ada5f27d — CN www.microsoft.com, +6 hosts cross-ASNe65de673 — CN yahoo.com, +6 hosts (ATS proxy)aa4c8391 — CN github.com, +5 hosts3263edf2 — CN *.max.ru wildcard, +11 hosts6701d6dc (5 hosts) & Twitch 4656e0f4 (7 hosts, DV)APT-specific blocklists (apt-*) target Russian APT infrastructure only. Unified blocklists (aptw-*) merge our data with external feeds (FireHOL, StevenBlack, URLhaus, AbuseIPDB) for broader Pi-hole / firewall coverage.
Patterns discovered from vulnerability scan fingerprinting — SSL certificates, port signatures, and hosting indicators that link unknown hosts to known APT infrastructure.
Run a query and download the results as CSV directly from the browser.
Servers detected as proxy/staging nodes coordinating C2 traffic. High confidence = strong proxy + multi-C2 signal.
New IPs, subnets, and ASNs identified through enrichment, subnet adjacency, and correlation analysis.
Geolocation, ASN, and hosting data gathered from online APIs for known IOCs.
Top ASNs hosting threat infrastructure — ranked by IOC density.
Queries Shodan InternetDB directly from browser (free, no key). Optional VirusTotal with your API key (never stored).
Generate a STIX 2.1 bundle from scored IOCs. Filtered client-side from the loaded database.
Generate Suricata alert rules for scored IPv4 IOCs.
Build a filtered blocklist using v3 scoring criteria. Output in plain IP list format (compatible with firewalls, Pi-hole, etc.).
Schema, build history, data volumes, attribution activity, and the intelligence notes curated during research.