# EDIT THIS FILE AS YOU LIKE TO ADD OR REMOVE ANY BAD IP ADDRESSES OR IP RANGES YOU WANT TO BLOCK ###

##############################################################################                                                                
#       _  __     _                                                          #
#      / |/ /__ _(_)__ __ __                                                 #
#     /    / _ `/ / _ \\ \ /                                                 #
#    /_/|_/\_, /_/_//_/_\_\                                                  #
#       __/___/      __   ___       __     ___  __         __                #
#      / _ )___ ____/ /  / _ )___  / /_   / _ )/ /__  ____/ /_____ ____      #
#     / _  / _ `/ _  /  / _  / _ \/ __/  / _  / / _ \/ __/  '_/ -_) __/      #
#    /____/\_,_/\_,_/  /____/\___/\__/  /____/_/\___/\__/_/\_\\__/_/         #
#                                                                            #
##############################################################################                                                                

# This is merely an example and gets auto included as since Version 2.2017.07 introduced on 2017-04-20
# This file must exist on your system or Nginx will fail a reload due to a missing file
# For all intensive purpose you can delete everything inside this file and leave it
# completely blank if you do not want your Nginx Blocker to do any blocking of bad IP's

	104.223.37.150		1;
	104.5.92.27			1;
	107.150.63.170		1;
	109.236.83.247		1;
	137.74.49.205		1;
	137.74.49.208		1;
	146.0.74.150		1;
	148.251.54.44		1;
	149.56.151.180		1;
	149.56.232.146		1;
	150.70.0.0/16		1;
	151.80.27.90		1;
	151.80.99.90		1;
	151.80.99.91		1;
	154.16.199.144		1;
	154.16.199.34		1;
	154.16.199.48		1;
	154.16.199.78		1;
	158.69.142.34		1;
	166.62.80.172		1;
	173.212.192.219		1;
	173.234.11.105		1;
	173.234.153.106		1;
	173.234.153.30		1;
	173.234.175.68		1;
	173.234.31.9		1;
	173.234.38.25		1;
	176.126.245.213		1;
	178.238.234.1		1;
	185.35.63.128		1;
	185.100.87.238		1;
	185.115.125.99		1;
	185.119.81.11		1;
	185.119.81.63		1;
	185.119.81.77		1;
	185.119.81.78		1;
	185.130.225.65		1;
	185.130.225.66		1;
	185.130.225.83		1;
	185.130.225.90		1;
	185.130.225.94		1;
	185.130.225.95		1;
	185.130.226.105		1;
	185.153.197.103		1;
	185.159.36.6		1;
	185.47.62.199		1;
	185.62.190.38		1;
	185.70.105.161		1;
	185.70.105.164		1;
	185.85.239.156		1;
	185.85.239.157		1;
	185.86.13.213		1;
	185.86.5.199		1;
	185.86.5.212		1;
	185.92.72.88		1;
	185.93.185.11		1;
	185.93.185.12		1;
	185.183.96.33		1;
	188.209.52.101		1;
	190.152.223.27		1;
	191.96.249.29		1;
	192.69.89.173		1;
	193.201.224.205		1;
	195.154.183.190		1;
	195.229.241.174		1;
	200.7.105.43		1;
	210.212.194.60		1;
	216.218.147.194		1;
	220.227.234.129		1;
	23.253.230.158		1;
	23.89.159.176		1;
	31.170.160.209		1;
	45.32.186.11		1;
	45.76.21.179		1;
	46.249.38.145		1;
	46.249.38.146		1;
	46.249.38.148		1;
	46.249.38.149		1;
	46.249.38.150		1;
	46.249.38.151		1;
	46.249.38.152		1;
	46.249.38.153		1;
	46.249.38.154		1;
	46.249.38.159		1;
	51.255.172.22		1;
	5.39.218.232		1;
	5.39.219.24			1;
	5.39.222.18			1;
	5.39.223.134		1;
	54.213.16.154		1;
	54.213.9.111		1;
	62.210.146.49		1;
	62.210.88.4			1;
	65.98.91.181		1;
	69.162.124.237		1;
	69.64.147.24		1;
	72.8.183.202		1;
	77.247.178.191		1;
	77.247.178.47		1;
	77.247.181.219		1;
	78.31.184.0/21		1;
	78.31.211.0/24		1;
	79.110.128.17		1;
	79.110.128.63		1;
	79.110.128.252		1;
	79.110.128.128		1;
	80.87.205.10		1;
	80.87.205.11		1;
	85.17.230.23		1;
	85.17.26.68			1;
	91.185.190.172		1;
	91.200.12.0/22		1;
	91.200.12.15		1;
	91.200.12.49		1;
	91.200.12.91		1;
	92.222.66.137		1;
	93.238.198.203		1;
	93.238.196.48		1;
	93.104.209.11		1;
	93.158.200.103		1;
	93.158.200.105		1;
	93.158.200.115		1;
	93.158.200.124		1;
	93.158.200.126		1;
	93.158.200.66		1;
	93.158.200.68		1;
	93.238.202.44		1;

# Cyveillance / Qwest Communications / PSINET
# *******************************************
# I am extensively researching this subject - appears to be US government involved
# and also appears to be used by all sorts of law enforcement agencies. For one they 
# do not obey robots.txt and continually disguise their User-Agent strings. Time will
# tell if this is all correct or not.
# For now see - https://en.wikipedia.org/wiki/Cyveillance

# IMPORTANT UPDATE ON Cyveillance / Qwest Communications !!!
# **********************************************************
# I have done a lot of research on Cyveillance now and through monitoring my logs I know
# for sure what companies are using them and what they are actually looking for.
# My research has led me to understand that Cyveillance services are used by hundreds
# of companies to help them dicsover theft of copyrighted materials like images, movies
# music and other materials. I personally believe a lot of block lists who originally recommended
# blocking Cyveillance have done so to protect their torrent or p2p sites from being scanned.
# I personally have now unblocked them as image theft is a big problem of mine but if you
# do want to block Cyveillance you can simply modify the entries in the block below from "0" to "1"
# Getty Images is one such company who appears to use Cyveillance to help monitor for copyright theft.
  
# If you really do want to block them change all the 0's below to 1.
# Use this section at YOUR OWN RISK, you may block some legitimate networks but after many hours of
# Research this is now the completely updated list of all IP ranges IPV4 and IPV6 owned Qwest Communications
# PSINET and Cyveillance

# IMPORTANT NOTE: If you really want to keeps bot and things out of certain parts of your web site
# Rather implement a comlex Google Recaptcha to reach sections of your sites and for people to be able
# to access download links. Google Recaptcha with images is too complex for any bot.

	206.2.138.0/23		0;
	208.71.164.0/22		0;
	38.100.19.8/29		0;
	38.100.21.0/24		0;
	38.100.41.64/26		0;
	38.105.71.0/25		0;
	38.105.83.0/27		0;
	38.112.21.140/30	0;
	38.118.42.32/29		0;
	4.17.135.32/27		0;
	63.144.0.0/13		0;
	65.112.0.0/12		0;
	65.192.0.0/11		0;
	65.192.0.0/11		0;
	65.213.208.128/27	0;
	65.222.176.96/27	0;
	65.222.185.72/29	0;

# ****************
# Berkely Scanner
# ****************

# The Berkeley University has a scanner testing all over the web sending a complex
# payload an expecting a reply from servers who are infected or who just respond to such
# a payload. The payload looks similar to this
# "$\xC9\xE1\xDC\x9B+\x8F\x1C\xE71\x99\xA8\xDB6\x1E#\xBB\x19#Hx\xA7\xFD\x0F9-"
# and is sometime VERY long. You may have noticed this in your logs.
# I support research projects and all my servers respond with an error to this type of
# string so I do not block them but if you want to block just uncomment the following line 
# or email them asking them not to scan your server. They do respond.
# Visit http://169.229.3.91/ for more info

# If you really do want to block them change all the 0 below to 1.

	169.229.3.91		0;