University Information Security (UIS) staff have identified items of interest as listed below in comma-separated values (CSV) files.  These items of interest are identified through direct observations of activity, through reports received by UIS, or other sources.

How you use the information is up to you.  For example, you may choose to block connectivity to IP addresses listed.

Use this information to inform your own security decisions, but please be aware of the following:

  • Your use of this information is at your own discretion.
  • You may use this information in other applications, including for commercial purposes, provided you include the Disclaimer text on this page.
  • You are responsible for the effects of using this information.
  • There is no warranty, i.e., this information is provided "as is" only.
  • The data represents a subjective viewpoint, not a claim of fact.

Data Files

File Name and Link Description Update Frequency

Brute Force SSH Sources

List of IPs responsible for large numbers of failed logins for commonly targeted account names over the past three days. Every 24 hours

Sources of odd or suspicious activity

IP addresses observed behaving in odd or suspicious ways are listed here. Every 24 hours

Sources of odd or suspicious activity (short duration)

IP addresses observed behaving in odd or suspicious ways are listed here. This is a short-duration list. Hourly

Sources of unauthorized logins

These IP addresses are sources of recent unauthorized logins. Steps are taken to ensure that sources of legitimate logins are excluded to reduce the likelihood of false positives (e.g., where someone mistypes a password).

Every 24 hours

Hostile web clients

Web clients making requests on systems for content that does not exist (and for several years has not existed) are added to this list. Sources are web server logs from specific hosts that do not provide actual content.

Every 24 hours