I'm a bit late with my post but I want to share that in August the ioc2rpz community website (https://ioc2rpz.net) celebrated its 3 years anniversary.

Back when it had just 5 feeds with about 300k rules and now the community portal serves 18 feeds with over 13M rules not counting user defined TLD and country feeds. The community feeds (mostly based on OSINT) include malicious and phishing websites, adult content, ads and tracking domains filters.  Bfore.Ai's crime prevention predictive feed protects against newly registered, potentially phishing domains.

If you are interested in some statistics, the community website serves users from all continents except Antarctica (I wish that someone can spin up RpiDNS here :), 41 countries and 109 locations. The most downloaded feeds are: dga-360.ioc2rpz, doh.ioc2rpz, phishtank.ioc2rpz, urlhaus.ioc2rpz, blocklist-malicious.ioc2rpz and notracking.ioc2rpz

The community is non-profit and kind of my hobby so I don't really have a lot of time for maintenance. Luckily ioc2rpz technology (http://ioc2rpz.com, my open source project) was built on Erlang and robust enough so it doesn't really require a lot of care. If you want to know how to deploy it in your enterprise/ISP DM me.

The community is open for new users and if you want to protect your home, home office or even office a Raspberry Pi with community feeds can easily handle this task.

hBlock feed is a domain based feed which blocks ads, tracking scripts and malware. The feed is a compilation from multiple sources like adaway.org, AdBlock, AdGuard, DandelionSprout, EasyList, uBlock, Phishing Army etc. The feed is maintained by https://hblock.molinero.dev.

New DNS Firewall feed blox-ukraine-russia-conflict.ioc2rpz protects against malware, phishing, suspicious domains related to the war in Ukraine. It is provided by Infoblox Threat Intelligence Group. Details can be found in this cyber threat advisory.

The Covid-19 Cyber Threat Coalition has ceased operations. They are no longer maintain the blocklist. The feed will be removed by 2021-12-01.

ioc2rpz community portal just got 2 new DNS Firewall feeds powered by oisd:

• oisd-basic.ioc2rpz is a domain feed to block ads/trackers. It prioritizes functionality over blocking. 
• oisd-full.ioc2rpz is a  domain feed to block ads, (mobile) app ads, phishing, malvertising, malware, spyware, ransomware, cryptojacking, scam etc. It also blocks telemetry/analytics/tracking where not needed for proper functionality. 

The feeds do not interfere with: Torrent, Warez, Porn, Crypto Exchanges, News Satire, Slickdeals (or shopping sites in general), Google (shopping), Facebook, Twitter, Snapchat, Link Shortners, Affiliate/Tracking Links, Gambling, Surveys, etc. but you aways can use other feeds to block undesired content.

ioc2rpz community partnered with Bfore.Ai to introduce a new threat feed and make the whole world a bit more safe and secure.

Bfore.Ai is the first predictive threat feed in the market, the patented AI technology combined with hyperscale observation infrastructure predicts malicious domain names as their behaviour changes well before any other security solution or threat intelligence.

bforeai.ioc2rpz community feed includes malicious domains with the highest confidence score (less than 0.5% false positives) and up to 6 months of data. The community feed is degraded by a variable delay between 2 and 4 weeks (after the initial prediction). 

A live Bfore.Ai feed with more than 7M indicators and no time-limit is available commercially and it also includes benign domains for whitelisting, if you would like to trial it feel free to contact (https://bfore.ai) directly. Bfore.Ai feeds are available via API and ioc2rpz can help you to convert it to a DNS Firewall feed.

Two years ago @ BlackHat 2019 and Defcon 27 I introduced the ioc2rpz community. The community is powered by ioc2rpz (http://ioc2rpz.com) and provides DNS Firewall feeds free of charge. The feeds are based on OSINT and protect against malware, block ads & trackers and filtrate adult sites. 

In 2013, when I joined Infoblox, I learned about DNS Firewall and I was able to evaluate only Infoblox's feeds. I tried to find any other free feeds but I was out of luck. There were only a few vendors who provided DNS Firewall feeds only for a fee. 

Late in 2017 I started working on ioc2rpz technology and to promote it as well as educate the community on DNS Firewall in 2019 I created the ioc2rpz community. Back then the community offered 3 feeds to block malware, ads & trackers with about 300k rules. During the next 2 years I added new feeds, custom feeds and RpiDNS - a provisioning script and management user interface intended to run on Raspberry PI.

Early this year the project and the community portal got a first sponsor which helps me to cover some costs to run the service.

Right now ioc2rpz:

- maintains 13 feeds with about 11 million rules, which you still can use on a beefy Raspberry PI 4/8Gb at your home (can your NGFW do the same?). Top 5 RPZ community feeds includes: dga-360.ioc2rpz, doh.ioc2rpz, phishtank.ioc2rpz, malicious.ioc2rpz, notracking.ioc2rpz;

- provides the service to more than 50 members from 5 continents, 25 countries and 70 locations.

This proves that ioc2rpz can serve in an organization of any size. If you use TIP, subscribed for TI or generate your own TI, ioc2rpz can help you to transform your DNS server (if it supports RPZ) to a DNS Security layer.

I'm looking forward to introduce new features soon, to serve more community members and make this world a bit safer and secure.

You are welcome to join the community (https://ioc2rpz.net).

URLhaus is a project operated by abuse.ch (https://urlhaus.abuse.ch). The purpose of the project is to collect, track and share malware URLs, helping network administrators and security analysts to protect their network and customers from cyber threats. urlhaus.ioc2rpz feed contains only malicious domains.

malicious.iocr2pz feed was also updated to include URLHaus data.

RiskAnalytics decided to shut off their free threat intelligence feed which was used as a source for dns-bh.ioc2rpz. Unfortunately I was not able to negotiate a free access to the source for our community.

dns-bh.ioc2rpz feed is officially deprecated and will be removed from ioc2rpz community portal on 2021-03-01. Please reconfigure your DNS servers. 

I'm glad to announce a new ioc2rpz community website feature - custom country RPZ feeds. With the country based RPZ feeds you may extend your security polices to monitor or even block connections on DNS to resources located in specified countries. For example you may monitor/block connections to countries in US sanction list e.g. North Korea.

The feed has 3 flavours: TLDs, IPv4 and IPv6 networks. IPv4/IPv6 country information is powered by GeoLite2 data created by MaxMind. The country database is update weekly.

Country RPZ feeds are can be used to reduce your attack surface and/or to implement policies to restrict access due to some regulations or requirements. You need to be extra precautious deploying such feeds in production.