is located near ,

Active IP Block Lists Representation

GlobeCartographic representation of the amount of networks that have been refused access per country. This is a historic collection of data obtained over time. To get an idea of how this comes to be see the live Internet traffic page for actual and current Internet inbound data processing.

Top 20 abusive Internet activity by countries

A list of the top 20 most aggressive and abusive Internet activities detected and blocked ranked by country (not including data centers).

  • (869) China
  • (473) USA
  • (445) Brazil
  • (320) VietNam
  • (229) Russia
  • (148) India
  • (139) Poland
  • (90) Thailand
  • (79) Turkey
  • (78) Iran
  • (72) Netherlands
  • (64) Czechia
  • (60) Germany
  • (48) Argentina
  • (47) France
  • (47) Italy
  • (46) Mexico
  • (41) Korea
  • (41) Pakistan
  • (36) UK

BinocularsWhat's not show here are solid blocking of abusive data center IP ranges, like 'Digital Ocean' (AS 14061) with data centers around the globe, from which I have not seen one normal request of any nature to date. By the way, Digital Ocean also hosts 'stretchoid.com' a commercial aggressive port scanner and probe. What do they do with this information I wonder!

I can ramble on other specific processes with examples, but this not the time and place

IP blocking. Why and how.

CogsWanting to continue on the geographic mapping experience of Cartographic live web visitors overview, however this time I wanted to see how many hack attempts were coming from which country as source, using various intrusion detection and intrusion prevention systems.

The hunt for a country outline source led me to thematicmapping.org, besides the fact that some borders are disputed (probably always will be), an excellent high definition country border shape file source. Thanks to Bjorn Sandvik for providing this.

Another challenge was the fact that these files were shape files and very high resolution many MB in size not good for fast web transfer. Leaflet can work really well with Geo-JSON data and not with shape files at all, so the need to simplify the outlines for a small data footprint and thus faster loading, as well converting it from shape file to Geo-JSON was on. This led me to GDAL and from here I was able to produce a low resolution Geo-JSON file of world country outlines

Avoiding the 'try your luck scripting kiddies', I'm looking at Internet conduct unbecoming as a bigger (definitely organized) picture. This entails brute force access attempts, exploits, spy-ware, exploited and plundered social media accounts (this is thriving business at present) and a LOAD more, also taking into account the frequency of the attempts and the ISP/ASN's involved What is missing in this picture are complete ASN blocks, at present only one 'Digital Ocean AS14061' as their very affordable short term VPS solutions have drawn many unsavory clients, that when reported they do nothing about (just like Amazon in the old days).

AbusedbEnough about the vague way IP addresses are accumulated. Once identified, the assigned country that IP range was assigned to at the time of the detection needs to be determined. I use AbuseIPDB. They are not always up to date and lag behind, but that can be because they only track certain types of attacks. This is my first 'goto service' to get country information as well a check to see if others have been abused from said IP address(es) before I detected them.

IP blacklisting

See what I do, but don't do as I do.

For the following reasons.

  • There is no commercial interests on information, services, tools, utilities and source code that is on-line and completely free to use (not abuse) at will.
  • All on-line services are equipped to detect targeted and purposed abuse, from zero-day exploits to crafty distributed multi-targeted and coordinated sniffing and attacks.
  • No distinction is made between private (hacked personal computers), corporate or institutional organizations (read hacker groups and [politically motivated] governments)
  • Use it, don't abuse it or loose it, is strictly enforced. One strike and you're out.
  • Bad ISP's who do not do anything about conduct unbecoming from some of their IP ranges are completely blocked (Digital Ocean, OVH and more) also cloud services from Microsoft, Amazon and Google are amongst the refused class-C IP ranges. Because generally Data Centers should not be trying to exploit Internet services to begin with!

Thus if your Internet facing services have your commercial interest at heart, it is not advisable to use of the data presented here. As you want to be exposed to as great an audience as possible. And as you can see the approach taken here has a lot of collateral damage which is not good for business. There are other ways to do this however they rely on third party (paid) services.

What to see the Internet traffic arriving at this front door? Have a look here, you may well be surprised at how much effort is put into exploitation via Internet.

If you want more extensive information on how IP block lists are created and maintained, I highly recommend looking at information provided by 'FireHOL'.

IP block lists as currently used by this entity......

  • Proxy IP Block list date: 7/18/2024 4:26:45 PM (UTC) size: 68.3 KB bytes. Contains 4859 IP Addresses and ranges.
  • Compromised IP Block list date: 7/8/2024 8:39:44 PM (UTC) size: 4.2 KB bytes. Contains 287 IP Addresses and ranges.
  • Attack IP Block list date: 7/19/2024 1:30:52 AM (UTC) size: 310.5 KB bytes. Contains 22302 IP Addresses and ranges.
  • Level 1 IP Block list date: 7/18/2024 7:19:53 PM (UTC) size: 47.7 KB bytes. Contains 3096 IP Addresses and ranges.
  • Level 2 IP Block list date: 7/18/2024 8:51:46 AM (UTC) size: 234.2 KB bytes. Contains 16683 IP Addresses and ranges.
  • Level 3 IP Block list date: 7/17/2024 8:49:24 PM (UTC) size: 259.3 KB bytes. Contains 18193 IP Addresses and ranges.
  • Level 4 IP Block list date: 7/18/2024 4:16:14 PM (UTC) size: 2.0 MB bytes. Contains 141878 IP Addresses and ranges.
  • TOR Exit Node list date: 7/5/2024 3:18:40 PM (UTC) size: 16.0 KB bytes. Contains 1125 IP Addresses.

IP black list usage

You are free to use these provided IP block lists as you see fit at your own risk. Should you automate downloading any of these IP block lists, as they are updated daily, please don't download more than twice a day. Abuse may get you blocked.