Tag: blacklist
abuseipdb.com – ip list
by zitstif on Nov.04, 2019, under Blacklists, Posts
Here is a list of known ‘malicious’ IPs from abuseipdb.com. It is updated daily. It’s in a list/plaintext format that should be easy to integrate.
http://zitstif.no-ip.org/badips.txt
Sha256sum:
http://zitstif.com/badipsHash.txt
http://zitstif.no-ip.org/badipsHash.txt
#Update 11/10/2019
Here are a list of offending IPs that have targeted my honeypot I have setup. This will be updated daily as well:
http://zitstif.com/badIpsHoney.txt
http://zitstif.no-ip.org/badIpsHoney.txt
Sha256sum:
http://zitstif.com/badIpsHoneyHash.txt
http://zitstif.no-ip.org/badIpsHoneyHash.txt
#Update 11/13/2019
Here’s another list of IPs that have offended the WAF I use:
http://zitstif.no-ip.org/WAFips.txt
Sha256sum:
http://zitstif.com/WAFipsHash.txt
http://zitstif.no-ip.org/WAFipsHash.txt
#Update 11/20/2019
Here’s a great post that has a bunch of lists that can be used:
https://docs.danami.com/juggernaut/user-guide/ip-block-lists
#Update 11/26/2019
Another great resource:
http://www.covert.io/threat-intelligence/
#Update 11/30/2019
Here’s another list of IPs from abuse.ch:
http://zitstif.com/abuseChlist.txt
http://zitstif.no-ip.org/abuseChlist.txt
Sha256sum:
http://zitstif.com/abuseCHhash.txt
http://zitstif.no-ip.org/abuseCHhash.txt
#Update 12/2/2019
Black Hat Direcory – Wall of shame list:
http://zitstif.com/BlackHatDirlist.txt
http://zitstif.no-ip.org/BlackHatDirlist.txt
Sha256sum:
http://zitstif.com/BlackHatDirhash.txt
http://zitstif.no-ip.org/BlackHatDirhash.txt
#Update 10/25/2020
Scamalytics Ips
http://zitstif.com/scamIps.txt
http://zitstif.no-ip.org/scamIps.txt
Sha256sum:
http://zitstif.com/scamIpshash.txt
http://zitstif.no-ip.org/scamIpshash.txt
#Update 07/17/2022
http://zitstif.com/crowdsecips.txt
http://zitstif.no-ip.org/crowdsecips.txt
Sha256sum:
http://zitstif.com/crowdsecipsHash.txt
http://zitstif.no-ip.org/crowdsecipsHash.txt
#Update 01/25/2023
http://zitstif.com/zitSSH_honey.txt
http://zitstif.no-ip.org/zitSSH_honey.txt
Sha256sum:
http://zitstif.com/zitSSH_honey_hash.txt
http://zitstif.no-ip.org/zitSSH_honey_hash.txt
#Update 3/12/2023
http://zitstif.com/zitSSH_honey2.txt
http://zitstif.no-ip.org/zitSSH_honey2.txt
Sha256sum:
http://zitstif.com/zitSSH_honey_hash2.txt
http://zitstif.no-ip.org/zitSSH_honey_hash2.txt
Protecting end users by black listing domain names
by zitstif on Mar.02, 2010, under Posts
One of the many programs that I use for Windows to help prevent and remove malware is SpyBot S&D. One of the methods that SpyBot S&D utilizes, is by editing the hosts file, which for Windows is located at (usually):
C:\WINDOWS\system32\drivers\etc\hosts
About a year ago, I was monkeying around with my hosts file and noticed all the entries put by SpyBot S&D. I thought to myself, “What a wonderful idea.” For those of you who aren’t familiar with the hosts file, please take a gander at this:
http://en.wikipedia.org/wiki/Hosts_file
Ergo, I compiled (well I used quite a bit of from the hosts file that was edited under Windows by SpyBot S&D)a list of offending domains that are usually associated with scams, malware, and/or other nefarious things and put it on my website. I felt that end users who use Linux or even Mac OS X could benefit from editing their hosts file in such a way. Here’s the hosts file:
http://zitstif.no-ip.org/THELIST.txt
MD5sum: 7ec6a57b82d53359c3bcff54d0b1cc62
For *nix end users, if you want to append THELIST.txt on the fly over the Internet via bash shell, give this a try and verify your results as root:
printf "GET /THELIST.txt HTTP/1.0\n\r\n" | nc -vv zitstif.no-ip.org 80 2>&1 | egrep -v 'HTTP|Apache|Date:|ETag:|Accept-Ranges:|Content-|Connection:|Modified:|Connection' >> /etc/hosts
By doing this, you’ll protect your end users by making the blacklisted domain names unavailable to them. This may not be perfect, but this is one of the many ways you can help prevent identity theft for your end users or even yourself.
More to come.