With an active Threat Prevention license, Palo Alto
Networks provides built-in IP address EDLs that you can use to protect
against malicious hosts.
Palo Alto Networks Bulletproof IP Addresses
IP addresses provided by bulletproof hosting providers. Because
bulletproof hosting providers place few, if any, restrictions on
content, attackers frequently use these services to host and distribute
malicious, illegal, and unethical material.
Palo Alto Networks High-Risk IP Addresses
malicious IP addresses from threat advisories issued by trusted
third-party organizations. Palo Alto Networks compiles the list
of threat advisories, but does not have direct evidence of the maliciousness
of the IP addresses.
Palo Alto Networks Known Malicious IP Addresses
IP addresses that are verified malicious based on WildFire analysis,
Unit 42 research, and data gathered from telemetry (Share
Threat Intelligence with Palo Alto Networks). Attackers use
these IP addresses almost exclusively to distribute malware, initiate command-and-control
activity, and launch attacks.
Palo Alto Networks Tor Exit IP Addresses
IP addresses supplied by multiple providers and validated with Palo
Alto Networks threat intelligence data as active Tor exit nodes.
Traffic from Tor exit nodes can serve a legitimate purpose, however,
is disproportionately associated with malicious activity, especially
in enterprise environments.