Here comes a good bunch of more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of April 2018: BOTSCOUT, TEAMCYRU-BOGONS, TOR-BLUTMAGIE, BLOCKLISTNET-UA, BITNODES-IO, BLOCKCHAIN-INFO, BBCAN117, IANA-BOGONS, ALIENTVAULT.

BOTSCOUT – Bot IP blacklist

BotScout helps prevent automated web scripts, known as ‘bots’, from registering on forums, polluting databases, spreading spam, and abusing forms on websites. We do this by tracking the names, IPs, and email addresses that bots use and logging them as unique signatures for future reference.

The are several lists ranging from 30 minutes to 30 days. These blacklist updates every 30 minutes and a maximum of 12000 IP addresses for 30 days retention.

ALIENVAULT-REPUTATION – IP Reputation Database

AlientVault IP reputation database collected thanks to the Open Threat Exchange Network.

This blacklist updates every 6 hours and has an average of 56000 IP addresses.

BBCAN177-MS1 – pfBlockerNG Malicious IP

Since 2015, pfBlockerNG has been protecting assets behind consumer and corporate networks of pfSense – Open Source Firewall based on FreeBSD. These lists are part of the project to protect assets from malicious attacks.

This blacklist updates every 24 hours and has an average of 5270000 IP addresses.

BITNODES-IO-30D – Bitcoin nodes IP

Bitnodes is currently being developed to estimate the size of the Bitcoin network by finding all the reachable nodes in the network. The current methodology involves sending getaddr messages recursively to find all the reachable nodes in the network, starting from a set of seed nodes.

This list aggregates the IP addresses of the Bitcoin networks nodes responding to Bitnodes.io algorithm during the last 1, 7 and 30 days. This list should not be considered malicious but could point to suspicious activities to monitor.

This blacklist updates every day and has an average of 30000 IP addresses.

BLOCKCHAIN-INFO-30D – Bitcoin nodes IP

Blockchain.info is the world’s leading software platform for digital assets. Offering the largest production blockchain platform in the world, we are using new technology to build a radically better financial system.

This list aggregates the IP addresses of the Bitcoin networks nodes connected to Blockchain.info during the last 1, 7 and 30 days. This list should not be considered malicious but could point to suspicious activities to monitor.

This blacklist updates every day and has an average of 9000 IP addresses.

BLOCKLISTNET-UA – Malicious IP

The BlockList project was created to become a protection against the negative influence of the harmful and potentially dangerous events over the Internet. First of all, this service will help internet and hosting providers to protect subscribers sites from being hacked. BlockList will help to stop receiving a large amount of spam from dubious SMTP relays or from attempts of brute force passwords to servers and network equipment.

BlockList analyzes an Internet traffic and using internal algorithms of harmful traffic identification. Using received data it adds IP addresses that perform attacks, send spam or brute force passwords to the blocking list.

This blacklist updates every 10 minutes and has an average of 15000 IP addresses.

IANA-BOGONS – Unallocated IPv4 space

This is a collection of report files that summarize the allocation status of the IPv4 address space and the Autonomous Number space. The report is generated on a daily basis using the IANA registry files, the Regional Internet Registry stats files and the Regional Internet Registry whois data.

Many ISPs and end-user firewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental or malicious misconfiguration.

This blacklist updates every day and has an average of 598684616 IP addresses.

TEAMCYMRU-BOGONS – Unallocated IPv4 space

Team-Cymru.org private and reserved addresses defined by RFC 1918, RFC 5735, RFC 6598 and netblocks that have not been allocated to a regional internet registry.

Many ISPs and end-user firewalls filter and block bogons, because they have no legitimate use, and usually are the result of accidental or malicious misconfiguration.

This blacklist updates every day and has an average of 592708608 IP addresses.

TOR-BLUTMAGIE-FULL – Full TOR servers

Tor is software and a network for enabling anonymous communication, directing Internet traffic through a worldwide, volunteer network. Tor encrypts the data, including the next node destination IP address, multiple times and sends it through a virtual circuit comprising successive, random-selection Tor relays. Once inside a Tor network, the traffic is sent from router to router along the circuit, ultimately reaching an exit node at which point the cleartext packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the Tor exit node.

The list includes all active network TOR servers: relays and exit nodes. Other lists only include exit nodes.

This blacklist updates every 30 minutes and has an average of 6000 IP addresses.

How to enable these new lists

If you are new to Apility.io and you have not signed up yet (it’s free!), then you don’t need to do anything since these lists are enabled by default with all new accounts. If you already have an Apility.io account, then you have to log into the Dashboard, go to Blacklists to enable and disable the lists individually.

Apility.io deselect Free Mail

As an example in the animated GIF above we are enabling Freemail blacklists. You should do the same with your favorite lists in the IP addresses tab.