Threat-intelligence feed

Binary Defense Banlist

General BlacklistsLast verified 2026-05-09Page fetched Wed, 20 May 2026 08:40:47 GMT

Binary Defense Banlist is a general blacklists threat-intelligence feed tracked by WhisperGraph as a FEED_SOURCE node. The Whisper Internet Directory publishes this page so security analysts and LLM agents can link to it as a stable record for Binary Defense Banlist.

What is Binary Defense Banlist

Binary Defense Banlist is a daily-refreshed deny-list of IP addresses observed by Binary Defense's managed-detection-and-response operations engaging in mass scanning, exploitation, and credential-stuffing campaigns. Entries are derived from the firm's own sensor network and from collaborator feeds, then filtered to remove residential and large-cloud egress addresses to keep false-positive rates low. The list is widely deployed at perimeter firewalls and as a SIEM enrichment overlay; it is one of the few free reputation lists curated specifically with enterprise environments in mind. It is indexed here as a record for outbound-block playbooks.

Feed metadata

Display name: Binary Defense Banlist
URL slug: binary-defense-banlist
Graph identifier: binarydefense-banlist
Category: General Blacklists
Refresh cadence: daily
Source: www.binarydefense.com/banlist

Live graph data

FEED_SOURCE node confirmed. WhisperGraph carries this feed under the same category (General Blacklists) as the editorial entry above. The graph identifier binarydefense-banlist matches the live f.id property.

Indicators currently listed

Live indicator listings: not yet available. WhisperGraph's LISTED_INedge is virtual and not enumerable from the feed side — there is no query-tractable way today to fetch the IPs and hostnames listed in this feed without first visiting every candidate indicator. Indicator-anchored queries work in the opposite direction (see the Cypher snippet below) and the directory's individual IP and host pages surface their feed memberships individually. Per-feed enumeration (an indicator count and sample of representative indicators) is on the roadmap.

Cypher and MCP

Look up which threat feeds list a given IP — the indicator-anchored query that powers the threat card:

MATCH (ip:IPV4 {name: $ip})-[:LISTED_IN]->(f:FEED_SOURCE)
WHERE f.name = "Binary Defense Banlist"
WITH f
MATCH (f)-[:BELONGS_TO]->(c:CATEGORY)
RETURN f.name AS feed, c.name AS category

Verify the feed's graph-side identity directly:

MATCH (f:FEED_SOURCE {name: "Binary Defense Banlist"})
OPTIONAL MATCH (f)-[:BELONGS_TO]->(c:CATEGORY)
RETURN f.id AS id, f.name AS name, c.name AS category

Or query Whisper from your own LLM workflow via the Whisper MCP server.

Pivot from Binary Defense Banlist into adjacent entities.

What is Binary Defense Banlist

Indicators currently listed

Cypher and MCP

Look up which threat feeds list a given IP — the indicator-anchored query that powers the threat card:

MATCH (ip:IPV4 {name: $ip})-[:LISTED_IN]->(f:FEED_SOURCE) WHERE f.name = "Binary Defense Banlist" WITH f MATCH (f)-[:BELONGS_TO]->(c:CATEGORY) RETURN f.name AS feed, c.name AS category

Verify the feed's graph-side identity directly:

MATCH (f:FEED_SOURCE {name: "Binary Defense Banlist"}) OPTIONAL MATCH (f)-[:BELONGS_TO]->(c:CATEGORY) RETURN f.id AS id, f.name AS name, c.name AS category

Or query Whisper from your own LLM workflow via the Whisper MCP server.

Binary Defense Banlist

What is Binary Defense Banlist

Feed metadata

Live graph data

Indicators currently listed

Cypher and MCP

Related pages

Binary Defense Banlist

What is Binary Defense Banlist

Feed metadata

Live graph data

Indicators currently listed

Cypher and MCP

Related pages