Skip to main content
Topic: Malicious IPs, IP ranges and Domains (Read 829 times) previous topic - next topic

Malicious IPs, IP ranges and Domains

They are in different formats.



Spamhause DROP lists (Dont Route Or Peer)

Allegedly missing IPs in other lists

SSH attackers

FTP attackers

HTTP/Apache attackers

SMTP/E-Mail Attackers

VOIP/SIP Attackers

IRC / Bots

Shodan (add ?json or ?csv for a different format than xml)

Per country/continent

Datacenters (old)

Tor exit nodes (add ?json or ?csv for a different format than xml)

Some other feeds:
Make sure to only pick ones that have had updates recently. Rest will return an error that they are not maintained.
When you choose a feed, for example "Scanners Operated by", you open the url with the type at the end, for example: or for "Rapid 7 Project Sonar" -

And some IPs from one of the links with the title "Top Attackers" (selectel, ipvolume, novogara, digitalocean, clouvider, etc.)