iBlacklist.conf

# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# http://tools.ietf.org/html/rfc5735
# "This" network
0.0.0.0/8
# Private networks
10.0.0.0/8
# Carrier-grade NAT - RFC 6598
100.64.0.0/10
# Host loopback
127.0.0.0/8
# Link local
169.254.0.0/16
# Private networks
172.16.0.0/12
# IETF Protocol Assignments
192.0.0.0/24
# DS-Lite
192.0.0.0/29
# NAT64
192.0.0.170/32
# DNS64
192.0.0.171/32
# Documentation (TEST-NET-1)
192.0.2.0/24
# 6to4 Relay Anycast
192.88.99.0/24
# Private networks
192.168.0.0/16
# Benchmarking
198.18.0.0/15
# Documentation (TEST-NET-2)
198.51.100.0/24
# Documentation (TEST-NET-3)
203.0.113.0/24
# Reserved
240.0.0.0/4
# Limited Broadcast
255.255.255.255/32

#RFC 5771: Multicast/Reserved
224.0.0.0/4

# Exclusion requests

#Received: from elbmasnwh002.us-ct-eb01.gdeb.com ([153.11.13.41]
# helo=ebsmtp.gdeb.com)	by mx1.gd-ms.com with esmtp (Exim 4.76)	(envelope-from
# <bmandes@gdeb.com>)	id 1VS55c-0004qL-0F	for support@erratasec.com; Fri, 04
# Oct 2013 09:06:40 -0400
#To: <support@erratasec.com>
#CC: <ebsoc@gdeb.com>
#Subject: Scanning and Probing our network
#From: Robert Mandes <bmandes@gdeb.com>
#Date: Fri, 4 Oct 2013 09:06:36 -0400
#
#Stop scanning and probing our network, 153.11.0.0/16.  We are a defense 
#contractor and report to Federal law enforcement authorities when scans 
#and probes are directed at our network.  I assume you don't want to be 
#part of that report.   Please permanently  remove our network range from 
#your current and future research. 
#
#Thank you 
#
#Robert Mandes
#Information Security Officer
#General Dynamics 
#Electric Boat 
#
#C 860-625-0605
#P 860-433-1553

153.11.0.0/16

# IU.edu - 2013/10/07
# bro IDS complains "scanned at least 50 unique hosts"
129.79.0.0/16
134.68.0.0/16
140.182.0.0/16
149.159.0.0/16
149.160.0.0/16
149.161.0.0/16
149.162.0.0/16
149.163.0.0/16
149.165.0.0/16
149.166.0.0/16
156.56.0.0/16


# Masscan exclude chunk
#Date: Mon, 7 Oct 2013 17:25:41 -0700
#Subject: Re: please stop the attack to our router
#From: Di Li <di@egihosting.com>
#
#Make sure you stop the scan immediately, that's not OK for any company or
#organization scan our network at all.
#
#If you fail to do that we will block whole traffic from ASN 10439, and we
#will fail a police report after that.
#
#Let me know when you stop, since we still receive the attack from you, and
#by the way your scan are not going anywhere, it's was dropped from our edge
#since the first 5 scan
#
#Oct  7 17:17:32:I:SNMP: Auth. failure, intruder IP:  209.126.230.72
#...
#Oct  7 16:55:27:I:SNMP: Auth. failure, intruder IP:  209.126.230.72
#
#Di

4.53.201.0/24
5.152.179.0/24
8.12.162.0/23
8.12.164.0/24
8.14.84.0/22
8.14.145.0/24
8.14.146.0/23
8.17.250.0/23
8.17.252.0/24
23.27.0.0/16
23.231.128.0/17
37.72.172.0/23
38.72.200.0/22
50.93.192.0/22
50.93.196.0/23
50.115.128.0/20
50.117.0.0/17
50.118.128.0/17
63.141.222.0/24
64.62.253.0/24
64.92.96.0/19
64.145.79.0/24
64.145.82.0/23
64.158.146.0/23
65.49.24.0/24
65.49.93.0/24
65.162.192.0/22
66.79.160.0/19
66.160.191.0/24
68.68.96.0/20
69.46.64.0/19
69.176.80.0/20
72.13.80.0/20
72.52.76.0/24
74.82.43.0/24
74.82.160.0/19
74.114.88.0/22
74.115.0.0/24
74.115.2.0/24
74.115.4.0/24
74.122.100.0/22
75.127.0.0/24
103.251.91.0/24
108.171.32.0/24
108.171.42.0/24
108.171.52.0/24
108.171.62.0/24
118.193.78.0/23
130.93.16.0/23
136.0.0.0/16
142.111.0.0/16
142.252.0.0/16
146.82.55.93
149.54.136.0/21
149.54.152.0/21
166.88.0.0/16
172.252.0.0/16
173.245.64.0/19
173.245.194.0/23
173.245.220.0/22
173.252.192.0/18
178.18.16.0/22
178.18.26.0/23
178.18.28.0/23
183.182.22.0/24
192.92.114.0/24
192.155.160.0/19
192.177.0.0/16
192.186.0.0/18
192.249.64.0/20
192.250.240.0/20
194.110.214.0/24
198.12.120.0/23
198.12.122.0/24
198.144.240.0/20
199.33.120.0/24
199.33.124.0/22
199.48.147.0/24
199.68.196.0/22
199.127.240.0/21
199.187.168.0/22
199.188.238.0/23
199.255.208.0/24
203.12.6.0/24
204.13.64.0/21
204.16.192.0/21
204.19.238.0/24
204.74.208.0/20
205.159.189.0/24
205.164.0.0/18
205.209.128.0/18
206.108.52.0/23
206.165.4.0/24
208.77.40.0/21
208.80.4.0/22
208.123.223.0/24
209.51.185.0/24
209.54.48.0/20
209.107.192.0/23
209.107.210.0/24
209.107.212.0/24
211.156.110.0/23
216.83.33.0/24
216.83.34.0/23
216.83.36.0/22
216.83.40.0/21
216.83.48.0/23
216.83.51.0/24
216.83.52.0/22
216.83.56.0/21
216.151.183.0/24
216.151.190.0/23
216.172.128.0/19
216.185.36.0/24
216.218.233.0/24
216.224.112.0/20

#Received: from [194.77.40.242] (HELO samba.agouros.de)
# for abuse@erratasec.com; Sat, 12 Oct 2013 09:55:35 -0500
#Received: from rumba.agouros.de (rumba-internal [192.168.8.1])	by
# samba.agouros.de (Postfix) with ESMTPS id 9055FBAD1D	for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#Received: from rumba.agouros.de (localhost [127.0.0.1])	by rumba.agouros.de
# (Postfix) with ESMTP id 7B5DD206099	for <abuse@erratasec.com>; Sat, 12 Oct
# 2013 16:55:32 +0200 (CEST)
#Received: from localhost.localdomain (localhost [127.0.0.1])	by
# rumba.agouros.de (Postfix) with ESMTP id 5FBC420601D	for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#To: <abuse@erratasec.com>
#Subject: Loginattempts from Your net
#Message-ID: <20131012145532.5FBC420601D@rumba.agouros.de>
#Date: Sat, 12 Oct 2013 16:55:32 +0200
#From: <elwood@agouros.de>
#
#The address 209.126.230.72 from Your network tried to log in to
#our network using Port 22 (1)/tcp. Below You will find a listing of the dates and
#times the incidents occured as well as the attacked IP-Addresses.
#This is a matter of concern for us and continued tries might result in
#legal action. If the machine was victim to a hack take it offline, repair
#the damage and use better protection next time.
#The times included are in Central European (Summer) Time.
#Date	Sourceip	port	destips
#
#07.10.2013 22:34:40 CEST	209.126.230.72	22	194.77.40.242 (1)
#08.10.2013 01:44:15 CEST	209.126.230.72	22	194.77.40.246 (1)
#
#Regards,
#Konstantin Agouros

194.77.40.242/32
194.77.40.246/32

# Hetzner.de
5.9.0.0/16
46.4.0.0/16
78.46.0.0/15
85.10.192.0/18
88.198.0.0/16
91.220.49.0/24
91.233.8.0/22
93.190.136.0/21
109.236.80.0/20
144.76.0.0/16
176.9.0.0/16
176.102.168.0/21
178.63.0.0/16
185.12.64.0/22
188.40.0.0/16
193.25.170.0/23
193.47.99.0/24
193.110.6.0/23
193.223.77.0/24
194.42.180.0/22
194.42.184.0/22
194.145.226.0/24
197.242.84.0/22
213.133.96.0/19
213.239.192.0/18
217.23.0.0/20

# Snel Internet Services B.V. (aka abuse.bz)
5.104.224.0/21
37.25.46.251/32
37.148.160.0/21
77.95.224.0/21
78.41.200.0/21
89.207.128.0/21
128.204.192.0/20
178.255.199.0/24
193.33.60.0/23
193.34.166.0/23
195.20.204.0/23
217.18.70.0/23

# Navy Network Information Center (NNIC)
128.34.0.0/16
128.38.0.0/16
128.49.0.0/16
128.60.0.0/16
128.160.0.0/16
129.131.0.0/16
129.190.0.0/16
130.46.0.0/16
130.109.0.0/16
130.163.0.0/16
131.120.0.0/15
131.122.0.0/16
131.158.0.0/16
131.250.0.0/17
131.250.128.0/18
131.250.192.0/20
131.250.240.0/23
131.250.242.0/24
131.250.244.0/24
131.250.246.0/24
131.250.248.0/24
131.250.250.0/24
132.250.0.0/16
134.207.0.0/16
134.229.58.0/24
134.229.208.0/24
134.229.216.0/24
137.24.0.0/16
137.67.240.0/24
137.247.0.0/16
138.136.15.0/24
138.141.0.0/16
138.143.61.0/24
138.145.0.0/16
138.147.0.0/16
138.162.0.0/15
138.169.4.0/22
138.169.8.0/21
138.169.16.0/20
138.169.32.0/19
138.169.64.0/19
138.169.96.0/21
138.178.0.0/15
138.180.0.0/14
140.100.0.0/16
140.178.0.0/16
140.229.10.0/24
140.229.21.0/24
140.229.32.0/23
140.229.34.0/24
143.113.0.0/16
144.141.0.0/16
144.169.0.0/16
144.247.0.0/16
146.68.0.0/16
152.80.0.0/16
155.252.0.0/16
157.141.0.0/16
157.187.0.0/16
159.71.0.0/16
160.107.0.0/16
160.125.0.0/16
160.127.0.0/16
160.128.0.0/16
163.251.100.0/24
164.94.0.0/16
164.105.0.0/16
164.167.0.0/16
164.221.0.0/16
164.223.0.0/16
192.5.27.0/24
192.5.41.0/24
192.5.47.0/24
192.16.167.0/24
192.31.147.0/24
192.31.174.0/24
192.35.62.0/24
192.42.41.0/24
192.48.215.0/24
192.48.216.0/24
192.55.240.0/24
192.58.181.0/24
192.68.148.0/24
192.73.215.0/24
192.86.77.0/24
192.91.138.0/24
192.101.120.0/21
192.101.128.0/22
192.101.132.0/23
192.108.2.0/23
192.108.4.0/22
192.108.8.0/21
192.108.222.0/23
192.111.116.0/23
192.111.225.0/24
192.111.227.0/24
192.132.16.0/22
192.135.193.0/24
192.138.87.0/24
192.149.151.0/24
192.149.204.0/24
192.160.158.0/23
192.171.8.0/22
192.171.12.0/24
192.187.4.0/22
192.189.42.0/24
192.190.60.0/24
192.190.228.0/23
192.195.30.0/24
192.207.114.0/24
192.207.179.0/24
192.207.181.0/24
192.207.212.0/24
192.207.223.0/24
192.207.228.0/22
192.211.64.0/19
192.211.99.0/24
192.222.87.0/24
192.231.128.0/24
198.17.191.0/24
198.17.242.0/24
198.22.146.0/24
198.49.226.0/23
198.49.228.0/23
198.49.230.0/24
198.49.232.0/21
198.49.240.0/24
198.55.92.0/23
198.62.64.0/23
198.62.66.0/24
198.97.72.0/21
198.97.81.0/24
198.97.82.0/23
198.97.84.0/22
198.97.88.0/24
198.97.95.0/24
198.97.96.0/19
198.97.138.0/24
198.97.153.0/24
198.97.154.0/23
198.97.167.0/24
198.97.234.0/23
198.97.236.0/24
198.154.128.0/19
198.154.160.0/20
198.253.0.0/16
199.9.0.0/24
199.9.2.0/24
199.10.8.0/24
199.10.10.0/23
199.10.16.0/22
199.10.20.0/23
199.10.22.0/24
199.10.24.0/23
199.10.62.0/24
199.10.127.0/24
199.10.136.0/23
199.10.140.0/24
199.10.148.0/24
199.10.152.0/22
199.10.187.0/24
199.10.188.0/22
199.10.192.0/24
199.10.228.0/24
199.10.231.0/24
199.10.233.0/24
199.10.239.0/24
199.10.247.0/24
199.114.8.0/22
199.114.16.0/23
199.114.20.0/23
199.114.23.0/24
199.114.26.0/23
199.114.28.0/24
199.114.30.0/24
199.121.4.0/22
199.121.71.0/24
199.121.74.0/23
199.121.76.0/24
199.121.78.0/23
199.121.83.0/24
199.121.84.0/23
199.121.87.0/24
199.121.89.0/24
199.121.91.0/24
199.121.94.0/24
199.121.96.0/19
199.121.130.0/24
199.121.146.0/24
199.121.166.0/24
199.121.169.0/24
199.121.174.0/23
199.121.185.0/24
199.121.189.0/24
199.121.224.0/19
199.123.16.0/20
204.238.129.0/24
205.56.0.0/13
205.64.0.0/11
205.96.0.0/13
205.104.0.0/14
205.108.0.0/15
205.110.0.0/16
205.115.0.0/16

# Defense Data Network
21.0.0.0/8

# DISA
29.0.0.0/8
30.0.0.0/8
22.0.0.0/8

# DOD Intel Information Systems
11.0.0.0/8

# Defense Logistics Agency
33.0.0.0/8

# DoD Network Information Center
22.30.204.0/23
33.65.1.0/24
33.75.100.0/24
214.69.243.0/24
214.69.248.0/23
214.69.252.0/23
214.72.0.0/21
214.72.8.0/23
215.0.0.0/9

# Columbia University
128.59.0.0/16
129.236.0.0/16
156.111.0.0/16
156.145.0.0/16
160.39.0.0/16
192.5.43.0/24
192.12.82.0/24
207.10.136.0/21
209.2.47.0/24
209.2.48.0/22
209.2.185.0/24
209.2.208.0/20
209.2.224.0/20

# Universidade Estadual de Campinas - Unicamp
143.106.0.0/16
177.8.96.0/20
177.220.0.0/17

# Caltech
131.215.0.0/16

# Physics Network at McGill University
132.206.9.0/24
132.206.123.0/24
132.206.125.0/24

#Received: from [165.160.9.58] (HELO mx2.cscinfo.com)
#X-Virus-Scanned: amavisd-new at cscinfo.com
#Received: from mx2.cscinfo.com ([127.0.0.1])	by localhost
# (plmail02.wil.csc.local [127.0.0.1]) (amavisd-new, port 10024)	with ESMTP id
# GGQ7EiQaK2P0 for <protodev@erratasec.com>;	Wed, 30 Oct 2013 09:26:00 -0400
# (EDT)
#Received: from casarray.cscinfo.com (pwmailch02.cscinfo.com [172.20.53.94])	by
# mx2.cscinfo.com (Postfix) with ESMTPS id 4BA5E58170	for
# <protodev@erratasec.com>; Wed, 30 Oct 2013 09:26:00 -0400 (EDT)
#Received: from PWMAILM02.cscinfo.com ([169.254.7.52]) by
# PWMAILCH02.cscinfo.com ([172.20.53.94]) with mapi id 14.02.0247.003; Wed, 30
# Oct 2013 09:26:00 -0400
#From: "Derksen, Bill" <bderksen@cscinfo.com>
#Subject: Unauthorized Scanning
#Date: Wed, 30 Oct 2013 13:25:59 +0000
#Message-ID: <1F80316A0C861F40A9A88F18465F138E01EF885F@PWMAILM02.cscinfo.com>
#x-originating-ip: [172.31.252.72]
#
#We have detected unauthorized activity from your systems on our public netw=
#ork.   Please suspend scanning of our networks immediately.
#
#Our network block is 165.160/16
#
#Further scanning will result in reports of unauthorized activity being file=
#d with law enforcement agencies.
#
#Corporation Service Company
#
#
#
#________________________________
#
#NOTICE: This e-mail and any attachments is intended only for use by the add=
#ressee(s) named herein and may contain legally privileged, proprietary or c=
#onfidential information. If you are not the intended recipient of this e-ma=
#il, you are hereby notified that any dissemination, distribution or copying=
# of this email, and any attachments thereto, is strictly prohibited. If you=
# receive this email in error please immediately notify me via reply email o=
#r at (800) 927-9800 and permanently delete the original copy and any copy o=
#f any e-mail, and any printout.

165.160.0.0/16

# gpo.gov
162.140.0.0/16

# complained about "intrusion attempts"
192.241.175.237/32

# another individual complainer
95.211.216.152/32

# winbiz
198.0.232.64/26

# darknet.superb.net / hopone.net
95.211.216.152

# VIRGINIA COMMUNITY COLLEGE SYSTEM
164.106.110.0/23
164.106.112.0/22
164.106.116.0/23
# MCGILL UNIVERSITY	
132.206.9.0/24
132.206.123.0/24
132.206.125.0/24
# Mountain Empire Community College
164.106.110.0/23
164.106.112.0/22
164.106.116.0/23
# HOLYOKE GAS & ELECTRIC DEPARTMENT
216.19.224.0/19
# MIXEDSIGNAL/Blue Danube Software
204.238.34.0/24
# United States Government Printing Office
162.140.0.0/16
# West Virginia University
72.50.128.0/18
69.161.224.0/19
157.182.0.0/16
# Blue Cross Blue Shield of South Carolina
204.28.103.0/24
207.19.198.0/24
208.216.160.0/22
208.60.144.0/24
208.60.145.0/24
208.60.146.0/24
208.60.147.0/24
208.83.144.0/21
# UCEProtect
104.218.16.250/32
123.176.37.147/32
182.18.172.78/32
188.94.115.58/32
190.196.123.27/32
190.55.63.65/32
193.138.29.11/32
194.95.224.137/32
199.187.241.194/32
202.91.163.23/32
204.13.169.44/32
208.66.0.0/22
208.77.218.114/32
208.91.131.6/32
209.126.213.95/32
213.134.5.59/32
217.172.180.108/32
217.23.48.85/32
217.23.49.178/32
217.23.49.207/32
217.23.49.208/32
31.25.98.231/32
41.208.68.110/32
62.116.159.16/32
64.113.32.6/32
65.60.35.74/32
65.60.35.76/32
66.240.236.50/32
67.58.96.162/32
69.30.193.210/32
70.38.37.139/32
72.13.86.154/32
74.208.254.26/32
83.169.55.16/32
89.146.248.26/32
91.82.12.244/32
94.46.3.36/32
96.31.84.20/32

# Bonntel.de
185.27.252.0/22
# bravurasolutions.com
62.208.155.0/24
62.208.159.0/24
217.135.38.0/24
217.135.16.0/24
# Windstream Nuvox, Inc.
75.77.140.0/24

# caltech.edu for security holes
134.4.247.0/24
134.4.56.0/24
134.4.58.0/24
134.4.139.0/24
134.4.118.0/24
131.215.52.0/24
131.215.254.0/24
134.4.150.0/24
131.215.33.0/24
131.215.22.0/24
134.4.173.0/24
131.215.235.0/24
131.215.168.0/24
134.4.141.0/24
134.4.134.0/24
134.4.245.0/24
134.4.107.0/24
134.4.46.0/24
134.4.160.0/24

# USU Network Security Team/Utah State University Information Technology
##******************************
#Greetings from the IT Security Team at Utah State University.
#
#We have detected network activity that might be suspicious or
#malicious. We think it might be sourced from your network. We
#include IP Addresses as well as description, log snippets, and
#other useful information.
#
#Please review this information or forward to the responsible person.
129.123.0.0/16
144.39.0.0/16
204.113.91.0/24

# SpaceNet Netmaster
193.149.51.157/32
195.30.4.200/32
193.149.51.167/32
194.97.71.226/32
194.97.71.191/32
194.97.70.87/32
194.97.70.189/32
195.30.4.42/32
195.30.4.23/32
193.149.51.80/32
194.97.71.200/32
194.97.70.75/32
193.149.51.40/32
195.30.4.252/32
194.97.71.83/32
195.30.4.230/32
193.149.51.183/32
195.30.4.117/32
194.97.71.159/32
193.149.51.73/32
194.97.70.212/32
194.97.71.43/32
195.30.4.184/32
194.97.70.237/32
194.97.70.23/32
194.97.70.43/32
194.97.70.73/32
194.97.71.192/32
194.97.70.110/32
195.30.4.61/32
194.97.71.99/32
194.97.71.163/32
194.97.71.86/32
193.149.51.26/32
193.149.51.21/32
193.149.51.33/32
193.149.51.110/32
194.97.70.51/32
194.97.70.115/32
195.30.4.226/32
194.97.71.113/32
193.149.51.166/32
195.30.4.180/32
193.149.51.25/32
193.149.51.114/32
193.149.51.220/32
194.97.70.143/32
193.149.51.32/32
194.97.70.197/32
194.97.70.23/32
195.30.4.114/32
194.97.71.207/32
193.149.51.184/32
194.97.70.135/32
194.97.70.175/32
195.30.4.113/32
194.97.70.158/32
194.97.71.172/32
193.149.51.206/32
194.97.71.210/32
194.97.70.186/32
194.97.70.166/32
195.30.4.199/32
194.97.70.100/32
194.97.70.254/32
195.30.4.145/32
194.97.70.93/32
195.30.4.39/32
195.30.4.254/32
193.149.51.254/32
195.30.4.78/32
194.97.70.154/32
195.30.4.22/32
195.30.4.126/32
194.97.71.19/32
195.30.4.134/32
193.149.51.118/32
194.97.71.161/32
193.149.51.133/32
195.30.4.103/32
194.97.70.35/32
194.97.70.36/32
195.30.4.80/32
195.30.4.75/32
195.30.4.208/32
193.149.51.207/32
194.97.70.132/32
193.149.51.15/32
193.149.51.21/32
194.97.71.107/32
194.97.71.35/32
194.97.70.136/32
194.97.70.32/32
194.97.70.207/32
195.30.4.125/32
194.97.71.75/32
194.97.70.76/32
193.149.51.142/32
193.149.51.1/32
193.149.51.120/32
#  at love.zweije.nl
80.101.26.192/32
# at mrgutmfw01.matera.com mtso@matera.com
200.150.105.116/32
200.150.105.114/32
200.150.105.115/32
201.22.95.45/32
201.16.252.0/24
200.159.123.52/32
200.159.123.50/32
200.159.123.51/32
# Hetzner Online AG network-abuse@hetzner.de
138.201.0.0/16

# Meta Payment Systems  IS Security Manager Chris Secrest<csecrest@metabank.com>
65.113.7.0/24
65.123.45.0/24
66.115.233.0/24
64.33.251.0/26
66.115.218.160/29
66.231.6.0/25
66.231.14.32/27
74.7.153.240/29

# please exclude following IPs from your Scans postmaster@shadowadmins.com: 
134.119.42.215/32
134.119.4.213/32

# For further details on WARB see: https://www.webiron.com/warb.html removes_abuse-AT-plusserver.de@abuse-reporting.webiron.com
5.133.182.0/24
23.91.17.0/24
96.47.225.0/24
5.133.182.0/24

# The packets form a network scan for tcp/8000 (126 machines scanned). gert-ids1@space.net
194.97.71.49/32
194.97.70.63/32
194.97.71.21/32
194.97.71.67/32
194.97.70.130/32
194.97.71.201/32
194.97.70.231/32
195.30.4.222/32
193.149.51.100/32
194.97.71.135/32
193.149.51.217/32
193.149.51.128/32
193.149.51.85/32
193.149.51.145/32
194.97.70.249/32
195.30.4.106/32
195.30.4.83/32
193.149.51.107/32
194.97.70.251/32
195.30.4.196/32
193.149.51.210/32
193.149.51.78/32
194.97.71.13/32
195.30.4.157/32
194.97.71.50/32
195.30.4.27/32
194.97.71.222/32
195.30.4.191/32
194.97.70.164/32
195.30.4.210/32
195.30.4.255/32
193.149.51.20/32
193.149.51.103/32
195.30.4.16/32
194.97.70.21/32
194.97.70.229/32
194.97.71.2/32
193.149.51.165/32
194.97.71.237/32
193.149.51.154/32
195.30.4.87/32
194.97.71.204/32
195.30.4.124/32
193.149.51.81/32
194.97.71.70/32
194.97.70.90/32
195.30.4.250/32
193.149.51.41/32
194.97.70.79/32
194.97.70.104/32
194.97.70.170/32
194.97.71.187/32
194.97.71.164/32
194.97.70.15/32
195.30.4.240/32
194.97.70.114/32
195.30.4.85/32
194.97.70.219/32
193.149.51.98/32
195.30.4.96/32
193.149.51.231/32
194.97.70.245/32
193.149.51.155/32
193.149.51.10/32
194.97.71.168/32
195.30.4.86/32
195.30.4.189/32
195.30.4.249/32
193.149.51.129/32
195.30.4.118/32
195.30.4.15/32
193.149.51.67/32
193.149.51.7/32
194.97.71.59/32
194.97.71.195/32
194.97.71.130/32
195.30.4.18/32
195.30.4.233/32
194.97.70.239/32
193.149.51.144/32
195.30.4.203/32
195.30.4.182/32
195.30.4.109/32
193.149.51.38/32
194.97.70.224/32
193.149.51.135/32
194.97.70.159/32
195.30.4.132/32
193.149.51.219/32
194.97.70.137/32
195.30.4.175/32
193.149.51.146/32
194.97.70.67/32
193.149.51.57/32
194.97.70.205/32
193.149.51.175/32
193.149.51.123/32
194.97.71.25/32
194.97.71.218/32
194.97.71.97/32
194.97.70.246/32

#.blocklist.de/en We show only Data there was not older than 14 Days!
178.33.217.156/32
178.33.198.244/32
176.31.12.63/32
176.31.12.61/32
176.31.12.61/32
178.33.217.156/32
178.33.198.244/32

#https://www.hetzner.com
95.217.0.0/16
95.216.0.0/16
94.130.0.0/16
91.107.128.0/17
88.99.0.0/16
88.198.0.0/16
85.10.192.0/18
78.46.0.0/15
5.9.0.0/16
46.4.0.0/16
213.239.192.0/18
213.133.96.0/19
196.251.99.0/24
196.251.98.0/24
196.251.97.0/24
196.251.96.0/24
196.251.95.0/24
196.251.94.0/24
196.251.119.0/24
196.251.118.0/24
196.251.117.0/24
196.251.116.0/24
196.251.115.0/24
196.251.114.0/24
196.251.113.0/24
195.201.0.0/16
193.47.99.0/24
190.99.82.0/24
188.40.0.0/16
188.34.128.0/17
185.50.120.0/23
185.12.64.0/22
178.63.0.0/16
176.9.0.0/16
167.233.0.0/16
159.69.0.0/16
154.73.72.0/24
148.251.0.0/16
144.76.0.0/16
138.201.0.0/16
136.243.0.0/16
129.232.248.0/24

#Servicios de Hosting en Internet S.A.
213.134.32.0/19

#Ncleo de Inf. e Coord. do Ponto BR - NIC.BR
200.160.0.0/20 

#Vincent Zweije <vincent+@zweije.nl>    	
80.101.26.1/24

#Abuse from  [Britvault #] 
#Britvault Sysadmin <sysadmin@britvault.co.uk>    
#sysadmin@britvault.co.uk
78.33.153.1/24

#Abuse Message [AbuseID:]: NetscanInLevel: Netscan detected from
#network-abuse<network-abuse@hetzner.com>
5.75.128.0/17
5.161.0.0/16
49.12.0.0/16
49.13.0.0/16
116.202.0.0/16
116.203.0.0/16
128.140.0.0/17

#[CSIRT-MU #x] Skenování portů z IP adresy / Port scanning from IP address 
#bounces+SRS=mNt0X=ZT<bounces+SRS=mNt0X=ZT@UCNMUNI.onmicrosoft.com>  ToolGateway@rt.csirt.muni.cz via RT<csirt@muni.cz>
147.251.0.0/16

#BitNinja.io hits the WHIR.com Your server  has been registered as an attack source
203.170.80.0/21

#[TCP probes]IP addresses of suspected botnet computers listed inside, please notify the victims (owners of those computers).
#From: Abuse Management <abuse@heg.com>
#To: ig-abuse-24@heg.com
#Subject: Schadprogramm-Infektionen
140.238.168.0/21
104.140.64.0/22


#From: Abuse Management <abuse@heg.com>
#To: ig-abuse-24@heg.com
#Subject: Schadprogramm-Infektionen
94.136.40.0/24
94.136.32.0/19 
148.81.0.0/16

#Sender	abuse@heg.com
#Subject	Your server has been registered as an attack source
#Message ID	
#BitNinja-protected servers
203.170.80.0/21

#http://www.gmo.jp/en
#AS7506	
#BitNinja-protected servers
133.130.64.0/18

#AS45027
#BitNinja-protected servers
192.144.7.0/24

#Chih-Cherng Chin
#Daily Botnet Statistics
#http://botnet-tracker.blogspot.com/
#Subject: Abuse complaints
#Status: Answered
#AS60404 Liteserver Holding B.V.

5.2.64.0/20

#Chih-Cherng Chin
#Daily Botnet Statistics
#http://botnet-tracker.blogspot.com/
#Subject: Abuse complaints
#Status: Answered
#AS132335 Infusion 360
103.205.143.0/24

#AS29302 5.63.144.0/21 Hosting Services Inc
#BitNinja-protected servers 5.63.147.0/24
5.63.147.0/21


#AS16276 37.187.0.0/16	OVH SAS
#BitNinja-protected servers 37.187.91.37/24
37.187.0.0/16

#Schadprogramm-Infektionen

#CERT-Bund hat aus vertrauenswürdigen externen Quellen Informationen
#Weitere Informationen zu dieser Benachrichtigung finden Sie unter:
#<https://reports.cert-bund.de/schadprogramme>
#
#Diese E-Mail ist mittels PGP digital signiert.
#Informationen zu dem verwendeten Schlüssel finden Sie unter:
#<https://reports.cert-bund.de/digitale-signatur>
#
#Bitte beachten Sie:
#Dies ist eine automatisch generierte Nachricht. Antworten an die
#Absenderadresse <reports@reports.cert-bund.de> werden NICHT gelesen
#und automatisch verworfen. Bei Rückfragen wenden Sie sich bitte
#unter Beibehaltung der Ticketnummer [CB-Report#...] in der
#Betreffzeile an <certbund@bsi.bund.de>.
#
#!! Bitte lesen Sie zunächst unsere HOWTOs und FAQ, welche unter
#!! <https://reports.cert-bund.de/> verfügbar sind.
#1&1 IONOS SE AS8560 87.106.190.0/24
87.106.0.0/16	

#Various Registries (Maintained by ARIN) AS1101	192.42.116.0/24
192.42.116.0/22



# NETIS Telecom Inc. AS25592
# noc<noc@netis.ru>  NETIS Telecom<scanreport@netis.ru>

81.24.176.0/20

 
#no-reply<no-reply@cert.hr> AS2108 Croatian Academic and Research Network
#CERT.hr - National CERT
#Croatian Academic and Research Network - CARNET
#www.cert.hr

31.147.0.0/16

#https://github.com/PeralChen/drop_ip
213.134.32.0/20
213.134.32.0/21
213.134.40.0/21
217.75.224.0/19
84.39.232.0/21
89.31.168.0/21
91.103.0.0/21
91.213.73.0/24
91.223.9.0/24
185.49.60.0/22
185.57.116.0/22
185.137.20.0/22
185.176.0.0/22
217.74.48.0/20
94.142.240.0/21
185.52.224.0/22
195.72.124.0/22
195.114.12.0/24
38.108.70.0/24
64.15.128.0/19
67.205.64.0/18
67.205.124.0/24
70.38.0.0/17
72.55.128.0/18
107.161.64.0/20
108.163.128.0/18
108.163.129.0/24
108.163.146.0/24
108.163.155.0/24
174.141.228.0/22
174.141.232.0/23
184.107.0.0/16
184.107.120.0/24
189.91.32.0/23
189.91.34.0/24
192.175.96.0/19
192.196.223.0/24
198.50.96.0/19
198.72.96.0/19
203.167.7.0/24
204.19.134.0/24
205.205.175.0/24
205.205.179.0/24
205.205.216.0/24
205.236.34.0/24
209.172.32.0/19
6.0.0.0/8
7.0.0.0/8
26.0.0.0/8
28.0.0.0/8
55.0.0.0/8
214.0.0.0/8
215.0.0.0/8
18.0.0.0/8
128.236.0.0/16
128.217.0.0/16
128.216.0.0/16
128.190.0.0/16
128.183.0.0/16
128.161.0.0/16
128.159.0.0/16
128.158.0.0/16
128.157.0.0/16
128.156.0.0/16
128.102.0.0/16
128.149.0.0/16
128.154.0.0/16
128.155.0.0/16
128.19.0.0/16
128.25.0.0/16
128.80.0.0/16
129.209.0.0/16
129.251.0.0/16
130.22.0.0/16
130.90.0.0/16
131.21.0.0/16
131.31.0.0/16
131.41.0.0/16
131.65.0.0/16
131.66.0.0/16
131.67.0.0/16
131.68.0.0/16
131.69.0.0/16
131.70.0.0/16
131.72.0.0/16
131.73.0.0/16
131.74.0.0/16
131.75.0.0/16
131.76.0.0/16
131.77.0.0/16
131.78.0.0/16
131.79.0.0/16
131.80.0.0/16
131.81.0.0/16
131.82.0.0/16
131.83.0.0/16
131.84.0.0/16
131.85.0.0/16
131.86.0.0/16
131.87.0.0/16
131.88.0.0/16
131.240.0.0/16
132.144.0.0/16
134.135.0.0/16
134.152.0.0/16
134.182.0.0/16
134.205.0.0/16
134.230.0.0/16
134.254.0.0/16
136.188.0.0/16
136.192.0.0/16
136.196.0.0/16
136.208.0.0/16
136.211.0.0/16
136.212.0.0/16
192.67.107.255/24
195.39.134.0/24
192.88.0.0/16