootstrapWhenNotified=true)
[cybercrime](http://iplists.firehol.org/?ipset=cybercrime)|[CyberCrime](http://cybercrime-tracker.net/) A project tracking Command and Control.|ipv4 hash:ip|30556 unique IPs|updated every 12 hours from [this link](http://cybercrime-tracker.net/fuckerz.php)
[darklist_de](http://iplists.firehol.org/?ipset=darklist_de)|[darklist.de](http://www.darklist.de/) ssh fail2ban reporting|ipv4 hash:net|810 subnets, 6682 unique IPs|updated every 1 day from [this link](http://www.darklist.de/raw.php)
[dataplane_dnsrd](http://iplists.firehol.org/?ipset=dataplane_dnsrd)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending recursive DNS queries to a remote host. This report lists addresses that may be cataloging open DNS resolvers or evaluating cache entries.|ipv4 hash:ip|428 unique IPs|updated every 1 hour
[dataplane_dnsrdany](http://iplists.firehol.org/?ipset=dataplane_dnsrdany)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending recursive DNS IN ANY queries to a remote host. This report lists addresses that may be cataloging open DNS resolvers for the purpose of later using them to facilitate DNS amplification and reflection attacks.|ipv4 hash:ip|22 unique IPs|updated every 1 hour
[dataplane_dnsversion](http://iplists.firehol.org/?ipset=dataplane_dnsversion)|[DataPlane.org](https://dataplane.org/) IP addresses that have been identified as sending DNS CH TXT VERSION.BIND queries to a remote host. This report lists addresses that may be cataloging DNS software.|ipv4 hash:ip|324 unique IPs|updated every 1 hour
[dataplane_sipinvitation](http://iplists.firehol.org/?ipset=dataplane_sipinvitation)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a SIP INVITE operation to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP client cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|24 unique IPs|updated every 1 hour
[dataplane_sipquery](http://iplists.firehol.org/?ipset=dataplane_sipquery)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen initiating a SIP OPTIONS query to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP server cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|467 unique IPs|updated every 1 hour
[dataplane_sipregistration](http://iplists.firehol.org/?ipset=dataplane_sipregistration)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a SIP REGISTER operation to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SIP client cataloging or conducting various forms of telephony abuse.|ipv4 hash:ip|14 unique IPs|updated every 1 hour
[dataplane_sshclient](http://iplists.firehol.org/?ipset=dataplane_sshclient)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen initiating an SSH connection to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be SSH server cataloging or conducting authentication attack attempts.|ipv4 hash:ip|13416 unique IPs|updated every 1 hour
[dataplane_sshpwauth](http://iplists.firehol.org/?ipset=dataplane_sshpwauth)|[DataPlane.org](https://dataplane.org/) IP addresses that has been seen attempting to remotely login to a host using SSH password authentication. This report lists hosts that are highly suspicious and are likely conducting malicious SSH password authentication attacks.|ipv4 hash:ip|11299 unique IPs|updated every 1 hour
[dataplane_vncrfb](http://iplists.firehol.org/?ipset=dataplane_vncrfb)|[DataPlane.org](https://dataplane.org/) IP addresses that have been seen initiating a VNC remote frame buffer (RFB) session to a remote host. This report lists hosts that are suspicious of more than just port scanning. These hosts may be VNC server cataloging or conducting various forms of remote access abuse.|ipv4 hash:ip|422 unique IPs|updated every 1 hour
[dm_tor](http://iplists.firehol.org/?ipset=dm_tor)|[dan.me.uk](https://www.dan.me.uk) dynamic list of TOR nodes|ipv4 hash:ip|6419 unique IPs|updated every 30 mins from [this link](https://www.dan.me.uk/torlist/)
[dragon_http](http://iplists.firehol.org/?ipset=dragon_http)|[Dragon Research Group](http://www.dragonresearchgroup.org/) IPs that have been seen sending HTTP requests to Dragon Research Pods in the last 7 days. This report lists hosts that are highly suspicious and are likely conducting malicious HTTP attacks. LEGITIMATE SEARCH ENGINE BOTS MAY BE IN THIS LIST. This report is informational. It is not a blacklist, but some operators may choose to use it to help protect their networks and hosts in the forms of automated reporting and mitigation services.|ipv4 hash:net|219 subnets, 59136 unique IPs|updated every 1 hour from [this link](http://www.dragonresearchgroup.org/insight/http-report.txt)
[dragon_sshpauth](http://iplists.firehol.org/?ipset=dragon_sshpauth)|[Dragon Research Group](http://www.dragonresearchgroup.org/) IP address that has been seen attempting to remotely login to a host using SSH password authentication, in the last 7 days. This report lists hosts that are highly suspicious and are likely conducting malicious SSH password authentication attacks.|ipv4 hash:net|324 subnets, 333 unique IPs|updated every 1 hour from [this link](https://www.dragonresearchgroup.org/insight/sshpwauth.txt)
[dragon_vncprobe](http://iplists.firehol.org/?ipset=dragon_vncprobe)|[Dragon Research Group](http://www.dragonresearchgroup.org/) IP address that has been seen attempting to remotely connect to a host running the VNC application service, in the last 7 days. This report lists hosts that are highly suspicious and are likely conducting malicious VNC probes or VNC brute force attacks.|ipv4 hash:net|60 subnets, 60 unique IPs|updated every 1 hour from [this link](https://www.dragonresearchgroup.org/insight/vncprobe.txt)
[dronebl_anonymizers](http://iplists.firehol.org/?ipset=dronebl_anonymizers)|[DroneBL.org](https://dronebl.org) List of open proxies. It includes IPs which DroneBL categorizes as SOCKS proxies (8), HTTP proxies (9), web page proxies (11), WinGate proxies (14), proxy chains (10).|ipv4 hash:net|626209 subnets, 652681 unique IPs|updated every 1 min
[dronebl_auto_botnets](http://iplists.firehol.org/?ipset=dronebl_auto_botnets)|[DroneBL.org](https://dronebl.org) IPs of automatically detected botnets. It includes IPs for which DroneBL responds with 17.|ipv4 hash:net|302509 subnets, 312061 unique IPs|updated every 1 min
[dronebl_autorooting_worms](http://iplists.firehol.org/?ipset=dronebl_autorooting_worms)|[DroneBL.org](https://dronebl.org) IPs of autorooting worms. It includes IPs for which DroneBL responds with 16. These are usually SSH bruteforce attacks.|ipv4 hash:net|969 subnets, 1044 unique IPs|updated every 1 min
[dronebl_compromised](http://iplists.firehol.org/?ipset=dronebl_compromised)|[DroneBL.org](https://dronebl.org) IPs of compromised routers / gateways. It includes IPs for which DroneBL responds with 15 (BOPM detected).|ipv4 hash:net|2814 subnets, 2891 unique IPs|updated every 1 min
[dronebl_ddos_drones](http://iplists.firehol.org/?ipset=dronebl_ddos_drones)|[DroneBL.org](https://dronebl.org) IPs of DDoS drones. It includes IPs for which DroneBL responds with 7.|ipv4 hash:net|354569 subnets, 366906 unique IPs|updated every 1 min
[dronebl_dns_mx_on_irc](http://iplists.firehol.org/?ipset=dronebl_dns_mx_on_irc)|[DroneBL.org](https://dronebl.org) List of IPs of DNS / MX hostname detected on IRC. It includes IPs for which DroneBL responds with 18.|ipv4 hash:net|2903 subnets, 2960 unique IPs|updated every 1 min
[dronebl_irc_drones](http://iplists.firehol.org/?ipset=dronebl_irc_drones)|[DroneBL.org](https://dronebl.org) List of IRC spam drones (litmus/sdbot/fyle). It includes IPs for which DroneBL responds with 3.|ipv4 hash:net|61779 subnets, 62577 unique IPs|updated every 1 min
[dronebl_unknown](http://iplists.firehol.org/?ipset=dronebl_unknown)|[DroneBL.org](https://dronebl.org) List of IPs of uncategorized threats. It includes IPs for which DroneBL responds with 255.|ipv4 hash:net|34 subnets, 35 unique IPs|
[dronebl_worms_bots](http://iplists.firehol.org/?ipset=dronebl_worms_bots)|[DroneBL.org](https://dronebl.org) IPs of unknown worms or spambots. It includes IPs for which DroneBL responds with 6|ipv4 hash:net|57106 subnets, 133663 unique IPs|updated every 1 min
[dshield](http://iplists.firehol.org/?ipset=dshield)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|20 subnets, 5120 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_1d](http://iplists.firehol.org/?ipset=dshield_1d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|35 subnets, 8960 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_30d](http://iplists.firehol.org/?ipset=dshield_30d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|113 subnets, 30208 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_7d](http://iplists.firehol.org/?ipset=dshield_7d)|[DShield.org](https://dshield.org/) top 20 attacking class C (/24) subnets over the last three days|ipv4 hash:net|74 subnets, 19200 unique IPs|updated every 10 mins from [this link](http://feeds.dshield.org/block.txt)
[dshield_top_1000](http://iplists.firehol.org/?ipset=dshield_top_1000)|[DShield.org](https://dshield.org/) top 1000 attacking hosts in the last 30 days|ipv4 hash:ip|866 unique IPs|updated every 1 hour from [this link](https://isc.sans.edu/api/sources/attacks/1000/)
[dyndns_ponmocup](http://iplists.firehol.org/?ipset=dyndns_ponmocup)|[DynDNS.org](http://security-research.dyndns.org/pub/malware-feeds/) Ponmocup. The malware powering the botnet has been around since 2006 and its known under various names, including Ponmocup, Vundo, Virtumonde, Milicenso and Swisyn. It has been used for ad fraud, data theft and downloading additional threats to infected systems. Ponmocup is one of the largest currently active and, with nine consecutive years, also one of the longest running, but it is rarely noticed as the operators take care to keep it operating under the radar.|ipv4 hash:ip|165 unique IPs|updated every 1 day from [this link](http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv)
[esentire_14072015_com](http://iplists.firehol.org/?ipset=esentire_14072015_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|579 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/14072015.com_watch_ip.lst)
[esentire_14072015q_com](http://iplists.firehol.org/?ipset=esentire_14072015q_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|575 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/14072015q.com_watch_ip.lst)
[esentire_22072014a_com](http://iplists.firehol.org/?ipset=esentire_22072014a_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1290 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014a.com_watch_ip.lst)
[esentire_22072014b_com](http://iplists.firehol.org/?ipset=esentire_22072014b_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1288 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014b.com_watch_ip.lst)
[esentire_22072014c_com](http://iplists.firehol.org/?ipset=esentire_22072014c_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1289 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/22072014c.com_watch_ip.lst)
[esentire_atomictrivia_ru](http://iplists.firehol.org/?ipset=esentire_atomictrivia_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|7 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/atomictrivia.ru_watch_ip.lst)
[esentire_auth_update_ru](http://iplists.firehol.org/?ipset=esentire_auth_update_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|1306 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/auth-update.ru_watch_ip.lst)
esentire_burmundisoul_ru|Ursnif Variant CnC|ipv4 hash:ip|disabled|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/burmundisoul.ru_watch_ip.lst)
[esentire_crazyerror_su](http://iplists.firehol.org/?ipset=esentire_crazyerror_su)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|18613 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/crazyerror.su_watch_ip.lst)
[esentire_dagestanskiiviskis_ru](http://iplists.firehol.org/?ipset=esentire_dagestanskiiviskis_ru)|Ursnif Variant CnC|ipv4 hash:ip|517 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/dagestanskiiviskis.ru_watch_ip.lst)
[esentire_differentia_ru](http://iplists.firehol.org/?ipset=esentire_differentia_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|12 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/differentia.ru_watch_ip.lst)
[esentire_disorderstatus_ru](http://iplists.firehol.org/?ipset=esentire_disorderstatus_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|7 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/disorderstatus.ru_watch_ip.lst)
[esentire_dorttlokolrt_com](http://iplists.firehol.org/?ipset=esentire_dorttlokolrt_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|23664 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/dorttlokolrt.com_watch_ip.lst)
[esentire_downs1_ru](http://iplists.firehol.org/?ipset=esentire_downs1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|7231 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/downs1.ru_watch_ip.lst)
[esentire_ebankoalalusys_ru](http://iplists.firehol.org/?ipset=esentire_ebankoalalusys_ru)|Ursnif Variant CnC|ipv4 hash:ip|898 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/ebankoalalusys.ru_watch_ip.lst)
[esentire_emptyarray_ru](http://iplists.firehol.org/?ipset=esentire_emptyarray_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|20139 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/emptyarray.ru_watch_ip.lst)
[esentire_fioartd_com](http://iplists.firehol.org/?ipset=esentire_fioartd_com)|Andromeda/Gamarue Checkin|ipv4 hash:ip|601 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/fioartd.com_watch_ip.lst)
[esentire_getarohirodrons_com](http://iplists.firehol.org/?ipset=esentire_getarohirodrons_com)|Andromeda/Gamarue Checkin|ipv4 hash:ip|2156 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/getarohirodrons.com_watch_ip.lst)
[esentire_hasanhashsde_ru](http://iplists.firehol.org/?ipset=esentire_hasanhashsde_ru)|Ursnif Variant CnC|ipv4 hash:ip|1184 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/hasanhashsde.ru_watch_ip.lst)
[esentire_inleet_ru](http://iplists.firehol.org/?ipset=esentire_inleet_ru)|Ursnif Variant CnC|ipv4 hash:ip|4219 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/inleet.ru_watch_ip.lst)
[esentire_islamislamdi_ru](http://iplists.firehol.org/?ipset=esentire_islamislamdi_ru)|Ursnif Variant CnC|ipv4 hash:ip|673 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/islamislamdi.ru_watch_ip.lst)
[esentire_krnqlwlplttc_com](http://iplists.firehol.org/?ipset=esentire_krnqlwlplttc_com)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|2 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/krnqlwlplttc.com_watch_ip.lst)
[esentire_maddox1_ru](http://iplists.firehol.org/?ipset=esentire_maddox1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|11345 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/maddox1.ru_watch_ip.lst)
[esentire_manning1_ru](http://iplists.firehol.org/?ipset=esentire_manning1_ru)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|6824 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/manning1.ru_watch_ip.lst)
[esentire_misteryherson_ru](http://iplists.firehol.org/?ipset=esentire_misteryherson_ru)|Ursnif Variant CnC|ipv4 hash:ip|176 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/misteryherson.ru_watch_ip.lst)
[esentire_mysebstarion_ru](http://iplists.firehol.org/?ipset=esentire_mysebstarion_ru)|Ursnif Variant CnC|ipv4 hash:ip|1058 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/mysebstarion.ru_watch_ip.lst)
[esentire_smartfoodsglutenfree_kz](http://iplists.firehol.org/?ipset=esentire_smartfoodsglutenfree_kz)|Malicious Botnet Serving Various Malware Families|ipv4 hash:ip|2674 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/smartfoodsglutenfree.kz_watch_ip.lst)
[esentire_venerologvasan93_ru](http://iplists.firehol.org/?ipset=esentire_venerologvasan93_ru)|Ursnif Variant CnC|ipv4 hash:ip|1263 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/venerologvasan93.ru_watch_ip.lst)
[esentire_volaya_ru](http://iplists.firehol.org/?ipset=esentire_volaya_ru)|Win32/PSW.Papras.CK CnC|ipv4 hash:ip|5080 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/eSentire/malfeed/master/volaya.ru_watch_ip.lst)
[et_block](http://iplists.firehol.org/?ipset=et_block)|[EmergingThreats.net](http://www.emergingthreats.net/) default blacklist (at the time of writing includes spamhaus DROP, dshield and abuse.ch trackers, which are available separately too - prefer to use the direct ipsets instead of this, they seem to lag a bit in updates)|ipv4 hash:net|1972 subnets, 24544667 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt)
[et_botcc](http://iplists.firehol.org/?ipset=et_botcc)|[EmergingThreats.net Command and Control IPs](http://doc.emergingthreats.net/bin/view/Main/BotCC) These IPs are updates every 24 hours and should be considered VERY highly reliable indications that a host is communicating with a known and active Bot or Malware command and control server - (although they say this includes abuse.ch trackers, it does not - check its overlaps)|ipv4 hash:ip|715 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-CC.rules)
[et_compromised](http://iplists.firehol.org/?ipset=et_compromised)|[EmergingThreats.net compromised hosts](http://doc.emergingthreats.net/bin/view/Main/CompromisedHost)|ipv4 hash:ip|1479 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/blockrules/compromised-ips.txt)
[et_dshield](http://iplists.firehol.org/?ipset=et_dshield)|[EmergingThreats.net](http://www.emergingthreats.net/) dshield blocklist|ipv4 hash:net|19 subnets, 5120 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-DSHIELD.rules)
[et_spamhaus](http://iplists.firehol.org/?ipset=et_spamhaus)|[EmergingThreats.net](http://www.emergingthreats.net/) spamhaus blocklist|ipv4 hash:net|779 subnets, 24538624 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/fwrules/emerging-PIX-DROP.rules)
[et_tor](http://iplists.firehol.org/?ipset=et_tor)|[EmergingThreats.net TOR list](http://doc.emergingthreats.net/bin/view/Main/TorRules) of TOR network IPs|ipv4 hash:ip|6360 unique IPs|updated every 12 hours from [this link](http://rules.emergingthreats.net/blockrules/emerging-tor.rules)
[feodo](http://iplists.firehol.org/?ipset=feodo)|[Abuse.ch Feodo tracker](https://feodotracker.abuse.ch) trojan includes IPs which are being used by Feodo (also known as Cridex or Bugat) which commits ebanking fraud|ipv4 hash:ip|1069 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=ipblocklist)
[feodo_badips](http://iplists.firehol.org/?ipset=feodo_badips)|[Abuse.ch Feodo tracker BadIPs](https://feodotracker.abuse.ch) The Feodo Tracker Feodo BadIP Blocklist only contains IP addresses (IPv4) used as C&C communication channel by the Feodo Trojan version B. These IP addresses are usually servers rented by cybercriminals directly and used for the exclusive purpose of hosting a Feodo C&C server. Hence you should expect no legit traffic to those IP addresses. The site highly recommends you to block/drop any traffic towards any Feodo C&C using the Feodo BadIP Blocklist. Please consider that this blocklist only contains IP addresses used by version B of the Feodo Trojan. C&C communication channels used by version A, version C and version D are not covered by this blocklist.|ipv4 hash:ip|0 unique IPs|updated every 30 mins from [this link](https://feodotracker.abuse.ch/blocklist/?download=badips)
[firehol_abusers_1d](http://iplists.firehol.org/?ipset=firehol_abusers_1d)|An ipset made from blocklists that track abusers in the last 24 hours. (includes: botscout_1d cleantalk_new_1d cleantalk_updated_1d php_commenters_1d php_dictionary_1d php_harvesters_1d php_spammers_1d stopforumspam_1d)|ipv4 hash:net|33955 subnets, 36602 unique IPs|updated every 1 min
[firehol_abusers_30d](http://iplists.firehol.org/?ipset=firehol_abusers_30d)|An ipset made from blocklists that track abusers in the last 30 days. (includes: cleantalk_new_30d cleantalk_updated_30d php_commenters_30d php_dictionary_30d php_harvesters_30d php_spammers_30d stopforumspam sblam)|ipv4 hash:net|250174 subnets, 282648 unique IPs|updated every 1 min
[firehol_anonymous](http://iplists.firehol.org/?ipset=firehol_anonymous)|An ipset that includes all the anonymizing IPs of the world. (includes: anonymous bm_tor dm_tor firehol_proxies tor_exits)|ipv4 hash:net|34542 subnets, 41738 unique IPs|updated every 1 min
[firehol_level1](http://iplists.firehol.org/?ipset=firehol_level1)|A firewall blacklist composed from IP lists, providing maximum protection with minimum false positives. Suitable for basic protection on all internet facing servers, routers and firewalls. (includes: bambenek_c2 dshield feodo fullbogons spamhaus_drop spamhaus_edrop sslbl zeus_badips ransomware_rw)|ipv4 hash:net|6656 subnets, 650785854 unique IPs|updated every 1 min
[firehol_level2](http://iplists.firehol.org/?ipset=firehol_level2)|An ipset made from blocklists that track attacks, during about the last 48 hours. (includes: blocklist_de dshield_1d greensnow)|ipv4 hash:net|19965 subnets, 37332 unique IPs|updated every 1 min
[firehol_level3](http://iplists.firehol.org/?ipset=firehol_level3)|An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days. (includes: bruteforceblocker ciarmy dragon_http dragon_sshpauth dragon_vncprobe dshield_30d dshield_top_1000 malc0de maxmind_proxy_fraud myip shunlist snort_ipfilter sslbl_aggressive talosintel_ipfilter zeus vxvault)|ipv4 hash:net|29160 subnets, 117349 unique IPs|updated every 1 min
[firehol_level4](http://iplists.firehol.org/?ipset=firehol_level4)|An ipset made from blocklists that track attacks, but may include a large number of false positives. (includes: cleanmx_viruses blocklist_net_ua botscout_30d cruzit_web_attacks cybercrime haley_ssh iblocklist_hijacked iblocklist_spyware iblocklist_webexploit ipblacklistcloud_top iw_wormlist malwaredomainlist)|ipv4 hash:net|102090 subnets, 9425870 unique IPs|updated every 1 min
[firehol_proxies](http://iplists.firehol.org/?ipset=firehol_proxies)|An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days. (includes: iblocklist_proxies maxmind_proxy_fraud proxylists_30d proxyrss_30d proxz_30d proxyspy_30d ri_connect_proxies_30d ri_web_proxies_30d socks_proxy_30d sslproxies_30d xroxy_30d)|ipv4 hash:net|28470 subnets, 29702 unique IPs|updated every 1 min
[firehol_webclient](http://iplists.firehol.org/?ipset=firehol_webclient)|An IP blacklist made from blocklists that track IPs that a web client should never talk to. This list is to be used on top of firehol_level1. (includes: ransomware_online sslbl_aggressive cybercrime dyndns_ponmocup maxmind_proxy_fraud)|ipv4 hash:net|34375 subnets, 34510 unique IPs|updated every 1 min
[firehol_webserver](http://iplists.firehol.org/?ipset=firehol_webserver)|A web server IP blacklist made from blocklists that track IPs that should never be used by your web users. (This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history. This list is to be used on top of firehol_level1, firehol_level2, firehol_level3 and possibly firehol_proxies or firehol_anonymous). (includes: hphosts_emd hphosts_exp hphosts_fsa hphosts_hjk hphosts_psh hphosts_wrz maxmind_proxy_fraud myip pushing_inertia_blocklist stopforumspam_toxic)|ipv4 hash:net|66081 subnets, 34743941 unique IPs|updated every 1 min
[fullbogons](http://iplists.firehol.org/?ipset=fullbogons)|[Team-Cymru.org](http://www.team-cymru.org) IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-user|ipv4 hash:net|3868 subnets, 625507976 unique IPs|updated every 1 day
[geolite2_country](https://github.com/firehol/blocklist-ipsets/tree/master/geolite2_country)|[MaxMind GeoLite2](http://dev.maxmind.com/geoip/geoip2/geolite2/) databases are free IP geolocation databases comparable to, but less accurate than, MaxMinds GeoIP2 databases. They include IPs per country, IPs per continent, IPs used by anonymous services (VPNs, Proxies, etc) and Satellite Providers.|ipv4 hash:net|All the world|updated every 7 days from [this link](http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip)
[gofferje_sip](http://iplists.firehol.org/?ipset=gofferje_sip)|[Stefan Gofferje](http://stefan.gofferje.net/it-stuff/sipfraud/sip-attacker-blacklist) A personal blacklist of networks and IPs of SIP attackers. To end up here, the IP or network must have been the origin of considerable and repeated attacks on my PBX and additionally, the ISP didn't react to any complaint. Note from the author: I don't give any guarantees of accuracy, completeness or even usability! USE AT YOUR OWN RISK! Also note that I block complete countries, namely China, Korea and Palestine with blocklists from ipdeny.com, so some attackers will never even get the chance to get noticed by me to be put on this blacklist. I also don't accept any liabilities related to this blocklist. If you're an ISP and don't like your IPs being listed here, too bad! You should have done something about your customers' behavior and reacted to my complaints. This blocklist is nothing but an expression of my personal opinion and exercising my right of free speech.|ipv4 hash:net|2173 subnets, 1096082 unique IPs|updated every 6 hours from [this link](http://stefan.gofferje.net/sipblocklist.zone)
[gpf_comics](http://iplists.firehol.org/?ipset=gpf_comics)|The GPF DNS Block List is a list of IP addresses on the Internet that have attacked the [GPF Comics](http://www.gpf-comics.com/) family of Web sites. IPs on this block list have been banned from accessing all of our servers because they were caught in the act of spamming, attempting to exploit our scripts, scanning for vulnerabilities, or consuming resources to the detriment of our human visitors.|ipv4 hash:ip|2748 unique IPs|updated every 1 day from [this link](https://www.gpf-comics.com/dnsbl/export.php)
[graphiclineweb](http://iplists.firehol.org/?ipset=graphiclineweb)|[GraphiclineWeb](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/) The IPs, Hosts and Domains listed in this table are banned universally from accessing websites controlled by the maintainer. Some form of bad activity has been seen from the addresses listed. Bad activity includes: unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organisations spying on websites for commercial reasons.|ipv4 hash:net|2579 subnets, 330527 unique IPs|updated every 1 day from [this link](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/)
[graphiclineweb](http://iplists.firehol.org/?ipset=graphiclineweb)|[GraphiclineWeb](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/) The IPs, Hosts and Domains listed in this table are banned universally from accessing websites controlled by the maintainer. Some form of bad activity has been seen from the addresses listed. Bad activity includes: unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organisations spying on websites for commercial reasons.|ipv4 hash:net|2579 subnets, 330527 unique IPs|updated every 1 day from [this link](https://graphiclineweb.wordpress.com/tech-notes/ip-blacklist/)
[greensnow](http://iplists.firehol.org/?ipset=greensnow)|[GreenSnow](https://greensnow.co/) is a team harvesting a large number of IPs from different computers located around the world. GreenSnow is comparable with SpamHaus.org for attacks of any kind except for spam. Their list is updated automatically and you can withdraw at any time your IP address if it has been listed. Attacks / bruteforce that are monitored are: Scan Port, FTP, POP3, mod_security, IMAP, SMTP, SSH, cPanel, etc.|ipv4 hash:ip|3351 unique IPs|updated every 30 mins from [this link](http://blocklist.greensnow.co/greensnow.txt)
[haley_ssh](http://iplists.firehol.org/?ipset=haley_ssh)|[Charles Haley](http://charles.the-haleys.org) IPs launching SSH dictionary attacks.|ipv4 hash:ip|24942 unique IPs|updated every 4 hours from [this link](http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt)
[hphosts_ats](http://iplists.firehol.org/?ipset=hphosts_ats)|[hpHosts](http://hosts-file.net/?s=Download) ad/tracking servers listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|14783 unique IPs|updated every 1 day from [this link](http://hosts-file.net/ad_servers.txt)
[hphosts_emd](http://iplists.firehol.org/?ipset=hphosts_emd)|[hpHosts](http://hosts-file.net/?s=Download) malware sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|27700 unique IPs|updated every 1 day from [this link](http://hosts-file.net/emd.txt)
[hphosts_exp](http://iplists.firehol.org/?ipset=hphosts_exp)|[hpHosts](http://hosts-file.net/?s=Download) exploit sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|314 unique IPs|updated every 1 day from [this link](http://hosts-file.net/exp.txt)
[hphosts_fsa](http://iplists.firehol.org/?ipset=hphosts_fsa)|[hpHosts](http://hosts-file.net/?s=Download) fraud sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|27133 unique IPs|updated every 1 day from [this link](http://hosts-file.net/fsa.txt)
[hphosts_grm](http://iplists.firehol.org/?ipset=hphosts_grm)|[hpHosts](http://hosts-file.net/?s=Download) sites involved in spam (that do not otherwise meet any other classification criteria) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|338 unique IPs|updated every 1 day from [this link](http://hosts-file.net/grm.txt)
[hphosts_hfs](http://iplists.firehol.org/?ipset=hphosts_hfs)|[hpHosts](http://hosts-file.net/?s=Download) sites spamming the hpHosts forums (and not meeting any other classification criteria) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|262 unique IPs|updated every 1 day from [this link](http://hosts-file.net/hfs.txt)
[hphosts_hjk](http://iplists.firehol.org/?ipset=hphosts_hjk)|[hpHosts](http://hosts-file.net/?s=Download) hijack sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|57 unique IPs|updated every 1 day from [this link](http://hosts-file.net/hjk.txt)
[hphosts_mmt](http://iplists.firehol.org/?ipset=hphosts_mmt)|[hpHosts](http://hosts-file.net/?s=Download) sites involved in misleading marketing (e.g. fake Flash update adverts) listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|1136 unique IPs|updated every 1 day from [this link](http://hosts-file.net/mmt.txt)
[hphosts_pha](http://iplists.firehol.org/?ipset=hphosts_pha)|[hpHosts](http://hosts-file.net/?s=Download) illegal pharmacy sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|1928 unique IPs|updated every 1 day from [this link](http://hosts-file.net/pha.txt)
[hphosts_psh](http://iplists.firehol.org/?ipset=hphosts_psh)|[hpHosts](http://hosts-file.net/?s=Download) phishing sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|33429 unique IPs|updated every 1 day from [this link](http://hosts-file.net/psh.txt)
[hphosts_wrz](http://iplists.firehol.org/?ipset=hphosts_wrz)|[hpHosts](http://hosts-file.net/?s=Download) warez/piracy sites listed in the hpHosts database. The maintainer's file contains hostnames, which have been DNS resolved to IP addresses.|ipv4 hash:ip|1029 unique IPs|updated every 1 day from [this link](http://hosts-file.net/wrz.txt)
[iblocklist_abuse_palevo](http://iplists.firehol.org/?ipset=iblocklist_abuse_palevo)|palevotracker.abuse.ch IP blocklist.|ipv4 hash:net|12 subnets, 12 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=erqajhwrxiuvjxqrrwfj&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_spyeye](http://iplists.firehol.org/?ipset=iblocklist_abuse_spyeye)|spyeyetracker.abuse.ch IP blocklist.|ipv4 hash:net|83 subnets, 84 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zvjxsfuvdhoxktpeiokq&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_spyeye](http://iplists.firehol.org/?ipset=iblocklist_abuse_spyeye)|spyeyetracker.abuse.ch IP blocklist.|ipv4 hash:net|83 subnets, 84 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zvjxsfuvdhoxktpeiokq&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_zeus](http://iplists.firehol.org/?ipset=iblocklist_abuse_zeus)|zeustracker.abuse.ch IP blocklist that contains IP addresses which are currently beeing tracked on the abuse.ch ZeuS Tracker.|ipv4 hash:net|209 subnets, 212 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf&fileformat=p2p&archiveformat=gz)
[iblocklist_abuse_zeus](http://iplists.firehol.org/?ipset=iblocklist_abuse_zeus)|zeustracker.abuse.ch IP blocklist that contains IP addresses which are currently beeing tracked on the abuse.ch ZeuS Tracker.|ipv4 hash:net|209 subnets, 212 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf&fileformat=p2p&archiveformat=gz)
[iblocklist_ads](http://iplists.firehol.org/?ipset=iblocklist_ads)|Advertising trackers and a short list of bad/intrusive porn sites.|ipv4 hash:net|3294 subnets, 886963 unique IPs|updated every 12 hours
[iblocklist_badpeers](http://iplists.firehol.org/?ipset=iblocklist_badpeers)|IPs that have been reported for bad deeds in p2p.|ipv4 hash:net|48463 subnets, 1568829 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz)
[iblocklist_bogons](http://iplists.firehol.org/?ipset=iblocklist_bogons)|Unallocated address space.|ipv4 hash:net|2690 subnets, 639382179 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=gihxqmhyunbxhbmgqrla&fileformat=p2p&archiveformat=gz)
[iblocklist_ciarmy_malicious](http://iplists.firehol.org/?ipset=iblocklist_ciarmy_malicious)|ciarmy.com IP blocklist. Based on information from a network of Sentinel devices deployed around the world, they compile a list of known bad IP addresses. Sentinel devices are uniquely positioned to pick up traffic from bad guys without requiring any type of signature-based or rate-based identification. If an IP is identified in this way by a significant number of Sentinels, the IP is malicious and should be blocked.|ipv4 hash:net|14552 subnets, 14892 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=npkuuhuxcsllnhoamkvm&fileformat=p2p&archiveformat=gz)
[iblocklist_cidr_report_bogons](http://iplists.firehol.org/?ipset=iblocklist_cidr_report_bogons)|cidr-report.org IP list of Unallocated address space.|ipv4 hash:net|4088 subnets, 600851400 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=lujdnbasfaaixitgmxpp&fileformat=p2p&archiveformat=gz)
[iblocklist_cruzit_web_attacks](http://iplists.firehol.org/?ipset=iblocklist_cruzit_web_attacks)|CruzIT IP list with individual IP addresses of compromised machines scanning for vulnerabilities and DDOS attacks.|ipv4 hash:net|7397 subnets, 7525 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=czvaehmjpsnwwttrdoyl&fileformat=p2p&archiveformat=gz)
[iblocklist_dshield](http://iplists.firehol.org/?ipset=iblocklist_dshield)|known Hackers and such people.|ipv4 hash:net|16 subnets, 2566 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=xpbqleszmajjesnzddhv&fileformat=p2p&archiveformat=gz)
[iblocklist_edu](http://iplists.firehol.org/?ipset=iblocklist_edu)|IPs used by Educational Institutions.|ipv4 hash:net|40778 subnets, 227973184 unique IPs|updated every 12 hours
[iblocklist_exclusions](http://iplists.firehol.org/?ipset=iblocklist_exclusions)|Exclusions.|ipv4 hash:net|297 subnets, 7427 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=mtxmiireqmjzazcsoiem&fileformat=p2p&archiveformat=gz)
[iblocklist_exclusions](http://iplists.firehol.org/?ipset=iblocklist_exclusions)|Exclusions.|ipv4 hash:net|297 subnets, 7427 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=mtxmiireqmjzazcsoiem&fileformat=p2p&archiveformat=gz)
[iblocklist_fornonlancomputers](http://iplists.firehol.org/?ipset=iblocklist_fornonlancomputers)|IP blocklist for non-LAN computers.|ipv4 hash:net|4 subnets, 302055424 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=jhaoawihmfxgnvmaqffp&fileformat=p2p&archiveformat=gz)
[iblocklist_fornonlancomputers](http://iplists.firehol.org/?ipset=iblocklist_fornonlancomputers)|IP blocklist for non-LAN computers.|ipv4 hash:net|4 subnets, 302055424 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=jhaoawihmfxgnvmaqffp&fileformat=p2p&archiveformat=gz)
[iblocklist_forumspam](http://iplists.firehol.org/?ipset=iblocklist_forumspam)|Forum spam.|ipv4 hash:net|454 subnets, 475 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=ficutxiwawokxlcyoeye&fileformat=p2p&archiveformat=gz)
[iblocklist_hijacked](http://iplists.firehol.org/?ipset=iblocklist_hijacked)|Hijacked IP-Blocks. Contains hijacked IP-Blocks and known IP-Blocks that are used to deliver Spam. This list is a combination of lists with hijacked IP-Blocks. Hijacked IP space are IP blocks that are being used without permission by organizations that have no relation to original organization (or its legal successor) that received the IP block. In essence it's stealing of somebody else's IP resources.|ipv4 hash:net|515 subnets, 8974080 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_multicast](http://iplists.firehol.org/?ipset=iblocklist_iana_multicast)|IANA Multicast IPs.|ipv4 hash:net|1 subnets, 268435456 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=pwqnlynprfgtjbgqoizj&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_multicast](http://iplists.firehol.org/?ipset=iblocklist_iana_multicast)|IANA Multicast IPs.|ipv4 hash:net|1 subnets, 268435456 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=pwqnlynprfgtjbgqoizj&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_private](http://iplists.firehol.org/?ipset=iblocklist_iana_private)|IANA Private IPs.|ipv4 hash:net|56 subnets, 51643638 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=cslpybexmxyuacbyuvib&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_private](http://iplists.firehol.org/?ipset=iblocklist_iana_private)|IANA Private IPs.|ipv4 hash:net|56 subnets, 51643638 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=cslpybexmxyuacbyuvib&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_reserved](http://iplists.firehol.org/?ipset=iblocklist_iana_reserved)|IANA Reserved IPs.|ipv4 hash:net|1 subnets, 536870912 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=bcoepfyewziejvcqyhqo&fileformat=p2p&archiveformat=gz)
[iblocklist_iana_reserved](http://iplists.firehol.org/?ipset=iblocklist_iana_reserved)|IANA Reserved IPs.|ipv4 hash:net|1 subnets, 536870912 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=bcoepfyewziejvcqyhqo&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_aol](http://iplists.firehol.org/?ipset=iblocklist_isp_aol)|AOL IPs.|ipv4 hash:net|16 subnets, 6627584 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=toboaiysofkflwgrttmb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_aol](http://iplists.firehol.org/?ipset=iblocklist_isp_aol)|AOL IPs.|ipv4 hash:net|16 subnets, 6627584 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=toboaiysofkflwgrttmb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_att](http://iplists.firehol.org/?ipset=iblocklist_isp_att)|AT&T IPs.|ipv4 hash:net|35 subnets, 55845128 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=grbtkzijgrowvobvessf&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_cablevision](http://iplists.firehol.org/?ipset=iblocklist_isp_cablevision)|Cablevision IPs.|ipv4 hash:net|11 subnets, 1787136 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=dwwbsmzirrykdlvpqozb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_cablevision](http://iplists.firehol.org/?ipset=iblocklist_isp_cablevision)|Cablevision IPs.|ipv4 hash:net|11 subnets, 1787136 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=dwwbsmzirrykdlvpqozb&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_charter](http://iplists.firehol.org/?ipset=iblocklist_isp_charter)|Charter IPs.|ipv4 hash:net|21 subnets, 6138112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=htnzojgossawhpkbulqw&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_charter](http://iplists.firehol.org/?ipset=iblocklist_isp_charter)|Charter IPs.|ipv4 hash:net|21 subnets, 6138112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=htnzojgossawhpkbulqw&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_comcast](http://iplists.firehol.org/?ipset=iblocklist_isp_comcast)|Comcast IPs.|ipv4 hash:net|33 subnets, 45121536 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=rsgyxvuklicibautguia&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_embarq](http://iplists.firehol.org/?ipset=iblocklist_isp_embarq)|Embarq IPs.|ipv4 hash:net|14 subnets, 2703360 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=twdblifaysaqtypevvdp&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_embarq](http://iplists.firehol.org/?ipset=iblocklist_isp_embarq)|Embarq IPs.|ipv4 hash:net|14 subnets, 2703360 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=twdblifaysaqtypevvdp&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_qwest](http://iplists.firehol.org/?ipset=iblocklist_isp_qwest)|Qwest IPs.|ipv4 hash:net|73 subnets, 15777552 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=jezlifrpefawuoawnfez&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_qwest](http://iplists.firehol.org/?ipset=iblocklist_isp_qwest)|Qwest IPs.|ipv4 hash:net|73 subnets, 15777552 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=jezlifrpefawuoawnfez&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_sprint](http://iplists.firehol.org/?ipset=iblocklist_isp_sprint)|Sprint IPs.|ipv4 hash:net|63 subnets, 6310530 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=hngtqrhhuadlceqxbrob&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_sprint](http://iplists.firehol.org/?ipset=iblocklist_isp_sprint)|Sprint IPs.|ipv4 hash:net|63 subnets, 6310530 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=hngtqrhhuadlceqxbrob&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_suddenlink](http://iplists.firehol.org/?ipset=iblocklist_isp_suddenlink)|Suddenlink IPs.|ipv4 hash:net|3 subnets, 458752 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=psaoblrwylfrdsspfuiq&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_suddenlink](http://iplists.firehol.org/?ipset=iblocklist_isp_suddenlink)|Suddenlink IPs.|ipv4 hash:net|3 subnets, 458752 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=psaoblrwylfrdsspfuiq&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_twc](http://iplists.firehol.org/?ipset=iblocklist_isp_twc)|Time Warner Cable IPs.|ipv4 hash:net|56 subnets, 15015936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aqtsnttnqmcucwrjmohd&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_twc](http://iplists.firehol.org/?ipset=iblocklist_isp_twc)|Time Warner Cable IPs.|ipv4 hash:net|56 subnets, 15015936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aqtsnttnqmcucwrjmohd&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_verizon](http://iplists.firehol.org/?ipset=iblocklist_isp_verizon)|Verizon IPs.|ipv4 hash:net|22 subnets, 18087936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cdmdbprvldivlqsaqjol&fileformat=p2p&archiveformat=gz)
[iblocklist_isp_verizon](http://iplists.firehol.org/?ipset=iblocklist_isp_verizon)|Verizon IPs.|ipv4 hash:net|22 subnets, 18087936 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cdmdbprvldivlqsaqjol&fileformat=p2p&archiveformat=gz)
[iblocklist_level1](http://iplists.firehol.org/?ipset=iblocklist_level1)|Level 1 (for use in p2p): Companies or organizations who are clearly involved with trying to stop filesharing (e.g. Baytsp, MediaDefender, Mediasentry). Companies which anti-p2p activity has been seen from. Companies that produce or have a strong financial interest in copyrighted material (e.g. music, movie, software industries a.o.). Government ranges or companies that have a strong financial interest in doing work for governments. Legal industry ranges. IPs or ranges of ISPs from which anti-p2p activity has been observed. Basically this list will block all kinds of internet connections that most people would rather not have during their internet travels.|ipv4 hash:net|218286 subnets, 762691663 unique IPs|updated every 12 hours
[iblocklist_level2](http://iplists.firehol.org/?ipset=iblocklist_level2)|Level 2 (for use in p2p). General corporate ranges. Ranges used by labs or researchers. Proxies.|ipv4 hash:net|72941 subnets, 346547211 unique IPs|updated every 12 hours
[iblocklist_level3](http://iplists.firehol.org/?ipset=iblocklist_level3)|Level 3 (for use in p2p). Many portal-type websites. ISP ranges that may be dodgy for some reason. Ranges that belong to an individual, but which have not been determined to be used by a particular company. Ranges for things that are unusual in some way. The L3 list is aka the paranoid list.|ipv4 hash:net|17794 subnets, 138890375 unique IPs|updated every 12 hours
[iblocklist_malc0de](http://iplists.firehol.org/?ipset=iblocklist_malc0de)|malc0de.com IP blocklist. Addresses that have been identified distributing malware during the past 30 days.|ipv4 hash:net|232 subnets, 236 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=pbqcylkejciyhmwttify&fileformat=p2p&archiveformat=gz)
[iblocklist_onion_router](http://iplists.firehol.org/?ipset=iblocklist_onion_router)|The Onion Router IP addresses.|ipv4 hash:net|6223 subnets, 6308 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz)
[iblocklist_org_activision](http://iplists.firehol.org/?ipset=iblocklist_org_activision)|Activision IPs.|ipv4 hash:net|46 subnets, 4890 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=gfnxlhxsijzrcuxwzebb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_activision](http://iplists.firehol.org/?ipset=iblocklist_org_activision)|Activision IPs.|ipv4 hash:net|46 subnets, 4890 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=gfnxlhxsijzrcuxwzebb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_apple](http://iplists.firehol.org/?ipset=iblocklist_org_apple)|Apple IPs.|ipv4 hash:net|1 subnets, 16777216 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aphcqvpxuqgrkgufjruj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_apple](http://iplists.firehol.org/?ipset=iblocklist_org_apple)|Apple IPs.|ipv4 hash:net|1 subnets, 16777216 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aphcqvpxuqgrkgufjruj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_blizzard](http://iplists.firehol.org/?ipset=iblocklist_org_blizzard)|Blizzard IPs.|ipv4 hash:net|8 subnets, 16795139 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ercbntshuthyykfkmhxc&fileformat=p2p&archiveformat=gz)
[iblocklist_org_blizzard](http://iplists.firehol.org/?ipset=iblocklist_org_blizzard)|Blizzard IPs.|ipv4 hash:net|8 subnets, 16795139 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ercbntshuthyykfkmhxc&fileformat=p2p&archiveformat=gz)
[iblocklist_org_crowd_control](http://iplists.firehol.org/?ipset=iblocklist_org_crowd_control)|Crowd Control Productions IPs.|ipv4 hash:net|2 subnets, 768 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=eveiyhgmusglurfmjyag&fileformat=p2p&archiveformat=gz)
[iblocklist_org_crowd_control](http://iplists.firehol.org/?ipset=iblocklist_org_crowd_control)|Crowd Control Productions IPs.|ipv4 hash:net|2 subnets, 768 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=eveiyhgmusglurfmjyag&fileformat=p2p&archiveformat=gz)
[iblocklist_org_electronic_arts](http://iplists.firehol.org/?ipset=iblocklist_org_electronic_arts)|Electronic Arts IPs.|ipv4 hash:net|42 subnets, 69720 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ejqebpcdmffinaetsvxj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_electronic_arts](http://iplists.firehol.org/?ipset=iblocklist_org_electronic_arts)|Electronic Arts IPs.|ipv4 hash:net|42 subnets, 69720 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ejqebpcdmffinaetsvxj&fileformat=p2p&archiveformat=gz)
[iblocklist_org_joost](http://iplists.firehol.org/?ipset=iblocklist_org_joost)|Joost IPs.|ipv4 hash:net|4 subnets, 16779456 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=alxugfmeszbhpxqfdits&fileformat=p2p&archiveformat=gz)
[iblocklist_org_joost](http://iplists.firehol.org/?ipset=iblocklist_org_joost)|Joost IPs.|ipv4 hash:net|4 subnets, 16779456 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=alxugfmeszbhpxqfdits&fileformat=p2p&archiveformat=gz)
[iblocklist_org_linden_lab](http://iplists.firehol.org/?ipset=iblocklist_org_linden_lab)|Linden Lab IPs.|ipv4 hash:net|11 subnets, 23600 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=qnjdimxnaupjmpqolxcv&fileformat=p2p&archiveformat=gz)
[iblocklist_org_linden_lab](http://iplists.firehol.org/?ipset=iblocklist_org_linden_lab)|Linden Lab IPs.|ipv4 hash:net|11 subnets, 23600 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=qnjdimxnaupjmpqolxcv&fileformat=p2p&archiveformat=gz)
[iblocklist_org_logmein](http://iplists.firehol.org/?ipset=iblocklist_org_logmein)|LogMeIn IPs.|ipv4 hash:net|13 subnets, 16781568 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tgbankumtwtrzllndbmb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_logmein](http://iplists.firehol.org/?ipset=iblocklist_org_logmein)|LogMeIn IPs.|ipv4 hash:net|13 subnets, 16781568 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tgbankumtwtrzllndbmb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_microsoft](http://iplists.firehol.org/?ipset=iblocklist_org_microsoft)|Microsoft IP ranges.|ipv4 hash:net|729 subnets, 1847911 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=xshktygkujudfnjfioro&fileformat=p2p&archiveformat=gz)
[iblocklist_org_ncsoft](http://iplists.firehol.org/?ipset=iblocklist_org_ncsoft)|NCsoft IPs.|ipv4 hash:net|5 subnets, 12560 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=mwjuwmebrnzyyxpbezxu&fileformat=p2p&archiveformat=gz)
[iblocklist_org_ncsoft](http://iplists.firehol.org/?ipset=iblocklist_org_ncsoft)|NCsoft IPs.|ipv4 hash:net|5 subnets, 12560 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=mwjuwmebrnzyyxpbezxu&fileformat=p2p&archiveformat=gz)
[iblocklist_org_nintendo](http://iplists.firehol.org/?ipset=iblocklist_org_nintendo)|Nintendo IPs.|ipv4 hash:net|40 subnets, 3907 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=pevkykuhgaegqyayzbnr&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pandora](http://iplists.firehol.org/?ipset=iblocklist_org_pandora)|Pandora IPs.|ipv4 hash:net|1 subnets, 2048 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aevzidimyvwybzkletsg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pandora](http://iplists.firehol.org/?ipset=iblocklist_org_pandora)|Pandora IPs.|ipv4 hash:net|1 subnets, 2048 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=aevzidimyvwybzkletsg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pirate_bay](http://iplists.firehol.org/?ipset=iblocklist_org_pirate_bay)|The Pirate Bay IPs.|ipv4 hash:net|5 subnets, 323 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_pirate_bay](http://iplists.firehol.org/?ipset=iblocklist_org_pirate_bay)|The Pirate Bay IPs.|ipv4 hash:net|5 subnets, 323 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb&fileformat=p2p&archiveformat=gz)
[iblocklist_org_punkbuster](http://iplists.firehol.org/?ipset=iblocklist_org_punkbuster)|Punkbuster IPs.|ipv4 hash:net|1 subnets, 1 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=zvwwndvzulqcltsicwdg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_punkbuster](http://iplists.firehol.org/?ipset=iblocklist_org_punkbuster)|Punkbuster IPs.|ipv4 hash:net|1 subnets, 1 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=zvwwndvzulqcltsicwdg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_riot_games](http://iplists.firehol.org/?ipset=iblocklist_org_riot_games)|Riot Games IPs.|ipv4 hash:net|6 subnets, 1792 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=sdlvfabdjvrdttfjotcy&fileformat=p2p&archiveformat=gz)
[iblocklist_org_riot_games](http://iplists.firehol.org/?ipset=iblocklist_org_riot_games)|Riot Games IPs.|ipv4 hash:net|6 subnets, 1792 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=sdlvfabdjvrdttfjotcy&fileformat=p2p&archiveformat=gz)
[iblocklist_org_sony_online](http://iplists.firehol.org/?ipset=iblocklist_org_sony_online)|Sony Online Entertainment IPs.|ipv4 hash:net|7 subnets, 24616 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tukpvrvlubsputmkmiwg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_sony_online](http://iplists.firehol.org/?ipset=iblocklist_org_sony_online)|Sony Online Entertainment IPs.|ipv4 hash:net|7 subnets, 24616 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=tukpvrvlubsputmkmiwg&fileformat=p2p&archiveformat=gz)
[iblocklist_org_square_enix](http://iplists.firehol.org/?ipset=iblocklist_org_square_enix)|Square Enix IPs.|ipv4 hash:net|2 subnets, 4112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=odyaqontcydnodrlyina&fileformat=p2p&archiveformat=gz)
[iblocklist_org_square_enix](http://iplists.firehol.org/?ipset=iblocklist_org_square_enix)|Square Enix IPs.|ipv4 hash:net|2 subnets, 4112 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=odyaqontcydnodrlyina&fileformat=p2p&archiveformat=gz)
[iblocklist_org_steam](http://iplists.firehol.org/?ipset=iblocklist_org_steam)|Steam IPs.|ipv4 hash:net|51 subnets, 596440 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cnxkgiklecdaihzukrud&fileformat=p2p&archiveformat=gz)
[iblocklist_org_steam](http://iplists.firehol.org/?ipset=iblocklist_org_steam)|Steam IPs.|ipv4 hash:net|51 subnets, 596440 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=cnxkgiklecdaihzukrud&fileformat=p2p&archiveformat=gz)
[iblocklist_org_ubisoft](http://iplists.firehol.org/?ipset=iblocklist_org_ubisoft)|Ubisoft IPs.|ipv4 hash:net|9 subnets, 5304 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=etmcrglomupyxtaebzht&fileformat=p2p&archiveformat=gz)
[iblocklist_org_ubisoft](http://iplists.firehol.org/?ipset=iblocklist_org_ubisoft)|Ubisoft IPs.|ipv4 hash:net|9 subnets, 5304 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=etmcrglomupyxtaebzht&fileformat=p2p&archiveformat=gz)
[iblocklist_org_xfire](http://iplists.firehol.org/?ipset=iblocklist_org_xfire)|XFire IPs.|ipv4 hash:net|3 subnets, 3328 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ppqqnyihmcrryraaqsjo&fileformat=p2p&archiveformat=gz)
[iblocklist_org_xfire](http://iplists.firehol.org/?ipset=iblocklist_org_xfire)|XFire IPs.|ipv4 hash:net|3 subnets, 3328 unique IPs|updated every 1 day from [this link](http://list.iblocklist.com/?list=ppqqnyihmcrryraaqsjo&fileformat=p2p&archiveformat=gz)
[iblocklist_pedophiles](http://iplists.firehol.org/?ipset=iblocklist_pedophiles)|IP ranges of people who we have found to be sharing child pornography in the p2p community.|ipv4 hash:net|28630 subnets, 845657 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=dufcxgnbjsdwmwctgfuj&fileformat=p2p&archiveformat=gz)
[iblocklist_proxies](http://iplists.firehol.org/?ipset=iblocklist_proxies)|Open Proxies IPs list (without TOR)|ipv4 hash:ip|672 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=xoebmbyexwuiogmbyprb&fileformat=p2p&archiveformat=gz)
[iblocklist_rangetest](http://iplists.firehol.org/?ipset=iblocklist_rangetest)|Suspicious IPs that are under investigation.|ipv4 hash:net|483 subnets, 4235342 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=plkehquoahljmyxjixpu&fileformat=p2p&archiveformat=gz)
[iblocklist_spamhaus_drop](http://iplists.firehol.org/?ipset=iblocklist_spamhaus_drop)|Spamhaus.org DROP (Don't Route Or Peer) list.|ipv4 hash:net|777 subnets, 24405504 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zbdlwrqkabxbcppvrnos&fileformat=p2p&archiveformat=gz)
[iblocklist_spider](http://iplists.firehol.org/?ipset=iblocklist_spider)|IP list intended to be used by webmasters to block hostile spiders from their web sites.|ipv4 hash:net|732 subnets, 846624 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=mcvxsnihddgutbjfbghy&fileformat=p2p&archiveformat=gz)
[iblocklist_spyware](http://iplists.firehol.org/?ipset=iblocklist_spyware)|Known malicious SPYWARE and ADWARE IP Address ranges. It is compiled from various sources, including other available spyware blacklists, HOSTS files, from research found at many of the top anti-spyware forums, logs of spyware victims, etc.|ipv4 hash:net|3288 subnets, 338757 unique IPs|updated every 12 hours
[iblocklist_webexploit](http://iplists.firehol.org/?ipset=iblocklist_webexploit)|Web server hack and exploit attempts. IP addresses related to current web server hack and exploit attempts that have been logged or can be found in and cross referenced with other related IP databases. Malicious and other non search engine bots will also be listed here, along with anything found that can have a negative impact on a website or webserver such as proxies being used for negative SEO hijacks, unauthorised site mirroring, harvesting, scraping, snooping and data mining / spy bot / security & copyright enforcement companies that target and continuosly scan webservers.|ipv4 hash:ip|15382 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz)
[iblocklist_yoyo_adservers](http://iplists.firehol.org/?ipset=iblocklist_yoyo_adservers)|pgl.yoyo.org ad servers|ipv4 hash:net|10252 subnets, 11646 unique IPs|updated every 12 hours from [this link](http://list.iblocklist.com/?list=zhogegszwduurnvsyhdf&fileformat=p2p&archiveformat=gz)
[ip2location_country](https://github.com/ktsaou/blocklist-ipsets/tree/master/ip2location_country)|[IP2Location.com](http://lite.ip2location.com/database-ip-country) geolocation database|ipv4 hash:net|All the world|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2location_country_cc](http://iplists.firehol.org/?ipset=ip2location_country_cc)|Cocos (Keeling) Islands (CC) -- [IP2Location.com](http://lite.ip2location.com/database-ip-country)|ipv4 hash:net|1 subnets, 256 unique IPs|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2location_country_cx](http://iplists.firehol.org/?ipset=ip2location_country_cx)|Christmas Island (CX) -- [IP2Location.com](http://lite.ip2location.com/database-ip-country)|ipv4 hash:net|1 subnets, 256 unique IPs|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2location_country_eh](http://iplists.firehol.org/?ipset=ip2location_country_eh)|Western Sahara (EH) -- [IP2Location.com](http://lite.ip2location.com/database-ip-country)|ipv4 hash:net|1 subnets, 256 unique IPs|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ip2location_country_sh](http://iplists.firehol.org/?ipset=ip2location_country_sh)|Saint Helena (SH) -- [IP2Location.com](http://lite.ip2location.com/database-ip-country)|ipv4 hash:net|1 subnets, 256 unique IPs|updated every 1 day from [this link](http://download.ip2location.com/lite/IP2LOCATION-LITE-DB1.CSV.ZIP)
[ipblacklistcloud_recent](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|32 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_1d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_1d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|32 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_30d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_30d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|352 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_recent_7d](http://iplists.firehol.org/?ipset=ipblacklistcloud_recent_7d)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the most recent IP addresses that have been blacklisted by websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|63 unique IPs|updated every 4 hours from [this link](http://www.ip-finder.me/download/)
[ipblacklistcloud_top](http://iplists.firehol.org/?ipset=ipblacklistcloud_top)|[IP Blacklist Cloud](http://www.ip-finder.me/) These are the top IP addresses that have been blacklisted by many websites. IP Blacklist Cloud plugin protects your WordPress based website from spam comments, gives details about login attacks which you don't even know are happening without this plugin!|ipv4 hash:ip|232 unique IPs|updated every 1 day from [this link](http://www.ip-finder.me/ip-full-list/)
[ipdeny_country](https://github.com/firehol/blocklist-ipsets/tree/master/ipdeny_country)|[IPDeny.com](http://www.ipdeny.com/) geolocation database|ipv4 hash:net|All the world|updated every 1 day from [this link](http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz)
[iw_spamlist](http://iplists.firehol.org/?ipset=iw_spamlist)|[ImproWare Antispam](http://antispam.imp.ch/) IPs sending spam, in the last 3 days|ipv4 hash:ip|943 unique IPs|updated every 1 hour from [this link](http://antispam.imp.ch/spamlist)
[iw_wormlist](http://iplists.firehol.org/?ipset=iw_wormlist)|[ImproWare Antispam](http://antispam.imp.ch/) IPs sending emails with viruses or worms, in the last 3 days|ipv4 hash:ip|1 unique IPs|updated every 1 hour from [this link](http://antispam.imp.ch/wormlist)
[lashback_ubl](http://iplists.firehol.org/?ipset=lashback_ubl)|[The LashBack UBL](http://blacklist.lashback.com/) The Unsubscribe Blacklist (UBL) is a real-time blacklist of IP addresses which are sending email to names harvested from suppression files (this is a big list, more than 500.000 IPs)|ipv4 hash:ip|2847971 unique IPs|updated every 1 day from [this link](http://www.unsubscore.com/blacklist.txt)
[malc0de](http://iplists.firehol.org/?ipset=malc0de)|[Malc0de.com](http://malc0de.com) malicious IPs of the last 30 days|ipv4 hash:ip|240 unique IPs|updated every 1 day from [this link](http://malc0de.com/bl/IP_Blacklist.txt)
[malwaredomainlist](http://iplists.firehol.org/?ipset=malwaredomainlist)|[malwaredomainlist.com](http://www.malwaredomainlist.com) list of malware active ip addresses|ipv4 hash:ip|1030 unique IPs|updated every 12 hours from [this link](http://www.malwaredomainlist.com/hostslist/ip.txt)
[maxmind_proxy_fraud](http://iplists.firehol.org/?ipset=maxmind_proxy_fraud)|[MaxMind.com](https://www.maxmind.com/en/high-risk-ip-sample-list) sample list of high-risk IP addresses.|ipv4 hash:ip|482 unique IPs|updated every 4 hours from [this link](https://www.maxmind.com/en/high-risk-ip-sample-list)
[myip](http://iplists.firehol.org/?ipset=myip)|[myip.ms](http://www.myip.ms/info/about) IPs identified as web bots in the last 10 days, using several sites that require human action|ipv4 hash:ip|3611 unique IPs|updated every 1 day from [this link](http://www.myip.ms/files/blacklist/csf/latest_blacklist.txt)
[nixspam](http://iplists.firehol.org/?ipset=nixspam)|[NiX Spam](http://www.heise.de/ix/NiX-Spam-DNSBL-and-blacklist-for-download-499637.html) IP addresses that sent spam in the last hour - automatically generated entries without distinguishing open proxies from relays, dialup gateways, and so on. All IPs are removed after 12 hours if there is no spam from there.|ipv4 hash:ip|23577 unique IPs|updated every 15 mins from [this link](http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz)
[nt_malware_dns](http://iplists.firehol.org/?ipset=nt_malware_dns)|[No Think](http://www.nothink.org/) Malware DNS (the original list includes hostnames and domains, which are ignored)|ipv4 hash:ip|235 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_dns.txt)
[nt_malware_dns](http://iplists.firehol.org/?ipset=nt_malware_dns)|[No Think](http://www.nothink.org/) Malware DNS (the original list includes hostnames and domains, which are ignored)|ipv4 hash:ip|235 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_dns.txt)
[nt_malware_http](http://iplists.firehol.org/?ipset=nt_malware_http)|[No Think](http://www.nothink.org/) Malware HTTP|ipv4 hash:ip|69 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_http.txt)
[nt_malware_http](http://iplists.firehol.org/?ipset=nt_malware_http)|[No Think](http://www.nothink.org/) Malware HTTP|ipv4 hash:ip|69 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_http.txt)
[nt_malware_irc](http://iplists.firehol.org/?ipset=nt_malware_irc)|[No Think](http://www.nothink.org/) Malware IRC|ipv4 hash:ip|43 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_irc.txt)
[nt_malware_irc](http://iplists.firehol.org/?ipset=nt_malware_irc)|[No Think](http://www.nothink.org/) Malware IRC|ipv4 hash:ip|43 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_malware_irc.txt)
[nt_ssh_7d](http://iplists.firehol.org/?ipset=nt_ssh_7d)|[NoThink](http://www.nothink.org/) Last 7 days SSH attacks|ipv4 hash:ip|95 unique IPs|updated every 1 hour from [this link](http://www.nothink.org/blacklist/blacklist_ssh_week.txt)
[nullsecure](http://iplists.firehol.org/?ipset=nullsecure)|[nullsecure.org](http://nullsecure.org/) This is a free threat feed provided for use in any acceptable manner. This feed was aggregated using the [Tango Honeypot Intelligence Splunk App](https://github.com/aplura/Tango) by Brian Warehime, a Senior Security Analyst at Defense Point Security.|ipv4 hash:ip|29439 unique IPs|updated every 8 hours from [this link](http://nullsecure.org/threatfeed/master.txt)
[packetmail](http://iplists.firehol.org/?ipset=packetmail)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing TCP SYN to 206.82.85.196/30 to a non-listening service or daemon. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|3257 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep.txt)
[packetmail_emerging_ips](http://iplists.firehol.org/?ipset=packetmail_emerging_ips)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected as potentially of interest based on the number of unique users of the packetmail IP Reputation system. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|23 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_emerging_ips.txt)
[packetmail_mail](http://iplists.firehol.org/?ipset=packetmail_mail)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing behavior not in compliance with the requirements this system enforces for email acceptance. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|95 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_mail.txt)
[packetmail_ramnode](http://iplists.firehol.org/?ipset=packetmail_ramnode)|[PacketMail.net](https://www.packetmail.net/) IP addresses that have been detected performing TCP SYN to 81.4.103.251 to a non-listening service or daemon. No assertion is made, nor implied, that any of the below listed IP addresses are accurate, malicious, hostile, or engaged in nefarious acts. Use this list at your own risk.|ipv4 hash:ip|2434 unique IPs|updated every 4 hours from [this link](https://www.packetmail.net/iprep_ramnode.txt)
php_bad|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) bad web hosts (this list is composed using an RSS feed)|ipv4 hash:ip|disabled|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=b&rss=1)
[php_commenters](http://iplists.firehol.org/?ipset=php_commenters)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_1d](http://iplists.firehol.org/?ipset=php_commenters_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|99 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_30d](http://iplists.firehol.org/?ipset=php_commenters_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|1134 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_commenters_7d](http://iplists.firehol.org/?ipset=php_commenters_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) comment spammers (this list is composed using an RSS feed)|ipv4 hash:ip|353 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=c&rss=1)
[php_dictionary](http://iplists.firehol.org/?ipset=php_dictionary)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_1d](http://iplists.firehol.org/?ipset=php_dictionary_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|95 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_30d](http://iplists.firehol.org/?ipset=php_dictionary_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|1038 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_dictionary_7d](http://iplists.firehol.org/?ipset=php_dictionary_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) directory attackers (this list is composed using an RSS feed)|ipv4 hash:ip|284 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1)
[php_harvesters](http://iplists.firehol.org/?ipset=php_harvesters)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_1d](http://iplists.firehol.org/?ipset=php_harvesters_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|85 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_30d](http://iplists.firehol.org/?ipset=php_harvesters_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|840 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_harvesters_7d](http://iplists.firehol.org/?ipset=php_harvesters_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) harvesters (IPs that surf the internet looking for email addresses) (this list is composed using an RSS feed)|ipv4 hash:ip|266 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=h&rss=1)
[php_spammers](http://iplists.firehol.org/?ipset=php_spammers)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|50 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_1d](http://iplists.firehol.org/?ipset=php_spammers_1d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|96 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_30d](http://iplists.firehol.org/?ipset=php_spammers_30d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|1140 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[php_spammers_7d](http://iplists.firehol.org/?ipset=php_spammers_7d)|[projecthoneypot.org](http://www.projecthoneypot.org/?rf=192670) spam servers (IPs used by spammers to send messages) (this list is composed using an RSS feed)|ipv4 hash:ip|300 unique IPs|updated every 1 hour from [this link](http://www.projecthoneypot.org/list_of_ips.php?t=s&rss=1)
[proxylists](http://iplists.firehol.org/?ipset=proxylists)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|1349 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_1d](http://iplists.firehol.org/?ipset=proxylists_1d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|2789 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_30d](http://iplists.firehol.org/?ipset=proxylists_30d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|6067 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxylists_7d](http://iplists.firehol.org/?ipset=proxylists_7d)|[proxylists.net](http://www.proxylists.net/) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|4268 unique IPs|updated every 1 hour from [this link](http://www.proxylists.net/proxylists.xml)
[proxyrss](http://iplists.firehol.org/?ipset=proxyrss)|[proxyrss.com](http://www.proxyrss.com) open proxies syndicated from multiple sources.|ipv4 hash:ip|1114 unique IPs|updated every 4 hours from [this link](http://www.proxyrss.com/proxylists/all.gz)
[proxyrss_1d](http://iplists.firehol.org/?ipset=proxyrss_1d)|[proxyrss.com](http://www.proxyrss.com) open proxies syndicated from multiple sources.|ipv4 hash:ip|2456 unique IPs|updated every 4 hours from [this link](http://www.proxyrss.com/proxylists/all.gz)
[proxyrss_30d](http://iplists.firehol.org/?ipset=proxyrss_30d)|[proxyrss.com](http://www.proxyrss.com) open proxies syndicated from multiple sources.|ipv4 hash:ip|5571 unique IPs|updated every 4 hours from [this link](http://www.proxyrss.com/proxylists/all.gz)
[proxyrss_7d](http://iplists.firehol.org/?ipset=proxyrss_7d)|[proxyrss.com](http://www.proxyrss.com) open proxies syndicated from multiple sources.|ipv4 hash:ip|3903 unique IPs|updated every 4 hours from [this link](http://www.proxyrss.com/proxylists/all.gz)
[proxyspy](http://iplists.firehol.org/?ipset=proxyspy)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|300 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxyspy_1d](http://iplists.firehol.org/?ipset=proxyspy_1d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|300 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxyspy_30d](http://iplists.firehol.org/?ipset=proxyspy_30d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|6720 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxyspy_7d](http://iplists.firehol.org/?ipset=proxyspy_7d)|[ProxySpy](http://spys.ru/en/) open proxies (updated hourly)|ipv4 hash:ip|2828 unique IPs|updated every 1 hour from [this link](http://txt.proxyspy.net/proxy.txt)
[proxz](http://iplists.firehol.org/?ipset=proxz)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|24 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_1d](http://iplists.firehol.org/?ipset=proxz_1d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|282 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_30d](http://iplists.firehol.org/?ipset=proxz_30d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|2190 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[proxz_7d](http://iplists.firehol.org/?ipset=proxz_7d)|[proxz.com](http://www.proxz.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|972 unique IPs|updated every 1 hour from [this link](http://www.proxz.com/proxylists.xml)
[pushing_inertia_blocklist](http://iplists.firehol.org/?ipset=pushing_inertia_blocklist)|[Pushing Inertia](https://github.com/pushinginertia/ip-blacklist) IPs of hosting providers that are known to host various bots, spiders, scrapers, etc. to block access from these providers to web servers.|ipv4 hash:net|878 subnets, 34512264 unique IPs|updated every 1 day from [this link](https://raw.githubusercontent.com/pushinginertia/ip-blacklist/master/ip_blacklist.conf)
[ransomware_cryptowall_ps](http://iplists.firehol.org/?ipset=ransomware_cryptowall_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreant to commit fraud. This list is CW_PS_IPBL: CryptoWall Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt)
[ransomware_feed](http://iplists.firehol.org/?ipset=ransomware_feed)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. The IPs in this list have been extracted from the tracker data feed.|ipv4 hash:ip|5209 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_locky_c2](http://iplists.firehol.org/?ipset=ransomware_locky_c2)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is LY_C2_IPBL: Locky Ransomware C2 URL blocklist.|ipv4 hash:ip|296 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_C2_IPBL.txt)
[ransomware_locky_ps](http://iplists.firehol.org/?ipset=ransomware_locky_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is LY_PS_IPBL: Locky Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|3 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt)
[ransomware_online](http://iplists.firehol.org/?ipset=ransomware_online)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. The IPs in this list have been extracted from the tracker data feed, filtering only online IPs.|ipv4 hash:ip|150 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/feeds/csv/)
[ransomware_rw](http://iplists.firehol.org/?ipset=ransomware_rw)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list includes TC_PS_IPBL, LY_C2_IPBL, TL_C2_IPBL, TL_PS_IPBL and it is the recommended blocklist. It might not catch everything, but the false positive rate should be low. However, false positives are possible, especially with regards to RW_IPBL. IP addresses associated with Ransomware Payment Sites (*_PS_IPBL) or Locky botnet C&Cs (LY_C2_IPBL) stay listed on RW_IPBL for a time of 30 days after the last appearance. This means that an IP address stays listed on RW_IPBL even after the threat has been eliminated (e.g. the VPS / server has been suspended by the hosting provider) for another 30 days.|ipv4 hash:ip|317 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt)
[ransomware_teslacrypt_ps](http://iplists.firehol.org/?ipset=ransomware_teslacrypt_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TC_PS_IPBL: TeslaCrypt Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt)
[ransomware_torrentlocker_c2](http://iplists.firehol.org/?ipset=ransomware_torrentlocker_c2)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TL_C2_IPBL: TorrentLocker Ransomware C2 IP blocklist.|ipv4 hash:ip|12 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt)
[ransomware_torrentlocker_ps](http://iplists.firehol.org/?ipset=ransomware_torrentlocker_ps)|[Abuse.ch Ransomware Tracker](https://ransomwaretracker.abuse.ch) Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites. By using data provided by Ransomware Tracker, hosting- and internet service provider (ISPs), as well as national CERTs/CSIRTs, law enforcement agencies (LEA) and security researchers can receive an overview on infrastructure used by Ransomware and whether these are actively being used by miscreants to commit fraud. This list is TL_PS_IPBL: TorrentLocker Ransomware Payment Sites IP blocklist.|ipv4 hash:ip|0 unique IPs|updated every 5 mins from [this link](https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt)
[ri_connect_proxies](http://iplists.firehol.org/?ipset=ri_connect_proxies)|[rosinstrument.com](http://www.rosinstrument.com) open CONNECT proxies (this list is composed using an RSS feed)|ipv4 hash:ip|150 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/plab100.xml)
[ri_connect_proxies_1d](http://iplists.firehol.org/?ipset=ri_connect_proxies_1d)|[rosinstrument.com](http://www.rosinstrument.com) open CONNECT proxies (this list is composed using an RSS feed)|ipv4 hash:ip|260 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/plab100.xml)
[ri_connect_proxies_30d](http://iplists.firehol.org/?ipset=ri_connect_proxies_30d)|[rosinstrument.com](http://www.rosinstrument.com) open CONNECT proxies (this list is composed using an RSS feed)|ipv4 hash:ip|2630 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/plab100.xml)
[ri_connect_proxies_7d](http://iplists.firehol.org/?ipset=ri_connect_proxies_7d)|[rosinstrument.com](http://www.rosinstrument.com) open CONNECT proxies (this list is composed using an RSS feed)|ipv4 hash:ip|1026 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/plab100.xml)
[ri_web_proxies](http://iplists.firehol.org/?ipset=ri_web_proxies)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|145 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[ri_web_proxies_1d](http://iplists.firehol.org/?ipset=ri_web_proxies_1d)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|443 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[ri_web_proxies_30d](http://iplists.firehol.org/?ipset=ri_web_proxies_30d)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|4772 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[ri_web_proxies_7d](http://iplists.firehol.org/?ipset=ri_web_proxies_7d)|[rosinstrument.com](http://www.rosinstrument.com) open HTTP proxies (this list is composed using an RSS feed)|ipv4 hash:ip|1677 unique IPs|updated every 1 hour from [this link](http://tools.rosinstrument.com/proxy/l100.xml)
[sblam](http://iplists.firehol.org/?ipset=sblam)|[sblam.com](http://sblam.com) IPs used by web form spammers, during the last month|ipv4 hash:ip|11055 unique IPs|updated every 1 day from [this link](http://sblam.com/blacklist.txt)
[shunlist](http://iplists.firehol.org/?ipset=shunlist)|[AutoShun.org](http://autoshun.org/) IPs identified as hostile by correlating logs from distributed snort installations running the autoshun plugin|ipv4 hash:ip|500 unique IPs|updated every 4 hours
[snort_ipfilter](http://iplists.firehol.org/?ipset=snort_ipfilter)|[labs.snort.org](https://labs.snort.org/) supplied IP blacklist (this list seems to be updated frequently, but we found no information about it)|ipv4 hash:ip|4726 unique IPs|updated every 12 hours from [this link](http://labs.snort.org/feeds/ip-filter.blf)
[socks_proxy](http://iplists.firehol.org/?ipset=socks_proxy)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|80 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_1d](http://iplists.firehol.org/?ipset=socks_proxy_1d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|2179 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_30d](http://iplists.firehol.org/?ipset=socks_proxy_30d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|6517 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[socks_proxy_7d](http://iplists.firehol.org/?ipset=socks_proxy_7d)|[socks-proxy.net](http://www.socks-proxy.net/) open SOCKS proxies|ipv4 hash:ip|3424 unique IPs|updated every 10 mins from [this link](http://www.socks-proxy.net/)
[sorbs_anonymizers](http://iplists.firehol.org/?ipset=sorbs_anonymizers)|[Sorbs.net](https://www.sorbs.net/) List of open HTTP and SOCKS proxies.|ipv4 hash:net|597119 subnets, 609175 unique IPs|
sorbs_block|[Sorbs.net](https://www.sorbs.net/) List of hosts demanding that they never be tested by SORBS.|ipv4 hash:net|disabled|
[sorbs_dul](http://iplists.firehol.org/?ipset=sorbs_dul)|[Sorbs.net](https://www.sorbs.net/) Dynamic IP Addresses.|ipv4 hash:net|545831 subnets, 375226662 unique IPs|
[sorbs_escalations](http://iplists.firehol.org/?ipset=sorbs_escalations)|[Sorbs.net](https://www.sorbs.net/) Netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be added to the list.|ipv4 hash:net|8 subnets, 2304 unique IPs|
[sorbs_new_spam](http://iplists.firehol.org/?ipset=sorbs_new_spam)|[Sorbs.net](https://www.sorbs.net/) List of hosts that have been noted as sending spam/UCE/UBE within the last 48 hours|ipv4 hash:net|33791 subnets, 35223 unique IPs|
[sorbs_noserver](http://iplists.firehol.org/?ipset=sorbs_noserver)|[Sorbs.net](https://www.sorbs.net/) IP addresses and netblocks of where system administrators and ISPs owning the network have indicated that servers should not be present.|ipv4 hash:net|15066 subnets, 22951270 unique IPs|
[sorbs_recent_spam](http://iplists.firehol.org/?ipset=sorbs_recent_spam)|[Sorbs.net](https://www.sorbs.net/) List of hosts that have been noted as sending spam/UCE/UBE within the last 28 days (includes sorbs_new_spam)|ipv4 hash:net|519715 subnets, 545338 unique IPs|
[sorbs_smtp](http://iplists.firehol.org/?ipset=sorbs_smtp)|[Sorbs.net](https://www.sorbs.net/) List of SMTP Open Relays.|ipv4 hash:net|1968 subnets, 1976 unique IPs|
[sorbs_web](http://iplists.firehol.org/?ipset=sorbs_web)|[Sorbs.net](https://www.sorbs.net/) List of IPs which have spammer abusable vulnerabilities (e.g. FormMail scripts)|ipv4 hash:net|5868323 subnets, 6267285 unique IPs|
[sorbs_zombie](http://iplists.firehol.org/?ipset=sorbs_zombie)|[Sorbs.net](https://www.sorbs.net/) List of networks hijacked from their original owners, some of which have already used for spamming.|ipv4 hash:net|78 subnets, 1903876 unique IPs|
[spamhaus_drop](http://iplists.firehol.org/?ipset=spamhaus_drop)|[Spamhaus.org](http://www.spamhaus.org) DROP list (according to their site this list should be dropped at tier-1 ISPs globally)|ipv4 hash:net|781 subnets, 24547840 unique IPs|updated every 12 hours from [this link](http://www.spamhaus.org/drop/drop.txt)
[spamhaus_edrop](http://iplists.firehol.org/?ipset=spamhaus_edrop)|[Spamhaus.org](http://www.spamhaus.org) EDROP (extended matches that should be used with DROP)|ipv4 hash:net|51 subnets, 763648 unique IPs|updated every 12 hours from [this link](http://www.spamhaus.org/drop/edrop.txt)
[sslbl](http://iplists.firehol.org/?ipset=sslbl)|[Abuse.ch SSL Blacklist](https://sslbl.abuse.ch/) bad SSL traffic related to malware or botnet activities|ipv4 hash:ip|142 unique IPs|updated every 30 mins from [this link](https://sslbl.abuse.ch/blacklist/sslipblacklist.csv)
[sslbl_aggressive](http://iplists.firehol.org/?ipset=sslbl_aggressive)|[Abuse.ch SSL Blacklist](https://sslbl.abuse.ch/) The aggressive version of the SSL IP Blacklist contains all IPs that SSLBL ever detected being associated with a malicious SSL certificate. Since IP addresses can be reused (e.g. when the customer changes), this blacklist may cause false positives. Hence I highly recommend you to use the standard version instead of the aggressive one.|ipv4 hash:ip|3195 unique IPs|updated every 30 mins from [this link](https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv)
[sslproxies](http://iplists.firehol.org/?ipset=sslproxies)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|100 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_1d](http://iplists.firehol.org/?ipset=sslproxies_1d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|1029 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_30d](http://iplists.firehol.org/?ipset=sslproxies_30d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|10130 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[sslproxies_7d](http://iplists.firehol.org/?ipset=sslproxies_7d)|[SSLProxies.org](http://www.sslproxies.org/) open SSL proxies|ipv4 hash:ip|3488 unique IPs|updated every 10 mins from [this link](http://www.sslproxies.org/)
[stopforumspam](http://iplists.firehol.org/?ipset=stopforumspam)|[StopForumSpam.com](http://www.stopforumspam.com) Banned IPs used by forum spammers|ipv4 hash:ip|156598 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/bannedips.zip)
[stopforumspam_180d](http://iplists.firehol.org/?ipset=stopforumspam_180d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 180 days)|ipv4 hash:ip|284605 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_180.zip)
[stopforumspam_1d](http://iplists.firehol.org/?ipset=stopforumspam_1d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers in the last 24 hours|ipv4 hash:ip|5737 unique IPs|updated every 1 hour from [this link](http://www.stopforumspam.com/downloads/listed_ip_1.zip)
[stopforumspam_30d](http://iplists.firehol.org/?ipset=stopforumspam_30d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 30 days)|ipv4 hash:ip|69573 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_30.zip)
[stopforumspam_365d](http://iplists.firehol.org/?ipset=stopforumspam_365d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 365 days)|ipv4 hash:ip|413158 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_365.zip)
[stopforumspam_7d](http://iplists.firehol.org/?ipset=stopforumspam_7d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 7 days)|ipv4 hash:ip|19996 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_7.zip)
[stopforumspam_90d](http://iplists.firehol.org/?ipset=stopforumspam_90d)|[StopForumSpam.com](http://www.stopforumspam.com) IPs used by forum spammers (last 90 days)|ipv4 hash:ip|157540 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/listed_ip_90.zip)
[stopforumspam_toxic](http://iplists.firehol.org/?ipset=stopforumspam_toxic)|[StopForumSpam.com](http://www.stopforumspam.com) Networks that have large amounts of spambots and are flagged as toxic. Toxic IP ranges are infrequently changed.|ipv4 hash:net|83 subnets, 537175 unique IPs|updated every 1 day from [this link](http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt)
[taichung](http://iplists.firehol.org/?ipset=taichung)|[Taichung Education Center](https://www.tc.edu.tw/net/netflow/lkout/recent/30) Blocked IP Addresses (attacks and bots).|ipv4 hash:ip|10609 unique IPs|updated every 1 day from [this link](https://www.tc.edu.tw/net/netflow/lkout/recent/30)
[talosintel_ipfilter](http://iplists.firehol.org/?ipset=talosintel_ipfilter)|[TalosIntel.com](http://talosintel.com/additional-resources/) List of known malicious network threats|ipv4 hash:ip|4731 unique IPs|updated every 15 mins from [this link](http://talosintel.com/feeds/ip-filter.blf)
[threatcrowd](http://iplists.firehol.org/?ipset=threatcrowd)|[Crowdsourced IP feed from ThreatCrowd](http://threatcrowd.blogspot.gr/2016/02/crowdsourced-feeds-from-threatcrowd.html). These feeds are not a substitute for the scale of auto-extracted command and control domains or the quality of some commercially provided feeds. But crowd-sourcing does go some way towards the quick sharing of threat intelligence between the community.|ipv4 hash:ip|6383 unique IPs|updated every 1 hour from [this link](https://www.threatcrowd.org/feeds/ips.txt)
[tor_exits](http://iplists.firehol.org/?ipset=tor_exits)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|917 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_1d](http://iplists.firehol.org/?ipset=tor_exits_1d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|954 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_30d](http://iplists.firehol.org/?ipset=tor_exits_30d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1887 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[tor_exits_7d](http://iplists.firehol.org/?ipset=tor_exits_7d)|[TorProject.org](https://www.torproject.org) list of all current TOR exit points (TorDNSEL)|ipv4 hash:ip|1197 unique IPs|updated every 5 mins from [this link](https://check.torproject.org/exit-addresses)
[trustedsec_atif](http://iplists.firehol.org/?ipset=trustedsec_atif)|Artillery Threat Intelligence Feed and Banlist Feed|ipv4 hash:ip|1681 unique IPs|updated every 1 day from [this link](https://www.trustedsec.com/banlist.txt)
[turris_greylist](http://iplists.firehol.org/?ipset=turris_greylist)|[Turris Greylist](https://www.turris.cz/en/greylist) IPs that are blocked on the firewalls of Turris routers. The data is processed and clasified every week and behaviour of IP addresses that accessed a larger number of Turris routers is evaluated. The result is a list of addresses that have tried to obtain information about services on the router or tried to gain access to them. We do not recommend to use these data as a list of addresses that should be blocked but it can be used for example in analysis of the traffic in other networks.|ipv4 hash:ip|11903 unique IPs|updated every 7 days from [this link](https://www.turris.cz/greylist-data/greylist-latest.csv)
[urandomusto_dns](http://iplists.firehol.org/?ipset=urandomusto_dns)|IP Feed about dns, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|164 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=dns&out=txt&submit=go)
[urandomusto_ftp](http://iplists.firehol.org/?ipset=urandomusto_ftp)|IP Feed about ftp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|272 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ftp&out=txt&submit=go)
[urandomusto_http](http://iplists.firehol.org/?ipset=urandomusto_http)|IP Feed about http, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|386 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=http&out=txt&submit=go)
[urandomusto_mailer](http://iplists.firehol.org/?ipset=urandomusto_mailer)|IP Feed about mailer, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|257 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=mailer&out=txt&submit=go)
[urandomusto_malware](http://iplists.firehol.org/?ipset=urandomusto_malware)|IP Feed about malware, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|1 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=malware&out=txt&submit=go)
[urandomusto_ntp](http://iplists.firehol.org/?ipset=urandomusto_ntp)|IP Feed about ntp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|233 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ntp&out=txt&submit=go)
[urandomusto_rdp](http://iplists.firehol.org/?ipset=urandomusto_rdp)|IP Feed about rdp, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|160 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=rdp&out=txt&submit=go)
[urandomusto_smb](http://iplists.firehol.org/?ipset=urandomusto_smb)|IP Feed about smb, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|248 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=smb&out=txt&submit=go)
[urandomusto_spam](http://iplists.firehol.org/?ipset=urandomusto_spam)|IP Feed about spam, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|1 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=spam&out=txt&submit=go)
[urandomusto_ssh](http://iplists.firehol.org/?ipset=urandomusto_ssh)|IP Feed about ssh, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|449 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=ssh&out=txt&submit=go)
[urandomusto_telnet](http://iplists.firehol.org/?ipset=urandomusto_telnet)|IP Feed about telnet, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|401 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=telnet&out=txt&submit=go)
[urandomusto_unspecified](http://iplists.firehol.org/?ipset=urandomusto_unspecified)|IP Feed about unspecified, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|154 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=unspecified&out=txt&submit=go)
[urandomusto_vnc](http://iplists.firehol.org/?ipset=urandomusto_vnc)|IP Feed about vnc, crawled from several sources, including several twitter accounts.|ipv4 hash:ip|81 unique IPs|updated every 1 hour from [this link](http://urandom.us.to/report.php?ip=&info=&tag=vnc&out=txt&submit=go)
[urlvir](http://iplists.firehol.org/?ipset=urlvir)|[URLVir.com](http://www.urlvir.com/) Active Malicious IP Addresses Hosting Malware. URLVir is an online security service developed by NoVirusThanks Company Srl that automatically monitors changes of malicious URLs (executable files).|ipv4 hash:ip|191 unique IPs|updated every 1 day from [this link](http://www.urlvir.com/export-ip-addresses/)
[uscert_hidden_cobra](http://iplists.firehol.org/?ipset=uscert_hidden_cobra)|Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] (link is external) and Guardians of Peace.[2] (link is external) DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their governments military and strategic objectives. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Wild Positron/Duuzer and Hangman|ipv4 hash:ip|627 unique IPs|updated every 1 day from [this link](https://www.us-cert.gov/sites/default/files/publications/TA-17-164A_csv.csv)
[voipbl](http://iplists.firehol.org/?ipset=voipbl)|[VoIPBL.org](http://www.voipbl.org/) a distributed VoIP blacklist that is aimed to protects against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's. Several algorithms, external sources and manual confirmation are used before they categorize something as an attack and determine the threat level.|ipv4 hash:net|31559 subnets, 33738 unique IPs|updated every 4 hours from [this link](http://www.voipbl.org/update/)
[vxvault](http://iplists.firehol.org/?ipset=vxvault)|[VxVault](http://vxvault.net) The latest 100 additions of VxVault.|ipv4 hash:ip|69 unique IPs|updated every 12 hours from [this link](http://vxvault.net/ViriList.php?s=0&m=100)
[xforce_bccs](http://iplists.firehol.org/?ipset=xforce_bccs)|[IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/) Botnet Command and Control Servers|ipv4 hash:ip|320 unique IPs|updated every 1 day from [this link](https://api.xforce.ibmcloud.com/taxii)
[xroxy](http://iplists.firehol.org/?ipset=xroxy)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|63 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_1d](http://iplists.firehol.org/?ipset=xroxy_1d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|126 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_30d](http://iplists.firehol.org/?ipset=xroxy_30d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|449 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[xroxy_7d](http://iplists.firehol.org/?ipset=xroxy_7d)|[xroxy.com](http://www.xroxy.com) open proxies (this list is composed using an RSS feed)|ipv4 hash:ip|224 unique IPs|updated every 1 hour from [this link](http://www.xroxy.com/proxyrss.xml)
[yoyo_adservers](http://iplists.firehol.org/?ipset=yoyo_adservers)|[Yoyo.org](http://pgl.yoyo.org/adservers/) IPs of ad servers|ipv4 hash:ip|12241 unique IPs|updated every 12 hours from [this link](http://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext)
[zeus](http://iplists.firehol.org/?ipset=zeus)|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) standard, contains the same data as the ZeuS IP blocklist (zeus_badips) but with the slight difference that it doesn't exclude hijacked websites (level 2) and free web hosting providers (level 3). This means that this blocklist contains all IPv4 addresses associated with ZeuS C&Cs which are currently being tracked by ZeuS Tracker. Hence this blocklist will likely cause some false positives.|ipv4 hash:ip|127 unique IPs|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist)
[zeus_badips](http://iplists.firehol.org/?ipset=zeus_badips)|[Abuse.ch Zeus tracker](https://zeustracker.abuse.ch) badips includes IPv4 addresses that are used by the ZeuS trojan. It is the recommened blocklist if you want to block only ZeuS IPs. It excludes IP addresses that ZeuS Tracker believes to be hijacked (level 2) or belong to a free web hosting provider (level 3). Hence the false postive rate should be much lower compared to the standard ZeuS IP blocklist.|ipv4 hash:ip|117 unique IPs|updated every 30 mins from [this link](https://zeustracker.abuse.ch/blocklist.php?download=badips)

66468
alienvault_reputation.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

30
asprox_c2.ipset Normal file
View File

@ -0,0 +1,30 @@
#
# asprox_c2
#
# ipv4 hash:ip ipset
#
# [h3x.eu] (http://atrack.h3x.eu/) ASPROX Tracker - Asprox
# C&C Sites
#
# Maintainer : h3x.eu
# Maintainer URL : http://atrack.h3x.eu/
# List source URL : http://atrack.h3x.eu/c2
# Source File Date: Wed Jun 7 20:32:12 UTC 2017
#
# Category : malware
# Version : 4
#
# This File Date : Wed Jun 7 20:32:12 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=asprox_c2
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

118
bambenek_banjori.ipset Normal file
View File

@ -0,0 +1,118 @@
#
# bambenek_banjori
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of banjori C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/banjori-iplist.txt
# Source File Date: Sun Oct 15 10:07:42 UTC 2017
#
# Category : malware
# Version : 7141
#
# This File Date : Sun Oct 15 10:12:14 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 87 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_banjori
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
23.224.172.71
23.236.62.147
23.247.20.31
43.241.196.105
62.149.128.72
62.149.128.74
62.149.128.151
62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.163
62.149.128.166
64.71.33.162
67.231.240.114
69.46.71.59
69.64.147.249
69.87.202.229
74.220.207.152
78.24.9.52
78.46.156.194
81.169.145.159
81.169.145.160
81.169.145.161
85.158.203.201
87.236.19.244
98.124.245.24
103.224.212.222
103.241.73.233
106.187.51.202
107.160.183.81
107.161.176.66
109.70.4.246
109.71.51.55
109.232.216.9
112.78.125.29
112.127.77.125
119.23.127.213
119.188.157.22
121.40.153.149
122.9.69.159
122.10.99.22
123.1.194.96
123.254.108.81
128.1.211.57
133.242.195.32
136.0.112.7
142.4.204.181
162.210.102.66
172.247.131.161
173.236.55.90
174.137.132.42
178.79.147.207
184.168.221.1
184.168.221.14
184.168.221.24
186.202.153.222
192.185.167.91
192.190.87.140
196.22.132.17
198.23.48.104
198.38.82.115
198.38.83.24
199.59.242.150
202.181.97.76
202.254.234.141
202.254.234.152
203.156.192.80
208.73.210.202
208.73.210.217
208.73.211.165
208.73.211.177
208.91.197.91
209.99.64.43
210.233.65.226
213.186.33.5
216.40.47.17
216.239.32.21
216.239.34.21
216.239.36.21
216.239.38.21
216.250.121.2
217.26.53.222
217.70.184.38
217.160.0.180
217.160.0.205
219.118.71.121
219.235.5.224

32
bambenek_bebloh.ipset Normal file
View File

@ -0,0 +1,32 @@
#
# bambenek_bebloh
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of bebloh C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/bebloh-iplist.txt
# Source File Date: Wed Sep 20 22:03:25 UTC 2017
#
# Category : malware
# Version : 1780
#
# This File Date : Wed Sep 20 22:08:18 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_bebloh
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
212.227.20.164

404
bambenek_c2.ipset Normal file
View File

@ -0,0 +1,404 @@
#
# bambenek_c2
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) master feed of
# known, active and non-sinkholed C&Cs IP addresses
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
# Source File Date: Sun Oct 15 10:16:26 UTC 2017
#
# Category : malware
# Version : 16946
#
# This File Date : Sun Oct 15 10:20:11 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 373 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_c2
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.135.9.1
15.233.128.62
15.233.160.63
15.241.20.95
15.241.148.119
23.27.98.232
23.224.172.71
23.227.38.32
23.236.62.147
23.247.20.31
31.22.106.63
31.186.169.41
34.194.213.50
34.225.182.233
37.9.175.13
40.255.0.62
43.241.196.105
45.33.9.234
45.79.144.231
46.16.61.114
46.28.2.13
46.28.105.107
46.30.213.3
46.30.213.205
46.30.213.222
46.30.215.30
46.30.215.57
46.30.215.97
46.30.215.119
46.165.220.141
46.165.220.143
46.165.220.144
46.165.220.145
46.165.220.148
46.165.220.149
46.165.220.150
46.165.220.151
46.165.220.152
46.165.220.153
46.165.220.154
46.165.220.155
46.165.220.201
46.165.221.136
46.165.229.164
46.165.229.165
46.165.229.166
46.165.229.167
46.165.254.193
46.165.254.194
46.165.254.195
46.165.254.196
46.165.254.197
46.165.254.198
46.165.254.199
46.165.254.200
46.165.254.201
46.249.43.105
46.252.18.122
50.62.103.1
50.63.54.65
50.63.202.6
50.63.202.9
50.63.202.14
50.63.202.16
50.63.202.17
50.63.202.18
50.63.202.23
50.63.202.24
50.63.202.26
50.63.202.28
50.194.159.145
52.0.217.44
52.4.209.250
52.9.172.230
52.19.13.68
52.28.249.128
52.55.128.40
52.58.78.16
52.71.185.125
52.212.214.226
54.72.130.67
54.172.131.220
62.116.130.8
62.129.200.14
62.149.128.72
62.149.128.74
62.149.128.151
62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.163
62.149.128.166
62.153.122.122
62.197.128.123
62.212.87.22
64.21.149.167
64.71.33.162
64.210.232.41
65.254.227.224
66.29.58.119
66.96.149.27
66.96.149.32
67.59.157.51
67.227.226.240
67.231.240.114
69.41.162.77
69.46.71.59
69.64.146.224
69.64.147.10
69.64.147.46
69.64.147.249
69.87.202.229
69.163.160.111
69.195.71.187
72.52.4.90
72.52.4.122
74.117.221.21
74.117.221.22
74.119.239.234
74.208.215.48
74.220.207.152
75.5.255.185
75.119.206.17
77.55.97.141
77.72.0.70
77.232.68.19
78.24.9.52
78.46.156.194
79.96.64.194
79.170.40.236
79.219.65.143
80.85.86.6
80.237.132.180
81.2.194.62
81.2.194.128
81.2.194.176
81.95.96.29
81.95.96.76
81.169.145.68
81.169.145.84
81.169.145.88
81.169.145.92
81.169.145.94
81.169.145.105
81.169.145.159
81.169.145.160
81.169.145.161
81.169.145.164
81.177.139.153
82.98.135.43
82.100.220.50
83.140.221.138
83.162.30.185
84.42.137.42
84.234.64.242
85.13.129.76
85.13.132.239
85.114.135.128
85.124.51.115
85.128.128.99
85.131.63.99
85.158.203.201
85.214.112.103
87.98.230.60
87.236.19.244
88.198.56.106
88.208.252.9
89.31.143.1
89.223.109.60
89.248.100.63
91.121.154.229
91.121.208.116
91.121.222.184
91.196.124.119
91.199.77.50
91.212.28.29
91.217.90.128
91.221.37.6
91.240.216.11
92.39.251.172
92.43.203.171
92.61.39.239
93.89.232.78
93.94.226.29
93.185.103.42
93.190.48.3
94.152.8.56
94.152.8.57
95.211.102.20
95.215.108.16
97.74.42.79
98.124.245.24
101.0.119.95
103.224.212.222
103.241.73.233
104.27.156.208
104.27.157.208
104.31.88.58
104.31.89.58
104.221.233.25
106.187.51.202
107.148.146.199
107.160.183.81
107.161.176.66
108.179.249.35
109.70.4.246
109.71.51.55
109.228.35.188
109.232.216.9
112.78.125.29
112.125.122.207
112.127.77.125
114.55.28.106
119.23.127.213
119.188.157.22
121.40.153.149
122.9.69.159
122.10.99.22
123.1.194.96
123.254.108.81
128.1.211.57
133.242.195.32
136.0.112.7
141.8.230.20
141.105.126.87
142.4.204.181
143.215.15.199
145.239.86.128
149.202.120.36
149.216.106.61
150.95.9.181
150.129.40.215
157.7.107.35
157.112.152.45
158.69.143.106
160.153.63.232
162.210.102.66
162.249.2.99
162.255.119.12
163.172.86.124
165.160.13.20
165.160.15.20
169.42.39.228
171.170.241.161
172.234.168.229
172.247.131.161
173.230.158.166
173.236.55.90
173.239.5.6
173.239.8.164
173.239.23.228
174.137.132.42
175.126.232.108
176.53.118.145
178.32.13.222
178.32.208.147
178.33.49.166
178.79.147.207
182.254.245.178
183.90.242.4
183.110.225.165
183.111.169.122
184.168.221.1
184.168.221.6
184.168.221.8
184.168.221.14
184.168.221.15
184.168.221.21
184.168.221.24
184.168.221.27
184.168.221.104
185.53.178.9
185.53.179.6
185.53.179.7
185.53.179.8
185.53.179.29
185.95.87.179
185.140.231.12
185.183.8.67
186.202.153.222
188.40.28.163
188.93.150.122
191.5.59.60
192.64.119.79
192.64.147.231
192.185.52.215
192.185.167.91
192.190.87.140
192.249.112.163
194.9.94.85
194.9.94.86
194.150.113.18
194.242.61.31
195.8.208.58
195.54.162.187
195.110.124.188
196.22.132.17
198.23.48.104
198.23.48.121
198.38.82.115
198.38.83.24
199.6.33.100
199.59.242.150
199.79.62.149
202.181.97.76
202.254.234.141
202.254.234.152
203.62.135.35
203.151.233.116
203.156.192.80
204.11.56.48
205.178.189.131
207.10.232.16
207.10.232.21
207.210.220.136
208.73.210.202
208.73.210.217
208.73.211.165
208.73.211.177
208.91.197.26
208.91.197.27
208.91.197.66
208.91.197.91
208.91.199.233
209.99.40.222
209.99.40.223
209.99.64.43
209.140.30.61
209.160.65.66
209.237.152.15
210.172.183.32
210.233.65.226
211.43.203.53
212.85.106.71
212.227.20.164
213.186.33.5
213.247.47.190
216.21.224.199
216.40.47.17
216.239.32.21
216.239.34.21
216.239.36.21
216.239.38.21
216.250.121.2
217.12.199.54
217.19.237.54
217.26.53.222
217.70.142.74
217.70.184.38
217.76.156.252
217.116.0.144
217.116.0.191
217.160.0.169
217.160.0.180
217.160.0.205
217.160.0.225
217.160.122.17
217.160.122.61
217.160.223.213
217.160.231.163
217.160.233.84
217.160.233.157
219.118.71.121
219.235.5.224
248.56.146.153
249.64.58.255
249.168.15.31
250.184.116.121
250.248.131.219
251.32.117.191
251.80.124.191
251.232.185.90
254.240.229.89

31
bambenek_cl.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_cl
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of cl C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/cl-iplist.txt
# Source File Date: Sat May 20 00:05:01 UTC 2017
#
# Category : malware
# Version : 198
#
# This File Date : Sat May 20 00:08:28 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_cl
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_cryptowall.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_cryptowall
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of cryptowall C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/cryptowall-iplist.txt
# Source File Date: Thu Dec 3 12:25:05 UTC 2015
#
# Category : malware
# Version : 81
#
# This File Date : Thu Dec 3 16:55:22 UTC 2015
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_cryptowall
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_dircrypt.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_dircrypt
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of dircrypt C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/dircrypt-iplist.txt
# Source File Date: Tue Sep 5 00:10:21 UTC 2017
#
# Category : malware
# Version : 295
#
# This File Date : Tue Sep 5 00:12:26 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_dircrypt
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_dyre.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_dyre
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of dyre C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/dyre-iplist.txt
# Source File Date: Mon Aug 22 03:02:42 UTC 2016
#
# Category : malware
# Version : 320
#
# This File Date : Mon Aug 22 03:08:31 UTC 2016
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_dyre
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_geodo.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_geodo
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of geodo C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/geodo-iplist.txt
# Source File Date: Sat Mar 18 04:02:57 UTC 2017
#
# Category : malware
# Version : 196
#
# This File Date : Sat Mar 18 04:08:12 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_geodo
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_hesperbot.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_hesperbot
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of hesperbot C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/hesperbot-iplist.txt
# Source File Date: Wed Aug 2 14:03:39 UTC 2017
#
# Category : malware
# Version : 324
#
# This File Date : Wed Aug 2 14:12:46 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_hesperbot
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

33
bambenek_matsnu.ipset Normal file
View File

@ -0,0 +1,33 @@
#
# bambenek_matsnu
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of matsnu C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/matsnu-iplist.txt
# Source File Date: Sun Oct 15 03:01:45 UTC 2017
#
# Category : malware
# Version : 1052
#
# This File Date : Sun Oct 15 03:04:22 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 2 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_matsnu
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
72.52.4.122
199.6.33.100

43
bambenek_necurs.ipset Normal file
View File

@ -0,0 +1,43 @@
#
# bambenek_necurs
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of necurs C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/necurs-iplist.txt
# Source File Date: Sun Oct 15 10:08:18 UTC 2017
#
# Category : malware
# Version : 6975
#
# This File Date : Sun Oct 15 10:12:15 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 12 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_necurs
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
169.42.39.228
171.170.241.161
172.234.168.229
248.56.146.153
249.64.58.255
249.168.15.31
250.184.116.121
250.248.131.219
251.32.117.191
251.80.124.191
251.232.185.90
254.240.229.89

31
bambenek_p2pgoz.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_p2pgoz
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of p2pgoz C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/p2pgoz-iplist.txt
# Source File Date: Fri Mar 17 09:00:01 UTC 2017
#
# Category : malware
# Version : 194
#
# This File Date : Fri Mar 17 09:04:24 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_p2pgoz
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

31
bambenek_pushdo.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_pushdo
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of pushdo C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/pushdo-iplist.txt
# Source File Date: Fri Aug 4 03:01:47 UTC 2017
#
# Category : malware
# Version : 247
#
# This File Date : Fri Aug 4 03:04:29 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_pushdo
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

36
bambenek_pykspa.ipset Normal file
View File

@ -0,0 +1,36 @@
#
# bambenek_pykspa
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of pykspa C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/pykspa-iplist.txt
# Source File Date: Sun Oct 15 06:09:29 UTC 2017
#
# Category : malware
# Version : 3961
#
# This File Date : Sun Oct 15 06:16:31 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 5 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_pykspa
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
40.255.0.62
69.64.147.10
182.254.245.178
191.5.59.60
207.210.220.136

31
bambenek_qakbot.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_qakbot
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of qakbot C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/qakbot-iplist.txt
# Source File Date: Mon Sep 11 04:01:57 UTC 2017
#
# Category : malware
# Version : 273
#
# This File Date : Mon Sep 11 04:12:33 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_qakbot
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

70
bambenek_ramnit.ipset Normal file
View File

@ -0,0 +1,70 @@
#
# bambenek_ramnit
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of ramnit C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/ramnit-iplist.txt
# Source File Date: Sun Oct 15 10:05:05 UTC 2017
#
# Category : malware
# Version : 4513
#
# This File Date : Sun Oct 15 10:08:14 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 39 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_ramnit
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
34.194.213.50
34.225.182.233
46.165.220.141
46.165.220.143
46.165.220.144
46.165.220.145
46.165.220.148
46.165.220.149
46.165.220.150
46.165.220.151
46.165.220.152
46.165.220.153
46.165.220.154
46.165.220.155
46.165.220.201
46.165.221.136
46.165.229.164
46.165.229.165
46.165.229.166
46.165.229.167
46.165.254.193
46.165.254.194
46.165.254.195
46.165.254.196
46.165.254.197
46.165.254.198
46.165.254.199
46.165.254.200
46.165.254.201
52.9.172.230
54.72.130.67
74.119.239.234
89.223.109.60
95.215.108.16
173.230.158.166
173.239.5.6
173.239.8.164
176.53.118.145
213.247.47.190

31
bambenek_ranbyus.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_ranbyus
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of ranbyus C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/ranbyus-iplist.txt
# Source File Date: Mon Oct 9 09:08:36 UTC 2017
#
# Category : malware
# Version : 724
#
# This File Date : Mon Oct 9 09:12:24 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_ranbyus
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

157
bambenek_simda.ipset Normal file
View File

@ -0,0 +1,157 @@
#
# bambenek_simda
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of simda C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/simda-iplist.txt
# Source File Date: Sun Oct 15 10:09:21 UTC 2017
#
# Category : malware
# Version : 15177
#
# This File Date : Sun Oct 15 10:12:16 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 126 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_simda
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
31.186.169.41
37.9.175.13
46.28.2.13
46.28.105.107
46.30.213.205
46.30.213.222
46.30.215.30
46.30.215.57
46.30.215.97
46.249.43.105
50.63.202.14
52.0.217.44
52.19.13.68
52.58.78.16
52.212.214.226
62.116.130.8
62.129.200.14
62.149.128.72
62.149.128.74
62.149.128.151
62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.163
62.149.128.166
62.153.122.122
62.197.128.123
62.212.87.22
66.96.149.32
72.52.4.122
74.119.239.234
77.55.97.141
77.232.68.19
79.96.64.194
79.170.40.236
79.219.65.143
80.85.86.6
80.237.132.180
81.2.194.62
81.2.194.128
81.2.194.176
81.95.96.29
81.95.96.76
81.169.145.68
81.169.145.84
81.169.145.88
81.169.145.92
81.169.145.94
81.169.145.105
81.177.139.153
82.98.135.43
82.100.220.50
83.140.221.138
83.162.30.185
84.42.137.42
84.234.64.242
85.13.129.76
85.13.132.239
85.114.135.128
85.124.51.115
85.128.128.99
85.214.112.103
87.98.230.60
88.198.56.106
91.121.154.229
91.121.208.116
91.196.124.119
91.199.77.50
91.212.28.29
91.240.216.11
92.43.203.171
92.61.39.239
93.94.226.29
93.185.103.42
93.190.48.3
94.152.8.56
94.152.8.57
95.211.102.20
104.31.88.58
104.31.89.58
107.148.146.199
141.8.230.20
141.105.126.87
145.239.86.128
149.216.106.61
163.172.86.124
165.160.13.20
165.160.15.20
178.32.208.147
178.33.49.166
183.90.242.4
183.110.225.165
184.168.221.1
184.168.221.15
185.53.178.9
185.53.179.6
185.53.179.7
185.53.179.8
185.53.179.29
185.140.231.12
185.183.8.67
188.40.28.163
192.64.147.231
194.9.94.85
194.9.94.86
194.150.113.18
194.242.61.31
195.8.208.58
195.110.124.188
203.151.233.116
208.91.199.233
209.140.30.61
210.172.183.32
211.43.203.53
212.85.106.71
213.186.33.5
217.19.237.54
217.70.142.74
217.70.184.38
217.76.156.252
217.160.0.169
217.160.0.225
217.160.122.61
217.160.223.213
217.160.231.163
217.160.233.84

99
bambenek_suppobox.ipset Normal file
View File

@ -0,0 +1,99 @@
#
# bambenek_suppobox
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of suppobox C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/suppobox-iplist.txt
# Source File Date: Sun Oct 15 10:11:02 UTC 2017
#
# Category : malware
# Version : 7580
#
# This File Date : Sun Oct 15 10:16:21 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 68 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_suppobox
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.135.9.1
15.233.128.62
15.233.160.63
15.241.20.95
15.241.148.119
23.227.38.32
23.236.62.147
45.79.144.231
46.30.213.3
46.30.215.119
46.252.18.122
50.63.202.6
50.63.202.9
50.63.202.18
50.63.202.23
50.194.159.145
62.149.128.72
62.149.128.74
62.149.128.151
62.149.128.154
62.149.128.157
62.149.128.160
62.149.128.163
62.149.128.166
65.254.227.224
69.64.147.10
69.64.147.46
69.163.160.111
74.117.221.21
74.117.221.22
75.119.206.17
81.169.145.164
85.131.63.99
88.208.252.9
89.248.100.63
92.39.251.172
101.0.119.95
104.27.156.208
104.27.157.208
114.55.28.106
150.95.9.181
157.7.107.35
157.112.152.45
162.249.2.99
175.126.232.108
184.168.221.6
184.168.221.8
184.168.221.21
184.168.221.104
188.93.150.122
192.64.119.79
192.185.52.215
198.23.48.121
199.79.62.149
203.62.135.35
208.91.197.26
209.99.40.222
209.99.40.223
209.237.152.15
216.21.224.199
216.239.32.21
216.239.34.21
216.239.36.21
216.239.38.21
217.116.0.144
217.116.0.191
217.160.122.17
217.160.233.157

31
bambenek_symmi.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_symmi
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of symmi C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/symmi-iplist.txt
# Source File Date: Thu Jun 1 19:10:10 UTC 2017
#
# Category : malware
# Version : 198
#
# This File Date : Thu Jun 1 19:25:11 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_symmi
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

34
bambenek_tinba.ipset Normal file
View File

@ -0,0 +1,34 @@
#
# bambenek_tinba
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of tinba C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/tinba-iplist.txt
# Source File Date: Sun Oct 15 07:01:39 UTC 2017
#
# Category : malware
# Version : 12308
#
# This File Date : Sun Oct 15 07:04:40 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 3 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_tinba
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
52.4.209.250
72.52.4.90
195.54.162.187

31
bambenek_volatile.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bambenek_volatile
#
# ipv4 hash:ip ipset
#
# [Bambenek Consulting]
# (http://osint.bambenekconsulting.com/feeds/) feed of
# current IPs of volatile C&Cs with 90 minute lookback
#
# Maintainer : Bambenek Consulting
# Maintainer URL : http://osint.bambenekconsulting.com/feeds/
# List source URL : http://osint.bambenekconsulting.com/feeds/volatile-iplist.txt
# Source File Date: Sat Mar 18 04:09:42 UTC 2017
#
# Category : malware
# Version : 220
#
# This File Date : Sat Mar 18 04:12:44 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bambenek_volatile
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

2594
bbcan177_ms1.netset Normal file
View File

File diff suppressed because it is too large Load Diff

1175
bbcan177_ms3.netset Normal file
View File

File diff suppressed because it is too large Load Diff

4262
bds_atif.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

351
bi_any_2_1d.ipset Normal file
View File

@ -0,0 +1,351 @@
#
# bi_any_2_1d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# any with score above 2 and age less than 1d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/any/2?age=1d
# Source File Date: Sun Oct 15 10:08:24 UTC 2017
#
# Category : attacks
# Version : 30923
#
# This File Date : Sun Oct 15 10:08:24 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 321 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_any_2_1d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.196.1.129
14.140.232.98
23.23.89.109
31.172.247.106
31.199.162.116
37.26.81.50
37.49.224.206
37.187.129.166
37.187.166.95
46.10.211.90
46.29.248.238
46.165.230.5
46.182.106.190
51.255.202.66
58.211.216.43
58.221.249.102
58.242.3.210
60.173.82.156
60.248.187.251
61.40.192.56
61.143.139.10
61.183.147.194
61.188.189.7
61.221.177.47
62.48.142.153
62.102.148.67
62.210.28.227
62.210.37.82
62.210.105.116
62.212.73.141
64.106.177.220
64.113.32.29
65.19.167.130
65.19.167.131
65.19.167.132
66.240.236.119
70.35.196.91
77.205.63.207
77.247.181.162
79.125.8.236
82.85.187.101
85.47.155.98
85.71.182.126
85.93.218.204
85.248.227.163
85.248.227.164
85.248.227.165
88.249.106.23
89.97.55.33
89.108.78.208
89.121.221.150
89.163.212.5
89.234.157.254
91.81.113.159
91.197.232.10
91.197.232.15
91.200.12.8
91.200.12.63
91.200.12.65
91.200.12.95
91.200.12.126
91.200.12.139
91.210.178.96
91.219.236.232
91.224.160.131
93.174.93.133
94.142.242.84
95.60.184.66
95.128.43.164
101.44.3.50
101.127.133.152
101.255.90.186
103.6.132.5
103.16.115.14
103.16.115.18
103.20.168.21
103.28.192.22
103.28.192.38
103.44.65.185
103.54.218.68
103.55.104.2
103.205.95.18
103.207.36.37
103.207.36.77
103.207.36.232
103.207.36.234
103.207.37.91
103.207.37.92
103.207.39.11
103.207.39.33
103.207.39.43
103.207.39.53
103.207.39.82
103.207.48.230
103.214.200.10
103.224.29.26
103.240.16.14
103.242.209.118
103.248.32.168
103.249.100.154
103.252.108.20
103.254.52.6
103.255.5.117
103.255.6.117
103.255.227.143
104.131.120.93
104.131.177.202
104.145.73.47
104.145.82.192
104.158.3.142
104.167.100.235
104.192.92.220
104.192.95.14
104.207.138.84
104.207.146.130
104.207.159.111
104.214.136.213
104.219.164.13
104.220.26.167
104.220.30.201
109.195.228.76
109.201.19.154
111.203.245.194
112.85.42.99
113.160.4.174
113.161.220.10
113.190.247.129
113.195.145.79
114.55.251.208
114.215.154.125
115.28.17.58
115.28.44.252
115.28.76.22
115.28.145.231
115.238.164.194
115.239.248.35
115.249.49.138
116.31.116.5
116.31.116.20
116.31.116.23
116.31.116.24
116.31.116.25
116.31.116.26
116.31.116.27
116.31.116.28
116.31.116.33
116.31.116.34
116.31.116.36
116.31.116.37
116.228.236.206
117.211.159.74
117.252.29.254
118.26.135.175
118.69.244.124
118.175.31.131
119.97.248.152
119.164.254.50
119.188.6.231
120.27.31.148
120.27.35.11
120.76.146.29
121.18.238.98
121.18.238.104
121.18.238.109
121.18.238.114
121.156.122.97
122.255.118.194
123.31.34.216
123.58.178.204
123.59.134.76
123.103.112.3
123.164.227.204
125.22.40.140
125.209.5.163
128.52.128.105
139.129.40.112
140.207.2.182
155.133.82.65
155.133.82.156
157.122.148.150
157.122.148.249
157.122.148.251
157.122.148.252
162.247.72.199
162.247.72.200
162.247.72.202
162.247.72.213
162.247.73.206
163.20.22.213
163.172.115.198
163.172.196.84
163.172.225.225
166.70.207.2
171.25.193.20
171.25.193.25
171.25.193.77
171.25.193.78
171.25.193.235
173.254.216.66
175.141.251.206
176.10.104.243
176.38.87.129
176.126.252.11
176.126.252.12
176.156.135.202
178.20.55.16
178.20.55.18
179.127.166.29
179.184.10.93
179.184.229.42
180.76.139.39
180.153.19.139
180.166.244.138
180.167.68.210
180.178.184.70
181.143.124.18
181.143.226.67
181.177.231.244
182.56.6.75
182.73.133.220
182.100.67.4
182.252.0.145
183.63.6.14
183.82.0.15
183.129.255.34
185.34.33.2
185.100.85.61
185.100.87.82
185.125.4.191
185.125.4.196
185.125.4.197
185.125.4.198
185.129.62.62
186.251.92.2
187.11.232.233
187.28.203.85
187.44.1.99
187.72.132.40
187.85.174.22
187.85.174.102
187.189.118.25
189.89.145.26
189.254.208.164
190.85.83.230
190.107.244.151
190.116.48.1
190.128.218.50
190.203.209.190
192.42.116.16
193.110.157.151
193.171.202.150
193.189.117.147
193.189.117.148
193.189.117.149
195.20.3.210
195.97.1.231
195.143.227.35
195.154.39.188
195.154.42.145
195.154.51.223
195.154.53.146
195.154.62.137
195.154.102.187
195.154.102.193
195.154.102.221
195.222.38.213
197.231.221.211
198.96.155.3
199.87.154.255
200.27.121.121
200.42.129.10
200.93.164.2
200.123.167.213
201.18.21.212
201.22.95.52
201.139.102.246
202.131.238.227
202.164.39.21
202.171.41.100
203.80.153.132
203.109.110.180
203.191.150.53
204.194.29.4
207.244.70.35
209.92.176.24
209.92.176.114
210.54.38.103
210.245.88.95
211.108.3.235
212.21.66.6
212.83.141.117
212.83.142.251
212.83.165.67
212.129.9.163
212.129.18.55
212.129.63.89
212.129.63.214
212.156.91.2
212.174.101.132
212.174.243.174
212.175.22.40
213.61.149.100
216.218.134.12
216.239.90.19
218.4.196.178
218.65.30.38
218.65.30.53
218.65.30.61
218.65.30.123
219.143.69.56
219.146.12.180
221.189.250.38
221.194.44.219
221.194.47.208
221.194.47.224
221.194.47.229
221.194.47.249
221.207.32.250
222.43.108.94
222.44.63.11
222.124.218.210

5946
bi_any_2_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

2066
bi_any_2_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

31
bi_bruteforce_2_30d.ipset Normal file
View File

@ -0,0 +1,31 @@
#
# bi_bruteforce_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# bruteforce with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/bruteforce/2?age=30d
# Source File Date: Thu Sep 7 23:08:21 UTC 2017
#
# Category : attacks
# Version : 41
#
# This File Date : Thu Sep 7 23:08:21 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 1 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_bruteforce_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
222.35.18.100

47
bi_ftp_2_30d.ipset Normal file
View File

@ -0,0 +1,47 @@
#
# bi_ftp_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# ftp with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/ftp/2?age=30d
# Source File Date: Thu Oct 12 17:24:49 UTC 2017
#
# Category : attacks
# Version : 592
#
# This File Date : Thu Oct 12 17:24:49 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 17 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_ftp_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
59.36.241.68
60.13.214.247
60.161.145.243
61.146.233.116
61.189.185.80
71.6.165.200
105.235.112.20
112.5.138.200
115.29.43.32
121.42.183.123
124.88.218.34
180.166.244.138
183.129.160.229
202.98.208.71
218.77.80.131
218.90.143.254
219.141.76.24

128
bi_http_2_30d.ipset Normal file
View File

@ -0,0 +1,128 @@
#
# bi_http_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# http with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/http/2?age=30d
# Source File Date: Sat Oct 14 17:49:24 UTC 2017
#
# Category : attacks
# Version : 661
#
# This File Date : Sat Oct 14 17:49:25 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 98 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_http_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.199.130.188
37.187.7.74
37.187.129.166
62.102.148.67
62.210.37.82
62.210.105.116
66.240.219.146
66.240.236.119
69.30.223.172
71.6.146.185
77.247.181.163
79.172.193.32
81.169.144.135
82.221.105.6
85.128.142.34
85.128.142.36
89.31.57.5
89.248.172.16
91.196.50.33
91.200.12.8
91.200.12.18
91.200.12.22
91.200.12.33
91.200.12.42
91.200.12.52
91.200.12.53
91.200.12.58
91.200.12.65
91.200.12.91
91.200.12.93
91.200.12.95
93.115.95.201
93.115.95.204
93.115.95.205
93.115.95.207
93.174.95.106
94.26.140.150
94.102.49.193
94.142.242.84
95.128.43.164
95.213.177.123
95.213.177.124
95.213.177.125
95.213.177.126
104.128.144.131
104.193.88.243
104.193.88.244
107.181.174.84
114.215.154.125
115.28.17.58
115.28.28.62
115.28.44.252
115.28.76.22
115.28.145.231
115.28.212.181
115.28.240.215
120.27.31.148
120.27.35.11
120.27.37.74
120.27.100.100
120.76.114.201
120.76.132.64
120.76.146.29
139.129.14.230
139.129.40.112
141.212.122.16
141.212.122.64
157.7.188.97
162.247.72.199
162.247.72.200
171.25.193.20
171.25.193.25
171.25.193.77
173.254.216.66
178.20.55.18
185.104.120.4
192.42.116.16
195.62.53.168
195.228.45.176
197.231.221.211
198.96.155.3
199.15.233.162
199.87.154.255
204.85.191.30
207.244.70.35
212.21.66.6
212.47.246.21
213.61.149.100
213.251.182.102
213.251.182.103
213.251.182.105
213.251.182.106
213.251.182.110
213.251.182.111
213.251.182.113
213.251.182.114
213.251.182.115
222.186.21.115

1340
bi_mail_2_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

29
bi_proxy_2_30d.ipset Normal file
View File

@ -0,0 +1,29 @@
#
# bi_proxy_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# proxy with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/proxy/2?age=30d
# Source File Date: Fri Oct 9 03:27:58 UTC 2015
#
# Category : attacks
#
# This File Date : Fri Oct 9 03:27:58 UTC 2015
# Update Frequency: 1 day
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_proxy_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

29
bi_sql_2_30d.ipset Normal file
View File

@ -0,0 +1,29 @@
#
# bi_sql_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# sql with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/sql/2?age=30d
# Source File Date: Wed Aug 26 15:36:32 UTC 2015
#
# Category : attacks
#
# This File Date : Thu Aug 27 10:09:48 UTC 2015
# Update Frequency: 1 day
# Aggregation : none
# Entries : 0 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_sql_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#

4550
bi_ssh_2_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

36
bi_voip_2_30d.ipset Normal file
View File

@ -0,0 +1,36 @@
#
# bi_voip_2_30d
#
# ipv4 hash:ip ipset
#
# [BadIPs.com] (https://www.badips.com/) Bad IPs in category
# voip with score above 2 and age less than 30d
#
# Maintainer : BadIPs.com
# Maintainer URL : https://www.badips.com/
# List source URL : https://www.badips.com/get/list/voip/2?age=30d
# Source File Date: Tue Oct 10 17:36:20 UTC 2017
#
# Category : attacks
# Version : 518
#
# This File Date : Tue Oct 10 17:36:20 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 6 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bi_voip_2_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
62.210.26.232
146.0.245.174
163.172.197.108
195.154.183.108
195.154.214.162
212.129.52.78

677
bitcoin_blockchain_info.ipset Normal file
View File

@ -0,0 +1,677 @@
#
# bitcoin_blockchain_info
#
# ipv4 hash:ip ipset
#
# [Blockchain.info]
# (https://blockchain.info/en/connected-nodes) Bitcoin nodes
# connected to Blockchain.info.
#
# Maintainer : Blockchain.info
# Maintainer URL : https://blockchain.info/en/connected-nodes
# List source URL : https://blockchain.info/en/connected-nodes
# Source File Date: Thu Aug 24 17:56:04 UTC 2017
#
# Category : organizations
# Version : 38770
#
# This File Date : Thu Aug 24 17:56:04 UTC 2017
# Update Frequency: 10 mins
# Aggregation : none
# Entries : 646 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=bitcoin_blockchain_info
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
0.9.2.1
0.9.99.99
1.0.1.4
4.15.180.29
5.9.7.213
5.9.213.236
5.39.64.7
5.45.110.20
5.45.181.255
5.56.40.1
5.61.40.26
5.63.188.41
5.100.249.197
5.135.154.68
5.135.191.227
5.144.90.21
5.175.24.7
5.189.137.152
5.189.181.97
5.196.68.103
5.228.7.146
5.228.64.71
5.228.97.57
5.254.124.55
13.93.6.133
13.126.40.50
13.126.93.130
14.202.230.49
18.111.110.151
18.250.7.226
23.94.247.207
23.95.117.72
23.238.132.188
23.241.188.29
23.242.34.31
23.253.151.73
24.29.251.10
24.61.92.13
24.150.94.112
24.193.44.215
24.216.79.234
24.227.69.146
24.239.67.243
24.241.244.73
27.102.66.122
27.133.152.97
31.16.123.34
31.132.136.35
31.220.18.33
34.200.84.245
34.228.107.153
34.251.86.69
35.156.118.148
35.156.225.190
35.158.246.27
35.185.137.70
35.185.172.62
37.46.164.38
37.59.38.77
37.59.44.40
37.59.48.178
37.142.211.171
37.143.243.63
37.187.4.210
37.187.107.95
37.187.130.92
37.187.132.223
37.191.229.34
37.194.10.30
37.205.8.78
37.205.8.138
37.221.171.226
41.86.104.94
43.231.114.188
43.248.160.151
45.32.46.198
45.46.161.121
45.48.182.104
45.56.2.209
45.76.15.196
45.76.71.43
45.76.128.155
46.4.24.136
46.5.176.219
46.20.246.100
46.59.13.59
46.101.181.91
46.127.150.228
46.146.248.89
46.149.83.128
46.173.184.186
46.183.223.186
46.226.109.20
46.226.111.23
46.229.165.146
46.229.165.151
46.229.165.155
46.231.16.149
47.52.69.113
47.88.214.96
47.89.38.110
47.90.10.240
47.91.92.101
47.91.167.135
47.93.90.194
47.93.125.140
47.93.138.213
47.93.173.17
47.94.37.147
47.94.57.140
47.94.57.155
47.95.32.170
47.185.205.187
47.186.86.232
47.187.16.175
47.203.185.201
50.29.165.99
50.35.95.105
50.109.220.180
50.116.59.236
51.6.12.50
51.15.7.224
51.15.63.153
52.7.135.69
52.14.35.154
52.26.194.229
52.36.94.143
52.41.25.239
52.42.65.31
52.42.116.133
52.50.254.150
52.58.91.193
52.59.114.53
52.59.159.10
52.60.189.97
52.76.5.191
52.77.230.102
52.163.215.39
52.169.92.106
52.187.58.186
52.197.247.183
52.200.167.208
52.210.5.51
52.243.87.21
54.64.36.183
54.76.39.118
54.77.9.180
54.86.148.8
54.94.145.159
54.147.79.33
54.152.227.76
54.153.163.163
54.165.213.225
54.173.149.22
54.199.173.118
54.206.77.61
54.207.38.229
60.205.94.182
60.205.115.210
61.68.229.175
62.32.1.225
62.112.10.75
62.157.231.50
62.173.145.7
62.194.153.39
62.203.160.30
62.210.82.29
62.210.204.150
62.212.72.243
63.98.230.187
65.70.19.49
65.96.105.154
66.70.247.80
66.169.21.75
66.172.10.4
66.194.38.253
66.194.38.254
66.215.34.26
66.215.95.60
66.220.115.230
67.3.126.126
67.6.226.221
67.205.128.49
67.205.184.79
67.205.186.16
68.9.244.237
68.66.241.196
68.110.20.27
68.169.158.128
68.173.27.251
68.175.125.235
69.30.255.130
69.41.171.224
69.61.140.26
69.64.34.1
69.84.42.56
69.90.186.11
69.127.219.166
69.139.43.53
69.146.100.54
69.181.136.223
71.6.152.40
71.13.92.62
71.59.9.79
71.61.185.155
71.67.171.247
71.184.246.99
71.187.57.99
72.53.25.135
72.234.155.29
73.17.228.75
73.50.113.111
73.181.137.171
73.185.61.60
74.109.180.212
74.118.10.169
74.220.255.190
75.40.139.207
75.107.93.87
76.93.159.29
76.121.130.7
77.93.223.9
77.234.104.137
77.239.29.142
77.246.163.140
78.25.100.22
78.46.19.97
78.47.108.156
78.109.28.65
78.148.77.235
78.187.90.122
79.109.242.222
79.132.230.144
79.169.35.235
79.173.81.61
79.181.31.252
80.64.65.87
80.86.83.121
80.86.92.70
80.167.222.42
80.241.219.76
81.39.57.210
81.83.96.5
81.99.219.37
81.107.213.28
81.169.224.185
81.217.212.152
82.9.126.183
82.69.110.61
82.134.66.146
82.145.55.56
82.154.167.16
82.196.96.127
82.199.102.10
82.212.131.240
82.217.133.145
83.35.163.92
83.38.48.232
83.52.86.232
83.69.203.44
83.85.141.211
83.165.226.229
83.222.140.12
83.226.252.243
84.16.53.114
84.23.145.184
84.52.234.70
84.55.100.112
84.105.91.60
84.141.244.205
84.212.198.222
84.238.223.10
84.242.2.50
84.245.48.72
84.245.48.241
85.25.95.213
85.25.194.12
85.70.234.114
85.195.207.7
85.214.236.131
86.14.143.176
86.44.62.3
86.59.13.171
86.87.240.111
86.101.100.151
86.105.227.137
86.145.143.231
86.150.185.117
87.76.27.69
87.227.222.1
87.229.26.68
88.15.240.130
88.86.116.140
88.86.116.141
88.86.116.142
88.99.99.90
88.111.129.64
88.198.33.138
88.198.48.239
88.198.202.79
88.198.230.142
88.202.202.221
88.204.218.110
88.208.121.79
89.17.137.6
89.43.194.4
89.154.53.61
89.177.50.171
89.252.185.46
90.149.38.172
90.191.160.172
90.252.4.200
91.68.233.70
91.121.108.36
91.155.111.197
91.196.170.110
91.206.18.83
91.207.61.56
91.239.229.182
92.55.42.247
92.233.85.239
92.243.92.9
93.80.228.227
93.99.0.242
93.144.157.11
93.182.183.209
93.187.186.194
94.19.14.183
94.130.11.6
94.135.137.108
94.156.174.45
94.234.182.51
94.242.232.92
94.242.252.57
94.254.21.81
95.26.125.157
95.31.9.36
95.79.35.50
95.141.43.197
95.170.185.179
95.183.54.57
95.213.155.106
95.213.184.198
95.215.97.68
95.237.173.73
96.70.42.230
96.244.205.42
96.245.253.93
97.87.122.43
97.104.201.95
97.107.188.177
97.115.108.209
98.148.141.89
98.220.75.130
98.222.51.195
99.228.67.119
100.8.96.71
100.35.244.130
103.60.125.61
103.208.86.32
103.252.117.101
104.143.49.106
104.181.156.167
104.192.170.202
104.199.205.132
104.237.62.27
106.185.41.188
106.254.0.194
107.2.120.203
107.23.225.100
107.178.60.108
107.178.60.109
107.189.44.187
107.191.33.83
107.194.84.134
108.4.96.158
108.17.51.206
108.21.187.18
108.59.9.14
108.161.166.82
108.181.94.107
109.98.31.64
109.120.194.136
109.167.130.90
109.190.82.216
109.190.91.0
109.196.225.57
109.201.183.125
109.206.177.21
109.207.200.222
109.228.147.143
109.230.7.186
109.236.94.45
115.29.6.207
115.68.73.82
116.62.102.29
116.62.112.81
116.125.120.26
118.149.71.71
118.157.70.154
118.209.214.99
119.23.133.21
119.23.136.69
119.23.137.54
119.23.160.146
119.23.173.104
119.23.173.193
119.29.156.231
120.26.226.33
120.29.241.106
120.76.97.176
120.76.203.53
120.76.203.124
120.76.213.239
120.77.236.148
120.77.236.207
120.92.91.36
122.116.72.181
123.2.128.107
123.56.139.214
123.57.24.16
123.249.79.12
126.59.245.207
128.112.224.67
128.199.89.12
132.148.132.229
132.239.36.105
136.63.183.26
136.243.73.208
136.243.146.69
138.68.43.167
138.68.72.245
138.118.139.212
138.197.145.133
139.59.119.218
139.59.142.195
139.59.146.177
139.99.131.171
139.196.47.101
139.196.142.144
142.111.2.74
142.134.151.80
143.176.224.104
143.202.160.248
144.76.136.19
144.76.184.243
144.217.10.241
144.217.254.208
145.239.216.161
146.0.137.250
146.155.13.54
146.247.216.12
147.32.30.25
147.75.32.117
148.74.235.77
148.251.13.240
148.251.66.49
148.251.191.101
149.56.194.139
149.202.84.91
150.229.0.143
151.80.42.210
151.80.45.39
155.4.235.60
155.207.60.48
158.58.238.145
158.69.250.4
158.106.191.150
159.205.194.168
160.16.83.235
162.213.252.86
162.217.86.150
162.220.160.220
162.221.89.50
163.158.204.173
163.158.217.14
163.172.33.78
163.172.60.156
163.172.73.108
166.230.70.145
169.44.34.203
169.57.145.101
169.229.198.105
171.25.165.145
171.25.249.7
171.98.117.98
171.250.121.234
172.72.73.148
173.44.71.142
173.63.50.119
173.209.38.220
173.212.197.153
173.224.241.2
173.233.122.2
173.238.150.114
173.255.112.82
175.137.144.28
176.9.73.171
176.9.89.217
176.9.99.211
176.9.110.4
176.28.18.179
176.31.119.117
176.31.207.139
176.46.63.33
178.17.173.2
178.32.178.22
178.54.47.77
178.75.142.138
178.155.51.54
178.218.209.162
178.236.130.229
179.156.162.202
180.181.241.78
180.181.243.145
180.183.156.171
182.237.4.14
183.88.51.192
184.98.43.140
184.149.34.22
185.14.22.14
185.21.60.79
185.26.146.237
185.39.143.58
185.50.191.67
185.50.213.123
185.52.2.69
185.53.191.191
185.64.104.2
185.70.184.55
185.86.79.87
185.101.93.105
185.117.118.121
185.140.252.253
185.145.131.49
185.150.189.51
185.157.160.178
185.162.124.69
185.170.41.6
185.170.113.132
185.175.60.147
187.57.107.46
188.40.80.137
188.44.123.222
188.65.213.48
188.92.212.234
188.93.209.192
188.113.74.232
188.130.244.34
188.138.75.246
188.138.112.60
188.138.122.5
188.165.196.19
188.232.201.21
189.218.10.176
190.97.163.35
190.115.29.178
192.30.120.110
192.34.59.50
192.169.214.155
192.241.150.114
192.243.215.176
193.27.86.26
193.138.219.248
193.154.74.126
193.169.245.61
194.44.198.53
194.71.109.91
194.135.92.123
194.181.192.150
194.187.227.18
195.9.140.134
195.57.28.204
195.85.215.8
195.91.176.86
195.154.164.46
195.154.171.196
195.228.75.149
196.212.164.26
197.101.38.51
197.245.231.117
197.245.238.252
198.15.127.242
198.27.66.168
198.27.83.210
198.199.68.115
198.204.243.146
198.251.83.19
199.15.250.210
200.122.128.130
203.59.32.134
204.9.13.158
204.12.193.12
204.15.11.4
204.15.192.50
206.55.189.220
206.248.184.127
207.254.73.166
208.83.20.106
208.110.69.210
208.118.235.190
208.123.255.18
209.93.148.66
209.126.108.91
210.180.118.97
210.223.3.44
212.24.105.41
212.32.244.160
212.60.121.11
212.83.137.7
212.83.142.220
212.93.226.90
212.124.50.37
212.175.19.108
212.186.197.229
213.17.16.251
213.89.254.96
213.108.21.133
213.120.123.124
213.133.103.56
213.136.75.142
213.142.184.84
213.202.212.78
213.219.138.76
213.239.205.251
213.239.208.169
213.239.214.239
213.239.217.18
213.239.217.182
213.240.181.128
216.38.129.164
216.126.58.205
216.151.13.77
216.239.90.22
217.16.185.175
217.23.11.38
217.23.140.103
217.28.212.166
217.112.251.21
217.119.149.253
217.168.143.169
217.182.30.197
219.113.244.52
220.246.36.216
222.155.161.251
223.17.202.206

1016
bitcoin_blockchain_info_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

8148
bitcoin_blockchain_info_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

2653
bitcoin_blockchain_info_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

7798
bitcoin_nodes.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

9211
bitcoin_nodes_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

27203
bitcoin_nodes_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

14085
bitcoin_nodes_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

26515
blocklist_de.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

9876
blocklist_de_apache.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

164
blocklist_de_bots.ipset Normal file
View File

@ -0,0 +1,164 @@
#
# blocklist_de_bots
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# which have been reported within the last 48 hours as having
# run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or
# BadBots (BadBots = it has posted a Spam-Comment on a open
# Forum or Wiki).
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/bots.txt
# Source File Date: Sun Oct 15 10:10:36 UTC 2017
#
# Category : attacks
# Version : 49601
#
# This File Date : Sun Oct 15 10:16:06 UTC 2017
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 131 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_bots
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.93.94.235
5.16.2.28
23.92.213.120
23.227.201.183
31.130.23.236
37.49.224.163
37.52.204.46
37.115.201.203
37.115.216.179
42.115.32.211
46.161.9.20
46.161.9.22
46.161.9.25
46.161.9.50
46.161.9.51
46.161.9.56
51.255.173.36
63.141.236.98
64.71.74.64
64.120.56.210
69.197.177.50
78.37.63.194
78.137.22.66
78.167.57.11
79.173.89.86
82.127.201.40
82.251.57.96
84.38.135.104
84.53.66.158
84.119.26.238
85.119.88.206
89.26.248.3
90.86.156.117
91.200.12.173
91.200.12.185
103.207.39.183
103.215.83.189
104.247.219.28
105.159.149.89
115.160.171.42
120.27.103.132
120.78.49.10
123.125.71.44
123.125.71.45
123.125.71.50
123.125.71.51
123.125.71.58
123.125.71.69
123.125.71.71
123.125.71.79
123.125.71.82
123.125.71.94
123.125.71.95
123.125.71.99
123.125.71.100
123.125.71.101
123.125.71.105
123.125.71.113
136.243.158.114
139.129.130.253
142.44.151.77
151.12.36.211
162.210.196.97
173.208.157.186
173.212.238.134
173.234.159.250
176.214.1.246
178.238.229.94
180.76.15.7
180.76.15.8
180.76.15.13
180.76.15.14
180.76.15.15
180.76.15.16
180.76.15.21
180.76.15.22
180.76.15.23
180.76.15.25
180.76.15.29
180.76.15.30
180.76.15.32
180.76.15.34
180.76.15.136
180.76.15.139
180.76.15.140
180.76.15.141
180.76.15.144
180.76.15.146
180.76.15.149
180.76.15.156
180.76.15.158
180.76.15.160
180.76.15.161
180.76.15.163
183.131.83.226
184.22.243.94
185.15.244.87
185.36.102.114
185.100.87.248
185.126.179.232
185.153.197.44
185.172.110.38
187.190.252.134
190.151.47.138
193.33.111.88
194.87.147.74
194.118.207.146
199.58.86.209
199.58.86.211
203.45.18.122
211.38.144.224
217.118.136.171
220.181.108.96
220.181.108.99
220.181.108.106
220.181.108.107
220.181.108.110
220.181.108.115
220.181.108.116
220.181.108.118
220.181.108.140
220.181.108.142
220.181.108.149
220.181.108.151
220.181.108.154
220.181.108.155
220.181.108.158
220.181.108.170
220.181.108.172
220.181.108.177
222.186.50.165

1435
blocklist_de_bruteforce.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

447
blocklist_de_ftp.ipset Normal file
View File

@ -0,0 +1,447 @@
#
# blocklist_de_ftp
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# which have been reported within the last 48 hours for
# attacks on the Service FTP.
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/ftp.txt
# Source File Date: Sun Oct 15 10:10:34 UTC 2017
#
# Category : attacks
# Version : 49741
#
# This File Date : Sun Oct 15 10:16:05 UTC 2017
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 416 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_ftp
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.28.80.234
1.56.233.57
1.63.36.96
1.63.38.45
1.82.231.240
1.181.141.3
1.190.64.150
1.202.74.233
1.203.160.75
1.204.54.102
1.205.98.52
1.254.58.72
13.64.157.74
14.106.211.51
14.106.240.23
14.108.131.153
14.108.151.4
14.120.74.215
14.120.106.118
14.204.169.6
14.213.150.220
14.221.239.212
14.222.45.232
23.31.239.17
27.19.30.197
27.21.162.108
27.28.123.169
27.111.44.186
27.210.113.223
27.213.94.20
27.223.1.142
31.211.102.129
36.5.173.146
36.5.175.85
36.25.34.143
36.33.0.120
36.102.148.163
36.103.226.40
37.9.169.7
37.187.130.94
39.73.161.46
39.75.176.34
39.76.182.117
39.78.98.154
39.84.119.81
39.155.185.7
41.83.216.71
41.143.165.111
41.230.62.140
42.6.135.13
42.6.235.46
42.48.60.232
42.84.155.7
42.88.206.99
42.89.30.237
42.101.243.4
42.224.201.136
42.236.148.155
45.62.210.210
46.30.45.125
46.105.100.136
46.246.37.180
47.32.200.191
47.92.84.84
47.95.213.4
49.73.184.175
50.78.116.109
50.195.99.111
50.250.14.141
51.15.192.85
58.16.141.26
58.18.35.149
58.18.37.170
58.47.116.94
58.48.183.243
58.52.233.139
58.55.135.101
58.58.116.126
58.213.63.50
58.216.215.250
58.243.184.98
59.36.241.68
59.51.202.25
59.63.28.56
59.63.28.59
59.63.28.60
59.63.28.62
59.63.28.63
59.63.249.149
59.108.59.178
59.173.251.58
59.174.113.172
60.14.243.172
60.28.59.174
60.29.91.78
60.162.146.144
60.162.242.135
60.169.78.221
60.182.101.124
60.220.171.35
60.249.245.180
61.74.137.76
61.133.250.116
61.134.203.76
61.135.45.226
61.146.233.116
61.153.55.86
61.160.213.235
61.178.60.117
61.184.186.110
61.189.178.2
64.137.201.162
66.214.246.10
69.64.68.205
72.167.190.6
74.10.196.193
78.31.67.184
78.188.74.55
85.31.112.251
85.105.155.216
88.0.163.65
89.39.104.160
89.218.176.232
89.238.166.244
91.200.12.36
91.200.12.53
91.200.12.109
94.20.246.240
94.156.211.207
95.128.45.223
95.220.130.134
101.31.60.16
101.37.75.60
101.73.91.54
103.7.1.11
103.28.118.18
103.68.112.74
103.204.76.116
103.204.76.117
103.214.174.207
103.214.175.47
103.216.216.78
106.18.78.188
106.46.201.229
106.57.166.232
106.58.229.145
106.59.194.234
106.87.96.67
106.88.254.232
108.29.111.122
108.58.93.100
110.52.216.124
110.167.30.90
110.254.0.36
111.27.3.211
111.44.219.2
111.75.15.104
111.123.225.208
111.161.3.76
111.174.207.84
111.196.243.147
111.197.211.183
111.204.87.227
112.26.5.252
112.41.192.120
112.74.103.9
112.98.75.221
112.101.126.4
112.103.16.7
112.112.206.141
112.231.246.207
113.4.29.22
113.9.197.102
113.66.124.88
113.72.11.194
113.81.234.219
113.86.253.135
113.109.213.70
113.111.44.28
113.111.182.226
113.124.197.10
113.161.149.37
113.206.121.20
113.228.70.32
113.228.71.157
113.247.192.216
113.247.195.136
113.248.203.68
114.233.220.98
114.241.51.16
114.247.134.163
114.250.103.10
115.29.43.32
115.152.250.73
115.152.250.74
115.152.250.76
115.152.250.77
115.152.250.78
115.152.250.79
115.159.2.52
115.159.198.25
115.203.147.1
115.205.124.245
115.205.126.122
115.208.206.129
115.212.83.184
115.212.223.32
115.224.75.208
116.2.214.105
116.24.64.167
116.28.230.30
116.52.185.58
116.226.129.140
116.228.85.138
116.230.34.35
116.232.169.193
116.232.217.65
116.249.39.125
117.61.161.152
117.62.3.148
117.89.209.160
117.190.56.170
117.241.170.195
118.81.194.135
118.113.137.29
118.144.139.220
118.160.180.101
118.193.158.234
118.193.194.70
118.193.194.96
118.250.101.155
118.250.113.93
118.250.115.215
118.254.134.55
118.254.158.214
119.1.207.231
119.36.149.150
119.39.93.212
119.39.95.97
119.39.148.3
119.51.136.35
119.52.74.34
119.55.147.92
119.55.161.169
119.55.168.177
119.60.209.161
119.117.247.172
119.130.206.138
119.162.80.37
120.14.42.111
120.77.65.131
120.236.85.23
120.236.144.206
120.239.72.45
120.239.72.69
120.239.72.169
121.32.126.192
121.34.182.119
121.205.251.135
121.225.4.15
121.225.73.13
121.237.206.5
122.141.119.166
122.141.185.15
122.156.198.224
122.158.25.31
122.188.224.20
122.189.248.148
122.192.246.245
123.56.181.190
123.114.36.192
123.114.117.24
123.115.159.131
123.116.186.120
123.117.239.69
123.117.251.148
123.119.116.107
123.127.244.100
123.161.192.14
123.178.150.230
123.184.88.113
123.244.197.100
124.64.239.129
124.67.255.164
124.112.77.141
124.117.44.116
124.165.19.44
124.232.147.168
124.235.198.17
125.33.249.111
125.107.182.20
125.107.188.159
125.124.55.6
139.209.137.2
139.209.172.130
139.212.241.123
140.224.165.104
140.237.180.77
144.52.46.45
144.76.1.207
145.239.118.229
153.171.38.53
156.67.106.194
162.144.38.233
166.62.39.130
166.62.92.7
171.12.0.120
171.113.188.99
171.126.48.128
171.223.185.236
175.8.66.130
175.8.67.76
175.13.13.183
175.13.108.242
175.13.178.30
175.13.240.139
175.13.246.255
175.17.183.168
175.148.143.142
175.160.203.160
175.161.38.6
175.184.171.167
177.129.246.186
177.202.32.154
178.255.44.62
179.252.75.108
179.254.61.19
180.166.244.138
180.175.38.12
181.20.173.200
182.119.88.21
182.243.47.190
182.245.35.82
182.253.152.188
182.253.152.216
183.28.49.154
183.68.170.84
183.71.208.25
183.71.215.44
183.130.1.120
183.151.93.92
183.187.57.13
183.190.200.66
183.196.7.74
184.168.200.153
185.9.19.120
185.94.193.78
185.195.76.50
188.126.84.115
190.99.105.58
192.95.29.112
192.145.239.44
198.0.48.134
198.154.248.132
200.10.66.94
201.180.107.106
201.208.165.161
202.74.232.162
202.182.182.205
203.236.50.67
205.147.109.54
207.171.253.5
209.66.128.22
210.22.135.36
211.217.183.100
212.3.207.167
212.113.133.53
213.3.0.138
213.160.182.198
216.119.130.194
217.160.109.189
217.182.192.29
218.6.244.67
218.16.63.79
218.17.157.205
218.64.53.33
218.75.237.156
218.77.80.131
218.86.199.6
218.90.143.254
218.154.143.26
218.201.184.244
219.139.72.81
219.140.43.43
219.151.227.208
220.132.35.162
220.135.137.230
220.162.247.202
220.163.146.134
220.172.165.183
220.172.172.12
220.216.111.35
220.248.226.38
221.8.168.232
221.193.117.251
221.195.36.29
221.217.242.48
221.222.121.208
221.222.149.3
221.229.204.123
222.32.87.89
222.39.96.246
222.42.97.185
222.86.137.136
222.86.238.174
222.95.156.161
222.133.135.225
222.133.140.105
222.137.0.128
222.181.144.80
222.191.249.108
222.217.129.162
222.220.114.32
222.223.130.89
223.94.82.24
223.220.113.15

2015
blocklist_de_imap.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

14191
blocklist_de_mail.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

187
blocklist_de_sip.ipset Normal file
View File

@ -0,0 +1,187 @@
#
# blocklist_de_sip
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IP addresses
# that tried to login in a SIP, VOIP or Asterisk Server and
# are included in the IPs list from infiltrated.net
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/sip.txt
# Source File Date: Sun Oct 15 10:10:35 UTC 2017
#
# Category : attacks
# Version : 33252
#
# This File Date : Sun Oct 15 10:16:06 UTC 2017
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 156 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_sip
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.11.40.231
5.11.45.234
5.104.111.204
5.196.171.56
35.197.205.176
35.198.142.157
37.8.21.169
37.8.22.185
37.8.29.222
37.8.32.221
37.8.42.168
37.8.46.171
37.8.52.24
37.8.55.192
37.8.61.47
37.8.66.3
37.8.72.173
37.8.88.15
37.187.187.138
38.121.232.36
41.250.196.80
46.17.40.43
46.17.46.8
46.29.162.5
46.29.162.7
46.29.162.11
46.166.139.30
46.166.139.43
46.166.187.44
51.15.200.216
51.15.206.2
58.211.218.74
61.189.184.76
61.191.41.6
61.191.41.7
61.191.41.53
62.210.26.232
62.210.96.6
62.210.146.169
62.210.149.13
62.210.162.98
62.219.6.134
64.31.20.154
64.31.56.184
64.129.188.18
65.38.171.196
65.111.165.235
67.55.110.36
69.163.37.208
78.134.64.124
82.4.244.194
82.141.136.153
82.205.0.106
82.205.11.106
85.17.212.28
85.31.209.109
85.114.102.126
85.114.110.72
85.114.113.46
85.114.124.229
85.114.125.114
85.184.242.244
87.106.17.36
87.106.20.45
88.147.1.201
91.189.179.14
92.42.105.217
93.115.26.68
93.115.26.69
94.23.47.120
94.23.47.172
94.247.178.106
95.26.130.196
95.26.157.148
96.44.189.172
104.149.238.98
104.227.139.58
107.150.50.130
107.155.154.5
113.209.111.207
115.168.71.84
120.132.134.249
125.95.18.146
134.119.179.243
134.119.221.7
142.54.169.106
149.56.106.192
154.16.126.78
155.94.65.6
155.94.65.20
158.69.248.152
158.69.249.93
158.69.250.194
162.244.81.29
162.244.82.216
162.244.82.217
163.172.17.11
163.172.71.215
163.172.109.197
163.172.161.1
167.114.64.97
173.164.93.151
173.242.125.35
174.137.170.180
174.137.170.190
176.31.246.45
183.87.56.75
184.172.12.112
185.40.4.38
185.40.4.61
185.40.4.70
185.40.4.72
185.40.4.84
185.40.4.190
185.40.4.199
185.107.80.37
185.174.137.215
188.72.241.126
188.138.9.254
190.145.81.213
192.151.151.114
195.154.47.154
195.154.168.62
195.154.172.48
195.154.180.71
195.154.181.237
195.154.182.120
195.154.182.160
195.154.183.160
195.154.183.210
195.154.185.67
195.154.232.246
195.154.237.230
198.204.252.2
198.204.252.82
198.204.252.90
198.204.254.18
199.48.164.82
199.48.164.113
199.48.164.165
199.168.99.26
202.103.52.143
202.103.52.147
204.12.221.26
204.188.221.157
208.77.101.138
208.115.203.51
208.115.236.172
208.115.236.186
213.165.68.55
213.202.225.99
216.172.98.211
217.20.114.242
217.150.245.224
219.146.8.78
220.178.16.98

10088
blocklist_de_ssh.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

153
blocklist_de_strongips.ipset Normal file
View File

@ -0,0 +1,153 @@
#
# blocklist_de_strongips
#
# ipv4 hash:ip ipset
#
# [Blocklist.de] (https://www.blocklist.de/) All IPs which
# are older then 2 month and have more then 5.000 attacks.
#
# Maintainer : Blocklist.de
# Maintainer URL : https://www.blocklist.de/
# List source URL : http://lists.blocklist.de/lists/strongips.txt
# Source File Date: Sun Oct 15 10:10:39 UTC 2017
#
# Category : attacks
# Version : 10467
#
# This File Date : Sun Oct 15 10:16:06 UTC 2017
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 123 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=blocklist_de_strongips
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.11.11
31.168.198.79
42.7.26.15
46.161.9.22
46.161.9.32
46.161.9.49
58.57.65.115
58.218.198.142
58.218.198.144
58.218.198.145
58.218.198.146
58.218.198.160
58.218.198.161
58.218.198.162
58.218.198.168
58.218.198.170
58.218.198.171
58.242.83.7
58.242.83.8
58.242.83.9
59.45.175.11
59.45.175.24
59.45.175.29
59.45.175.32
59.45.175.36
59.45.175.67
59.45.175.94
59.45.175.95
59.45.175.96
59.45.175.97
59.45.175.98
59.63.166.104
59.63.166.105
59.63.188.32
59.63.188.36
61.141.21.34
61.177.172.10
61.177.172.22
61.177.172.28
61.177.172.40
61.177.172.44
61.177.172.51
61.177.172.60
61.177.172.62
61.177.172.64
61.177.172.66
77.72.85.100
80.82.77.249
80.82.78.85
84.17.27.245
85.185.244.101
88.249.106.23
89.248.160.233
91.200.12.8
91.200.12.22
91.200.12.49
91.200.12.50
91.200.12.53
91.200.12.54
91.200.12.60
91.200.12.61
91.200.12.65
91.200.12.91
91.200.12.95
91.200.12.98
91.200.12.103
91.200.12.126
91.200.12.139
91.200.12.140
91.200.12.152
91.200.12.156
91.200.12.161
91.200.12.164
91.200.12.165
91.200.12.166
91.200.12.173
91.200.12.180
91.200.12.181
91.200.12.186
91.200.12.198
91.224.160.10
93.170.122.30
94.102.51.31
103.16.115.18
111.11.27.140
113.195.145.13
113.195.145.21
113.195.145.52
121.18.238.28
121.18.238.106
121.18.238.119
121.18.238.123
121.18.238.125
123.150.200.121
123.183.209.132
123.183.209.134
123.183.209.135
123.183.209.140
163.121.188.3
175.6.7.144
179.127.175.210
182.100.67.76
182.100.67.120
185.100.222.110
185.110.132.49
185.165.29.69
187.94.99.194
189.52.165.134
191.239.161.236
200.52.85.99
200.252.5.210
218.60.136.106
218.65.30.30
218.65.30.38
218.65.30.46
218.65.30.53
218.65.30.122
218.65.30.251
221.194.44.212
221.194.47.224
221.194.47.233
221.194.47.236
221.194.47.242

9226
blocklist_net_ua.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

6451
bm_tor.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

61
botscout.ipset Normal file
View File

@ -0,0 +1,61 @@
#
# botscout
#
# ipv4 hash:ip ipset
#
# [BotScout] (http://botscout.com/) helps prevent automated
# web scripts, known as bots, from registering on forums,
# polluting databases, spreading spam, and abusing forms on
# web sites. They do this by tracking the names, IPs, and
# email addresses that bots use and logging them as unique
# signatures for future reference. They also provide a simple
# yet powerful API that you can use to test forms when
# they're submitted on your site. This list is composed of
# the most recently-caught bots.
#
# Maintainer : BotScout.com
# Maintainer URL : http://botscout.com/
# List source URL : http://botscout.com/last_caught_cache.htm
# Source File Date: Sun Oct 15 10:00:37 UTC 2017
#
# Category : abuse
# Version : 30155
#
# This File Date : Sun Oct 15 10:00:37 UTC 2017
# Update Frequency: 30 mins
# Aggregation : none
# Entries : 24 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botscout
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
37.21.243.70
46.102.98.196
51.15.60.62
59.125.230.27
89.163.243.124
95.37.215.115
104.160.228.19
104.227.146.17
120.40.130.70
145.239.91.37
151.249.164.95
156.67.106.98
156.67.106.103
163.172.223.200
178.159.37.71
178.159.37.134
185.191.204.4
188.72.127.131
188.166.232.174
189.102.117.100
193.201.224.210
195.22.126.27
195.22.126.33
195.22.126.37

1302
botscout_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

14176
botscout_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

4878
botscout_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

164
botvrij_dst.ipset Normal file
View File

@ -0,0 +1,164 @@
#
# botvrij_dst
#
# ipv4 hash:ip ipset
#
# [botvrij.eu] (http://www.botvrij.eu/) Indicators of
# Compromise (IOCS) about malicious destination IPs, gathered
# via open source information feeds (blog pages and PDF
# documents) and then consolidated into different datasets.
# To ensure the quality of the data all entries older than
# approx. 6 months are removed.
#
# Maintainer : botvrij.eu
# Maintainer URL : http://www.botvrij.eu/
# List source URL : http://www.botvrij.eu/data/ioclist.ip-dst.raw
# Source File Date: Tue Jul 25 18:02:09 UTC 2017
#
# Category : attacks
# Version : 42
#
# This File Date : Wed Jul 26 13:44:04 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 130 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botvrij_dst
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.215.228.230
5.8.65.1
5.172.33.237
5.172.34.138
5.188.232.1
5.188.232.2
5.188.232.3
5.188.232.4
5.188.232.71
5.188.232.141
5.188.232.152
17.61.46.70
18.200.16.237
21.190.190.107
23.27.127.254
23.111.188.254
23.152.0.210
32.107.168.116
36.61.131.78
36.66.107.162
37.61.239.216
37.139.59.69
45.77.53.146
45.114.116.192
47.52.0.176
47.88.216.68
47.221.136.204
49.156.45.139
59.43.86.123
59.120.19.101
59.173.0.74
66.23.226.40
67.229.144.218
70.46.61.17
74.220.207.120
77.72.84.11
78.37.191.149
80.233.134.147
82.144.131.5
82.146.94.86
82.146.94.150
83.229.87.11
84.42.159.138
84.92.36.96
84.200.84.241
85.214.113.207
86.195.94.206
87.101.243.252
93.75.45.182
93.174.93.50
93.190.137.212
94.130.120.179
95.104.2.225
95.141.37.3
95.183.51.24
95.215.45.221
95.215.108.213
96.9.69.131
103.58.144.249
103.198.130.148
104.131.182.74
104.238.191.204
107.190.190.21
108.61.176.96
115.186.139.104
116.168.107.32
117.21.191.69
118.190.50.141
120.107.163.79
125.214.195.17
129.221.254.13
131.11.224.116
138.186.22.2
140.112.14.16
152.66.249.132
158.255.2.138
168.194.80.70
169.45.142.150
176.9.192.22
176.121.213.31
176.123.26.42
177.87.233.4
177.104.69.130
177.231.253.158
178.70.149.30
178.70.225.165
178.70.232.38
178.175.138.196
182.18.23.38
182.45.75.93
184.74.243.67
184.160.113.13
185.8.0.182
185.27.219.173
185.31.160.55
185.47.136.111
185.154.52.233
185.158.175.95
185.162.8.190
185.169.229.168
186.202.127.132
186.208.102.185
186.208.106.234
186.208.111.188
188.209.49.60
188.209.49.64
188.209.49.86
188.209.49.168
188.214.129.65
188.255.156.67
188.255.249.27
190.2.235.246
192.184.84.119
196.11.84.62
196.29.166.218
196.45.177.52
199.36.194.27
199.233.245.109
200.116.206.58
203.66.57.237
203.67.31.17
203.69.210.247
204.136.221.47
206.94.195.86
211.72.242.120
212.92.127.146
213.200.14.138
216.177.132.93
217.31.110.43
218.224.125.66

39
botvrij_src.ipset Normal file
View File

@ -0,0 +1,39 @@
#
# botvrij_src
#
# ipv4 hash:ip ipset
#
# [botvrij.eu] (http://www.botvrij.eu/) Indicators of
# Compromise (IOCS) about malicious source IPs, gathered via
# open source information feeds (blog pages and PDF
# documents) and then consolidated into different datasets.
# To ensure the quality of the data all entries older than
# approx. 6 months are removed.
#
# Maintainer : botvrij.eu
# Maintainer URL : http://www.botvrij.eu/
# List source URL : http://www.botvrij.eu/data/ioclist.ip-src.raw
# Source File Date: Tue Feb 7 20:26:35 UTC 2017
#
# Category : attacks
# Version : 2
#
# This File Date : Tue Feb 7 20:52:14 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 5 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=botvrij_src
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
37.237.192.22
134.213.54.163
144.217.81.160
176.9.36.102
185.116.213.71

1655
bruteforceblocker.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

5356
chaosreigns_iprep0.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

5356
chaosreigns_iprep100.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

5356
chaosreigns_iprep50.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

15031
ciarmy.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

4120
cidr_report_bogons.netset Normal file
View File

File diff suppressed because it is too large Load Diff

4549
cleanmx_phishing.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

12221
cleanmx_viruses.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

2632
cleantalk.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

28331
cleantalk_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

129246
cleantalk_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

63507
cleantalk_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

692
cleantalk_new.ipset Normal file
View File

@ -0,0 +1,692 @@
#
# cleantalk_new
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Recent HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/submited_today
# Source File Date: Sun Oct 15 10:24:25 UTC 2017
#
# Category : abuse
# Version : 57653
#
# This File Date : Sun Oct 15 10:24:25 UTC 2017
# Update Frequency: 15 mins
# Aggregation : none
# Entries : 663 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_new
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.20.201.69
1.20.215.41
1.28.216.201
1.49.101.99
1.58.134.117
1.82.231.240
1.83.0.126
1.189.49.158
1.233.75.254
2.177.223.37
5.126.23.241
5.139.136.137
5.141.198.13
5.157.11.23
5.157.11.48
5.157.11.110
5.157.11.151
5.164.193.134
5.228.1.243
5.248.164.101
14.21.243.52
14.106.240.23
14.108.162.207
14.120.74.215
14.120.106.118
14.120.107.63
14.204.42.221
14.204.47.42
14.204.169.6
14.204.173.6
14.220.109.78
14.221.238.149
23.82.87.233
23.229.23.181
23.250.107.0
27.19.74.9
27.19.98.55
27.19.98.114
27.19.99.177
27.21.161.80
27.27.163.226
27.27.164.209
27.28.123.169
27.153.132.110
27.153.132.146
27.153.132.180
27.153.132.195
27.185.115.85
27.189.60.16
27.189.62.24
27.189.76.253
27.192.235.56
27.225.153.54
31.23.26.200
31.23.42.105
31.23.62.7
31.23.81.58
35.198.195.21
36.5.151.224
36.5.169.199
36.57.176.113
36.57.179.74
36.57.180.32
36.62.124.83
36.101.192.99
36.149.3.53
36.149.131.186
36.149.157.186
36.149.194.53
36.149.220.53
36.149.221.53
36.250.174.233
37.21.243.70
37.47.0.164
37.52.193.190
37.78.255.173
37.114.98.51
37.114.98.59
37.114.98.69
37.114.98.75
37.114.98.168
37.114.98.234
37.114.98.236
37.114.98.241
37.115.5.171
37.215.224.44
39.53.77.102
39.73.161.46
39.75.176.34
39.78.98.154
39.84.119.81
41.251.172.18
42.6.59.65
42.49.217.32
42.84.155.7
42.88.90.117
42.88.206.99
42.91.106.145
42.101.243.4
42.103.146.5
42.116.159.113
42.117.253.241
42.184.13.32
42.224.201.136
42.236.149.181
42.243.6.46
42.243.101.157
42.243.101.158
42.243.101.173
43.248.34.94
45.61.189.202
45.61.190.84
45.61.190.232
45.61.190.250
45.61.191.2
45.61.191.86
45.76.84.170
45.76.85.228
45.77.3.154
46.0.9.136
46.41.64.195
46.41.65.126
46.41.70.13
46.41.74.222
46.41.113.39
46.41.121.253
46.61.76.141
46.99.69.142
46.99.76.252
46.147.205.36
46.167.67.223
46.228.103.214
49.70.107.95
49.71.212.164
49.76.183.104
54.148.128.22
58.9.238.218
58.49.182.238
58.209.100.167
59.33.43.190
59.51.202.25
59.58.108.29
59.172.144.207
60.10.93.242
60.14.243.172
60.23.44.146
60.160.243.196
60.161.181.14
60.162.143.203
60.162.146.144
60.162.179.178
60.168.51.212
60.182.101.124
60.208.171.179
60.221.52.70
61.6.42.100
61.90.39.208
61.138.84.58
61.143.217.21
61.165.216.250
61.228.238.148
62.122.91.241
66.37.7.26
67.205.142.183
69.40.179.229
69.46.64.8
69.46.64.31
75.170.112.27
77.125.95.66
77.127.104.3
77.127.118.39
77.222.106.181
77.222.108.42
78.145.0.255
78.145.2.206
79.182.33.91
79.184.181.108
79.184.181.165
79.184.181.213
79.184.182.13
79.184.182.70
79.184.182.206
79.184.184.36
79.184.184.190
79.184.185.8
79.184.185.184
79.184.185.197
79.184.186.170
79.184.187.219
79.184.188.191
79.184.189.182
79.184.192.176
79.184.193.240
79.184.194.79
79.184.195.60
79.184.195.130
79.184.196.54
79.184.198.123
79.184.198.134
79.184.198.137
79.184.198.241
79.184.199.141
79.184.200.68
79.184.200.75
79.184.203.103
79.184.203.174
79.184.205.254
79.184.206.58
79.184.210.226
79.184.211.79
79.184.213.210
79.184.215.110
79.184.215.168
79.184.215.224
79.184.216.63
79.184.217.43
79.184.221.219
79.184.225.176
79.184.225.213
79.184.225.215
79.184.226.93
79.184.228.68
79.184.228.206
79.184.230.240
79.184.232.144
79.184.232.159
79.184.236.67
79.184.236.113
79.184.237.229
79.184.238.50
79.184.239.87
79.184.239.172
79.184.240.50
79.184.241.91
79.184.242.123
79.184.243.11
79.184.244.41
79.184.245.167
79.184.246.101
79.184.246.117
79.184.247.208
80.110.120.171
82.211.9.232
82.211.24.5
82.211.24.7
82.211.24.165
82.211.24.180
83.20.0.126
83.25.21.89
84.229.87.243
85.140.81.144
87.17.146.65
87.71.140.246
87.244.166.164
89.37.64.120
89.143.119.251
91.108.95.53
91.108.95.100
91.215.90.174
93.127.144.79
94.46.160.195
94.177.178.170
94.232.208.67
95.79.16.117
95.79.84.7
95.79.143.53
95.79.160.140
95.79.199.24
95.79.200.8
95.79.224.21
95.79.228.15
95.218.113.120
101.20.126.69
101.24.182.172
101.24.182.233
101.27.51.181
101.109.34.223
101.109.109.43
103.82.55.243
103.218.2.80
103.226.185.122
103.247.55.119
104.151.241.222
104.203.43.166
105.154.202.98
105.155.47.207
105.158.14.159
105.158.23.63
106.8.208.246
106.8.218.196
106.32.42.237
106.45.127.78
106.58.229.145
106.87.96.67
106.87.96.181
106.87.96.216
106.87.96.246
106.87.97.35
106.88.254.232
107.152.195.119
107.152.210.77
107.175.84.245
109.64.55.241
109.64.122.224
109.93.201.236
110.77.183.157
110.80.65.119
110.80.71.215
110.167.71.111
110.169.68.34
110.228.207.76
111.85.8.3
111.174.206.253
111.196.78.143
111.200.58.94
111.201.204.114
112.66.1.10
112.98.9.202
112.99.74.158
112.111.162.155
112.111.163.53
112.111.163.85
112.117.132.76
112.134.44.60
112.140.241.90
112.255.37.140
113.0.234.121
113.3.203.249
113.4.159.108
113.9.222.253
113.22.171.60
113.72.9.30
113.81.232.120
113.111.46.93
113.111.89.106
113.111.182.226
113.139.214.99
113.176.35.206
113.206.178.66
113.206.196.231
113.246.66.146
113.248.145.210
114.95.120.205
114.99.115.233
114.112.252.245
114.217.176.150
114.241.51.73
114.248.148.165
114.249.0.32
114.249.11.149
115.57.134.64
115.85.235.189
115.118.169.180
115.204.217.185
115.205.126.122
115.212.83.213
115.212.223.32
115.225.29.100
116.2.214.105
116.24.64.167
116.30.218.252
116.58.224.167
116.112.218.193
116.192.0.180
116.192.24.236
116.192.30.243
117.0.211.81
117.7.92.106
117.10.95.176
117.26.93.71
117.26.93.80
117.26.93.133
117.26.93.140
117.26.93.181
117.26.93.244
117.33.0.186
117.57.209.245
117.62.3.148
117.181.116.20
117.242.208.236
118.72.87.228
118.114.122.253
118.125.28.90
118.182.59.142
118.182.188.167
118.249.211.43
118.250.101.155
118.252.108.9
118.252.188.73
118.254.111.156
118.254.158.214
119.36.137.10
119.42.59.232
119.51.136.35
119.52.73.96
119.52.73.177
119.54.87.106
119.55.144.48
119.55.144.187
119.55.146.191
119.55.150.172
119.55.151.29
119.55.162.92
119.55.165.125
119.55.167.49
119.55.167.169
119.55.168.38
119.55.168.177
119.55.170.129
119.55.170.162
119.55.172.91
119.55.174.103
119.62.205.120
119.109.27.173
119.118.167.117
119.135.216.32
119.155.9.159
119.167.38.52
120.204.74.11
121.62.105.227
121.63.53.94
121.146.2.218
122.96.41.61
122.141.185.15
122.141.186.120
122.141.186.229
122.142.8.236
122.156.198.108
122.156.198.224
122.168.4.34
122.189.5.128
122.189.248.148
122.237.78.198
123.18.169.92
123.27.144.91
123.112.66.238
123.145.0.115
123.145.10.80
123.161.193.35
123.234.226.165
124.64.138.200
124.115.188.141
124.227.83.66
124.228.144.44
124.228.154.71
124.228.158.237
124.235.198.17
124.238.62.30
125.27.64.44
125.72.95.62
125.95.97.223
125.107.188.159
125.122.26.96
125.162.12.92
125.164.240.210
134.236.37.92
138.99.208.156
138.128.14.94
139.59.67.170
139.209.136.158
139.209.137.212
139.209.138.216
139.209.139.243
139.209.140.25
139.209.140.35
139.209.142.222
139.209.143.110
139.209.158.61
139.209.158.234
139.211.33.212
139.211.36.69
139.212.240.41
141.101.174.26
142.252.249.94
152.252.29.77
163.142.73.84
163.142.109.17
165.231.105.128
171.6.81.124
171.12.3.124
171.95.85.129
171.95.87.197
171.116.53.237
171.120.52.51
171.120.124.123
171.226.151.64
171.240.197.179
172.241.150.99
174.19.80.146
174.19.84.234
175.4.179.181
175.13.41.191
175.17.186.123
175.98.163.222
175.98.168.213
175.139.59.82
175.161.38.253
175.163.75.112
176.15.163.199
176.108.15.191
176.213.14.184
176.213.19.33
177.33.12.224
177.128.159.19
177.141.142.148
177.141.158.250
177.142.192.34
177.193.55.221
177.193.252.169
178.43.27.46
178.43.41.232
178.71.227.27
178.94.204.162
178.94.205.198
178.120.29.132
178.120.48.64
178.120.67.113
178.127.22.28
178.127.193.103
179.158.230.127
179.159.123.174
179.210.150.44
179.217.1.126
180.95.128.120
180.106.54.90
180.109.201.234
180.117.51.106
180.123.35.129
180.127.174.109
180.180.0.255
180.180.2.105
180.183.144.168
181.214.226.111
181.214.239.77
182.105.164.174
182.119.137.191
182.131.207.21
182.240.98.169
182.241.49.27
182.245.98.255
183.8.242.78
183.14.79.159
183.15.174.14
183.15.174.58
183.28.49.154
183.31.9.51
183.48.244.217
183.48.247.13
183.66.79.146
183.151.93.92
183.154.201.50
183.160.1.39
183.160.3.176
183.160.33.186
183.160.120.87
183.160.120.147
183.160.122.154
183.160.122.180
183.160.123.183
183.189.124.229
183.189.163.37
183.189.240.23
183.228.83.121
183.240.19.243
184.22.240.238
184.175.219.41
184.175.244.127
184.175.244.151
185.206.80.55
186.205.33.172
186.220.190.188
187.37.82.154
187.255.255.29
188.39.221.42
188.68.204.98
188.114.22.80
188.114.23.138
188.146.109.15
188.212.148.215
188.234.116.78
189.60.59.6
189.60.112.183
189.63.26.120
189.121.160.43
190.186.242.26
191.96.253.98
191.242.177.42
192.157.240.91
192.186.140.77
192.186.175.75
192.186.181.37
192.187.122.42
192.241.77.244
193.194.69.155
193.201.224.213
195.22.126.176
195.140.212.52
195.140.212.107
196.245.216.120
196.245.217.113
196.245.218.56
196.247.18.85
196.247.163.28
196.247.225.111
197.234.48.243
198.46.214.251
198.204.234.34
199.195.254.47
201.37.194.14
201.119.193.67
202.62.19.4
209.107.196.151
212.83.151.152
213.112.70.158
217.91.48.52
218.6.85.182
218.58.14.102
218.60.128.4
218.72.125.57
218.86.196.118
218.89.73.228
218.93.106.17
219.137.53.98
219.139.165.113
220.161.163.10
220.161.163.56
220.161.163.94
220.161.163.161
220.161.163.200
220.161.163.206
221.196.239.81
221.205.161.19
221.205.167.245
221.206.164.32
221.213.95.75
221.217.51.50
221.219.137.223
222.77.230.50
222.77.230.80
222.77.230.84
222.77.230.91
222.77.230.106
222.77.230.125
222.77.230.175
222.77.231.35
222.77.231.81
222.77.231.140
222.77.231.184
222.77.231.233
222.77.231.248
222.77.240.7
222.82.134.53
222.86.174.197
222.86.241.87
222.137.6.74
222.160.160.68
222.160.160.86
222.160.162.61
222.189.126.134
223.146.111.240
223.150.1.165
223.153.242.214
223.220.121.172

1689
cleantalk_new_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

26268
cleantalk_new_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

7437
cleantalk_new_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

49
cleantalk_top20.ipset Normal file
View File

@ -0,0 +1,49 @@
#
# cleantalk_top20
#
# ipv4 hash:ip ipset
#
# [CleanTalk] (https://cleantalk.org/) Top 20 HTTP Spammers
#
# Maintainer : CleanTalk
# Maintainer URL : https://cleantalk.org/
# List source URL : https://cleantalk.org/blacklists/top20
# Source File Date: Fri Oct 13 21:28:32 UTC 2017
#
# Category : abuse
# Version : 294
#
# This File Date : Fri Oct 13 21:28:32 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 20 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=cleantalk_top20
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
46.118.153.31
46.119.118.128
46.161.9.3
46.161.9.29
46.161.9.40
77.41.66.238
93.170.187.48
94.158.70.97
104.223.123.98
134.249.141.24
146.185.223.71
146.185.223.123
146.185.223.245
151.249.164.95
178.62.30.102
185.36.102.114
185.170.42.18
188.239.32.94
192.198.80.227
212.92.115.77

2029
cleantalk_updated.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

30208
cleantalk_updated_1d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

143527
cleantalk_updated_30d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

70295
cleantalk_updated_7d.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

7591
cruzit_web_attacks.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

1396
cta_cryptowall.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

30586
cybercrime.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

840
darklist_de.netset Normal file
View File

@ -0,0 +1,840 @@
#
# darklist_de
#
# ipv4 hash:net ipset
#
# [darklist.de] (http://www.darklist.de/) ssh fail2ban
# reporting
#
# Maintainer : darklist.de
# Maintainer URL : http://www.darklist.de/
# List source URL : http://www.darklist.de/raw.php
# Source File Date: Sun Oct 15 01:12:05 UTC 2017
#
# Category : attacks
# Version : 485
#
# This File Date : Sun Oct 15 01:12:05 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 810 subnets, 6682 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=darklist_de
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
2.119.195.114/31
5.188.10.175
5.189.152.162
5.196.69.60
5.249.151.164
5.255.91.143
12.15.160.241
12.15.160.242
12.15.160.244
12.130.39.153
14.54.210.101
23.95.215.111
23.239.220.212
24.4.27.91
24.92.151.130
27.54.175.114
27.191.153.122
27.255.77.95
27.255.81.155
31.31.196.131
31.47.249.40
34.223.254.148
36.250.77.36
37.59.0.139
37.120.170.32
37.120.250.132
37.128.146.247
37.187.123.135
37.187.176.185
37.187.195.129
37.221.242.40
37.229.253.129
40.78.18.153
40.92.7.104
40.92.67.57
40.92.67.59
40.92.68.39
40.92.71.34
40.92.72.49
40.92.253.88
40.114.12.112
40.121.222.71
41.60.134.211
41.185.83.37
41.185.83.118
41.221.96.78
42.7.26.15
42.81.36.152/31
42.159.204.117
45.113.136.146
45.125.14.43
46.29.89.150
46.105.28.88
46.105.112.114
46.118.116.168
46.118.126.252
46.119.112.125
46.119.117.60
46.119.118.191
46.133.85.179
46.146.31.35
46.151.210.147
46.151.210.157
46.151.210.173
46.151.210.190
46.218.196.227
47.88.12.112
47.89.54.11
47.89.208.49
49.207.182.120
50.30.36.155
51.15.147.241
51.254.101.200
51.254.102.115
51.254.111.197
51.254.150.51
51.254.222.83
52.37.206.4
52.178.197.34
54.218.127.44
58.17.234.163
58.20.95.117
58.48.178.200
58.100.135.31
58.195.100.130
58.240.52.75
58.242.83.21
59.45.142.199
59.63.166.0/24
59.63.188.0/24
59.125.16.125
60.165.208.28
60.208.139.180
60.255.146.181
61.41.4.26
61.139.124.136
61.143.62.86
61.143.228.162
61.145.164.107
61.150.76.201
61.153.1.215
61.155.238.89
61.177.20.236
61.177.21.226
61.177.172.0/24
61.183.117.250
61.216.9.35
62.12.131.46
62.42.230.179
62.75.210.155
62.76.41.67
62.76.42.155
62.76.185.121
62.141.46.5
62.149.12.234
62.149.157.11
62.153.237.140
62.197.235.32
62.210.130.233
62.210.192.216
64.20.61.41
64.73.119.213
64.78.155.204
64.98.42.170
64.147.82.194
64.158.31.142
65.182.109.101
66.11.16.11
66.23.212.221
66.70.219.200
66.163.184.60
66.163.188.86
66.163.189.37
66.163.189.149
66.163.190.117
66.163.190.161
67.42.71.91
67.207.86.222
67.227.152.157
67.229.196.90
68.66.31.60
68.116.50.7
69.17.200.230
69.61.56.184
69.64.33.217
69.67.53.78
69.142.132.208
69.162.123.243
69.163.34.0/24
70.121.152.212
72.10.28.235
72.30.234.92
72.52.128.248
72.167.218.222
72.167.218.225
72.167.218.227
73.231.34.71
73.240.235.72
74.6.128.36
74.6.129.50
74.6.129.235
74.6.130.143
74.6.131.51
74.6.132.89
74.6.132.143
74.6.132.181
74.6.133.150
74.6.134.44
74.6.135.194
74.194.6.5
74.202.142.133
74.208.149.118
74.222.24.11
75.114.77.34
77.68.37.122
77.72.85.100
77.73.183.18
77.105.1.80
77.238.178.215
77.247.159.193
78.46.33.35
78.49.253.146
78.138.113.71
79.136.112.75
79.137.37.219
79.143.177.124
79.143.182.231
80.23.51.194
80.65.65.217
80.86.84.30
80.98.85.225
80.211.226.111
80.211.229.139
80.253.23.84
81.181.81.126
82.57.200.97
82.57.200.117
82.57.200.118
82.102.216.128
82.138.71.109
82.142.79.217
82.159.191.29
82.165.98.116
82.216.111.37
82.223.31.79
82.223.190.26
83.103.62.234
83.149.249.185
83.212.113.35
83.221.127.134/31
83.235.69.34
84.116.36.91
84.178.239.201
84.205.246.250
84.210.184.7
84.246.226.99
85.25.217.109
85.93.26.194
85.95.239.32
85.128.152.116
85.153.236.204
85.153.252.34/31
85.195.8.8
85.246.81.136
87.97.76.216
87.106.71.197
87.233.187.130
87.248.110.243
87.250.153.93
87.252.5.58
88.26.213.144
88.57.178.12
88.99.89.98
88.208.119.155
89.46.78.88
89.108.87.179
89.136.217.117
89.205.80.113
89.218.176.232
89.245.129.25
89.245.129.26/31
89.251.98.4
90.80.134.213
90.85.46.17
90.178.42.230
91.113.148.130
91.121.154.155
91.121.188.70
91.189.9.77
91.197.232.109
91.200.12.18
91.203.111.27
91.210.146.88
91.210.147.252
91.234.189.15
92.42.109.172
92.61.39.32
92.61.41.40
92.222.178.170
92.229.65.159
92.247.125.186
93.56.12.164
93.63.165.90
93.158.222.103
93.174.89.88
94.20.21.38
94.23.36.140
94.23.253.96
94.138.44.146
94.138.215.138
94.177.202.224
94.177.212.32
94.177.214.121
94.177.216.82
94.177.226.150
94.177.244.233
94.231.82.19
94.236.85.7
95.31.16.215
95.107.9.27
95.110.248.60
95.142.156.29
95.183.198.3
97.74.135.162
97.74.135.172
98.195.148.191
101.231.247.210
103.8.228.247
103.13.99.15
103.19.110.141
103.20.148.69
103.48.17.23
103.79.141.110
103.89.88.101
103.89.88.136
103.207.36.102
103.207.38.166
103.207.39.108
103.207.39.229
103.212.222.16
103.212.223.150
103.225.143.78
103.242.64.26
103.250.227.202
103.255.5.117
104.47.0.212
104.47.0.216
104.47.4.202
104.47.4.237
104.47.6.248
104.47.32.210
104.47.33.214
104.47.34.200/31
104.47.36.213
104.47.36.235
104.47.37.209
104.47.38.202
104.47.38.224
104.47.38.240
104.47.40.215
104.47.40.224
104.47.40.232
104.47.100.241
104.129.44.111
104.143.5.175
104.168.24.136
104.168.24.185
104.168.110.220
104.236.126.173
104.237.247.124
106.2.96.14
106.10.241.83
106.51.1.164
107.172.104.0/24
107.172.110.0/24
107.172.165.127
107.172.165.196
107.172.165.198
107.172.206.15
107.172.206.150
107.172.206.152
107.172.209.147
107.172.209.148
107.173.168.104
107.173.168.106
107.173.168.160
107.173.168.164
107.173.250.134
107.173.250.221
107.173.251.136/31
107.174.42.135
107.174.50.173
107.174.61.152
107.174.128.175
107.174.133.0/24
107.174.170.205
107.174.170.206
107.174.192.0/24
107.174.221.22
107.174.221.185
107.174.221.206
107.174.239.80
107.174.239.109
107.175.49.121
107.175.49.135
107.175.49.178
107.175.148.204
107.175.184.0/24
108.61.24.117
108.61.242.100
108.170.51.58
109.0.18.4
109.86.154.241
109.239.117.62
110.45.165.12
110.76.187.115
110.77.143.2
110.82.187.178
110.249.218.124
111.1.56.73
111.73.45.39
111.74.238.124
111.202.45.119
111.202.93.14
111.202.133.66
112.16.203.48
112.91.82.252
112.133.193.188
112.144.41.186
113.106.72.58
113.107.183.45
113.176.163.41
113.222.72.243
114.141.132.53
114.255.78.179
114.255.78.180
115.159.241.197
115.231.16.175
116.31.116.0/24
116.55.242.141
116.90.1.22
117.3.64.250
117.131.215.90
118.179.155.140
118.213.118.2
118.220.255.143
119.15.136.244
119.29.20.190
119.207.21.229
119.249.54.93
120.42.44.252
121.78.87.138
121.160.21.13
121.165.33.239
121.205.201.42
121.205.204.211
121.242.76.226
122.4.82.188
122.144.167.146
122.199.152.175
122.224.40.84
123.16.60.22
123.30.16.150
123.49.62.172
123.183.209.140
123.200.0.4
123.206.99.141
123.206.114.87
124.81.98.21
124.106.92.98
124.118.168.98
124.158.7.158
125.92.250.98
125.209.91.101
125.211.216.157
125.253.32.158
129.111.23.175
129.152.232.4
130.185.254.220
132.248.32.213
133.42.248.41
134.102.96.29
134.213.150.77
137.74.3.66
138.19.133.51
138.68.135.106
138.186.128.2
138.219.12.181
140.114.83.245
140.237.0.142
140.246.233.138
141.85.199.96
142.54.107.28
144.255.94.191
146.0.32.48
148.207.1.11
148.251.117.162
149.56.23.33
150.188.245.9
153.128.50.70
153.128.50.76
153.128.50.80
154.0.165.125
154.0.175.138
154.16.5.96
154.66.196.186
155.4.234.76
156.17.109.199
156.67.106.207
157.82.144.155
158.230.100.102
159.226.21.231
159.226.231.12
160.16.93.183
160.247.6.112
162.144.84.135
162.144.94.237
162.217.248.104
162.217.248.132
162.243.170.180
162.244.14.117
163.121.188.3
163.172.199.183
163.247.40.50
164.2.249.240
164.46.203.228
164.77.114.3
164.100.115.6
164.100.115.8
164.132.225.107
165.90.97.76
165.139.180.9
168.205.156.110
169.255.69.64/26
172.87.24.202
172.104.104.8
173.13.241.97
173.198.206.107
173.199.115.216
173.201.193.38
173.201.193.44
173.203.187.86
173.203.187.97
173.212.201.18
173.224.115.149
174.138.47.26
175.44.12.248
175.121.47.213
175.136.208.56
176.9.146.126
176.119.49.244
177.5.96.11
177.11.82.237
177.11.136.138
177.38.32.109
177.67.82.94
177.200.196.50
178.18.249.140
178.33.167.144
178.62.37.77
178.63.100.88
178.137.4.41
178.165.88.182
178.170.172.85
178.238.239.92
178.254.21.221
178.254.29.151
179.184.85.111
180.76.246.43
180.97.215.152
180.128.21.46
180.166.114.150
180.250.210.165
181.10.193.19
181.15.247.214
181.39.89.146
181.49.161.210
181.65.214.124
181.112.58.178
181.113.19.10
181.177.244.115
182.16.243.23
182.22.91.0/24
182.100.67.0/24
182.118.11.35
182.231.203.182
182.253.105.197
183.64.62.26
183.79.57.69
183.79.57.125
183.79.100.217
183.214.141.0/24
185.38.164.187
185.50.180.42
185.65.245.80
185.74.36.30
185.97.113.247
185.100.222.110
185.106.208.130
185.117.88.40
185.118.164.129
185.118.167.101
185.129.148.168
185.141.166.20
185.181.10.28
185.186.78.137
185.186.79.138
185.194.216.67
186.5.5.220
186.33.235.139
186.46.160.198
186.46.233.172
186.67.77.44
186.121.242.34
186.209.36.245
187.31.146.8
187.60.167.199
187.62.205.21
187.141.34.37
187.141.74.27
187.141.100.236
188.121.43.201
188.164.193.80
188.187.52.118
188.213.174.96
190.52.187.122
190.98.249.170
190.102.140.100
190.152.212.173
190.170.128.41
190.196.215.125
190.202.36.84
190.205.54.150
190.214.24.250
190.242.111.56
192.3.213.14
192.3.213.18
192.3.213.177
192.3.213.238
192.3.229.0/24
192.50.193.60
192.85.6.185
192.85.6.186
192.112.24.174
192.151.228.158
192.163.250.53
192.185.47.168
192.185.143.40
192.237.163.124
192.241.173.251
193.40.0.43
193.48.2.51
193.105.134.187
193.109.254.111
193.136.195.240
193.170.242.213
193.201.224.0/23
193.246.28.130
193.254.186.45
194.2.209.2
194.25.134.21
194.27.18.39
194.83.180.101
194.145.180.185
194.149.10.25
194.152.206.148
194.214.185.9
194.224.6.190
195.3.144.0/24
195.39.35.78
195.45.99.87
195.62.187.165
195.66.68.16
195.98.241.136
195.130.253.180
195.138.68.245
195.144.254.133
195.154.195.4
195.162.24.142
195.175.57.86
195.182.210.145
195.220.30.51
195.235.171.143
196.12.12.75
197.14.54.201
197.156.109.5
198.1.37.10
198.8.81.159
198.12.152.136
198.41.40.63
198.50.176.83
198.71.225.36
198.71.225.38
198.98.57.133
199.83.103.147
200.16.89.92
200.16.99.221
200.16.110.15
200.40.31.44
200.52.85.99
200.55.164.58
200.55.192.42
200.58.160.60
200.61.190.145
200.85.32.60
200.98.116.115
200.107.9.240/31
200.107.18.252
200.139.9.100
200.144.28.250
200.144.145.109
200.149.208.131
200.150.66.83
200.152.40.7
200.174.69.226
200.199.41.42
201.18.18.173
201.44.167.0/24
201.59.200.254
201.217.142.186
201.217.244.237
202.51.232.125
202.52.255.69
202.70.88.133
202.71.131.67
202.75.219.158
202.90.141.82
202.168.254.178
202.199.224.253
202.215.132.129
202.218.49.130
202.223.132.14
202.223.220.193
203.86.69.132
203.94.74.4
203.97.33.68
203.140.81.0/24
203.142.64.86
203.142.65.20
203.146.107.42
203.150.62.64
203.192.205.141
203.192.235.4
203.217.178.5
203.249.22.197
204.29.186.0/25
206.72.194.4
208.24.212.119
208.69.56.58
208.87.233.155
208.87.234.155
208.186.128.85
209.51.186.134
209.92.176.11
209.92.176.14
209.92.176.24
209.126.108.73
209.197.176.47
209.236.119.21
210.14.152.58
210.50.30.228
210.51.17.73
210.51.191.26
210.55.143.52
210.56.25.85
210.87.250.171
210.212.210.86
211.111.250.183
211.193.41.12
211.216.123.97
211.226.197.35
212.32.225.231
212.51.172.213
212.54.192.0/26
212.76.68.225
212.83.139.189
212.83.151.84
212.83.161.254
212.95.73.130
212.97.34.116
212.122.77.180
212.129.23.96
212.129.58.61
212.129.63.214
212.175.152.50
212.227.86.227
212.227.126.187
212.237.8.200
212.237.15.178
212.237.20.240
212.237.53.5
212.237.53.124
212.251.54.10
213.136.89.96
213.167.44.170
213.186.170.226
213.189.62.177
213.197.130.235
213.252.247.31
216.8.159.220
216.39.62.93
216.39.62.194
216.82.251.8
216.126.227.79
216.126.227.80
216.241.87.179
217.61.2.76
217.61.4.105
217.61.20.127
217.182.78.31
218.2.197.240
218.38.12.49
218.38.15.69
218.60.136.106
218.65.30.0/24
218.78.213.142
218.78.213.153
218.87.109.0/24
218.106.205.145
218.250.198.151
218.255.181.86
219.78.51.182
219.94.128.84
219.129.237.218
220.72.146.117
220.171.31.163
220.181.15.55
220.225.230.7
220.227.40.118
220.227.247.37
220.247.222.8
221.130.130.238
221.215.106.218
221.226.186.70
222.44.63.11
222.73.37.31
222.77.208.198
222.77.209.90
222.82.239.226
222.99.52.246
222.184.110.234
222.184.138.52
222.184.160.84
222.185.230.138
222.186.34.0/24
222.186.169.152
222.187.116.14
222.255.175.112
223.17.219.86
223.197.203.122

6449
dm_tor.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

50
dshield.netset Normal file
View File

@ -0,0 +1,50 @@
#
# dshield
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Sun Oct 15 02:30:32 UTC 2017
#
# Category : attacks
# Version : 18995
#
# This File Date : Sun Oct 15 02:32:02 UTC 2017
# Update Frequency: 10 mins
# Aggregation : none
# Entries : 20 subnets, 5120 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.10.0/24
5.188.86.0/24
5.188.203.0/24
58.218.205.0/24
71.6.142.0/24
71.6.146.0/24
77.72.82.0/24
77.72.85.0/24
80.82.77.0/24
106.75.18.0/24
109.248.9.0/24
123.249.12.0/24
125.212.217.0/24
141.212.122.0/24
178.32.148.0/24
182.140.215.0/24
185.70.184.0/24
185.129.148.0/24
191.101.167.0/24
221.229.204.0/24

65
dshield_1d.netset Normal file
View File

@ -0,0 +1,65 @@
#
# dshield_1d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Sun Oct 15 05:50:49 UTC 2017
#
# Category : attacks
# Version : 23367
#
# This File Date : Sun Oct 15 05:52:02 UTC 2017
# Update Frequency: 10 mins
# Aggregation : 1 day
# Entries : 35 subnets, 8960 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_1d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.188.10.0/24
5.188.86.0/24
5.188.203.0/24
45.55.20.0/24
58.218.205.0/24
71.6.142.0/24
71.6.146.0/24
77.72.82.0/24
77.72.85.0/24
80.82.77.0/24
106.75.18.0/24
109.248.9.0/24
122.228.208.0/24
123.249.12.0/24
125.64.94.0/24
125.212.217.0/24
141.212.122.0/24
155.94.88.0/24
158.85.81.0/24
168.1.128.0/24
169.54.233.0/24
178.32.148.0/24
180.149.126.0/24
182.100.67.0/24
182.140.215.0/24
183.131.85.0/24
185.70.184.0/24
185.129.148.0/24
191.96.249.0/24
191.101.167.0/24
196.52.43.0/24
212.129.23.0/24
216.158.238.0/24
221.229.166.0/24
221.229.204.0/24

143
dshield_30d.netset Normal file
View File

@ -0,0 +1,143 @@
#
# dshield_30d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Sat Oct 14 22:51:17 UTC 2017
#
# Category : attacks
# Version : 23314
#
# This File Date : Sat Oct 14 22:56:06 UTC 2017
# Update Frequency: 10 mins
# Aggregation : 30 days
# Entries : 113 subnets, 30208 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_30d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.8.48.0/24
5.101.40.0/24
5.188.10.0/23
5.188.62.0/24
5.188.86.0/23
5.188.203.0/24
39.165.184.0/24
45.32.199.0/24
45.55.6.0/24
45.55.11.0/24
45.55.12.0/23
45.55.15.0/24
45.55.19.0/24
45.55.20.0/23
45.55.25.0/24
45.55.29.0/24
45.55.31.0/24
46.17.44.0/24
46.17.46.0/24
46.166.142.0/24
47.88.101.0/24
47.88.102.0/24
51.15.7.0/24
58.218.205.0/24
59.45.175.0/24
60.191.38.0/24
69.175.42.0/24
71.6.142.0/24
71.6.146.0/24
71.6.202.0/24
77.72.82.0/23
77.72.85.0/24
80.82.70.0/24
80.82.77.0/24
81.17.25.0/24
84.53.198.0/24
85.113.214.0/24
89.248.174.0/24
91.223.133.0/24
91.247.38.0/24
92.87.236.0/24
93.174.93.0/24
94.74.81.0/24
94.102.49.0/24
94.102.50.0/24
104.236.163.0/24
104.236.185.0/24
104.236.191.0/24
104.244.75.0/24
106.75.18.0/24
107.182.21.0/24
109.248.9.0/24
111.6.101.0/24
115.231.218.0/24
122.228.208.0/24
123.249.12.0/24
125.64.94.0/24
125.77.21.0/24
125.212.217.0/24
141.212.122.0/24
146.0.77.0/24
155.94.88.0/24
158.85.81.0/24
159.203.240.0/24
159.203.242.0/24
159.203.244.0/24
159.203.248.0/24
159.203.252.0/24
163.172.209.0/24
164.52.0.0/24
168.1.128.0/24
169.54.233.0/24
175.20.89.0/24
178.32.148.0/24
180.97.106.0/24
180.149.126.0/24
181.214.87.0/24
182.100.67.0/24
182.140.215.0/24
183.129.160.0/24
183.131.85.0/24
185.35.62.0/24
185.55.218.0/24
185.56.82.0/24
185.70.184.0/24
185.107.94.0/24
185.110.132.0/24
185.129.148.0/24
191.96.249.0/24
191.101.167.0/24
195.88.209.0/24
195.154.243.0/24
196.52.43.0/24
198.50.187.0/24
199.48.164.0/24
203.205.176.0/24
204.42.253.0/24
208.100.26.0/24
209.66.128.0/24
209.123.234.0/24
212.3.130.0/24
212.83.152.0/24
212.129.6.0/24
212.129.23.0/24
213.24.135.0/24
213.202.233.0/24
216.98.153.0/24
216.158.238.0/24
217.23.1.0/24
217.23.2.0/24
221.13.12.0/24
221.229.166.0/24
221.229.204.0/24

104
dshield_7d.netset Normal file
View File

@ -0,0 +1,104 @@
#
# dshield_7d
#
# ipv4 hash:net ipset
#
# [DShield.org] (https://dshield.org/) top 20 attacking class
# C (/24) subnets over the last three days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : http://feeds.dshield.org/block.txt
# Source File Date: Sat Oct 14 22:51:17 UTC 2017
#
# Category : attacks
# Version : 22568
#
# This File Date : Sat Oct 14 22:56:05 UTC 2017
# Update Frequency: 10 mins
# Aggregation : 7 days
# Entries : 74 subnets, 19200 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_7d
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
5.8.48.0/24
5.101.40.0/24
5.188.10.0/24
5.188.86.0/24
5.188.203.0/24
45.55.6.0/24
45.55.11.0/24
45.55.12.0/23
45.55.15.0/24
45.55.19.0/24
45.55.20.0/24
45.55.25.0/24
46.166.142.0/24
47.88.101.0/24
47.88.102.0/24
51.15.7.0/24
58.218.205.0/24
71.6.142.0/24
71.6.146.0/24
77.72.82.0/24
77.72.85.0/24
80.82.70.0/24
80.82.77.0/24
84.53.198.0/24
85.113.214.0/24
89.248.174.0/24
91.247.38.0/24
93.174.93.0/24
94.102.49.0/24
94.102.50.0/24
104.236.163.0/24
106.75.18.0/24
109.248.9.0/24
111.6.101.0/24
122.228.208.0/24
123.249.12.0/24
125.64.94.0/24
125.77.21.0/24
125.212.217.0/24
141.212.122.0/24
146.0.77.0/24
155.94.88.0/24
158.85.81.0/24
159.203.242.0/24
159.203.252.0/24
163.172.209.0/24
168.1.128.0/24
169.54.233.0/24
175.20.89.0/24
178.32.148.0/24
180.149.126.0/24
181.214.87.0/24
182.100.67.0/24
182.140.215.0/24
183.131.85.0/24
185.35.62.0/24
185.56.82.0/24
185.70.184.0/24
185.107.94.0/24
185.129.148.0/24
191.96.249.0/24
191.101.167.0/24
195.88.209.0/24
196.52.43.0/24
199.48.164.0/24
204.42.253.0/24
209.123.234.0/24
212.3.130.0/24
212.129.6.0/24
212.129.23.0/24
213.24.135.0/24
216.158.238.0/24
221.229.166.0/24
221.229.204.0/24

896
dshield_top_1000.ipset Normal file
View File

@ -0,0 +1,896 @@
#
# dshield_top_1000
#
# ipv4 hash:ip ipset
#
# [DShield.org] (https://dshield.org/) top 1000 attacking
# hosts in the last 30 days
#
# Maintainer : DShield.org
# Maintainer URL : https://dshield.org/
# List source URL : https://isc.sans.edu/api/sources/attacks/1000/
# Source File Date: Sun Oct 15 10:08:02 UTC 2017
#
# Category : attacks
# Version : 8540
#
# This File Date : Sun Oct 15 10:08:03 UTC 2017
# Update Frequency: 1 hour
# Aggregation : none
# Entries : 866 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dshield_top_1000
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.22.251.53
1.22.253.19
1.36.221.182
1.52.121.100
1.52.183.137
1.55.190.126
1.59.25.242
1.59.226.157
1.114.11.154
1.160.108.235
1.160.122.124
1.162.210.93
1.170.100.128
1.170.137.140
1.171.143.125
1.172.123.67
1.173.121.182
1.174.87.158
1.186.77.54
1.195.198.95
1.196.32.2
1.196.222.52
1.197.196.74
1.197.203.147
1.197.205.49
1.222.57.66
1.243.164.226
2.62.46.162
2.92.57.124
2.92.111.209
2.94.41.82
2.99.132.250
2.134.165.86
2.176.145.47
2.184.139.69
5.2.164.124
5.104.35.255
5.121.126.46
5.135.200.150
5.142.147.244
5.142.228.78
5.143.0.248
5.164.193.134
5.190.196.225
5.190.197.232
5.190.199.19
5.201.169.155
5.204.241.82
5.227.177.241
5.251.67.191
13.228.97.75
14.97.65.37
14.97.191.1
14.99.119.56
14.114.36.53
14.161.14.8
14.177.33.92
14.177.187.64
14.189.221.42
14.192.11.102
14.229.180.67
14.234.72.166
27.18.33.223
27.64.7.88
27.67.192.41
27.73.5.12
27.202.171.235
31.31.27.1
31.45.225.161
31.47.42.16
31.134.243.159
31.135.110.209
31.181.179.146
31.186.65.177
31.207.215.52
35.177.45.255
36.26.145.91
36.66.218.119
36.67.112.17
36.72.66.28
36.72.85.64
36.72.214.181
36.73.231.46
36.74.75.57
36.74.126.218
36.74.215.56
36.75.251.246
36.76.198.252
36.76.217.164
36.77.84.87
36.79.85.158
36.79.218.222
36.82.79.144
36.82.97.124
36.82.102.213
36.82.170.105
36.83.209.61
36.84.1.42
36.84.62.254
36.84.69.121
36.86.56.222
36.224.35.182
36.224.157.93
36.224.184.95
36.227.96.8
36.229.151.247
36.229.204.65
36.230.41.154
36.231.55.164
36.233.208.167
36.234.236.97
36.239.61.137
37.27.24.122
37.76.156.197
37.115.203.178
37.122.67.195
37.146.185.127
39.51.65.243
41.82.63.21
41.176.250.55
41.237.218.87
42.59.113.185
42.112.99.224
42.112.124.135
42.112.158.66
42.112.158.68
42.112.158.222
42.112.234.138
42.113.204.16
42.116.216.3
42.226.47.98
43.240.117.41
45.124.5.137
45.251.33.247
46.48.160.167
46.62.165.107
46.72.79.54
46.119.1.72
46.119.227.94
46.186.153.36
46.186.242.230
46.224.229.128
46.233.232.122
47.11.13.117
47.29.41.125
49.92.169.207
49.112.152.255
49.148.170.108
49.204.229.55
49.206.216.43
49.227.247.44
49.229.154.92
51.15.218.100
52.170.86.166
58.142.3.69
58.186.14.152
58.186.158.228
58.187.86.73
59.55.157.136
59.144.171.14
59.153.253.178
61.0.176.251
61.223.107.86
61.223.152.232
61.224.116.157
61.228.250.76
62.85.240.169
62.182.71.201
66.79.164.140
69.4.126.34
77.28.158.111
77.52.104.102
77.222.97.100
77.222.97.216
78.85.5.188
78.106.228.196
78.157.238.198
78.189.15.121
79.174.161.91
81.31.172.59
81.200.158.113
82.162.172.234
82.208.198.254
83.102.198.49
83.134.222.176
83.139.146.143
83.143.32.66
84.18.118.163
84.236.28.204
86.98.87.22
88.147.220.240
88.204.53.171
88.245.184.165
89.221.241.110
89.232.71.22
91.32.123.86
91.109.182.2
91.144.249.136
91.222.77.71
91.225.172.240
92.252.95.196
93.183.79.169
94.75.12.170
94.134.208.19
94.181.54.242
95.24.130.164
95.27.43.221
95.28.207.130
95.29.68.88
95.32.79.168
95.37.136.248
95.46.14.136
95.67.244.149
95.110.96.21
95.133.38.24
95.190.218.113
98.26.203.178
98.100.118.218
98.116.237.107
99.45.242.185
101.8.137.178
101.17.66.187
101.51.84.18
101.108.59.23
101.216.251.245
103.62.95.5
103.78.163.2
103.88.232.210
103.92.42.155
103.95.23.244
103.196.55.25
103.199.161.75
103.201.141.125
103.204.28.41
103.204.46.203
103.210.238.133
103.225.176.189
103.230.106.39
103.237.158.160
103.246.208.234
103.247.7.247
103.251.51.239
104.24.125.196
104.46.44.236
104.238.145.86
104.243.104.148
105.136.137.21
105.157.69.136
105.158.180.252
106.1.215.55
106.16.199.100
106.41.134.138
106.45.14.29
106.51.16.223
106.51.133.255
106.51.142.146
106.76.212.211
106.76.219.63
106.78.211.3
106.81.229.74
106.83.122.138
106.110.68.114
106.111.44.180
106.203.19.136
106.203.95.127
106.203.121.31
107.180.21.236
109.62.228.35
109.69.164.250
109.167.111.250
109.188.125.209
109.191.174.200
109.207.85.96
109.227.201.162
109.228.219.24
109.232.216.224
109.236.222.243
109.242.123.108
110.78.150.51
110.88.45.110
110.137.135.45
110.137.145.211
110.137.201.163
110.138.252.2
110.139.151.186
110.166.240.181
110.169.126.241
110.171.188.28
110.188.118.149
110.233.182.93
111.15.98.94
111.162.158.91
111.165.191.44
111.167.149.114
111.179.209.11
111.248.15.195
111.249.109.245
111.250.106.124
111.252.187.133
112.0.162.6
112.9.148.238
112.25.59.79
112.28.174.21
112.104.132.26
112.104.184.56
112.116.63.233
112.135.110.59
112.135.192.183
112.158.99.134
112.197.192.63
112.197.202.223
112.208.161.181
112.215.65.127
112.215.175.236
112.215.200.52
112.215.201.189
112.215.238.212
112.215.239.99
112.215.241.252
112.215.242.6
112.225.212.223
112.233.35.146
112.238.227.164
112.248.216.79
113.1.51.144
113.15.3.31
113.23.28.228
113.23.36.226
113.23.69.140
113.25.56.17
113.53.211.224
113.109.208.28
113.111.109.38
113.129.77.27
113.161.74.190
113.162.45.253
113.174.100.160
113.175.182.113
113.185.11.96
113.185.25.0
113.189.86.214
113.189.96.112
113.190.83.244
113.190.235.79
113.200.165.29
113.200.227.171
113.200.227.179
113.201.126.156
113.206.21.84
113.221.110.191
113.252.92.249
113.254.94.152
113.254.215.202
113.254.226.108
114.4.79.83
114.24.236.76
114.26.128.77
114.26.130.194
114.26.230.233
114.26.251.216
114.27.134.158
114.27.240.206
114.32.203.7
114.36.53.242
114.36.68.66
114.36.116.65
114.36.216.48
114.37.169.153
114.41.63.3
114.41.134.193
114.41.175.118
114.41.186.180
114.41.194.24
114.43.115.179
114.44.147.64
114.47.165.249
114.47.174.53
114.55.57.250
114.99.73.21
114.99.73.110
114.99.73.142
114.107.138.3
114.107.188.51
114.107.191.142
114.139.25.25
114.143.178.178
114.149.199.128
114.175.41.22
114.216.96.97
114.219.118.4
114.221.236.152
114.232.49.76
114.237.86.107
114.237.158.172
114.252.208.85
115.48.189.218
115.59.6.132
115.59.241.195
115.68.220.101
115.87.116.109
115.118.150.88
115.124.92.118
115.152.94.101
115.192.18.45
115.199.228.103
115.210.250.107
115.211.113.4
115.213.253.14
115.215.64.37
115.239.196.100
116.58.201.108
116.96.87.65
116.96.182.51
116.96.205.69
116.100.45.115
116.100.184.206
116.103.121.75
116.103.232.231
116.104.8.127
116.104.168.234
116.111.176.166
116.112.89.3
116.224.178.181
116.249.78.174
117.2.195.100
117.4.152.56
117.6.53.124
117.44.160.18
117.44.160.39
117.61.140.74
117.71.132.196
117.84.24.27
117.85.206.210
117.88.141.195
117.111.17.25
117.139.14.107
117.139.205.192
117.162.62.29
117.182.109.133
117.192.69.181
117.192.77.164
117.192.126.21
117.193.179.234
117.194.129.26
117.195.77.28
117.196.181.37
117.198.51.73
117.198.54.126
117.199.125.156
117.201.48.29
117.201.254.17
117.203.116.92
117.203.216.194
117.204.163.221
117.204.217.167
117.206.35.192
117.206.122.109
117.206.191.159
117.208.225.79
117.212.32.59
117.215.130.176
117.216.26.38
117.216.86.36
117.216.118.16
117.216.232.192
117.216.239.150
117.217.140.135
117.241.53.149
117.241.254.205
118.68.15.71
118.68.122.81
118.69.67.73
118.71.120.8
118.71.197.184
118.81.226.122
118.96.206.218
118.96.210.38
118.113.127.18
118.113.223.209
118.114.121.2
118.128.220.87
118.160.117.29
118.166.212.142
118.167.18.62
118.167.23.192
118.167.55.194
118.168.13.195
118.168.164.149
118.171.133.134
118.171.153.139
118.172.212.236
118.173.209.169
118.178.213.186
118.181.162.55
118.193.162.24
118.200.8.215
118.233.39.25
118.254.17.177
119.0.238.51
119.0.241.169
119.32.137.103
119.42.72.174
119.42.107.174
119.48.172.92
119.48.192.212
119.76.155.86
119.77.207.52
119.108.36.219
119.109.61.215
119.116.49.146
119.148.7.54
119.165.166.168
119.237.148.105
120.0.8.163
120.0.13.87
120.0.116.178
120.7.103.47
120.8.245.57
120.14.28.87
120.39.61.180
120.63.234.125
120.85.181.24
120.92.76.31
120.188.67.190
120.193.96.22
120.193.96.26
120.209.205.18
120.209.205.22
120.209.205.54
120.210.254.6
120.210.254.14
120.210.254.18
120.210.254.22
121.14.103.6
121.86.113.66
122.96.43.203
122.117.163.124
122.118.25.231
122.156.196.222
122.179.137.58
122.231.56.82
122.237.23.220
122.243.12.54
123.16.74.165
123.24.112.227
123.24.117.104
123.25.93.215
123.26.67.94
123.54.206.61
123.155.175.118
123.185.16.251
123.194.21.177
123.214.185.95
124.114.235.34
124.123.49.88
124.123.58.1
124.123.86.247
124.123.104.23
124.128.115.148
125.22.78.114
125.24.176.17
125.25.252.223
125.162.109.18
125.162.154.71
125.162.221.157
125.164.95.226
125.164.241.111
125.165.135.140
125.167.254.84
125.227.185.232
125.230.48.72
128.69.13.104
128.73.29.137
128.73.41.43
128.73.176.234
130.255.208.61
132.248.92.218
134.249.45.119
136.169.132.225
137.59.155.14
138.68.73.31
138.197.9.121
139.5.229.126
139.167.14.119
139.255.100.146
144.52.238.88
145.255.2.101
148.103.235.9
151.26.183.119
152.175.59.102
152.241.223.227
152.245.128.136
152.246.21.144
152.246.26.202
152.246.247.87
152.251.179.76
152.252.81.162
157.192.197.184
160.89.184.235
164.132.197.254
171.4.29.187
171.113.117.55
171.113.119.122
171.233.225.197
171.247.72.124
171.250.98.111
171.250.171.26
173.121.205.26
173.121.211.175
175.2.139.174
175.150.216.6
175.182.0.203
176.59.116.226
176.62.76.130
176.65.21.211
176.99.148.199
176.104.130.8
177.8.46.163
177.8.156.138
177.26.175.231
177.39.67.36
177.59.29.209
177.79.38.113
177.79.39.132
177.79.44.242
177.79.81.87
177.92.6.203
177.161.3.147
177.161.22.191
177.161.41.217
177.161.71.217
177.161.237.225
177.173.69.28
177.173.169.29
177.196.177.29
177.197.18.99
177.213.206.49
177.213.239.49
177.232.82.138
178.44.64.57
178.44.187.131
178.44.193.135
178.47.108.34
178.129.187.62
178.141.38.249
178.168.203.72
178.170.68.242
178.187.142.85
178.205.58.222
178.205.176.160
178.205.239.191
178.206.21.127
178.210.159.72
178.234.79.13
179.26.105.242
179.61.253.199
179.85.219.143
179.86.133.94
179.86.138.240
179.86.140.165
179.86.182.75
179.86.207.232
179.88.139.65
179.88.151.178
179.114.64.195
179.128.69.16
179.130.23.136
179.130.118.182
179.132.147.205
179.132.169.199
179.132.246.59
179.146.207.59
179.150.151.245
179.150.227.159
179.166.52.200
179.187.170.117
179.216.91.209
179.229.195.239
179.252.150.244
180.102.144.227
180.122.177.82
180.155.97.197
180.176.100.55
180.190.68.206
180.211.159.186
180.218.73.189
180.242.18.147
180.245.34.17
180.246.6.212
180.246.238.64
180.248.247.205
180.249.12.127
180.249.57.103
180.249.240.8
180.251.81.211
180.251.168.212
180.251.173.64
180.251.174.75
180.252.37.249
180.253.190.23
180.254.54.107
181.0.8.100
181.26.7.2
181.26.212.139
181.43.91.129
182.16.62.185
182.85.163.56
182.132.215.140
182.139.99.159
182.253.33.247
183.18.54.119
183.64.241.82
183.82.22.108
183.82.207.191
183.83.79.236
183.88.19.47
183.88.157.52
183.89.32.182
183.89.94.184
183.140.72.228
183.140.74.239
183.150.46.178
185.158.113.54
186.11.1.240
186.11.5.237
186.38.87.208
186.47.190.57
186.88.122.147
186.92.63.171
186.92.82.165
186.130.179.48
187.54.174.39
187.69.69.194
187.118.204.163
187.118.254.209
187.119.191.98
188.25.22.121
188.113.29.187
188.123.54.39
188.164.164.34
188.191.89.186
189.93.145.140
189.152.15.130
189.187.94.243
189.212.96.191
189.225.187.141
190.6.52.184
190.36.187.221
190.39.115.174
190.72.31.29
190.73.113.116
190.74.225.141
190.77.74.227
190.77.235.67
190.78.66.177
190.78.105.156
190.78.122.102
190.78.126.9
190.78.165.240
190.79.105.48
190.174.254.222
190.177.182.214
190.199.141.7
190.201.5.95
190.201.7.79
190.206.161.136
190.206.178.9
190.207.35.16
190.207.157.67
190.216.150.91
190.238.99.164
190.254.26.46
190.254.26.172
191.11.192.168
191.11.202.38
191.14.35.214
191.14.138.74
191.14.148.135
191.14.186.128
191.14.203.200
191.14.235.163
191.15.217.8
191.18.25.206
191.18.83.52
191.21.72.153
191.21.97.127
191.23.170.17
191.23.175.12
191.24.14.149
191.24.46.173
191.24.112.201
191.24.113.209
191.24.120.175
191.28.226.89
191.32.132.49
191.115.88.245
191.115.180.199
191.124.28.84
191.124.41.185
191.136.230.27
191.199.216.95
191.201.147.123
191.201.152.220
191.201.176.34
191.201.191.75
191.201.198.119
191.201.252.116
191.207.16.143
191.207.32.217
191.207.59.125
191.208.6.190
191.210.198.248
191.211.87.123
191.211.87.133
191.211.99.148
191.211.133.203
191.211.135.25
191.211.141.18
194.225.41.165
195.142.150.96
196.221.51.195
196.229.3.111
198.175.126.74
199.168.188.58
200.84.137.147
200.84.144.175
200.180.177.141
201.124.113.31
201.179.26.185
201.208.123.167
201.208.217.82
201.210.49.14
201.242.53.194
201.243.156.218
201.250.44.68
202.21.115.22
202.57.44.138
202.71.31.130
202.94.83.84
202.142.96.224
202.142.99.149
203.191.128.23
205.209.167.212
209.126.76.135
212.112.118.37
212.143.154.94
212.181.125.240
217.107.106.53
218.238.156.110
219.85.131.129
219.147.89.14
220.132.186.86
220.135.31.53
220.137.220.118
220.189.185.86
220.191.239.6
221.127.66.98
221.227.164.165
222.82.158.86
222.95.92.176
222.164.114.240
222.211.163.6
223.85.218.42
223.185.205.175
223.242.207.51
223.246.117.42

204
dyndns_ponmocup.ipset Normal file
View File

@ -0,0 +1,204 @@
#
# dyndns_ponmocup
#
# ipv4 hash:ip ipset
#
# [DynDNS.org]
# (http://security-research.dyndns.org/pub/malware-feeds/)
# Ponmocup. The malware powering the botnet has been around
# since 2006 and its known under various names, including
# Ponmocup, Vundo, Virtumonde, Milicenso and Swisyn. It has
# been used for ad fraud, data theft and downloading
# additional threats to infected systems. Ponmocup is one of
# the largest currently active and, with nine consecutive
# years, also one of the longest running, but it is rarely
# noticed as the operators take care to keep it operating
# under the radar.
#
# Maintainer : DynDNS.org
# Maintainer URL : http://security-research.dyndns.org/pub/malware-feeds/
# List source URL : http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv
# Source File Date: Sat Oct 14 19:31:58 UTC 2017
#
# Category : malware
# Version : 587
#
# This File Date : Sat Oct 14 19:44:11 UTC 2017
# Update Frequency: 1 day
# Aggregation : none
# Entries : 165 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=dyndns_ponmocup
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
23.111.137.174
27.54.86.145
31.22.4.94
31.22.7.7
31.22.113.24
31.186.8.63
41.208.72.170
46.4.148.81
46.30.213.4
46.30.213.8
46.30.213.198
46.30.215.31
46.30.215.106
46.242.145.96
54.207.35.24
62.149.140.104
63.111.67.20
63.247.141.235
64.70.19.52
64.71.33.129
64.130.33.227
64.207.178.167
65.182.101.135
65.254.227.240
66.7.193.7
66.33.209.144
66.96.149.32
66.96.160.128
66.147.240.186
66.147.240.193
66.147.242.95
67.23.254.129
67.202.69.37
67.222.22.117
69.89.31.137
69.89.31.197
69.90.25.210
69.162.89.10
69.163.251.203
69.175.75.178
72.167.131.114
72.167.209.38
72.172.132.43
74.208.145.145
74.208.215.229
74.208.236.230
76.74.158.89
77.55.115.55
77.92.75.4
77.105.36.226
77.232.69.164
78.46.78.55
79.124.76.10
79.170.40.33
80.94.98.99
81.88.48.95
81.169.145.81
82.118.24.217
82.165.15.141
82.165.38.187
85.9.19.128
85.13.136.51
85.13.140.101
85.13.152.178
87.98.239.19
89.163.222.68
89.221.250.12
94.136.160.106
94.152.142.131
94.231.83.148
94.247.171.78
95.142.65.77
95.173.182.184
98.124.251.203
103.28.38.158
107.152.102.248
108.170.11.82
108.174.147.63
109.123.122.230
111.118.181.161
112.213.87.130
119.59.104.32
124.150.132.6
129.121.18.207
131.153.37.2
132.148.50.129
143.95.86.254
143.95.240.16
144.76.45.43
156.54.179.186
157.7.144.5
159.100.176.27
162.213.3.199
162.255.164.228
173.201.63.1
173.201.63.128
173.209.52.122
173.254.28.119
176.31.222.193
182.18.145.17
182.239.48.60
184.154.241.54
184.168.58.1
184.168.137.128
184.173.151.165
185.32.188.146
185.36.168.127
187.45.193.205
187.45.193.220
187.45.195.65
187.45.195.127
187.45.195.183
187.45.240.68
190.111.229.183
191.252.48.39
192.99.161.26
192.116.109.121
192.169.196.1
192.185.143.215
193.107.88.208
193.218.152.20
193.252.114.12
194.8.30.56
195.8.66.1
195.110.124.188
195.114.18.162
196.22.172.201
198.23.74.144
198.154.118.68
199.67.250.59
200.170.151.200
203.170.86.225
203.174.34.49
205.186.187.121
205.234.131.222
205.234.197.147
206.123.119.90
206.188.193.120
207.21.228.180
208.109.181.3
208.113.213.71
208.180.26.16
209.126.117.81
209.217.39.150
209.217.239.109
210.242.73.200
212.227.81.10
212.227.171.163
213.156.8.70
213.186.33.18
213.186.33.19
216.97.226.245
216.250.121.2
216.250.121.102
217.16.10.3
217.76.132.246
217.160.0.131
217.160.0.174
217.160.0.204
217.160.0.240
217.160.53.183
217.160.223.120
217.160.231.206
217.198.114.93
219.84.217.10

608
esentire_14072015_com.ipset Normal file
View File

@ -0,0 +1,608 @@
#
# esentire_14072015_com
#
# ipv4 hash:ip ipset
#
# Malicious Botnet Serving Various Malware Families
#
# Maintainer : eSentire
# Maintainer URL : https://github.com/eSentire/malfeed
# List source URL : https://raw.githubusercontent.com/eSentire/malfeed/master/14072015.com_watch_ip.lst
# Source File Date: Mon May 2 23:51:43 UTC 2016
#
# Category : malware
# Version : 1
#
# This File Date : Mon May 2 23:51:44 UTC 2016
# Update Frequency: 1 day
# Aggregation : none
# Entries : 579 unique IPs
#
# Full list analysis, including geolocation map, history,
# retention policy, overlaps with other lists, etc.
# available at:
#
# http://iplists.firehol.org/?ipset=esentire_14072015_com
#
# Generated by FireHOL's update-ipsets.sh
# Processed with FireHOL's iprange
#
1.175.3.90
2.133.85.150
5.1.2.227
5.56.25.29
5.105.50.179
5.105.52.34
5.105.130.241
5.140.106.180
5.143.150.71
5.149.216.46
5.248.99.180
5.248.124.161
5.248.140.201
5.248.141.34
5.248.144.87
5.248.165.65
5.248.194.148
5.248.196.203
5.248.254.4
10.1.120.31
10.1.120.34
23.243.180.132
24.193.190.169
24.214.18.167
31.41.116.88
31.43.4.212
31.43.28.113
31.43.61.73
31.43.82.41
31.43.102.34
31.43.132.156
31.128.74.100
31.128.104.215
31.129.94.180
31.129.95.173
31.129.109.172
31.129.110.6
31.131.101.222
31.131.108.202
31.131.115.55
31.133.66.75
31.133.68.81
31.135.130.27
31.170.130.120
31.170.152.131
31.170.178.179
31.202.176.54
31.207.167.5
36.237.101.56
37.1.58.55
37.25.119.138
37.25.123.252
37.25.126.4
37.54.161.154
37.57.27.184
37.57.37.69
37.57.240.152
37.57.246.121
37.115.15.172
37.115.20.149
37.115.93.155
37.139.165.201
37.143.88.42
37.221.142.213
37.229.13.98
37.229.24.30
46.33.225.80
46.37.197.144
46.46.79.62
46.46.90.65
46.46.96.199
46.63.35.252
46.63.59.44
46.98.1.8
46.98.75.118
46.98.78.188
46.98.97.89
46.98.97.130
46.98.100.46
46.98.113.153
46.98.132.170
46.98.152.107
46.98.203.70
46.98.204.117
46.98.204.188
46.98.213.95
46.98.220.186
46.98.247.222
46.98.254.210
46.118.23.179
46.118.51.117
46.118.54.10
46.118.69.177
46.118.81.195
46.118.84.37
46.118.147.106
46.118.149.108
46.118.158.172
46.118.178.113
46.118.253.204
46.119.0.170
46.119.11.137
46.119.16.18
46.119.17.234
46.119.76.220
46.119.105.213
46.119.173.111
46.119.179.81
46.119.195.170
46.119.209.176
46.146.132.76
46.148.180.102
46.150.8.215
46.150.91.176
46.151.248.27
46.151.253.25
46.160.99.66
46.160.113.116
46.164.188.85
46.172.192.160
46.172.209.208
46.172.212.54
46.173.77.180
46.173.84.239
46.174.240.33
46.174.246.197
46.175.77.227
46.175.137.124
46.185.81.27
46.185.107.224
46.200.44.135
46.201.77.153
46.211.18.203
46.211.27.11
46.211.28.176
46.211.53.116
46.211.74.218
46.211.88.32
46.211.195.139
46.211.217.205
46.211.235.48
46.211.235.195
46.211.238.141
46.250.4.228
46.250.15.111
46.250.17.227
46.250.120.231
54.83.4.26
54.235.166.93
62.16.38.131
62.84.253.186
62.122.93.147
69.84.107.186
70.51.44.188
71.3.191.208
71.61.172.133
71.182.234.109
71.226.78.56
72.53.89.52
73.36.213.39
73.128.180.27
73.172.10.82
74.134.99.228
77.89.226.21
77.91.184.71
77.109.58.50
77.109.58.246
77.120.153.195
77.120.155.24
77.121.59.193
77.121.83.134
77.121.172.23
77.121.186.193
77.121.214.247
77.121.248.109
77.121.248.142
77.122.27.116
77.122.48.50
77.122.50.141
77.122.117.112
77.122.121.122
77.122.150.135
77.122.153.68
77.122.184.9
77.122.184.233
77.122.225.133
77.122.225.173
77.122.232.43
77.123.33.194
77.123.73.204
77.123.222.54
77.247.21.163
77.247.23.79
78.30.226.103
78.111.243.83
78.137.16.80
78.137.21.217
78.137.42.84
78.137.45.30
78.137.45.113
78.162.208.223
78.169.94.241
79.112.62.143
79.113.160.90
79.132.3.138
79.135.222.84
79.142.207.184
79.171.124.211
80.245.117.198
80.252.249.153
80.252.250.121
80.252.253.160
81.9.24.250
81.22.139.55
81.22.141.34
83.99.245.186
83.167.28.121
83.218.228.46
85.114.216.12
85.198.166.158
85.237.34.129
85.238.101.24
86.125.251.15
87.76.36.212
87.76.53.178
87.76.57.222
87.110.28.220
87.244.34.238
88.135.94.164
88.135.238.111
88.135.251.129
88.156.84.155
88.222.173.33
89.65.63.95
89.66.136.116
89.185.15.235
89.185.21.82
89.185.29.54
91.124.201.223
91.196.81.167
91.198.143.44
91.201.71.41
91.202.133.86
91.209.96.67
91.215.55.41
91.218.74.89
91.219.199.248
91.221.29.181
91.224.253.6
91.225.57.30
91.229.54.147
91.237.14.8
91.243.200.132
91.244.8.216
91.244.24.5
91.244.29.60
91.244.36.90
91.244.37.3
92.52.177.95
92.52.186.215
92.112.58.245
92.113.69.127
92.243.113.105
92.244.103.244
92.244.116.165
92.249.119.9
93.76.66.62
93.76.104.167
93.76.104.241
93.76.164.173
93.77.104.109
93.77.204.131
93.77.220.9
93.78.19.128
93.78.67.85
93.78.163.201
93.78.181.144
93.79.34.155
93.79.111.83
93.79.168.251
93.79.241.161
93.114.246.153
93.118.90.170
93.118.202.150
93.127.3.177
93.127.16.170
93.127.119.6
93.170.50.15
93.170.50.91
93.170.51.47
93.170.152.201
93.170.153.170
93.170.155.207
93.181.197.194
93.181.211.186
93.183.243.116
93.185.211.46
94.45.73.242
94.45.92.6
94.45.140.60
94.76.65.93
94.76.121.245
94.76.127.113
94.154.35.51
94.158.43.155
94.178.84.198
94.178.129.75
94.178.230.215
94.181.80.232
94.181.160.141
94.231.70.97
94.231.71.95
94.231.184.85
94.232.76.137
94.232.78.220
94.244.48.229
94.244.141.40
95.47.28.117
95.47.128.209
95.57.228.161
95.67.46.154
95.67.75.154
95.77.219.240
95.81.247.208
95.87.84.203
95.105.11.115
95.105.249.36
95.132.207.171
95.134.158.152
95.135.17.8
95.135.69.19
95.135.213.151
95.164.40.91
95.173.33.100
95.215.118.45
97.75.107.134
98.27.145.224
100.3.73.52
100.6.61.161
104.162.93.136
107.4.129.77
107.15.99.91
108.29.104.102
108.54.179.254
109.72.120.184
109.86.147.39
109.86.206.111
109.86.210.227
109.86.230.210
109.86.234.51
109.87.3.16
109.87.68.203
109.87.120.8
109.87.165.28
109.87.187.170
109.87.205.126
109.87.209.171
109.87.249.48
109.104.177.13
109.104.189.67
109.108.233.47
109.122.19.239
109.162.68.86
109.162.91.114
109.185.112.235
109.200.141.15
109.200.230.5
109.200.240.83
109.200.248.30
109.207.205.3
109.227.67.70
109.227.117.230
109.227.120.202
109.229.19.28
109.229.19.84
109.237.47.9
109.251.77.14
109.251.107.244
109.251.126.134
109.254.33.29
109.254.108.51
113.252.179.249
119.246.242.148
123.110.207.41
134.249.12.41
134.249.17.76
134.249.24.249
134.249.40.43
134.249.42.37
134.249.73.124
134.249.78.208
134.249.149.69
134.249.238.140
141.101.3.36
141.101.19.13
141.138.115.144
151.0.12.101
151.0.57.159
159.224.247.95
173.51.221.110
173.71.98.228
173.224.248.55
176.8.33.121
176.8.51.96
176.8.140.178
176.8.209.58
176.8.253.189
176.36.17.197
176.36.186.138
176.37.147.11
176.37.234.30
176.38.40.16
176.38.95.43
176.38.106.4
176.38.125.64
176.73.13.72
176.73.173.163
176.98.20.110
176.99.112.249
176.99.126.224
176.103.202.65
176.104.10.54
176.104.46.61
176.104.171.139
176.106.31.227
176.107.198.34
176.109.75.175
176.109.238.102
176.109.238.201
176.110.22.247
176.111.36.66
176.111.41.206
176.111.184.13
176.113.149.167
176.113.249.15
176.113.251.172
176.113.255.207
176.114.37.72
176.114.45.237
176.117.64.103
176.118.146.15
176.122.107.41
176.122.107.221
176.124.8.118
176.124.12.180
176.124.13.103
176.124.239.170
176.195.156.193
176.212.209.85
176.241.155.43
178.54.238.73
178.74.194.82
178.74.214.9
178.74.228.191
178.94.49.166
178.94.52.156
178.136.122.47
178.136.130.171
178.136.131.30
178.136.229.208
178.137.11.129
178.137.66.0
178.137.82.42
178.137.140.96
178.137.224.117
178.137.242.146
178.137.243.182
178.137.251.70
178.150.112.132
178.150.114.140
178.150.153.18
178.150.184.9
178.150.195.215
178.150.196.136
178.150.213.134
178.151.11.33
178.151.23.241
178.151.24.112
178.151.34.85
178.151.73.157
178.151.105.24
178.151.116.140
178.151.144.68
178.151.161.143
178.151.175.121
178.151.194.16
178.151.197.61
178.158.131.20
178.158.148.195
178.158.203.91
178.159.113.114
178.164.145.39
178.165.6.62
178.165.44.250
178.165.83.3
178.165.113.39
178.213.169.171
178.213.190.164
178.215.185.23
178.215.191.156
178.216.2.64
178.216.225.249
181.165.34.50
184.144.198.231
185.6.184.146
185.10.3.232
185.28.193.193
185.28.193.195
185.35.102.6
188.0.122.38
188.0.125.41
188.26.120.193
188.43.105.49
188.122.2.225
188.130.192.163
188.190.65.214
188.190.76.247
188.190.90.148
188.190.200.145
188.190.203.178
188.190.213.100
188.190.214.24
188.230.15.191
188.230.31.190
188.230.65.72
188.230.75.141
188.230.84.45
188.231.147.199
188.239.2.247
188.239.91.46
189.219.75.244
190.137.215.190
192.168.114.199
193.93.216.149
193.107.135.125
193.107.227.46
193.108.49.57
193.111.188.230
193.189.127.121
194.8.156.226
194.8.159.12
194.44.2.22
194.44.2.75
194.44.37.3
194.44.113.79
194.44.250.92
194.116.195.132
195.58.254.206
195.64.143.36
195.114.149.110
195.114.157.81
195.135.236.138
195.191.247.98
195.225.228.156
200.116.20.61
212.15.151.42
212.22.192.224
212.28.84.202
212.80.56.118
212.92.246.198
212.115.243.25
212.142.90.46
213.111.137.90
213.111.138.73
213.111.151.140
213.111.161.210
213.111.163.0
213.111.184.48
213.111.203.203
213.111.248.124
213.130.8.151
213.142.49.167
213.231.22.235
213.231.39.31
217.24.64.168
217.30.203.39
217.67.67.229
217.73.85.49
217.73.85.156

Some files were not shown because too many files have changed in this diff Show More