| Feed | RPZ Name | Retirement Date | Reason |
|---|---|---|---|
| Bot-IP | bot-ip.rpz.infoblox.local | 4/1/2023 | IP addresses are frequently reused for multiple sites, and blocking the ones associated with such systems ran the high risk of inadvertent blocking (I.E. False Positive). Many indicators here could be blocked in other ways, so the source is blocked in other similar feeds, making this redundant. |
| Spambot-IP | spambot-ip.rpz.infoblox.local | 4/1/2023 | |
| ExploitKit_IP | exploitkit-ip.rpz.infoblox.local | 4/1/2023 | |
| Ext_ExploitKit_IP | ext-exploitkit-ip.rpz.infoblox.local | 4/1/2023 | |
| Ext_TOR_Exit_Node_IP | ext-tor-exit-node-ip.rpz.infoblox.local | 4/1/2023 | |
| NCCIC_Host | nccic-host.rpz.infoblox.local | 6/1/2023 | The curation process for these feeds (I.E. removing false positives) frequently left these feeds empty. The ones that remained are present in other feeds, making these feeds redundant. |
| NCCIC_IP | nccic-ip.rpz.infoblox.local | 6/1/2023 | |
SURBL Fresh Domains | not available | 4/1/2023 | SURBL feeds are no longer supported. |
SURBL Multi Domains | not available | 4/1/2023 | |
| SURBL Multi Lite Domains | not available | 4/1/2023 | |
| Base Hostnames | base.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | The following feeds are approaching end of service and in their place, Infoblox is offering a set of new RPZ feeds designed to replace the deprecated feeds. |
| AntiMalware | antimalware.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Ransomware | ransomware.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Malware DGA Hostnames | malware-dga.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Antimalware IP | antimalware-ip.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Suspicious | sanctions-med.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Suspicious Lookalike | suspicious-lookalikes.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Suspicious NOED | suspicious-noed.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Newly Observed Emergent Domains | noed.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
Spambot IPs DNSBL | spambot-dnsbl-ip.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | We also do not see much value having a separate feed for Spam IPs. IPs can be reassigned and result in false positives. Those confirmed IPs that are part of malicious infrastructure are already part of Critical IP feeds that we monitor and update. This spambot IP feed had 0 indicators for a while now, therefore we can effectively deprecate this feed. |
| Extended Base & anti-malware Hostnames | ext-base-antimalware.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | With the deprecation of the old RPZ feeds and the release of the new RPZ feeds, infoblox will also be deprecating the extended feeds listed below. In the case of these feeds, they have lately been carrying zero indicators. Earlier when a malicious domain’s TTL expires, the domain was added to the corresponding Extended feeds, extending their lifetime. We updated that logic to verify the validity of the domain, on expiry. The domain is added to the same feed if it's still valid (as opposed to separate Extended feeds). As a result, the extended feeds were carrying zero indicators lately. At this point, we can effectively deprecate the below extended feeds. |
| Extended Ransomware | ext-ransomware.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Extended AntiMalware IPs | ext-base-antimalware.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Extreme Block | ib-extreme-block.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | Given that we have consolidated and simplified the core feed structure, there is no need for the Combination feeds. Combination feed was introduced to provide the ability to abstract the details of individual feed and create a wrapper for extreme, high, medium and low risk. The consolidated and simplified new core feeds provide that in the feed itself and the name of the core feeds reflect the risk level. For those reasons, the below Combination feeds will be deprecated. |
| Extreme Log | ib-extreme-log.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| High Block | ib-high-block.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| High Log | ib-high-log.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Med Block | ib-med-block.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Med Log | ib-med-log.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Low Block | ib-low-block.rpz.infoblox.local | 12/2024 (scheduled for deprecation) | |
| Low Log | ib-low-log.rpz.infoblox.local | 12/2024 (scheduled for deprecation) |
...