Threat Intelligence

We are proud to announce a unique Threat Intelligence Feed list. This created is maintained by our senior security team members based on valuable data harvest from our security tools deployed in field.

This list is not a copy of other threat intelligence feeds, as we are harvesting and validating this based on live feeds collected from CERBERT managed security devices.

This is a FREE list, as we believe that this knowledge should be shared with public in order to make the Internet a better and more secure place.

Please free to download and use this list in your security incident analysis and investigations.

 

For the summary list of CERBER TA Feed, please click HERE.

The summary list is structured based on the following format:

"IP_address","First_seen",Country,City

IP_address = Source blacklisted IP address
First_seen = Time of the first identified security event categorized as malicious originating from the source IP address
Country = Country associated from the source IP address, based on IPlocation function
City = City associated from the source IP address, based on IPlocation function

 

For the detailed list of CERBER TA Feed, please click HERE.

The detailed list is structured based on the following format:

"Source_ip","First_seen",Country,City,"Protocol_name","Number_connections"

IP_address = Source blacklisted IP address
First_seen = Time of the first identified security event categorized as malicious originating from the source IP address
Country = Country associated from the source IP address, based on IPlocation function
City = City associated from the source IP address, based on IPlocation function
Protocol_name = A list of protocols in format tcp/port listed in comma delimited list for each source IP address
Number_connections = A sum of total connections originated from the source IP address within a 24 hours interval

  • CERBERT TA Feed list is updated very 24 hours
  • CERBERT TA Feed List is harvested from our Internet facing managed devices, including firewall deny rules, IPS sensors and honeypots
  • CERBERT TA Feed list statistics is based on a 24 hours interval
  • We are not tracking the http/https connections, as these types of requests are generating too much false positives and noise
  • Only tcp connections type are harvested from our managed security devices

Thank you to all our customers who agreed to contribute to this list which is now shared with the public.

We are not collecting or sharing any proprietary information which belongs to our customers!  

CERBERT TA List Statistics

Total_eventsTotal_Unique_IP
36717271394

Top 10 Blacklisted IP addresses based on Number of Connections (last 7 days)

Source_ipcountLink
78.128.112.4614703https://www.abuseipdb.com/check/78.128.112.46
109.248.9.116824https://www.abuseipdb.com/check/109.248.9.11
185.222.210.346763https://www.abuseipdb.com/check/185.222.210.34
5.188.11.1156227https://www.abuseipdb.com/check/5.188.11.115
77.72.85.1076054https://www.abuseipdb.com/check/77.72.85.107
78.128.112.305998https://www.abuseipdb.com/check/78.128.112.30
92.63.193.1345366https://www.abuseipdb.com/check/92.63.193.134
92.63.193.1785238https://www.abuseipdb.com/check/92.63.193.178
176.119.4.345181https://www.abuseipdb.com/check/176.119.4.34
191.101.167.774966https://www.abuseipdb.com/check/191.101.167.77

Top Denied Protocols (last 7 days)

Protocol_nameprotocolNumber_connections
microsoft-dstcp/4451863
telnettelnet1225
mssqltcp/1433370
tcp/37215tcp/37215253
http_8080tcp/8080219
tcp/5555tcp/5555205
rdptcp/3389154
sshSSH150
tcp/2323tcp/2323108
http_81tcp/8199

Top Countries by Number of Connections (last 7 days)

CountryNumber_connections
Russia146357
Bulgaria37513
United States34795
China21949
Ukraine18367

Cloropleth Map of Top Countries generating bad traffic