Tag Archives: blacklist

abuseipdb.com – ip list – IP Blacklists

Here is a list of known ‘malicious’ IPs from abuseipdb.com. It is updated daily. It’s in a list/plaintext format that should be easy to integrate.

http://zitstif.com/badips.txt

http://zitstif.no-ip.org/badips.txt

Sha256sum:

http://zitstif.com/badipsHash.txt

http://zitstif.no-ip.org/badipsHash.txt

#Update 11/10/2019

Here are a list of offending IPs that have targeted my honeypot I have setup. This will be updated daily as well:

http://zitstif.com/badIpsHoney.txt

http://zitstif.no-ip.org/badIpsHoney.txt

Sha256sum:

http://zitstif.com/badIpsHoneyHash.txt

http://zitstif.no-ip.org/badIpsHoneyHash.txt

#Update 11/13/2019

Here’s another list of IPs that have offended the WAF I use:

http://zitstif.com/WAFips.txt

http://zitstif.no-ip.org/WAFips.txt

Sha256sum:

http://zitstif.com/WAFipsHash.txt

http://zitstif.no-ip.org/WAFipsHash.txt

#Update 11/20/2019

Here’s a great post that has a bunch of lists that can be used:

https://docs.danami.com/juggernaut/user-guide/ip-block-lists

#Update 11/26/2019

Another great resource:

http://www.covert.io/threat-intelligence/

#Update 11/30/2019

Here’s another list of IPs from abuse.ch:

http://zitstif.com/abuseChlist.txt

http://zitstif.no-ip.org/abuseChlist.txt

Sha256sum:

http://zitstif.com/abuseCHhash.txt

http://zitstif.no-ip.org/abuseCHhash.txt

#Update 12/2/2019

Black Hat Direcory – Wall of shame list:

http://zitstif.com/BlackHatDirlist.txt

http://zitstif.no-ip.org/BlackHatDirlist.txt

Sha256sum:

http://zitstif.com/BlackHatDirhash.txt

http://zitstif.no-ip.org/BlackHatDirhash.txt

#Update 10/25/2020

Scamalytics Ips

http://zitstif.com/scamIps.txt

http://zitstif.no-ip.org/scamIps.txt

Sha256sum:

http://zitstif.com/scamIpshash.txt

http://zitstif.no-ip.org/scamIpshash.txt

#Update 07/17/2022

http://zitstif.com/crowdsecips.txt

http://zitstif.no-ip.org/crowdsecips.txt

Sha256sum:

http://zitstif.com/crowdsecipsHash.txt

http://zitstif.no-ip.org/crowdsecipsHash.txt

#Update 01/25/2023

http://zitstif.com/zitSSH_honey.txt

http://zitstif.no-ip.org/zitSSH_honey.txt

Sha256sum:

http://zitstif.com/zitSSH_honey_hash.txt

http://zitstif.no-ip.org/zitSSH_honey_hash.txt

#Update 3/12/2023

http://zitstif.com/zitSSH_honey2.txt

http://zitstif.no-ip.org/zitSSH_honey2.txt

Sha256sum:

http://zitstif.com/zitSSH_honey_hash2.txt

http://zitstif.no-ip.org/zitSSH_honey_hash2.txt

#Update 5/25/2024

http://zitstif.no-ip.org/Firewallwaf.txt

http://zitstif.com/Firewallwaf.txt

Sha256sum:

http://zitstif.no-ip.org/Firewallwafhash.txt

http://zitstif.com/Firewallwafhash.txt

#Update 6/24/2024

http://zitstif.no-ip.org/zit_shame_list.txt

http://zitstif.com/zit_shame_list.txt

Sha256sum:

http://zitstif.no-ip.org/zit_shame_list_hash.txt

http://zitstif.com/zit_shame_list_hash.txt

 

 

 

Protecting end users by black listing domain names

One of the many programs that I use for Windows to help prevent and remove malware is SpyBot S&D.  One of the methods that SpyBot S&D utilizes, is by editing the hosts file, which for Windows is located at (usually):

C:\WINDOWS\system32\drivers\etc\hosts

About a year ago, I was monkeying around with my hosts file and noticed all the entries put by SpyBot S&D. I thought to myself, “What a wonderful idea.” For those of you who aren’t familiar with the hosts file, please take a gander at this:

http://en.wikipedia.org/wiki/Hosts_file

Ergo, I compiled (well I used quite a bit of from the hosts file that was edited under Windows by SpyBot S&D)a list of offending domains that are usually associated with scams, malware, and/or other nefarious things and put it on my website. I felt that end users who use Linux or even Mac OS X could benefit from editing their hosts file in such a way. Here’s the hosts file:

http://zitstif.no-ip.org/THELIST.txt
MD5sum: 7ec6a57b82d53359c3bcff54d0b1cc62

For *nix end users, if you want to append THELIST.txt on the fly over the Internet via bash shell, give this a try and verify your results as root:

printf "GET /THELIST.txt HTTP/1.0\n\r\n" | nc -vv zitstif.no-ip.org 80 2>&1 | egrep -v 'HTTP|Apache|Date:|ETag:|Accept-Ranges:|Content-|Connection:|Modified:|Connection'  >> /etc/hosts

By doing this, you’ll protect your end users by making the blacklisted domain names unavailable to them. This may not be perfect, but this is one of the many ways you can help prevent identity theft for your end users or even yourself.

More to come.