Status:  Production
Type:  
IPv4, IPv6

Cloud DNS:  <key>.exploit.mail.abusix.zone.
Rsync File
:  lists/exploit.zone

Return Codes:  127.0.0.4
Test Points
:  127.0.0.2, 127.0.0.4, ::FFFF:7F00:2, ::FFFF:7F00:4

Listing duration:  Approximately 5.2 days from when traffic was last seen 

Description

This list is built by observing the behaviour of hosts connecting to our traps and partners mail services.

It contains any IP address we observe that behaves in certain ways that a genuine SMTP client never would, so any IPs found on this list will either be compromised, botnet/virus infected, proxies, VPNs, TOR exit nodes or IPs that are NAT'ing for these hosts.

This list can also be safely used to check each "Received" header hop found within a message.

Example query:

$ host 2.0.0.127.<key>.exploit.mail.abusix.zone.
2.0.0.127.<key>.exploit.mail.abusix.zone has address 127.0.0.4



Did this answer your question?