Type: IPv4, IPv6
Cloud DNS: <key>.exploit.mail.abusix.zone.
Rsync File: lists/exploit.zone
Return Codes: 127.0.0.4
Test Points: 127.0.0.2, 127.0.0.4, ::FFFF:7F00:2, ::FFFF:7F00:4
Listing duration: Approximately 5.2 days from when traffic was last seen
This list is built by observing the behaviour of hosts connecting to our traps and partners mail services.
It contains any IP address we observe that behaves in certain ways that a genuine SMTP client never would, so any IPs found on this list will either be compromised, botnet/virus infected, proxies, VPNs, TOR exit nodes or IPs that are NAT'ing for these hosts.
This list can also be safely used to check each "Received" header hop found within a message.
$ host 18.104.22.168.<key>.exploit.mail.abusix.zone.
22.214.171.124.<key>.exploit.mail.abusix.zone has address 127.0.0.4