These are the IP addresses of the most active Botnets/Zombies/Scanners DST = France & Belgium
⚠Since these are malicious IP addresses that are bumping, you need to create rules based on WAN to LAN⚠
blacklist_ips_for_fortinet_firewall_aa.txt
botnets_zombies_scanner_spam_ips.txt (full list)
- WannaCry Variant SMB Connection
- CVE-2014-8361 RCE
- CVE-2015-7755 RCE
- CVE-2016-6277 RCE
- CVE-2016-6563 RCE
- CVE-2017-6884 RCE
- CVE-2017-17215 RCE
- CVE-2018-10561 RCE
- CVE-2018-0125 RCE
- CVE-2019-9082 RCE
- CVE-2022-47945 RCE
- CVE-2023-30891 RCE
- FortiNAC CVE-2023-33299 RCE
- CVE-2024-4577 RCE
- SSH Alternative Bruteforcer
- SSH Bruteforcer
- Generic IoT Bruteforcer
- Apache HTTP Server Path Traversal
- Generic Path Traversal
Etc.
I have created specific lists for Fortinet firewall users following the limitation set by Fortinet:
blacklist_ips_for_fortinet_firewall_aa.txt
- etc.
Also, you will need to fork the list and split it into 130,000 entries per file. In this way, you can validate it in your Threat feeds of your Fortinet Firewall.
PS: this list will be updated every 24/48h
Support our work with a donation 👉 https://www.paypal.com/donate/?hosted_button_id=YDTWBDBS7CPLN