Skip to content
Permalink
master
Switch branches/tags

masscan/data/exclude.conf

Go to file
 
 
Cannot retrieve contributors at this time
513 lines (489 sloc) 11.3 KB
Raw Blame
# http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
# http://tools.ietf.org/html/rfc5735
# "This" network
0.0.0.0/8
# Private networks
10.0.0.0/8
# Carrier-grade NAT - RFC 6598
100.64.0.0/10
# Host loopback
127.0.0.0/8
# Link local
169.254.0.0/16
# Private networks
172.16.0.0/12
# IETF Protocol Assignments
192.0.0.0/24
# DS-Lite
192.0.0.0/29
# NAT64
192.0.0.170/32
# DNS64
192.0.0.171/32
# Documentation (TEST-NET-1)
192.0.2.0/24
# 6to4 Relay Anycast
192.88.99.0/24
# Private networks
192.168.0.0/16
# Benchmarking
198.18.0.0/15
# Documentation (TEST-NET-2)
198.51.100.0/24
# Documentation (TEST-NET-3)
203.0.113.0/24
# Reserved
240.0.0.0/4
# Limited Broadcast
255.255.255.255/32
#Received: from elbmasnwh002.us-ct-eb01.gdeb.com ([153.11.13.41]
# helo=ebsmtp.gdeb.com) by mx1.gd-ms.com with esmtp (Exim 4.76) (envelope-from
# <bmandes@gdeb.com>) id 1VS55c-0004qL-0F for support@erratasec.com; Fri, 04
# Oct 2013 09:06:40 -0400
#To: <support@erratasec.com>
#CC: <ebsoc@gdeb.com>
#Subject: Scanning and Probing our network
#From: Robert Mandes <bmandes@gdeb.com>
#Date: Fri, 4 Oct 2013 09:06:36 -0400
#
#Stop scanning and probing our network, 153.11.0.0/16. We are a defense
#contractor and report to Federal law enforcement authorities when scans
#and probes are directed at our network. I assume you don't want to be
#part of that report. Please permanently remove our network range from
#your current and future research.
#
#Thank you
#
#Robert Mandes
#Information Security Officer
#General Dynamics
#Electric Boat
#
#C 860-625-0605
#P 860-433-1553
153.11.0.0/16
#Date: Mon, 7 Oct 2013 17:25:41 -0700
#Subject: Re: please stop the attack to our router
#From: Di Li <di@egihosting.com>
#
#Make sure you stop the scan immediately, that's not OK for any company or
#organization scan our network at all.
#
#If you fail to do that we will block whole traffic from ASN 10439, and we
#will fail a police report after that.
#
#Let me know when you stop, since we still receive the attack from you, and
#by the way your scan are not going anywhere, it's was dropped from our edge
#since the first 5 scan
#
#Oct 7 17:17:32:I:SNMP: Auth. failure, intruder IP: 209.126.230.72
#...
#Oct 7 16:55:27:I:SNMP: Auth. failure, intruder IP: 209.126.230.72
#
#Di
4.53.201.0/24
5.152.179.0/24
8.12.162.0-8.12.164.255
8.14.84.0/22
8.14.145.0-8.14.147.255
8.17.250.0-8.17.252.255
23.27.0.0/16
23.231.128.0/17
37.72.172.0/23
38.72.200.0/22
50.93.192.0-50.93.197.255
50.115.128.0/20
50.117.0.0/17
50.118.128.0/17
63.141.222.0/24
64.62.253.0/24
64.92.96.0/19
64.145.79.0/24
64.145.82.0/23
64.158.146.0/23
65.49.24.0/24
65.49.93.0/24
65.162.192.0/22
66.79.160.0/19
66.160.191.0/24
68.68.96.0/20
69.46.64.0/19
69.176.80.0/20
72.13.80.0/20
72.52.76.0/24
74.82.43.0/24
74.82.160.0/19
74.114.88.0/22
74.115.0.0/24
74.115.2.0/24
74.115.4.0/24
74.122.100.0/22
75.127.0.0/24
103.251.91.0/24
108.171.32.0/24
108.171.42.0/24
108.171.52.0/24
108.171.62.0/24
118.193.78.0/23
130.93.16.0/23
136.0.0.0/16
142.111.0.0/16
142.252.0.0/16
146.82.55.93
149.54.136.0/21
149.54.152.0/21
166.88.0.0/16
172.252.0.0/16
173.245.64.0/19
173.245.194.0/23
173.245.220.0/22
173.252.192.0/18
178.18.16.0/22
178.18.26.0-178.18.29.255
183.182.22.0/24
192.92.114.0/24
192.155.160.0/19
192.177.0.0/16
192.186.0.0/18
192.249.64.0/20
192.250.240.0/20
194.110.214.0/24
198.12.120.0-198.12.122.255
198.144.240.0/20
199.33.120.0/24
199.33.124.0/22
199.48.147.0/24
199.68.196.0/22
199.127.240.0/21
199.187.168.0/22
199.188.238.0/23
199.255.208.0/24
203.12.6.0/24
204.13.64.0/21
204.16.192.0/21
204.19.238.0/24
204.74.208.0/20
205.159.189.0/24
205.164.0.0/18
205.209.128.0/18
206.108.52.0/23
206.165.4.0/24
208.77.40.0/21
208.80.4.0/22
208.123.223.0/24
209.51.185.0/24
209.54.48.0/20
209.107.192.0/23
209.107.210.0/24
209.107.212.0/24
211.156.110.0/23
216.83.33.0-216.83.49.255
216.83.51.0-216.83.63.255
216.151.183.0/24
216.151.190.0/23
216.172.128.0/19
216.185.36.0/24
216.218.233.0/24
216.224.112.0/20
#Received: from [194.77.40.242] (HELO samba.agouros.de)
# for abuse@erratasec.com; Sat, 12 Oct 2013 09:55:35 -0500
#Received: from rumba.agouros.de (rumba-internal [192.168.8.1]) by
# samba.agouros.de (Postfix) with ESMTPS id 9055FBAD1D for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#Received: from rumba.agouros.de (localhost [127.0.0.1]) by rumba.agouros.de
# (Postfix) with ESMTP id 7B5DD206099 for <abuse@erratasec.com>; Sat, 12 Oct
# 2013 16:55:32 +0200 (CEST)
#Received: from localhost.localdomain (localhost [127.0.0.1]) by
# rumba.agouros.de (Postfix) with ESMTP id 5FBC420601D for
# <abuse@erratasec.com>; Sat, 12 Oct 2013 16:55:32 +0200 (CEST)
#To: <abuse@erratasec.com>
#Subject: Loginattempts from Your net
#Message-ID: <20131012145532.5FBC420601D@rumba.agouros.de>
#Date: Sat, 12 Oct 2013 16:55:32 +0200
#From: <elwood@agouros.de>
#
#The address 209.126.230.72 from Your network tried to log in to
#our network using Port 22 (1)/tcp. Below You will find a listing of the dates and
#times the incidents occured as well as the attacked IP-Addresses.
#This is a matter of concern for us and continued tries might result in
#legal action. If the machine was victim to a hack take it offline, repair
#the damage and use better protection next time.
#The times included are in Central European (Summer) Time.
#Date Sourceip port destips
#
#07.10.2013 22:34:40 CEST 209.126.230.72 22 194.77.40.242 (1)
#08.10.2013 01:44:15 CEST 209.126.230.72 22 194.77.40.246 (1)
#
#Regards,
#Konstantin Agouros
194.77.40.242
194.77.40.246
#Received: from [165.160.9.58] (HELO mx2.cscinfo.com)
#X-Virus-Scanned: amavisd-new at cscinfo.com
#Received: from mx2.cscinfo.com ([127.0.0.1]) by localhost
# (plmail02.wil.csc.local [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
# GGQ7EiQaK2P0 for <protodev@erratasec.com>; Wed, 30 Oct 2013 09:26:00 -0400
# (EDT)
#Received: from casarray.cscinfo.com (pwmailch02.cscinfo.com [172.20.53.94]) by
# mx2.cscinfo.com (Postfix) with ESMTPS id 4BA5E58170 for
# <protodev@erratasec.com>; Wed, 30 Oct 2013 09:26:00 -0400 (EDT)
#Received: from PWMAILM02.cscinfo.com ([169.254.7.52]) by
# PWMAILCH02.cscinfo.com ([172.20.53.94]) with mapi id 14.02.0247.003; Wed, 30
# Oct 2013 09:26:00 -0400
#From: "Derksen, Bill" <bderksen@cscinfo.com>
#Subject: Unauthorized Scanning
#Date: Wed, 30 Oct 2013 13:25:59 +0000
#Message-ID: <1F80316A0C861F40A9A88F18465F138E01EF885F@PWMAILM02.cscinfo.com>
#x-originating-ip: [172.31.252.72]
#
#We have detected unauthorized activity from your systems on our public netw=
#ork. Please suspend scanning of our networks immediately.
#
#Our network block is 165.160/16
#
#Further scanning will result in reports of unauthorized activity being file=
#d with law enforcement agencies.
#
#Corporation Service Company
#
#
#
#________________________________
#
#NOTICE: This e-mail and any attachments is intended only for use by the add=
#ressee(s) named herein and may contain legally privileged, proprietary or c=
#onfidential information. If you are not the intended recipient of this e-ma=
#il, you are hereby notified that any dissemination, distribution or copying=
# of this email, and any attachments thereto, is strictly prohibited. If you=
# receive this email in error please immediately notify me via reply email o=
#r at (800) 927-9800 and permanently delete the original copy and any copy o=
#f any e-mail, and any printout.
165.160.0.0/16
#******************************
#Greetings from the IT Security Team at Utah State University.
#
#We have detected network activity that might be suspicious or
#malicious. We think it might be sourced from your network. We
#include IP Addresses as well as description, log snippets, and
#other useful information.
#
#Please review this information or forward to the responsible person.
129.123.0.0/16
144.39.0.0/16
204.113.91.0/24
#On Friday, November 17th 2017 starting at 03:39 EST (UTC-5:00), part of the
#Physics Network at McGill University (132.206.9.0/24, 132.206.123.0/24
#and/or 132.206.125.0/24) was scanned from xxx.xxx.xxx.xxx (see syslog
#snippet below). The scan targetted the domain service (port 53/udp). We
#consider this scan to be an attempt to unlawfully access or abuse our
#network (intentionally or as a result of virus or worm activity).
132.206.9.0/24
132.206.123.0/24
132.206.125.0/24
#
# Add DOD + US Military, often not a great idea to scan military ranges.
# If you desire, you can comment these ranges out.
#
6.0.0.0/8
7.0.0.0/8
11.0.0.0/8
21.0.0.0/8
22.0.0.0/8
26.0.0.0/8
28.0.0.0/8
29.0.0.0/8
30.0.0.0/8
33.0.0.0/8
55.0.0.0/8
205.0.0.0/8
214.0.0.0/8
215.0.0.0/8
#******************************
#Janet is a UK research and education network!
#Please DO NOT scan, you been warned!
31.25.0.0/23
31.25.2.0/23
31.25.4.0/22
37.72.112.0/21
46.254.200.0/21
81.87.0.0/16
85.12.64.0/18
89.207.208.0/21
92.245.224.0/19
128.16.0.0/16
128.40.0.0/16
128.41.0.0/18
128.86.0.0/16
128.232.0.0/16
128.240.0.0/16
128.243.0.0/16
129.11.0.0/16
129.12.0.0/16
129.31.0.0/16
129.67.0.0/16
129.169.0.0/16
129.215.0.0/16
129.234.0.0/16
130.88.0.0/16
130.159.0.0/16
130.209.0.0/16
130.246.0.0/16
131.111.0.0/16
131.227.0.0/16
131.231.0.0/16
131.251.0.0/16
134.36.0.0/16
134.83.0.0/16
134.151.0.0/16
134.219.0.0/16
134.220.0.0/16
134.225.0.0/16
136.148.0.0/16
136.156.0.0/16
137.44.0.0/16
137.50.0.0/16
137.73.0.0/16
137.108.0.0/16
137.195.0.0/16
137.222.0.0/16
137.253.0.0/16
138.38.0.0/16
138.40.0.0/16
138.250.0.0/15
138.253.0.0/16
139.133.0.0/16
139.153.0.0/16
139.166.0.0/16
139.184.0.0/16
139.222.0.0/16
140.97.0.0/16
141.163.0.0/16
141.170.64.0/19
141.170.96.0/22
141.170.100.0/23
141.241.0.0/16
143.52.0.0/15
143.117.0.0/16
143.167.0.0/16
143.210.0.0/16
143.234.0.0/16
144.32.0.0/16
144.82.0.0/16
144.124.0.0/16
144.173.0.0/16
146.87.0.0/16
146.97.0.0/16
146.169.0.0/16
146.176.0.0/16
146.179.0.0/16
146.191.0.0/16
146.227.0.0/16
147.143.0.0/16
147.188.0.0/16
147.197.0.0/16
148.79.0.0/16
148.88.0.0/16
148.197.0.0/16
149.155.0.0/16
149.170.0.0/16
150.204.0.0/16
152.71.0.0/16
152.78.0.0/16
152.105.0.0/16
155.198.0.0/16
155.245.0.0/16
157.140.0.0/16
157.228.0.0/16
158.94.0.0/16
158.125.0.0/16
158.143.0.0/16
158.223.0.0/16
159.86.128.0/18
159.92.0.0/16
160.5.0.0/16
160.9.0.0/16
161.73.0.0/16
161.74.0.0/16
161.76.0.0/16
161.112.0.0/16
163.1.0.0/16
163.119.0.0/16
163.160.0.0/16
163.167.0.0/16
164.11.0.0/16
185.83.168.0/22
192.12.72.0/24
192.18.195.0/24
192.35.172.0/24
192.41.104.0/21
192.41.112.0/20
192.41.128.0/22
192.68.153.0/24
192.76.6.0/23
192.76.8.0/21
192.76.16.0/20
192.76.32.0/22
192.82.153.0/24
192.84.5.0/24
192.84.75.0/24
192.84.76.0/22
192.84.80.0/22
192.84.212.0/24
192.88.9.0/24
192.88.10.0/24
192.94.235.0/24
192.100.78.0/24
192.100.154.0/24
192.107.168.0/24
192.108.120.0/24
192.124.46.0/24
192.133.244.0/24
192.149.111.0/24
192.150.180.0/22
192.150.184.0/24
192.153.213.0/24
192.156.162.0/24
192.160.194.0/24
192.171.128.0/18
192.171.192.0/21
192.173.1.0/24
192.173.2.0/23
192.173.4.0/24
192.173.128.0/21
192.188.157.0/24
192.188.158.0/24
192.190.201.0/24
192.190.202.0/24
192.195.42.0/23
192.195.105.0/24
192.195.116.0/23
192.195.118.0/24
193.32.22.0/24
193.37.225.0/24
193.37.240.0/21
193.38.143.0/24
193.39.80.0/21
193.39.172.0/22
193.39.212.0/24
193.60.0.0/14
193.107.116.0/22
193.130.15.0/24
193.133.28.0/23
193.138.86.0/24
194.32.32.0/20
194.35.93.0/24
194.35.186.0/24
194.35.192.0/19
194.35.241.0/24
194.36.1.0/24
194.36.2.0/23
194.36.121.0/24
194.36.152.0/21
194.60.218.0/24
194.66.0.0/16
194.80.0.0/14
194.187.32.0/22
195.194.0.0/15
212.121.0.0/19
212.121.192.0/19
212.219.0.0/16