abuse.ch RBL

abuse.ch RBL was an IP-based blacklist operated by the Swiss security research organization abuse.ch, focused on tracking command-and-control servers, botnet nodes, and hosts distributing malware. Unlike traditional spam blacklists, abuse.ch RBL prioritized cybersecurity threats over bulk email abuse.

abuse.ch eventually consolidated its various DNSBL lists and shifted focus to its highly successful threat intelligence platforms — MalwareBazaar, Feodo Tracker, and ThreatFox — which offer richer structured data than a simple DNS blocklist. The standalone RBL has been discontinued.

abuse.ch RBL was populated from threat intelligence gathered through abuse.ch's security research network, honeypots, and partnerships with other researchers. IPs hosting C&C infrastructure, acting as botnet proxies, or actively distributing malware payloads were added to the list. Return codes indicated the threat category.

Since abuse.ch RBL has been discontinued, no action is required for this specific list. For current threat intelligence on malware-related IPs, refer to abuse.ch's active platforms at abuse.ch. If your IP appears on other active blacklists, address those separately.