"description":"The trust level is medium-high (51-75)."
},
{
"value":"medium-trust",
"expanded":"Medium Trust",
"description":"The trust level is medium (26-50)."
},
{
"value":"low-trust",
"expanded":"Low Trust",
"description":"The trust level is low (0-25)."
}
]
},
{
"predicate":"reputation-block-list",
"entry":[
{
"value":"barracudacentral-brbl",
"expanded":"Barracuda Reputation Block List",
"description":"Barracuda Reputation Block List (BRBL) is a free DNSBL of IP addresses known to send spam. Barracuda Networks fights spam and created the BRBL to help stop the spread of spam."
},
{
"value":"spamcop-scbl",
"expanded":"SpamCop Blocking List",
"description":"The SpamCop Blocking List (SCBL) lists IP addresses which have transmitted reported email to SpamCop users. SpamCop, service providers and individual users then use the SCBL to block and filter unwanted email."
},
{
"value":"spamhaus-sbl",
"expanded":"Spamhaus Block List",
"description":"The Spamhaus Block List (SBL) Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail."
},
{
"value":"spamhaus-xbl",
"expanded":"Spamhaus Exploits Block List",
"description":"The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits."
},
{
"value":"spamhaus-pbl",
"expanded":"Spamhaus Policy Block List",
"description":"The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use."
},
{
"value":"spamhaus-css",
"expanded":"Spamhaus CSS",
"description":"The Spamhaus CSS list is an automatically produced dataset of IP addresses that are involved in sending low-reputation email. CSS mostly targets static spam emitters that are not covered in the PBL or XBL, such as snowshoe spam operations, but may also include other senders that display a risk to our users, such as compromised hosts."
},
{
"value":"spamhaus-drop",
"expanded":"Spamhaus Don't Route Or Peer",
"description":"Spamhaus Don't Route Or Peer (DROP) is an advisory 'drop all traffic' list. DROP is a tiny subset of the SBL which is designed for use by firewalls or routing equipment."
"expanded":"Spamhaus Domain Block List Spam Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of domain names with poor reputations used for spam."
},
{
"value":"spamhaus-phish",
"expanded":"Spamhaus Domain Block List Phish Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of domain names with poor reputations used for phishing."
},
{
"value":"spamhaus-malware",
"expanded":"Spamhaus Domain Block List Malware Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of domain names with poor reputations used to serve malware."
},
{
"value":"spamhaus-botnet-c2",
"expanded":"Spamhaus Domain Block List Botnet C2 Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of domain names with poor reputations used for botnet command and control."
},
{
"value":"spamhaus-abused-legit-spam",
"expanded":"Spamhaus Domain Block List Abused Legit Spam Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of abused legitimate domain names with poor reputations used for spam."
},
{
"value":"spamhaus-abused-spammed-redirector",
"expanded":"Spamhaus Domain Block List Abused Spammed Redirector Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of abused legitimate spammed domain names with poor reputations used as redirector domains."
},
{
"value":"spamhaus-abused-legit-phish",
"expanded":"Spamhaus Domain Block List Abused Legit Phish Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of abused legitimate domain names with poor reputations used for phishing."
},
{
"value":"spamhaus-abused-legit-malware",
"expanded":"Spamhaus Domain Block List Abused Legit Malware Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of abused legitimate domain names with poor reputations used to serve malware."
},
{
"value":"spamhaus-abused-legit-botnet-c2",
"expanded":"Spamhaus Domain Block List Abused Legit Botnet C2 Domain",
"description":"Spamhaus Domain Block List (DBL) is a list of abused legitimate domain names with poor reputations used for botnet command and control."
},
{
"value":"surbl-phish",
"expanded":"SURBL Phishing Sites",
"description":"Phishing data from multiple sources is included in this list. Data includes PhishTank, OITC, PhishLabs, Malware Domains and several other sources, including proprietary research by SURBL."
},
{
"value":"surbl-malware",
"expanded":"SURBL Malware Sites",
"description":"This list contains data from multiple sources that cover sites hosting malware. This includes OITC, abuse.ch, The DNS blackhole malicious site data from malwaredomains.com and others. Malware data also includes significant proprietary research by SURBL."
},
{
"value":"surbl-spam",
"expanded":"SURBL Spam Sites",
"description":"This list contains mainly general spam sites. It combines data from the formerly separate JP, WS, SC and AB lists. It also includes data from Internet security, anti-abuse, ISP, ESP and other communities, such as Telenor. Most of the data in this list comes from internal, proprietary research by SURBL."
},
{
"value":"surbl-abused-legit",
"expanded":"SURBL Abused Legit Sites",
"description":"This list contains data from multiple sources that cover cracked sites, including SURBL internal ones. Criminals steal credentials or abuse vulnerabilities to break into websites and add malicious content. Often cracked pages will redirect to spam sites or to other cracked sites. Cracked sites usually still contain the original legitimate content and may still be mentioned in legitimate emails, besides the malicious pages referenced in spam."
},
{
"value":"uribl-black",
"expanded":"URIBL Black",
"description":"URIBL Black list contains domain names belonging to and used by spammers, including but not restricted to those that appear in URIs found in Unsolicited Bulk and/or Commercial Email (UBE/UCE). This list has a goal of zero False Positives."
},
{
"value":"uribl-grey",
"expanded":"URIBL Grey",
"description":"URIBL Grey list contains domains found in UBE/UCE, and possibly honour opt-out requests. It may include ESPs which allow customers to import their recipient lists and may have no control over the subscription methods. This list can and probably will cause False Positives depending on your definition of UBE/UCE."
},
{
"value":"uribl-red",
"expanded":"URIBL Red",
"description":"URIBL Red list contains domains that actively show up in mail flow, are not listed on URIBL black, and are either: being monitored, very young (domain age via whois), or use whois privacy features to protect their identity. This list is automated in nature, so please use at your own risk."
},
{
"value":"uribl-multi",
"expanded":"URIBL Multi",
"description":"URIBL Multi list contains all of the public URIBL lists."
"description":"The IP abuse confidence score is high (76-100)."
},
{
"value":"medium-high",
"expanded":"Medium High",
"description":"The IP abuse confidence score is medium-high (51-75)."
},
{
"value":"medium",
"expanded":"Medium",
"description":"The IP abuse confidence score is medium (26-50)."
},
{
"value":"low",
"expanded":"Low",
"description":"The IP abuse confidence score is low (0-25)."
}
]
},
{
"predicate":"greynoise-riot",
"entry":[
{
"value":"trust-level-1",
"expanded":"Trust Level 1",
"description":"These IPs are trustworthy because the companies or services assigned are generally responsible for the interactions with this IP. Adding these ranges to an allow-list may make sense."
},
{
"value":"trust-level-2",
"expanded":"Trust Level 2",
"description":"These IPs are somewhat trustworthy because they are necessary for regular and common business internet use. Companies that own these IPs typically do not claim responsibility or have accountability for interactions with these IPs. Malicious actions may be associated with these IPs but adding this entire range to a block-list does not make sense."