There are a large number of lists available and being shared by the different online communities that contain Malicious and non-Malicious IP's . These lists are often known as 'black' or 'block' lists. Many of these lists are used to help block spam, malicious attacks, or nuisance users. Some black/block lists are excellent sources of information when the data is used correctly, yet some are so poor that any use of them would be counterproductive.
Shadowserver does not create, maintain, or distribute any blacklists. It does not make such lists available for this purpose in any format. What Shadowserver does is to assemble reports and data sets that provide information on any activity detected on an IP that was involved or referenced in a malicious act. Providing this scope of data pertaining to malicious activity means that absolutely innocent IP's could potentially be reported. This is understood, and must be processed accordingly by the consumers of our reports. There are many different reasons why this can occur. Some of the ways we see this are as follows:
- Spam messages referring to a real URL to help show legitimacy of the message
- URL forwarding to a sinkhole location
- Referenced URL in a communication between malicious actors
Of course, there are many ways that people may believe themselves innocent while being infected. The purposes of our reports are to illuminate a possible problem. The consumers of these reports are the ones that need to decide an appropriate action from those reports. Several of our consumers create black or block lists from our data. Any issues pertaining to this blocking activity needs to be addressed directly with them. We do not suggest any specific action except investigation and possible remediation.
Visit this page and send us the appropriate information requested.
Have a look at these:
- http://www.spamhaus.org/drop - actual list at http://www.spamhaus.org/drop/drop.txt