oracle.zzhreceive.top)APT-specific blocklists (apt-*) target Russian APT infrastructure only. Unified blocklists (aptw-*) merge our data with external feeds (FireHOL, StevenBlack, URLhaus, AbuseIPDB) for broader Pi-hole / firewall coverage.
Patterns discovered from vulnerability scan fingerprinting — SSL certificates, port signatures, and hosting indicators that link unknown hosts to known APT infrastructure.
Run a query and download the results as CSV directly from the browser.
Servers detected as proxy/staging nodes coordinating C2 traffic. High confidence = strong proxy + multi-C2 signal.
New IPs, subnets, and ASNs identified through enrichment, subnet adjacency, and correlation analysis.
Geolocation, ASN, and hosting data gathered from online APIs for known IOCs.
Top ASNs hosting threat infrastructure — ranked by IOC density.
Queries Shodan InternetDB directly from browser (free, no key). Optional VirusTotal with your API key (never stored).
Generate a STIX 2.1 bundle from scored IOCs. Filtered client-side from the loaded database.
Generate Suricata alert rules for scored IPv4 IOCs.
Build a filtered blocklist using v3 scoring criteria. Output in plain IP list format (compatible with firewalls, Pi-hole, etc.).