Shodan Blocklist

Started by erialor, June 11, 2019, 05:47:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 11, 2019, 05:47:49 PM Last Edit: June 11, 2019, 05:49:37 PM by erialor
Didn't find a recent list of Shodan IPs, so I decided to make my own from my logs....

I use it as an alias (URL Table IPs) and an IPv4 block rule on my wan.

Free for any that want to use it: https://www.vlh.dk/shodan.txt

Last update was einstein.census.shodan.io which started connecting this morning.

If you have any other Shodan IPs, feel free to reply - and I'll add those to the list :)
September 13, 2020, 10:37:26 AM #1
Hi,
the link is'nt active any more....
Is there an alternative?
Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G
September 16, 2020, 10:18:09 PM #2
The list is back again:
https://www.vlh.dk/shodan.txt

Meanwhile I researched a bit and found these IP adresses:
You can copy-paste that code into an IP-Alias:

Code Select
98.143.148.107,155.94.254.133,155.94.254.143,155.94.222.12,98.143.148.135,104.131.0.69,104.236.198.48,159.203.176.62,162.159.244.38,185.142.236.34,185.142.236.35,185.163.109.66,185.181.102.18,188.138.1.119,188.138.9.50,198.20.69.74,198.20.69.98,198.20.70.114,198.20.87.98,198.20.99.130,208.180.20.97,209.126.110.38,216.117.2.180,66.240.192.138,66.240.219.146,66.240.236.119,71.6.135.131,71.6.146.130,71.6.146.185,71.6.146.186,71.6.147.254,71.6.158.166,71.6.165.200,71.6.167.142,71.6.199.23,80.82.77.139,80.82.77.33,82.221.105.6,82.221.105.7,85.25.103.50,85.25.43.94,89.248.167.131,89.248.172.16,93.120.27.62,93.174.95.106,94.102.49.190,94.102.49.193


In that list are some more IP-adresses.....
Readable format:
98.143.148.107
155.94.254.133
155.94.254.143
155.94.222.12
98.143.148.135
104.131.0.69
104.236.198.48
159.203.176.62
162.159.244.38
185.142.236.34
185.142.236.35
185.163.109.66
185.181.102.18
188.138.1.119
188.138.9.50
198.20.69.74
198.20.69.98
198.20.70.114
198.20.87.98
198.20.99.130
208.180.20.97
209.126.110.38
216.117.2.180
66.240.192.138
66.240.219.146
66.240.236.119
71.6.135.131
71.6.146.130
71.6.146.185
71.6.146.186
71.6.147.254
71.6.158.166
71.6.165.200
71.6.167.142
71.6.199.23
80.82.77.139
80.82.77.33
82.221.105.6
82.221.105.7
85.25.103.50
85.25.43.94
89.248.167.131
89.248.172.16
93.120.27.62
93.174.95.106
94.102.49.190
94.102.49.193


Stay secure!
Thomas

OPNsense 22.x / Qotom Q370G4 ram8G ssd256G
September 03, 2021, 11:59:18 PM #3
I just noticed my first IPv6-shodan host....

Aug 30 08:01:51 mail.vlh.dk postfix/smtps/smtpd warning: hostname editor.census.shodan.io does not resolve to address 2604:a880:2:d0::978:7001: No address associated with hostname

Was wondering how I would add that to the list?
Simply change to IPv4+IPv6 for the rule and add 2604:a880:2:d0::978:7001:?
Or do I need to format it in some specific way? (and can I mix IPv4 and IPv6 in one list?)
December 21, 2023, 08:34:05 PM #4 Last Edit: January 07, 2024, 04:04:38 PM by erialor
I removed/stopped serving the blocklist, haven't seen changes/additions for quite sometime, and are now using a host-alias instead; with the following hosts:

Code Select
188.138.1.119
208.180.20.97
198.20.69.74
198.20.69.98
198.20.70.114
198.20.99.130
93.120.27.62
66.240.236.119
71.6.135.131
66.240.192.138
71.6.167.142
82.221.105.6
82.221.105.7
71.6.165.200
188.138.9.50
85.25.103.50
85.25.43.94
71.6.146.185
71.6.158.166
198.20.87.98
66.240.219.146
209.126.110.38
104.236.198.48
104.131.0.69
162.159.244.38
93.174.95.106
94.102.49.193
80.82.77.139
94.102.49.190
185.163.109.66
89.248.172.16
71.6.146.186
89.248.167.131
159.203.176.62
185.181.102.18
80.82.77.33
216.117.2.180
71.6.199.23
185.142.236.34
185.165.190.34
185.142.236.35
71.6.146.130
71.6.147.254
185.165.190.17
195.144.21.56
2604:a880:2:d0::978:7001
Print
Go Up Pages1
User actions