Skip to main content

IP Intelligence

IP Intelligence provides you with additional information about any IP address you see in ngrok. It includes Autonomous System information, Geolocation data, as well as information fetched from 3rd parties that list IP address for blocklists or allowlists.

See the full list of IP Categories available here.

These variables can be used in Traffic Policy expressions, or they can be used to enrich your traffic via dynamic injection into headers or responses.

Client IP Intelligence

The following variables are available under the conn.client_ip namespace:

NameTypeDescription
conn.client_ip.categorieslistThe list of categories that classify the conn.client_ip. Check out our full list of categories.
conn.client_ip.is_on_blocklistbooleanThis is true if the conn.client_ip is listed on a blocklist. For more information about which blocklists are included here, please check out our list of categories.
conn.client_ip.is_tor_nodebooleanThis is true if the conn.client_ip is listed as a Tor exit node.

conn.client_ip.categories

The list of categories that classify the conn.client_ip. Check out our full list of categories.

# snippet
---
expressions:
  - "!('proxy.anonymous.tor' in conn.client_ip.categories)"

conn.client_ip.is_on_blocklist

This is true if the conn.client_ip is listed on a blocklist. For more information about which blocklists are included here, please check out our list of categories.

# snippet
---
expressions:
  - conn.client_ip.is_on_blocklist == true

conn.client_ip.is_tor_node

This is true if the conn.client_ip is listed as a Tor exit node.

# snippet
---
expressions:
  - conn.client_ip.is_tor_node == true

Client IP Autonomous System

The following variables are available under the conn.client_ip namespace:

NameTypeDescription
conn.client_ip.as.numberintegerThe Autonomous System Number of the conn.client_ip.
conn.client_ip.as.organizationstringThe Autonomous System Organization name of the conn.client_ip.

conn.client_ip.as.number

The Autonomous System Number of the conn.client_ip.

# snippet
---
expressions:
  - conn.client_ip.as.number == 12345

conn.client_ip.as.organization

The Autonomous System Organization name of the conn.client_ip.

# snippet
---
expressions:
  - conn.client_ip.as.organization == 'COMCAST-7922'

Client IP Geo Location

This is the location where the IP address is located, which may be different from where the IP address is registered. For more details, see the MaxMind documentation.

NameTypeDescription
conn.client_ip.geo.location.citystringThe name of the city, in EN, where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.continentstringThe name of the continent, in EN, where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.countrystringThe name of the country, in EN, where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.country_codestringThe two-letter ISO country code where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.is_eubooleanDetermines if the conn.client_ip is located in the EU. Helpful for GDPR compliance.
conn.client_ip.geo.location.latitudestringThe approximate latitude where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.longitudestringThe approximate longitude where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.metro_codestringThe metro code where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.postal_codestringThe postal code where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.radiusstringThe radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.subdivisionstringThe name of the subdivision, in EN, where the conn.client_ip is likely to originate.
conn.client_ip.geo.location.timezonestringThe name of the timezone where the conn.client_ip is likely to originate.

conn.client_ip.geo.location.city

The name of the city, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.city == 'Strongsville'

conn.client_ip.geo.location.continent

The name of the continent, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.continent == 'North America'

conn.client_ip.geo.location.country

The name of the country, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.country == 'United States'

conn.client_ip.geo.location.country_code

The two-letter ISO country code where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.country_code != 'US'

conn.client_ip.geo.location.is_eu

Determines if the conn.client_ip is in the EU. Helpful for GDPR compliance.

# snippet
---
expressions:
  - conn.client_ip.geo.location.is_eu == true

conn.client_ip.geo.location.latitude

The approximate latitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - double(conn.client_ip.geo.location.latitude) >= 45.0

conn.client_ip.geo.location.longitude

The approximate longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - double(conn.client_ip.geo.location.longitude) <= -93.0

conn.client_ip.geo.location.metro_code

The metro code where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.metro_code != ''

conn.client_ip.geo.location.postal_code

The postal code where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.postal_code == '94324'

conn.client_ip.geo.location.radius

The radius in kilometers around the latitude and longitude where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.radius <= '5'

conn.client_ip.geo.location.subdivision

The name of the subdivision, in EN, where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.subdivision == 'California'

conn.client_ip.geo.location.timezone

The name of the timezone where the conn.client_ip is likely to originate.

# snippet
---
expressions:
  - conn.client_ip.geo.location.timezone == 'America/New_York'

Client IP Registered Geo Location

This is the location where the IP address is registered, which may be different from where the IP address is located. For more details, see the MaxMind documentation.

NameTypeDescription
conn.client_ip.geo.registered_location.citystringThe name of the city, in EN, where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.continentstringThe name of the continent, in EN, where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.countrystringThe name of the country, in EN, where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.country_codestringThe two-letter ISO country code where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.is_eubooleanDetermines if the conn.client_ip is registered in the EU. Helpful for GDPR compliance.
conn.client_ip.geo.registered_location.metro_codestringThe metro code where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.subdivisionstringThe name of the subdivision, in EN, where the conn.client_ip is registered.
conn.client_ip.geo.registered_location.timezonestringThe name of the timezone where the conn.client_ip is registered.

conn.client_ip.geo.registered_location.city

The name of the city, in EN, where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.city == 'Strongsville'

conn.client_ip.geo.registered_location.continent

The name of the continent, in EN, where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.continent == 'North America'

conn.client_ip.geo.registered_location.country

The name of the country, in EN, where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.country == 'United States'

conn.client_ip.geo.registered_location.country_code

The two-letter ISO country code where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.country_code != 'US'

conn.client_ip.geo.registered_location.is_eu

Determines if the conn.client_ip is in the EU. Helpful for GDPR compliance.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.is_eu == true

conn.client_ip.geo.registered_location.subdivision

The name of the subdivision, in EN, where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.subdivision == 'California'

conn.client_ip.geo.registered_location.metro_code

The metro code where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.metro_code != ''

conn.client_ip.geo.registered_location.timezone

The name of the timezone where the conn.client_ip is registered.

# snippet
---
expressions:
  - conn.client_ip.geo.registered_location.timezone == 'America/New_York'

Server IP Intelligence

The following variables are available under the conn.server_ip namespace:

NameTypeDescription
conn.server_ip.categorieslistThe list of categories that classify the conn.server_ip. Check out our full list of categories.
conn.server_ip.is_on_blocklistbooleanThis is true if the conn.server_ip is listed on a blocklist. For more information about which blocklists are included here, please check out our list of categories.
conn.server_ip.is_tor_nodebooleanThis is true if the conn.server_ip is listed as a Tor exit node.

conn.server_ip.categories

The list of categories that classify the conn.server_ip. Check out our full list of categories.

# snippet
---
expressions:
  - "!('proxy.anonymous.tor' in conn.server_ip.categories)"

conn.server_ip.is_on_blocklist

This is true if the conn.server_ip is listed on a blocklist. For more information about which blocklists are included here, please check out our list of categories.

# snippet
---
expressions:
  - conn.server_ip.is_on_blocklist == true

conn.server_ip.is_tor_node

This is true if the conn.server_ip is listed as a Tor exit node.

# snippet
---
expressions:
  - conn.server_ip.is_tor_node == true

Server IP Autonomous System

NameTypeDescription
conn.server_ip.as.numberintegerThe Autonomous System Number of the conn.server_ip.
conn.server_ip.as.organizationstringThe Autonomous System Organization name of the conn.server_ip.

conn.server_ip.as.number

The Autonomous System Number of the conn.server_ip.

# snippet
---
expressions:
  - conn.server_ip.as.number == 12345

conn.server_ip.as.organization

The Autonomous System Organization name of the conn.server_ip.

# snippet
---
expressions:
  - conn.server_ip.as.organization == 'COMCAST-7922'

Server IP Location Geo

This is the location where the server IP address is located, which may be different from where the IP address is registered. For more details, see the MaxMind documentation.

NameTypeDescription
conn.server_ip.geo.location.citystringThe name of the city, in EN, where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.continentstringThe name of the continent, in EN, where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.countrystringThe name of the country, in EN, where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.country_codestringThe two-letter ISO country code where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.is_eubooleanDetermines if the conn.server_ip is located in the EU. Helpful for GDPR compliance.
conn.server_ip.geo.location.latitudestringThe approximate latitude where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.longitudestringThe approximate longitude where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.metro_codestringThe metro code where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.postal_codestringThe postal code where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.radiusstringThe radius in kilometers around the latitude and longitude where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.subdivisionstringThe name of the subdivision, in EN, where the conn.server_ip is likely to originate.
conn.server_ip.geo.location.timezonestringThe name of the timezone where the conn.server_ip is likely to originate.

conn.server_ip.geo.location.city

The name of the city, in EN, where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.city == 'Strongsville'

conn.server_ip.geo.location.continent

The name of the continent, in EN, where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.continent == 'North America'

conn.server_ip.geo.location.country

The name of the country, in EN, where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.country == 'United States'

conn.server_ip.geo.location.country_code

The two-letter ISO country code where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.country_code != 'US'

conn.server_ip.geo.location.is_eu

Determines if the conn.server_ip location is in the EU. Helpful for GDPR compliance.

# snippet
---
expressions:
  - conn.server_ip.geo.location.is_eu == true

conn.server_ip.geo.location.latitude

The approximate latitude where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - double(conn.server_ip.geo.location.latitude) >= 45.0

conn.server_ip.geo.location.longitude

The approximate longitude where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - double(conn.server_ip.geo.location.longitude) <= -93.0

conn.server_ip.geo.location.metro_code

The metro code where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.metro_code != ''

conn.server_ip.geo.location.postal_code

The postal code where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.postal_code == '94324'

conn.server_ip.geo.location.radius

The radius in kilometers around the latitude and longitude where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.radius <= '5'

conn.server_ip.geo.location.subdivision

The name of the subdivision, in EN, where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.subdivision == 'California'

conn.server_ip.geo.location.timezone

The name of the timezone where the conn.server_ip is likely to originate.

# snippet
---
expressions:
  - conn.server_ip.geo.location.timezone == 'America/New_York'

Server IP Registered Location Geo

This is the location where the server IP address is registered, which may be different from where the IP address is located. For more details, see the MaxMind documentation.

NameTypeDescription
conn.server_ip.geo.registered_location.citystringThe name of the city, in EN, where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.continentstringThe name of the continent, in EN, where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.countrystringThe name of the country, in EN, where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.country_codestringThe two-letter ISO country code where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.is_eubooleanDetermines if the conn.server_ip is registered in the EU. Helpful for GDPR compliance.
conn.server_ip.geo.registered_location.metro_codestringThe metro code where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.subdivisionstringThe name of the subdivision, in EN, where the conn.server_ip is registered.
conn.server_ip.geo.registered_location.timezonestringThe name of the timezone where the conn.server_ip is registered.

conn.server_ip.geo.registered_location.city

The name of the city, in EN, where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.city == 'Strongsville'

conn.server_ip.geo.registered_location.continent

The name of the continent, in EN, where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.continent == 'North America'

conn.server_ip.geo.registered_location.country

The name of the country, in EN, where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.country == 'United States'

conn.server_ip.geo.registered_location.country_code

The two-letter ISO country code where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.country_code != 'US'

conn.server_ip.geo.registered_location.is_eu

Determines if the conn.server_ip is in the EU. Helpful for GDPR compliance.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.is_eu == true

conn.server_ip.geo.registered_location.subdivision

The name of the subdivision, in EN, where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.subdivision == 'California'

conn.server_ip.geo.registered_location.metro_code

The metro code where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.metro_code != ''

conn.server_ip.geo.registered_location.timezone

The name of the timezone where the conn.server_ip is registered.

# snippet
---
expressions:
  - conn.server_ip.geo.registered_location.timezone == 'America/New_York'

IP Categories

The following categories are available to use with the IP Intelligence .categories list.

The categories are hierarchal and can be matched at any level needed. For example, an IP with the category of com.cloudflare.ipv4 also has the categories com and com.cloudflare. This can be helpful if you want to allow all IPs from Cloudflare using com.cloudflare which would have both ipv4 and ipv6 lists.

Here's an example of how to block Tor exit node IPs from accessing your endpoint.

# snippet
---
expressions:
  - "!('proxy.anonymous.tor' in conn.client_ip.categories)"

Or you can block all anonymous proxies which would include Tor as well as any other lists with the proxy.anonymous category.

# snippet
---
expressions:
  - "!('proxy.anonymous' in conn.client_ip.categories)"

Blocklists

NameDescriptionSources
blocklist.co.greensnowFrom greensnow.co: GreenSnow is a team consisting of the best specialists in computer security, we harvest a large number of IPs from different computers located around the world. GreenSnow is comparable with Spamhaus for attacks of any kind except for spam. Our list is updated automatically and you can withdraw at any time your IP address if it has been listed.Source
blocklist.com.stopforumspam.toxic_ipsFrom stopforumspam.com: The data provided here represents what we believe will only ever be used to abuse. IP Addresses listed here will be returned in API results as "blacklisted". You would be very unlikely to see valid content from the IP addresses listed.Source
blocklist.de.blocklist.allFrom BlockList.de: All IP addresses that have attacked one of our customers/servers in the last 48 hours.Source
blocklist.de.blocklist.apacheFrom BlockList.de: All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.Source
blocklist.de.blocklist.botsFrom BlockList.de: All IP addresses which have been reported within the last 48 hours as having run attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = he has posted a Spam-Comment on a open Forum or Wiki).Source
blocklist.de.blocklist.bruteforceloginFrom BlockList.de: All IPs which attacks Joomlas, Wordpress and other Web-Logins with Brute-Force Logins.Source
blocklist.de.blocklist.ftpFrom BlockList.de: All IP addresses which have been reported within the last 48 hours for attacks on the Service FTP.Source
blocklist.de.blocklist.imapFrom BlockList.de: All IP addresses which have been reported within the last 48 hours for attacks on the Service imap, sasl, pop3.Source
blocklist.de.blocklist.mailFrom BlockList.de: All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix.Source
blocklist.de.blocklist.sipFrom BlockList.de: All IP addresses that tried to login in a SIP-, VOIP- or Asterisk-Server and are included in the IPs-List from http://www.infiltrated.net/ (Twitter).Source
blocklist.de.blocklist.strongipsFrom BlockList.de: All IPs which are older then 2 month and have more than 5,000 attacks.Source
blocklist.de.blocklist.sshFrom BlockList.de: All IP addresses which have been reported within the last 48 hours as having run attacks on the service SSH.Source
blocklist.net.emergingthreats.compromised_ipsFrom emergingthreats.net: Emerging Threats Intelligence from Proofpoint provides information on IP addresses and domains that may be compromised.Source
blocklist.org.firehol.abusers_1dFrom firehol.org: An ipset made from blocklists that track abusers in the last 24 hours.Source
blocklist.org.firehol.abusers_30dFrom firehol.org: An ipset made from blocklists that track abusers in the last 30 days.Source
blocklist.org.firehol.level_1From firehol.org: The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs. The key prerequisite for this cause, is to have no false positives. All IPs listed should be bad and should be blocked, without exceptions.Source
blocklist.org.firehol.level_2From firehol.org: An ipset made from blocklists that track attacks, during the last 48 hours.Source
blocklist.org.firehol.level_3From firehol.org: An ipset made from blocklists that track attacks, spyware, viruses. It includes IPs than have been reported or detected in the last 30 days.Source
blocklist.org.spamhaus.drop.ipv4From spamhaus.org: Don't Route Or Peer (DROP) lists the worst of the worst IP traffic. It is an advisory “drop all traffic”, containing IP ranges which are so dangerous to internet users that Spamhaus provides access to anyone who wants to add this layer of protection, free of charge.Source
blocklist.org.spamhaus.drop.ipv6From spamhaus.org: Don't Route Or Peer (DROP) lists the worst of the worst IP traffic. It is an advisory “drop all traffic”, containing IP ranges which are so dangerous to internet users that Spamhaus provides access to anyone who wants to add this layer of protection, free of charge.Source
blocklist.org.team_cymru.fullbogons.ipv4From team-cymru.com: The traditional bogon prefixes, plus prefixes that have been allocated to RIRs but not yet assigned by those RIRs to ISPs, end-users, etc.Source
blocklist.org.team_cymru.fullbogons.ipv6From team-cymru.com: IPv6 "fullbogons", all IPv6 prefixes that have not been allocated to RIRs and that have not been assigned by RIRs to ISPs, end-users, etc.Source

Proxies / VPNs

NameDescriptionSources
proxy.anonymous.org.fireholFrom firehol.org: An ipset that includes all the anonymizing IPs of the world. (includes: anonymous dm_tor firehol_proxies tor_exits)Source
proxy.anonymous.torThese IPs are actively serving as Tor Exit nodes.Source
proxy.open.org.fireholFrom firehol.org: An ipset made from all sources that track open proxies. It includes IPs reported or detected in the last 30 days.Source
proxy.vpn.protonvpnThe entry and exit IPs for ProtonVPNSource

Organizations

Amazon Web Services (AWS)

NameDescriptionSources
com.aws.snsIPs from AWS SNS serviceSource
com.aws.us-east-1.snsIPs from AWS SNS service for the us-east-1 regionSource
com.aws.us-east-2.snsIPs from AWS SNS service for the us-east-2 regionSource
com.aws.us-west-1.snsIPs from AWS SNS service for the us-west-1 regionSource
com.aws.us-west-2.snsIPs from AWS SNS service for the us-west-2 regionSource
com.awsIPs from AWSSource

Censys

NameDescriptionSources
io.censys.scannersThe IPs that Censys bots use to continually scan the entire public IPv4 address space across all possible IP and port combinations using automatic protocol detection.Source

Cloudflare

NameDescriptionSources
com.cloudflare.ipv4IPv4s from CloudflareIPv4, IPv6
com.cloudflare.ipv6IPv6s from CloudflareIPv4, IPv6

Datadog

NameDescriptionSources
com.datadog.agentsIPs for Datadog AgentsSource
com.datadog.apiIPs for Datadog APISource
com.datadog.apmIPs for Datadog APMSource
com.datadog.globalIPs for Datadog GlobalSource
com.datadog.logsIPs for Datadog LogsSource
com.datadog.orchestratorIPs for Datadog OrchestratorsSource
com.datadog.processIPs for Datadog ProcessesSource
com.datadog.remote-configurationIPs for Datadog Remote ConfigurationsSource
com.datadog.synthetics-private-locationsIPs for Datadog Synthetics Private LocationsSource
com.datadog.syntheticsIPs for Datadog SyntheticsSource
com.datadog.webhooksIPs for Datadog WebhooksSource
com.datadogIPs for DatadogSource

Delinea

NameDescriptionSources
com.delinea.<ipv4 | ipv6>IPs for DelineaSource

Firehol

NameDescriptionSources
org.firehol.level_4From firehol.org: An ipset made from blocklists that track attacks, but may include a large number of false positives.Source
org.firehol.webserverFrom firehol.org: A web server IP blacklist made from blocklists that track IPs that should never be used by your web users. This list includes IPs that are servers hosting malware, bots, etc or users having a long criminal history.Source

Github

NameDescriptionSources
com.github.actions_macosIPs for Github Actions from MacOSSource
com.github.actionsIPs for Github ActionsSource
com.github.apiIPs for the Github APISource
com.github.codespacesIPs for Github Code SpacesSource
com.github.copilotIPs for Github CoPilotSource
com.github.dependabotIPs for Github DependabotSource
com.github.gitIPs for Github GitSource
com.github.github_enterprise_importerIPs for Github Enterprise ImporterSource
com.github.hooksIPs for Github WebooksSource
com.github.importerIPs for Github ImporterSource
com.github.packagesIPs for Github PackagesSource
com.github.pagesIPs for Github PagesSource
com.github.webIPs for Github WebSource

Stripe

NameDescriptionSources
com.stripe.apiThe full list of IP addresses that api.stripe.com may resolve toSource
com.stripe.armada_gatorThe full list of IP addresses that files.stripe.com, armada.stripe.com, and gator.stripe.com may resolve toSource
com.stripe.webhooksThe full list of IP addresses that Stripe webhook notifications may come fromSource
com.teleportPublic address allow list for TeleportSource

Telegram

NameDescriptionSources
org.telegramIPs for Telegram BotsSource

Vultr

NameDescriptionSources
com.vultrIPs for VultrSource

Zscaler

NameDescriptionSources
com.zscaler.private.zpaZscaler Private Access Firewall Allowlist for private.zscaler.comSource
net.zdxbeta.futureZscaler Egress IP ranges and Future Data Centers for zdxbeta.netSource
net.zdxbeta.hubs.<required | recommended>Zscaler Hub IP Addresses for zdxbeta.netRequired, Recommended
net.zdxcloud.futureZscaler Egress IP ranges and Future Data Centers for zdxcloud.netSource
net.zdxcloud.hubs.<required | recommended>Zscaler Hub IP Addresses for zdxcloud.netRequired, Recommended
net.zdxgov.hubs.<required | recommended>Zscaler Hub IP Addresses for zdxgov.netRequired, Recommended
net.zdxten.hubs.<required | recommended>Zscaler Hub IP Addresses for zdxten.netRequired, Recommended
net.zdxten.zpaZscaler Private Access Firewall Allowlist for zdxten.netSource
net.zpabeta.zpaZscaler Private Access Firewall Allowlist for zpabeta.netSource
net.zpagov.zpaZscaler Private Access Firewall Allowlist for zpagov.netSource
net.zpatwo.zpaZscaler Private Access Firewall Allowlist for zpatwo.netSource
net.zscaler.cenr.<continent>Current Data Centers for zscaler.netSource
net.zscaler.futureZscaler Aggregate IP Address Ranges for zscaler.netSource
net.zscaler.hubs.<required | recommended>Zscaler Hub IP Addresses for zscaler.netRequired, Recommended
net.zscaler.zpaZscaler Private Access Firewall Allowlist for zscaler.netSource
net.zscalerbeta.cenr.<continent>Current Data Centers for zscalerbeta.netSource
net.zscalerbeta.futureZscaler Aggregate IP Address Ranges for zscalerbeta.netSource
net.zscalerbeta.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalerbeta.netRequired, Recommended
net.zscalerbeta.zpaZscaler Private Access Firewall Allowlist for zscalerbeta.netSource
net.zscalergov.cenr.<continent>Current Data Centers for zscalergov.netSource
net.zscalergov.futureZscaler Aggregate IP Address Ranges for zscalergov.netSource
net.zscalergov.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalergov.netRequired, Recommended
net.zscalergov.zpaZscaler Private Access Firewall Allowlist for zscalergov.netSource
net.zscalerone.cenr.<continent>Current Data Centers for zscalerone.netSource
net.zscalerone.futureZscaler Aggregate IP Address Ranges for zscalerone.netSource
net.zscalerone.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalerone.netRequired, Recommended
net.zscalerone.zpaZscaler Private Access Firewall Allowlist for zscalerone.netSource
net.zscalerten.cenr.<continent>Current Data Centers for zscalerten.netSource
net.zscalerten.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalerten.netRequired, Recommended
net.zscalerten.zpaZscaler Private Access Firewall Allowlist for zscalerten.netSource
net.zscalerthree.cenr.<continent>Current Data Centers for zscalerthree.netSource
net.zscalerthree.futureZscaler Aggregate IP Address Ranges for zscalerthree.netSource
net.zscalerthree.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalerthree.netRequired, Recommended
net.zscalerthree.zpaZscaler Private Access Firewall Allowlist for zscalerthree.netSource
net.zscalertwo.cenr.<continent>Current Data Centers for zscalertwo.netSource
net.zscalertwo.futureZscaler Aggregate IP Address Ranges for zscalertwo.netSource
net.zscalertwo.hubs.<required | recommended>Zscaler Hub IP Addresses for zscalertwo.netRequired, Recommended
net.zscalertwo.zpaZscaler Private Access Firewall Allowlist for zscalertwo.netSource
net.zscloud.cenr.<continent>Current Data Centers for zscloud.netSource
net.zscloud.futureZscaler Aggregate IP Address Ranges for zscloud.netSource
net.zscloud.hubs.<required | recommended>Zscaler Hub IP Addresses for zscloud.netRequired, Recommended
net.zscloud.zpaZscaler Private Access Firewall Allowlist for zpatwo.netSource
us.zpagov.zpaZscaler Private Access Firewall Allowlist for zpagov.usSource