9.6 KiB

Raw Blame History

Botnet IP Blocklist

Formats
Compressed version
Reporting issues
FAQ and Guides
CI Variables
License

A blocklist of malicious IPs compiled from these sources (discovered through banip):

Blocklist is updated twice a day.

Client	mirror 1	mirror 2	mirror 3	mirror 4	mirror 5	mirror 6
uBlock Origin, IP-based	link	link	link	link	link	link
AdGuard Home	link	link	link	link	link	link
AdGuard (browser extension)	link	link	link	link	link	link
Vivaldi	link	link	link	link	link	link
dnscrypt-proxy	link	link	link	link	link	link
Snort2, Snort3, Suricata	link	link	link	link	link	link
Splunk	link	link	link	link	link	link
Apache	link	link	link	link	link	link

For other programs, see Compatibility page in the wiki.

Check out my other filters:

IP-based

Import the link into uBO's filter list to subscribe.

IP-based (AdGuard)

Import the link into AdGuard browser extension to subscribe.

IP-based (Vivaldi)

Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"

Import the link into Vivaldi's Tracker Blocking Sources to subscribe.

Domain-based (AdGuard Home)

dnscrypt-proxy

Save the rulesets to "/etc/dnscrypt-proxy/". Refer to this guide for auto-update.

Configure dnscrypt-proxy to use the blocklist:

[blocked_ips]
+  blocked_ips_file = '/etc/dnscrypt-proxy/botnet-filter-dnscrypt-blocked-ips.txt'

Snort2

Save the ruleset to "/etc/snort/rules/botnet-filter-suricata.rules". Refer to this guide for auto-update.

Configure Snort to use the ruleset:

printf "\ninclude \$RULE_PATH/botnet-filter-suricata.rules\n" >> /etc/snort/snort.conf

Snort3

Save the ruleset to "/etc/snort/rules/botnet-filter-suricata.rules". Refer to this guide for auto-update.

Configure Snort to use the ruleset:

# /etc/snort/snort.lua
ips =
{
  variables = default_variables,
+  include = 'rules/botnet-filter-suricata.rules'
}

Suricata

Save the ruleset to "/etc/suricata/rules/botnet-filter-suricata.rules". Refer to this guide for auto-update.

Configure Suricata to use the ruleset:

# /etc/suricata/suricata.yaml
rule-files:
  - local.rules
+  - botnet-filter-suricata.rules

Splunk

A CSV file for Splunk lookup.

Either upload the file via GUI or save the file in $SPLUNK_HOME/Splunk/etc/system/lookups or app-specific $SPLUNK_HOME/etc/YourApp/apps/search/lookups.

Or use malware-filter add-on to install this lookup and optionally auto-update it.

Columns: