Another redirector for your offensive operation infrastructure unless you're ready to add 50k network range to your nginx configuration file.
Redblock is nginx module for hiding your C2/phishing/etc infrastructure from sandboxes, threat scanners. Easily block IPs associated with hosting, cloud infrastructure, and known sandbox environments. you can use your own IPRanges Dataset.
Build the module with dependencies.
make install && make configure && makeFinal compiled library will be located at objs/ngx_http_redblock_module.so.
you will need to add it to /etc/nginx/nginx.conf
load_module objs/ngx_http_redblock_module.so;dataset location is /etc/nginx/redblock_ranges.bin you can change it in the code, you will have to copy the default dataset to that location.
cp ./ipv4_ranges.bin /etc/nginx/redblock_ranges.binYou'll need to restart nginx every time you rebuild the module.
service nginx restartnow you can see the blocked requests in error log.
you can encode the list of the ip address you want
python encode_dataset.py input_file output_file [--ipv4] [--ipv6]or update the current dataset by running
python palo_alto_edl_dataset.py