...
Extreme_Log
This feed is designed to log potentially malicious indicators that are too low confidence to include in the Extreme Block list. This feed is not appropriate for most uses, and is not recommended unless your specific environment has a unique need. Use at your own risk. It is a companion to the Extreme Block feed.
FarsightNOD
Provides an incremental layer of defense to combat malware exfiltration, brand abuse, and spam-based attacks which originate or terminate at newly-launched domains.
...
SURBL_Multi_Lite
Designed to fit on appliances with limitations on the number of threat intelligence entries that can be loaded, SURBL Multi lite is a subset of threat intelligence entries from the SURBL Multi threat feed. SURBL Multi Lite is narrowed down to include concise and targeted threat intelligence focusing on only the most current and fully malicious sites. The combined set includes malware, phishing and botnet activity.Sanctions
Spambot_DNSBL_IP
...
Sanctions IP (Embargoed)
The US OFAC Sanctions IP feed can be blocked based on company policy. The feed blocks nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria, and Venezuela)
Sanctions-High
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. Contains IP's assigned to United States high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.
...
In DNSBL format, this feed contains IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. Can be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance. please note, the Spambot_DNSBL_IP feed contains the same data as the Spambot IP feed above, but is formatted differently for RPZ zone file use.
Spambot_IP
The Spambot_IP feed uses uspicious/malicious as sources. IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. IPs listed are also frequently found with a poor/negative reputation on that IP address. Recommended to run in ‘logging’ mode prior to blocking to see what would have been blocked. Can also be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance.
Suspicous_Domains
The Suspicious omainss feed enables protection against hostnames that have not been directly linked to malicious behavior but behave in a manner that suggests malicious behavior may be imminent.
Suspicious indicators
The suspicious indicators feed identifies sites that should be blocked based on clear evidence, even though an attack using the indicator has not been triggered at that time.
Suspicious-Lookalikes
The suspicious lookalikes feed includes domains that appear to impersonate other trusted domains, but have demonstrated enough abnormal behavior to warrant concern.
Suspicious-NOED
The suspicious NOED feed include High Risk, New Domains. These domains have only recently become active, and share one or more characteristics with other known malicious domains to warrant concern.
TOR_Exit_Node_IP
Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be used to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine.
US OFAC Sanctions_IP
May choose to block based on company policy. Contains IPs assigned to United States sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office Department’s Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions “Sanctions Programs and Country Information" Information” page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.
Spambot_DNSBL_IP
In DNSBL format, this feed contains IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. Can be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance. please note, the Spambot_DNSBL_IP feed contains the same data as the Spambot IP feed above, but is formatted differently for RPZ zone file use.
Spambot_IP
The Spambot_IP feed uses uspicious/malicious as sources. IPs of known spam servers. Enables protection against a computer or bot node as part of a botnet seen sending spam. IPs listed are also frequently found with a poor/negative reputation on that IP address. Recommended to run in ‘logging’ mode prior to blocking to see what would have been blocked. Can also be used to help block incoming Spam or potentially malicious emails from known spam sources by feeding into your email platform or appliance.
Suspicous_Domains
The Suspicious omainss feed enables protection against hostnames that have not been directly linked to malicious behavior but behave in a manner that suggests malicious behavior may be imminent.
Suspicious indicators
The suspicious indicators feed identifies sites that should be blocked based on clear evidence, even though an attack using the indicator has not been triggered at that time.
Suspicious-Lookalikes
The suspicious lookalikes feed includes domains that appear to impersonate other trusted domains, but have demonstrated enough abnormal behavior to warrant concern.
Suspicious-NOED
The suspicious NOED feed include High Risk, New Domains. These domains have only recently become active, and share one or more characteristics with other known malicious domains to warrant concern.
TOR_Exit_Node_IP
Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be used to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determineUS OFAC Sanctions IP (Embargoed)
The US OFAC Sanctions IP feed can be blocked based on company policy. The feed blocks nations that are embargoed (Cuba, Iran, Myanmar, North Korea, Syria, and Venezuela)
US OFAC Sanctions-High
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations in the embargoed list, plus the following: Belarus, Cambodia, Central African Republic, China, Democratic Republic of Congo, Iraq, Libya, Macao, Russia, and Yemen. Contains IP's assigned to United States high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.
US OFAC Sanctions-Med
The US OFAC Sanctions High IP feed can be blocked based on company policy. This feed blocks all of the nations included in the embargoed and high lists, plus the following: Lebanon, Somalia, South Sudan, Sudan, and Zimbabwe. Contains IP's assigned to United States medium and high-risk sanctioned countries listed by US Treasury Office of Foreign Assets Control (OFAC). The Treasury Department's Office of Foreign Asset Control (OFAC) administers and enforces economic sanctions imposed by the United States against foreign countries. More information can be found by visiting the "Sanctions Programs and Country Information" page found here: https://www.treasury.gov/resource-center/sanctions/Programs/Pages/Programs.aspx. This feed includes Geo IP data provided by MaxMind.