One of the biggest challenges with having content that’s accessible on the Internet is the ability for threat-actors to constantly access it.

More often than not, these threat-actors use various hosting providers to support their efforts. The problem is not necessarily with the hosting providers, but rather some of their customers.

In attempt to help minimize the noise that these threat-actors create, I created a project called Molasses-Masses. This project creates a daily and dynamically updated list of hosting provider subnets based off their BGP autonomous system numbers that are published to the Internet routing table. You can use these dynamically updated lists in your security policies.

Naturally, if you happen to have something hosted with these providers, make sure to whitelist them first.

This is primarily based off attacks I have noticed to my lab environment but I have a strong suspicion these threats might trying other destinations out there.

Today, this project is currently tracking 15686 IPv4 Subnets and 2495 IPv6 Subnets.

View the Github repository here.