Several organizations maintain and publish free blocklists of IP addresses and URLs of systems and networks suspected in malicious activities on-line. Some of these lists have usage restrictions:
- Artists Against 419: Lists fraudulent websites
- ATLAS from Arbor Networks: Registration required by contacting Arbor
- Blackweb Project: Optimized for Squid
- CLEAN-MX Realtime Database: XML output available
- CriticalStack Intel Marketplace: Registration required; optimized for Bro
- CYMRU Bogon List
- DShield Blocklist
- FireHOL IP Lists: Combines several blocklists from other sources
- Google Safe Browsing API: Programmatic access; restrictions apply
- hpHosts File: Limited automation on request
- Malc0de Database
- Malware Domain Blocklist: Free for non-commercial use
- MalwareDomainList.com Hosts List
- Malware Patrol's Malware Block Lists: Free for non-commercial use
- MalwareURL List: Commercial service; free licensing options may be available
- OpenPhish: Phishing sites; free for non-commercial use
- PhishTank Phish Archive: Query database via API
- Project Honey Pot's Directory of Malicious IPs: Registration required to view more than 25 IPs
- Risk Discovery: Programmatic access, based on HoneyPy data
- Scumware.org
- Shadowserver IP and URL Reports: Registration and approval required
- StrictBlockPAllebone
- URLhaus: Programmatic access available
- VoIP Blacklist: Specific to VoIP abusers
- www.BlockList.de
The lists differ in format, goals, and data collection methodology. Be sure to read about the list before making use of it. Did you notice any blocklist sources that should be on this list, but are missing? Let me know. My other lists of on-line security resources outline Automated Malware Analysis Services and On-Line Tools for Malicious Website Lookups.