The ips from shadowwhisperer

ips's Introduction

Various lists to be used with an IP blocker.

Most of these come from several HoneyPots (Cowrie). The logs are uploaded to a main system, examined, and then automatically uploaded every hourly. The repo is compressed every 25 commits, to reduce the overall size. Logs, diff, etc. do not stay with the repo because of this.

This repo was created: 5/13/2021. https://api.github.com/repos/ShadowWhisperer/IPs

Brute Foce

Extreme    100+ connects  
High       20+ connects, but less than 100  
Medium     5+ connects, but less than 20  
Low        Less than 5 connects

Malware

Browser         Browser Hijackers, Malvertising, Fake Alerts, etc  
Hosting         IPs used to download malware after system takeover
Hackers         Executed commands on my honeypot, after a successful connection

Other

Ads             Used to show you advertisements
DNS             Common DNS resolvers
Scanners        Scans your IP for open ports / vulnerabilities
Trackers        Used to track what you do
Tunnel          Proxies, and VPNs

ips's People

Contributors

Stargazers

Watchers

ips's Issues

One less abusive IP, it was just shutdown

Hi.
Not sure if this makes any difference, but I'm reporting it here anyway.

I am one of the sysadmins of the network at the IP 89.11.150.231 which is in this Hackers list.
The network is owned by a friend of mine, which have a Debian based homelab in his apartment.

Earlier today he complained on a Linux IRC channel that several services and sites blocked his IP, and he could not figure out why.
After a short investigation by me, it was determined that a virtual machine had an unsecured selfmade web application, and someone managed to use it to deploy an SSH Bot malware.

The server is now secured, the malware deleted and the VM shutdown.
After shutting it down, the abuseIPDB site no longer reports any atcivity from this IP.
It was also decided that this application will be locked behind a htaccess login, and will Not be available on the internet
as he only really need it at home..

Just wanted to let you know, as when I googled his IP it showed up in this github repo.

Greetings from a helpfull sysadmin.

This IP and its brothers and sisters need to go 206.168.34.35

it belongs to a group called censys which probes for port vunerabilities.

What is the specific meaning of this "connects"？

In the description of Brute Foce's degree,What is the specific meaning of this "connects"？
thanks

Malware Hosting IP addresses list used to block Google DNS

Dear Sean,

In below link I found that system blocking Google DNS which 8.8.8.8 while in reality Google DNS not using to host malware activities for that reason kindly remove it from your list.
https://github.com/ShadowWhisperer/IPs/blob/master/Malware/Hosting

Recommend Projects

shadowwhisperer / ips Goto Github PK

ips's Introduction

ips's People

Contributors

Stargazers

Watchers

Forkers

ips's Issues

One less abusive IP, it was just shutdown

This IP and its brothers and sisters need to go 206.168.34.35

What is the specific meaning of this "connects"？

Malware Hosting IP addresses list used to block Google DNS

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent