With an active Threat Prevention license, Palo Alto
Networks provides built-in IP address EDLs that you can use to protect
against malicious hosts.
Palo Alto Networks Bulletproof IP Addresses
IP addresses provided by bulletproof hosting providers. Because bulletproof
hosting providers place few, if any, restrictions on content, attackers frequently
use these services to host and distribute malicious, illegal, and unethical
Palo Alto Networks High-Risk IP Addresses
IP addresses from threat advisories issued by trusted third-party organizations.
Palo Alto Networks compiles the list of threat advisories, but does not
have direct evidence of the maliciousness of the IP addresses.
Palo Alto Networks Known Malicious IP Addresses
IP addresses that are verified malicious based on WildFire analysis, Unit
42 research, and data gathered from telemetry (Share
Threat Intelligence with Palo Alto Networks). Attackers use
these IP addresses almost exclusively to distribute malware, initiate
command-and-control activity, and launch attacks.