Browse Lists
Explore 140 IOC lists containing 4737767 indicators
Alpha Strike Labs IP Ranges Used for Scanning
List containing IP ranges associated with Alpha Strike Labs scanning infrastructure. Alpha Strike Labs GmbH (AS208843) …
Alphastrike research IP Ranges Used for Scanning
List containing IP's associated with the Alphastrike research scanners. This scanner CIDR range is extracted from CIRCL…
Bufferover IP Ranges Used for Scanning
List containing IP's associated with the Bufferover scanners. This scanner CIDR range is extracted from CIRCL Network T…
Captive Portal Detection Hostnames
Hostnames used by different desktop and mobile device operating systems for captive portal detection as documented by t…
Censys IP Ranges Used for Scanning
List containing IP's associated with Censys scanning [https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-…
cisco-umbrella-blockpage-hostname
Umbrella blockpage hostnames
cisco-umbrella-blockpage-ipv4
Cisco Umbrella blockpage in IPv4
cisco-umbrella-blockpage-ipv6
Cisco Umbrella blockpage in IPv6
Coalition signals intelligence IP Ranges Used for Scanning
List containing IP's associated with the Coalition signals intelligence scanners. This scanner CIDR range is extracted …
Common contact e-mail addresses
A list of commonly used abuse and contact e-mail addresses, including the ones denoted in RFC2142.
Covid-19 Cyber Threat Coalition's Whitelist
The Cyber Threat Coalition's whitelist of COVID-19 related websites.
Covid-19 Krassi's Whitelist
Krassimir's Covid-19 whitelist of known good Covid-19 related websites.
CRL and OCSP domains
Domains that belongs to CRL or OCSP
CRL and OCSP IP addresses
IP addresses that belongs to CRL or OCSP
Cybergreen IP Ranges Used for Scanning
List containing IP's associated with the Cybergreen scanners. This scanner CIDR range is extracted from CIRCL Network T…
Cyberresilience IP Ranges Used for Scanning
List containing IP's associated with the Cyberresilience scanners. This scanner CIDR range is extracted from CIRCL Netw…
Cypex IP Ranges Used for Scanning
List containing IP's associated with the Cypex scanners. This scanner CIDR range is extracted from CIRCL Network Telesc…
F6 IP Ranges Used for Scanning
List containing IP's associated with the F6 scanners. This scanner CIDR range is extracted from CIRCL Network Telescope…
Fingerprint of known intermediate of trusted certificates
Fingerprint of known intermediate of trusted certificates taken from Mozilla's lists at https://wiki.mozilla.org/CA
Fingerprint of trusted CA certificates
Fingerprint of trusted CA certificates taken from Mozilla's lists at https://wiki.mozilla.org/CA
google-chrome-crux-1million
Cached Chrome Top Million Websites - top 1 million
Hashes that are often included in IOC lists but are false positives.
Hashes that are often included in IOC lists but are false positives.
Internet census IP Ranges Used for Scanning
List containing IP's associated with the Internet census scanners. This scanner CIDR range is extracted from CIRCL Netw…
Intrinsec IP Ranges Used for Scanning
List containing IP's associated with the Intrinsec scanners. This scanner CIDR range is extracted from CIRCL Network Te…
Ipinfo IP Ranges Used for Scanning
List containing IP's associated with the Ipinfo scanners. This scanner CIDR range is extracted from CIRCL Network Teles…
Ipip IP Ranges Used for Scanning
List containing IP's associated with the Ipip scanners. This scanner CIDR range is extracted from CIRCL Network Telesco…
List of Azure Applicaiton IDs
List of Azure Application IDs (https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/verify-first-party…
List of disposable email domains
List of disposable email domains
List of hashes for EICAR test virus
Event contains one or more entries based on hashes for EICAR test virus
List of IPv6 link local blocks
Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)
List of known Akamai IP ranges
Akamai IP ranges from BGP search
List of known Amazon AWS IP address ranges
Amazon AWS IP address ranges (https://ip-ranges.amazonaws.com/ip-ranges.json)
List of known Apple IP ranges
IP ranges assigned to Apple
List of known bank domains
Event contains one or more entries of known banking website
List of known check-host.net IP address ranges
check-host IP addresses (https://check-host.net/nodes/ips)
List of known Cloudflare IP ranges
List of known Cloudflare IP ranges (https://www.cloudflare.com/ips/)
List of known dax30 webpages
Event contains one or more entries of known dax30 webpages
List of known domains to know external IP
Event contains one or more entries of known 'what's my ip' domains
List of known domains used by automated malware analysis services & security vendors
Domains used by automated malware analysis services & security vendors
List of known dynamic DNS domains
Event contains one or more entries of known dynamic DNS domains.
List of known Fastly IP address ranges
Fastly IP address ranges (https://api.fastly.com/public-ip-list)
List of known GCP (Google Cloud Platform) IP address ranges
GCP (Google Cloud Platform) IP address ranges (https://www.gstatic.com/ipranges/cloud.json)
List of known GitHub IP ranges (https://api.github.com/meta)
GitHub IP address ranges (https://api.github.com/meta)
List of known Gmail sending IP ranges
List of known Gmail sending IP ranges (https://support.google.com/a/answer/27642?hl=en)
List of known Googlebot IP ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)
Google Bot IP address ranges (https://developers.google.com/search/apis/ipranges/googlebot.json)
List of known google domains
Event contains one or more entries of known google domains
List of known hashes for benign files
Event contains one or more benign files based on known hashes, see https://github.com/RichieB2B/nioc
List of known hashes for empty files
Event contains one or more entries of empty files based on known hashed
List of known hashes for Windows binaries
List of known Windows binaries based on hashes from winbindex (https://github.com/m417z/winbindex)
List of known hashes with common false-positives (based on Florian Roth input list)
Event contains one or more entries with common false-positives
List of known hostname used for querying your source IP. This can be used as exclusion for your Passive DNS lookup.
Event contains one or more entries of known hostname querying your source IP.
List of known IP address ranges for OpenAI GPT crawler bot
OpenAI gptbot crawler (https://openai.com/gptbot-ranges.txt)
List of known IP address ranges for Palo Alto Networks Cortex Xpanse
Palo Alto Networks Cortex Xpanse (https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity)
List of known IPv4 public DNS resolvers
Event contains one or more public IPv4 DNS resolvers as attribute with an IDS flag set
List of known IPv6 public DNS resolvers
Event contains one or more public IPv6 DNS resolvers as attribute with an IDS flag set
List of known link in Bio domains
Event contains one or more entries of known Link in bio domains. Those shorten links are a reference to a list of links.
List of known Microsoft Azure China Datacenter IP Ranges
Microsoft Azure China Datacenter IP Ranges
List of known Microsoft Azure Datacenter IP Ranges
Microsoft Azure Datacenter IP Ranges
List of known Microsoft Azure Germany Datacenter IP Ranges
Microsoft Azure Germany Datacenter IP Ranges
List of known Microsoft Azure US Government Cloud Datacenter IP Ranges
Microsoft Azure US Government Cloud Datacenter IP Ranges
List of known microsoft domains
Event contains one or more entries of known microsoft domains
List of known Office 365 Attack Simulator used for phishing awareness campaigns
Office 365 URLs and IP address ranges used for their attack simulator in Office 365 Threat Intelligence
List of known Office 365 IP address ranges
Office 365 IP address ranges
List of known Office 365 IP address ranges in China
Office 365 IP address ranges in China
List of known Office 365 URLs
Office 365 URLs and IP address ranges
List of known Ovh Cluster IP
OVH Cluster IP address (https://docs.ovh.com/fr/hosting/liste-des-adresses-ip-des-clusters-et-hebergements-web/)
List of known public DNS resolvers expressed as hostname
Event contains one or more public DNS resolvers (expressed as hostname) as attribute with an IDS flag set
List of known public IPFS gateways
Event contains one or more entries of known public IPFS gateways
List of known security providers/vendors blog domain
Event contains one or more entries of known security providers/vendors blog domain with an IDS flag set
List of known sinkholes
List of known sinkholes
List of known SMTP receiving IP addresses
List of IP addresses for known SMTP servers.
List of known SMTP sending IP ranges
List of IP ranges for known SMTP servers.
List of known Stackpath CDN IP ranges
List of known Stackpath (Highwinds) CDN IP ranges (https://support.stackpath.com/hc/en-us/articles/360001091666-Whiteli…
List of known Telegram IP address ranges
Telegram IP address ranges (https://core.telegram.org/resources/cidr.txt)
List of known Tenable Cloud Sensors IPv4
Tenable IPv4 Cloud Sensor addresses used for scanning Internet-facing infrastructure
List of known Tenable Cloud Sensors IPv6
Tenable IPv6 Cloud Sensor addresses used for scanning Internet-facing infrastructure
List of known URL Shorteners domains
Event contains one or more entries of known Shorteners domains
List of known Wikimedia address ranges
Wikimedia address ranges (http://noc.wikimedia.org/conf/reverse-proxy.php.txt)
List of known Windows 10 connection endpoints
Event contains one or more entries of known Windows 10 connection endpoints (https://docs.microsoft.com/en-us/windows/p…
List of known Zscaler IP address ranges
Zscaler IP address ranges (https://config.zscaler.com/api/zscaler.net/hubs/cidr/json/recommended)
List of LOTS (Living Off Trusted Sites) Project Domains
List of popular legitimate domains from LOTS (Living Off Trusted Sites) Project used to conduct phishing, C&C, exfiltra…
List of published IP address ranges for Modat Scanner
Modat Scanner (https://www.modat.io/)
List of published IP address ranges for Onyphe Scanner
Onyphe Scanner (https://www.onyphe.io/)
List of RFC 1918 CIDR blocks
Event contains one or more entries part of the private network CIDR blocks (RFC 1918)
List of RFC 3849 CIDR blocks
Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)
List of RFC 5735 CIDR blocks
Event contains one or more entries part of the Special Use IPv4 Addresses CIDR blocks (RFC 5735)
List of RFC 5771 multicast CIDR blocks
Event contains one or more entries part of the RFC 5771 multicast CIDR blocks
List of RFC 6598 CIDR blocks
Event contains one or more entries part of the Shared Address Space CIDR blocks (RFC 6598)
List of RFC 6761 Special-Use Domain Names
Event contains one or more entries part of the Special-Use Domain Names (RFC 6761)
Modat IP Ranges Used for Scanning
List containing IP's associated with the Modat scanners. This scanner CIDR range is extracted from CIRCL Network Telesc…
NetSecScan IP-Ranges, pot. used for Scanning
List of NetSecScan.net scanners
Netsecscan IP Ranges Used for Scanning
List containing IP's associated with the Netsecscan scanners. This scanner CIDR range is extracted from CIRCL Network T…
Onyphe IP Ranges Used for Scanning
List containing IP's associated with the Onyphe scanners. This scanner CIDR range is extracted from CIRCL Network Teles…
OSINT.DigitalSide.IT Warning List
OSINT DigitalSide Threat-Intel Repository - MISP Warninglist - List of domains should be marked as false positive in th…
Parking domains
List of parking domain's ip adresses
Parking domains name server
List of parking domain's name server
Probethenet IP Ranges Used for Scanning
List containing IP's associated with the Probethenet scanners. This scanner CIDR range is extracted from CIRCL Network …
Rapid7 IP Ranges Used for Scanning
List containing IP's associated with the Rapid7 scanners. This scanner CIDR range is extracted from CIRCL Network Teles…
Research scanner IP Ranges Used for Scanning
List containing IP's associated with the Research scanner scanners. This scanner CIDR range is extracted from CIRCL Net…
Second level TLDs as known by Mozilla Foundation
Event contains one or more second level TLDs as attribute with an IDS flag set.
Shadowforce IP-Ranges, pot. used for Scanning
List of shadowforce.io scanners
Shadowforce IP Ranges Used for Scanning
List containing IP's associated with the Shadowforce scanners. This scanner CIDR range is extracted from CIRCL Network …
Shadowserver IP-Ranges, pot. used for Scanning
List of Shadowserver IP-Ranges. Potentially associated with Shadowserver scans. based on [https://bgp.he.net/search?sea…
Shadowserver IP Ranges Used for Scanning
List containing IP's associated with the Shadowserver scanners. This scanner CIDR range is extracted from CIRCL Network…
Shodan IP-Ranges, pot. used for Scanning
List of Shodan.io scanners
Shodan IP Ranges Used for Scanning
List containing IP's associated with the Shodan scanners. This scanner CIDR range is extracted from CIRCL Network Teles…
Skipa IP Ranges Used for Scanning
List containing IP's associated with the Skipa scanners. This scanner CIDR range is extracted from CIRCL Network Telesc…
Specialized list of IPv6 addresses belonging to common VPN providers and datacenters
Specialized list of IPv6 addresses belonging to common VPN providers and datacenters
Specialized list of vpn-ipv4 addresses belonging to common VPN providers and datacenters
Specialized list of vpn-ipv4 addresses belonging to common VPN providers and datacenters
Stretchoid IP Ranges Used for Scanning
List containing IP's associated with the Stretchoid scanners. This scanner CIDR range is extracted from CIRCL Network T…
TLDs as known by IANA
Event contains one or more TLDs as attribute with an IDS flag set
Top 1,000,000 most-used sites from Tranco
Event contains one or more entries from the top 1,000,000 most-used sites (https://tranco-list.eu/).
Top 10 000 websites from Cisco Umbrella
Event contains one or more entries from the top 10 000 of the most used websites (Cisco Umbrella).
Top 10000 websites from Majestic Million
Event contains one or more entries from the top 10K of the most used websites (Majestic Million).
Top 1000 website from Alexa
Event contains one or more entries from the top 1000 of the most used website (Alexa).
Top 1000 websites from Cisco Umbrella
Event contains one or more entries from the top 1000 of the most used websites (Cisco Umbrella).
Top 10K most-used sites from Tranco
Event contains one or more entries from the top 10K most-used sites (https://tranco-list.eu/).
Top 20 000 websites from Cisco Umbrella
Event contains one or more entries from the top 20 000 of the most used websites (Cisco Umbrella).
Top 5000 websites from Cisco Umbrella
Event contains one or more entries from the top 5000 of the most used websites (Cisco Umbrella).
Top 500 domains and pages from https://moz.com/top500
Event contains one or more entries from the top 500 of the most used domains from Moz.
Unattributed phone number.
Numbers that cannot be attributed because they reserved for different purposes.
University domains
List of University domains from https://raw.githubusercontent.com/Hipo/university-domains-list/master/world_universitie…
Valid covid-19 related domains
Maintained using different lists (such as Jaime Blasco's and Krassimir's lists).