Table of DroneBL threat classes
This is the list of classes under which a nefarious / compromised host can be categorized. This list is also available in plain text or as CSV for scripting purposes.
| Id | Description |
|---|---|
| 1 | Testing class. |
| 2 | Sample data used for heruistical analysis |
| 3 | IRC spam drone (litmus/sdbot/fyle) |
| 5 | Bottler (experimental) |
| 6 | Unknown worm or spambot |
| 7 | DDoS drone |
| 8 | Open SOCKS proxy |
| 9 | Open HTTP proxy |
| 10 | Proxychain |
| 11 | Web Page Proxy |
| 12 | Open DNS Resolver |
| 13 | Automated dictionary attacks |
| 14 | Open WINGATE proxy |
| 15 | Compromised router / gateway |
| 16 | Autorooting worms |
| 17 | Automatically determined botnet IPs (experimental) |
| 18 | Possibly compromised DNS/MX type hostname detected on IRC |
| 19 | Abused VPN Service |
| 255 | Uncategorized threat class |