Table of DroneBL threat classes
This is the list of classes under which a nefarious / compromised host can be categorized. This list is also available in plain text or as CSV for scripting purposes.
Id | Description |
---|---|
1 | Testing class. |
2 | Sample data used for heruistical analysis |
3 | IRC spam drone (litmus/sdbot/fyle) |
5 | Bottler (experimental) |
6 | Unknown worm or spambot |
7 | DDoS drone |
8 | Open SOCKS proxy |
9 | Open HTTP proxy |
10 | Proxychain |
11 | Web Page Proxy |
12 | Open DNS Resolver |
13 | Automated dictionary attacks |
14 | Open WINGATE proxy |
15 | Compromised router / gateway |
16 | Autorooting worms |
17 | Automatically determined botnet IPs (experimental) |
18 | Possibly compromised DNS/MX type hostname detected on IRC |
19 | Abused VPN Service |
255 | Uncategorized threat class |