Command and Control

    command and control serversCnC servers for botnets such as Conficker, Kelihos, etc.
Botnets    known infected botshosts belonging to botnets such as Conficker, Kelihos, etc.
Spam    known spam sourcesservers sending spam, tunneling spam through proxies, forum spam
Scanners    hosts performing scanning or brute force attemptsprobes, port scans, brute force attempts
Endpoint Exploits    hosts distributing malware capable of expoiting endpoint systemsshellcode, rootkits, worms, or viruses
Web Exploits    hosts attempting to exploit web vulnerabilitiescross site scripting, iFrame injection, SQL injection, etc.
Drop Site    drop sites for logs or stolen credentials
Proxy/VPN    hosts providing proxy or VPN servicespublic anonymous proxy or VPN services
DDOS    hosts participating in a DDOS attack
Compromised    known compromised or hostile hostshosts that are compromised and usually serving malicious content, such as WebShells, but that aren't part of any particular botnet.
Fraudulent Activity    hosts participating in fraudulent activityphishing sites, ad click fraud, gaming fraud, etc.
Illegal Activity    hosts participating in illegal activitiesbuying and selling of stolen information, credit cards, credentials, etc.
Undesirable Activity    hosts participating in undesirable activities that aren't illegalhosting hacking programs or other potentially malicious information
P2P Node    hosts participating in a Peer to Peer network
Online Gaming    questionable online gaming sitesonline gaming sites such as Minecraft, Blizzard, etc.
Remote Access Server    servers providing remote access capabilitiessites similar to GoToMyPC, LogMeln, etc.
Tor/Anonymizers    hosts participating in a TOR or another anonymizing networkTOR nodes
Brute Force PasswordIP addresses associated with password brute force activity
Advanced Persistent ThreatsIP addresses associated with known Advanced Persistent Threat (APT) actors for command and control, data exfiltration, or targeted exploitation