Threat Feeds
Date Range: -Threat Feeds
port scanners
- Port 110 Scanner
- Port 143 Scanner
- Port 21 Scanner
- Port 22 Scanner
- Port 25 Scanner
- Port 443 Scanner
- Port 80 Scanner
- Port 993 Scanner
- Apache Web Server Scanner
- Asterisk VoIP Scanner
- Suspect Bots/Infected
- Bruteforce
- courier imap attacker
- courier pop3 attacker
- OpenBL FTP Scanners
- OpenBL HTTP Scanners
- OpenBL MAIL Scanners
- OpenBL SMTP Scanners
- OpenBL SSH Scanners
research
- Adscore
- Alpha Strike Labs
- Anthropic Egress
- Arbor Networks
- BinaryEdge
- Blindferret
- tls.bufferover.run
- Censys
- Criminal IP
- Cybergreen
- CyberResilience
- Erratasec Masscan
- PAN Expanse
- GDNPlus
- Internet Census
- Internet Measurement
- Internet Research Project
- IPIP.net
- LeakIX
- Net Systems Research
- Normshield
- GetOdin
- Onyphe.io
- OpenAI Egress
- Open Port Statistics
- Project 25499 Scanner
- QRator
- Qualys
- Rapid7Sonar
- Recyber Project
- ScanOpticon
- Scorecard Research Market Research
- Shadowserver
- ShodanHQ
- Stretchoid
- UMichigan scans.io
- Univ. Sydney
About This Page
In October 2015, we started collecting data from various open external threat feeds to supplement our data. DShield did not collect this data, and we suggest that you refer to the source if you would like to use the data.
The graph displays "change" for each day, not the number of active hosts. For each IP address, we track the date we first see the IP in the particular dataset, and then we note the last time an IP is listed. If you see "10" hosts for a particular date, then this means that this day, 10 new hosts were added to the feed. For more static feeds with constant activity (e.g. the port scanners) the data looks more steady as a result. For researchers, that do not change the IP addresses of their scanners often, the graph will only be different from 0 if they added new IPs.
Feed Categories
Bots: These lists include botnet command and control servers for popular botnets. You should watch for outbound traffic to these IPs.
Others: Lists that did not fit into a specific category. Refer to the list description for details.
Port Scanners: Lists of hosts that scan for various hosts or specific services
Research: These are researchers that conduct internet wide scans. By listing these feeds, we don't necessarily condone what they are doing. Up to you to block them or let them through. Researchers in this list are typically responsible enough to publish the sources from which they scan.
