What are the abuse.ch blocklists?

abuse.ch operates several security-focused blocklists targeting **malware**, botnets, and compromised infrastructure. These lists focus on security threats rather than spam, but email systems may query them to block **malware** distribution.

Impact Level: Low for email, but High for security-focused filtering.

abuse.ch projects:

• spam.abuse.ch - IPs associated with spam campaigns
• drone.abuse.ch - Botnet drone/zombie machines
• combined.abuse.ch - Combined list
• URLhaus - Malware distribution URLs
• Feodo Tracker - Banking trojan C&C servers

What triggers listing:

• Participating in botnet activity
• Hosting or distributing **malware**
• Command and control server activity
• Active exploitation of compromised systems

Delisting: abuse.ch lists are security-focused. If your IP appears, you likely have a serious compromise to address. Contact them after cleaning your systems.

How to check: abuse.ch

abuse.ch watches for the pirates and smugglers of the internet - their listings indicate security incidents, not just spam complaints.