Threat Intelligence

We are proud to announce a unique Threat Intelligence Feed list. This created is maintained by our senior security team members based on valuable data harvest from our security tools deployed in field.

This list is not a copy of other threat intelligence feeds, as we are harvesting and validating this based on live feeds collected from CERBERT managed security devices.

This is a FREE list, as we believe that this knowledge should be shared with public in order to make the Internet a better and more secure place.

Please free to download and use this list in your security incident analysis and investigations.

 

For the summary list of CERBER TA Feed, please click HERE.

The summary list is structured based on the following format:

"IP_address","First_seen",Country,City

IP_address = Source blacklisted IP address
First_seen = Time of the first identified security event categorized as malicious originating from the source IP address
Country = Country associated from the source IP address, based on IPlocation function
City = City associated from the source IP address, based on IPlocation function

 

For the detailed list of CERBER TA Feed, please click HERE.

The detailed list is structured based on the following format:

"Source_ip","First_seen",Country,City,"Protocol_name","Number_connections"

IP_address = Source blacklisted IP address
First_seen = Time of the first identified security event categorized as malicious originating from the source IP address
Country = Country associated from the source IP address, based on IPlocation function
City = City associated from the source IP address, based on IPlocation function
Protocol_name = A list of protocols in format tcp/port listed in comma delimited list for each source IP address
Number_connections = A sum of total connections originated from the source IP address within a 24 hours interval

  • CERBERT TA Feed list is updated very 24 hours
  • CERBERT TA Feed List is harvested from our Internet facing managed devices, including firewall deny rules, IPS sensors and honeypots
  • CERBERT TA Feed list statistics is based on a 24 hours interval
  • We are not tracking the http/https connections, as these types of requests are generating too much false positives and noise
  • Only tcp connections type are harvested from our managed security devices

Thank you to all our customers who agreed to contribute to this list which is now shared with the public.

We are not collecting or sharing any proprietary information which belongs to our customers!  

CERBERT TA List Statistics

Total_eventsTotal_Unique_IP
32798865375

Top 10 Blacklisted IP addresses based on Number of Connections (last 7 days)

Source_ipcountLink
78.128.112.468673https://www.abuseipdb.com/check/78.128.112.46
109.248.9.116833https://www.abuseipdb.com/check/109.248.9.11
185.222.210.346763https://www.abuseipdb.com/check/185.222.210.34
5.188.11.1156227https://www.abuseipdb.com/check/5.188.11.115
77.72.85.1076054https://www.abuseipdb.com/check/77.72.85.107
78.128.112.305998https://www.abuseipdb.com/check/78.128.112.30
92.63.193.1345366https://www.abuseipdb.com/check/92.63.193.134
92.63.193.1785238https://www.abuseipdb.com/check/92.63.193.178
191.101.167.774966https://www.abuseipdb.com/check/191.101.167.77
77.72.85.254942https://www.abuseipdb.com/check/77.72.85.25

Top Denied Protocols (last 7 days)

Protocol_nameprotocolNumber_connections
microsoft-dstcp/4454087
telnettelnet1556
mssqltcp/1433458
http_8080tcp/8080320
sshSSH228
rdptcp/3389213
http_81tcp/81185
tcp/5555tcp/5555165
tcp/2323tcp/2323159
tcp/6379tcp/6379120

Top Countries by Number of Connections (last 7 days)

CountryNumber_connections
Russia143164
United States32582
Bulgaria25897
China20601
Seychelles12145

Cloropleth Map of Top Countries generating bad traffic