Text only | Text with Images

RIP Webby

Computer Discussion => Computer & Network Security => Topic started by: Admin on January 22, 2022, 04:48:55 pm

Title: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:48:55 pm
They are in different formats.

General/Combined
https://www.binarydefense.com/banlist.txt (https://www.binarydefense.com/banlist.txt)
https://rules.emergingthreats.net/blockrules/compromised-ips.txt (https://rules.emergingthreats.net/blockrules/compromised-ips.txt)
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt (https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset (https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset)
https://lists.blocklist.de/lists/all.txt (https://lists.blocklist.de/lists/all.txt)

Botnets
https://sslbl.abuse.ch/blacklist/sslipblacklist.txt (https://sslbl.abuse.ch/blacklist/sslipblacklist.txt)
https://feodotracker.abuse.ch/downloads/ipblocklist.txt (https://feodotracker.abuse.ch/downloads/ipblocklist.txt)

Spamhause DROP lists (Dont Route Or Peer)
https://www.spamhaus.org/drop/drop.txt (https://www.spamhaus.org/drop/drop.txt)
https://www.spamhaus.org/drop/edrop.txt (https://www.spamhaus.org/drop/edrop.txt)
https://www.spamhaus.org/drop/dropv6.txt (https://www.spamhaus.org/drop/dropv6.txt)

Allegedly missing IPs in other lists
https://ozgur.kazancci.com/ban-me.txt (https://ozgur.kazancci.com/ban-me.txt)

SSH attackers
https://lists.blocklist.de/lists/22.txt (https://lists.blocklist.de/lists/22.txt)
https://lists.blocklist.de/lists/ssh.txt (https://lists.blocklist.de/lists/ssh.txt)
https://lists.blocklist.de/lists/bruteforcelogin.txt (https://lists.blocklist.de/lists/bruteforcelogin.txt)

FTP attackers
https://lists.blocklist.de/lists/21.txt (https://lists.blocklist.de/lists/21.txt)
https://lists.blocklist.de/lists/ftp.txt (https://lists.blocklist.de/lists/ftp.txt)
https://lists.blocklist.de/lists/proftpd.txt (https://lists.blocklist.de/lists/proftpd.txt)

HTTP/Apache attackers
https://lists.blocklist.de/lists/80.txt (https://lists.blocklist.de/lists/80.txt)
https://lists.blocklist.de/lists/443.txt (https://lists.blocklist.de/lists/443.txt)
https://lists.blocklist.de/lists/apache.txt (https://lists.blocklist.de/lists/apache.txt)

SMTP/E-Mail Attackers
https://lists.blocklist.de/lists/25.txt (https://lists.blocklist.de/lists/25.txt)
https://lists.blocklist.de/lists/110.txt (https://lists.blocklist.de/lists/110.txt)
https://lists.blocklist.de/lists/143.txt (https://lists.blocklist.de/lists/143.txt)
https://lists.blocklist.de/lists/993.txt (https://lists.blocklist.de/lists/993.txt)
https://lists.blocklist.de/lists/email.txt (https://lists.blocklist.de/lists/email.txt)
https://lists.blocklist.de/lists/mail.txt (https://lists.blocklist.de/lists/mail.txt)
https://lists.blocklist.de/lists/imap.txt (https://lists.blocklist.de/lists/imap.txt)
https://lists.blocklist.de/lists/courierimap.txt (https://lists.blocklist.de/lists/courierimap.txt)
https://lists.blocklist.de/lists/courierpop3.txt (https://lists.blocklist.de/lists/courierpop3.txt)
https://lists.blocklist.de/lists/pop3.txt (https://lists.blocklist.de/lists/pop3.txt)
https://lists.blocklist.de/lists/postfix.txt (https://lists.blocklist.de/lists/postfix.txt)

VOIP/SIP Attackers
https://lists.blocklist.de/lists/asterisk.txt (https://lists.blocklist.de/lists/asterisk.txt)
https://lists.blocklist.de/lists/sip.txt (https://lists.blocklist.de/lists/sip.txt)

IRC / Bots
https://lists.blocklist.de/lists/ircbot.txt (https://lists.blocklist.de/lists/ircbot.txt)
https://lists.blocklist.de/lists/bots.txt (https://lists.blocklist.de/lists/bots.txt)

Shodan
https://isc.sans.edu/api/threatlist/shodan/ (https://isc.sans.edu/api/threatlist/shodan/) (add ?json or ?csv for a different format than xml)

Per country/continent
https://github.com/firehol/blocklist-ipsets/tree/master/geolite2_country (https://github.com/firehol/blocklist-ipsets/tree/master/geolite2_country)
https://github.com/firehol/blocklist-ipsets/tree/master/ip2location_country (https://github.com/firehol/blocklist-ipsets/tree/master/ip2location_country)
https://github.com/firehol/blocklist-ipsets/tree/master/ipdeny_country (https://github.com/firehol/blocklist-ipsets/tree/master/ipdeny_country)
https://github.com/firehol/blocklist-ipsets/tree/master/ipip_country (https://github.com/firehol/blocklist-ipsets/tree/master/ipip_country)

Datacenters
https://github.com/firehol/blocklist-ipsets/blob/master/datacenters.netset (https://github.com/firehol/blocklist-ipsets/blob/master/datacenters.netset) (old)

Tor exit nodes
https://github.com/firehol/blocklist-ipsets/blob/master/tor_exits.ipset (https://github.com/firehol/blocklist-ipsets/blob/master/tor_exits.ipset)
https://isc.sans.edu/api/threatlist/torexit (https://isc.sans.edu/api/threatlist/torexit) (add ?json or ?csv for a different format than xml)
https://check.torproject.org/exit-addresses (https://check.torproject.org/exit-addresses)

Some other feeds:
https://isc.sans.edu/api/threatfeeds/ (https://isc.sans.edu/api/threatfeeds/)
Make sure to only pick ones that have had updates recently. Rest will return an error that they are not maintained.
When you choose a feed, for example "Scanners Operated by Onyphe.io", you open the url with the type at the end, for example: https://isc.sans.edu/api/threatlist/onyphe (https://isc.sans.edu/api/threatlist/onyphe) or for "Rapid 7 Project Sonar" - https://isc.sans.edu/api/threatlist/rapid7sonar (https://isc.sans.edu/api/threatlist/rapid7sonar)

And some IPs from one of the links with the title "Top Attackers" (selectel, ipvolume, novogara, digitalocean, clouvider, etc.)

194.147.140.0/24
92.63.197.0/24
45.155.205.0/24
94.232.46.0/24
45.146.165.0/24
167.248.133.0/24
89.248.165.0/24
45.143.200.0/24
185.193.91.0/24
185.236.11.0/24
195.54.161.0/24
79.124.62.0/24
195.54.160.0/24
192.241.223.0/24
89.248.168.0/24
92.118.161.0/24
192.241.224.0/24
46.161.27.0/24
5.180.211.0/24
192.241.222.0/24
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:49:07 pm
Check if listed in multiple blacklists:
https://www.blockedservers.com (https://www.blockedservers.com)

Unknown malicious:
https://pastebin.com/u/rdp_snitch (https://pastebin.com/u/rdp_snitch)

Spam score per ASN:
http://www.uceprotect.net/en/l3charts.php (http://www.uceprotect.net/en/l3charts.php)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:49:20 pm
Here are some blocklists
https://github.com/trick77/ipset-blacklist (https://github.com/trick77/ipset-blacklist)
https://firebog.net (https://firebog.net)
https://filterlists.com (https://filterlists.com)
https://blocklistproject.github.io/Lists/ (https://blocklistproject.github.io/Lists/)
https://github.com/notracking/hosts-blocklists (https://github.com/notracking/hosts-blocklists)
https://github.com/StevenBlack/hosts (https://github.com/StevenBlack/hosts)
https://github.com/Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist (https://github.com/Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist)
https://threatfeeds.io (https://threatfeeds.io)
https://dbl.oisd.nl (https://dbl.oisd.nl)
https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list (https://gitlab.com/The_Quantum_Alpha/the-quantum-ad-list)
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser (https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser)
https://github.com/fonic/ipfilter (https://github.com/fonic/ipfilter)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:49:32 pm
Stop forum spam IP addresses:
https://github.com/X4BNet/lists_stopforumspam/blob/main/ipv4.txt (https://github.com/X4BNet/lists_stopforumspam/blob/main/ipv4.txt)

"System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts":
https://github.com/carlospolop/MalwareWorld (https://github.com/carlospolop/MalwareWorld)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:49:44 pm
Quote from: zurigora on June 03, 2021, 07:34:10 pm (https://weboas.is/forum/index.php?msg=11488)
Quote
Stop forum spam IP addresses:
https://github.com/X4BNet/lists_stopforumspam/blob/main/ipv4.txt (https://github.com/X4BNet/lists_stopforumspam/blob/main/ipv4.txt)

"System based on +500 blacklists and 5 external intelligences to detect internet potencially malicious hosts":
https://github.com/carlospolop/MalwareWorld (https://github.com/carlospolop/MalwareWorld)
Lots of good lists on https://github.com/X4BNet/ (https://github.com/X4BNet/)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:49:56 pm
Quote from: Admin on June 04, 2021, 06:17:28 am (https://weboas.is/forum/index.php?msg=11494)
Quote
Lots of good lists on https://github.com/X4BNet/ (https://github.com/X4BNet/)
I am unsure of how the VPN list decides on which ASN's to use as only ProtonVPN is used to get IPs.
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:50:08 pm
A lot of IP lists here:
https://github.com/stamparm/maltrail/tree/master/trails/feeds (https://github.com/stamparm/maltrail/tree/master/trails/feeds)
https://github.com/stamparm/maltrail/tree/master/trails/static (https://github.com/stamparm/maltrail/tree/master/trails/static)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:50:20 pm
NextDNS's lists:
https://github.com/nextdns/metadata (https://github.com/nextdns/metadata)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:50:33 pm
https://report.cs.rutgers.edu/DROP/ (https://report.cs.rutgers.edu/DROP/) (from https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-86400 (https://report.cs.rutgers.edu/mrtg/drop/dropstat.cgi?start=-86400))
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:50:45 pm
Countries and ASNs: https://github.com/cyberhubarchive/archive/blob/master/AntiDDoS/cloudflare_ruleset.bash (https://github.com/cyberhubarchive/archive/blob/master/AntiDDoS/cloudflare_ruleset.bash)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:50:57 pm
https://github.com/astryzia/stalkerware-urls (https://github.com/astryzia/stalkerware-urls)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:51:09 pm
https://phishing.army/ (https://phishing.army/)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:51:21 pm
https://github.com/0n1cOn3/nso-blacklist (https://github.com/0n1cOn3/nso-blacklist)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:51:33 pm
Quote from: Admin on July 20, 2021, 08:03:45 am (https://weboas.is/forum/index.php?msg=12007)
Quote
https://github.com/0n1cOn3/nso-blacklist (https://github.com/0n1cOn3/nso-blacklist)
Also https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso (https://github.com/AmnestyTech/investigations/tree/master/2021-07-18_nso)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:51:45 pm
https://gist.github.com/opus-x/3e673a9d5db2a214df05929a4eee6a57 (https://gist.github.com/opus-x/3e673a9d5db2a214df05929a4eee6a57) Spotify
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:51:57 pm
List of suspicious, ad, tracking, malware and miner lists.
https://github.com/shoenig/donutdns/blob/main/sources/statics/sources.json (https://github.com/shoenig/donutdns/blob/main/sources/statics/sources.json)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:52:09 pm
https://sblam.com/blacklist.txt (https://sblam.com/blacklist.txt)

https://www.malwareworld.com/textlists/suspiciousIPs.txt (https://www.malwareworld.com/textlists/suspiciousIPs.txt)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:52:21 pm
Has list of IPs appearing on multiple lists from 1 to 8. Based on 30+ other lists.
https://github.com/stamparm/ipsum (https://github.com/stamparm/ipsum)

Little outdated
https://github.com/safing/intel-data (https://github.com/safing/intel-data)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:52:34 pm
"Fighting phishing and cybercrime since 2014 by gathering, enhancing and sharing phishing information with the infosec community.":
https://phishstats.info/ (https://phishstats.info/)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:52:46 pm
List of other lists:
https://rethinkdns.com/configure (https://rethinkdns.com/configure)

Many categories (porn, gambling, banks, phishing, vpn, warez, for children, radio, chats, etc.)
https://github.com/olbat/ut1-blacklists/ (https://github.com/olbat/ut1-blacklists/)
                  
Title: Re: Malicious IPs, IP ranges and Domains
Post by: Admin on January 22, 2022, 04:52:58 pm
List of 3 lists of other malicious, advertising and more domains:
https://v.firebog.net/hosts/lists.php (https://v.firebog.net/hosts/lists.php)
                  
Text only | Text with Images