wdes/security
1
0
Fork 0
Code Actions Packages Releases Activity
25 Commits 1 Branch 4 Tags
4dd9025fb865947367738e613d464ef432482ba8
Commit Graph

25 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
William Desportes
4dd9025fb8 Add censys scanner 
Ref: https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Data-Collection
 2023-07-23 12:54:04 +02:00
William Desportes
c3ae00f037 Add more bad IPs 
IP(50): 141.98.11.53 - 141.98.8.0 - 141.98.11.255 : LT-HOSTBALTIC-20190110
IP(51): 141.98.10.132 - 141.98.8.0 - 141.98.11.255 : LT-HOSTBALTIC-20190110
IP(72): 154.127.53.41 - 154.33.0.0 - 155.3.255.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(78): 85.215.94.1 - 85.214.0.0 - 85.215.255.255 : DE-TECT-20050224
IP(90): 45.146.55.231 - 45.146.55.0 - 45.146.55.255 : VCUS-45-146-55-0
IP(126): 185.241.208.53 - 185.241.208.0 - 185.241.211.255 : NL-LEGACO-20180116
IP(132): 189.177.186.233 - 189.0.0.0 - 190.92.167.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(138): 218.85.202.248 - 218.0.0.0 - 220.158.195.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(150): 103.139.45.73 - 103.85.36.0 - 103.192.159.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(460): 20.78.36.222 - 14.102.240.0 - 23.19.47.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(556): 201.103.117.233 - 201.49.192.0 - 201.148.167.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
IP(1703): 141.98.10.150 - 141.98.8.0 - 141.98.11.255 : LT-HOSTBALTIC-20190110
IP(5136): 80.94.95.206 - 80.94.95.0 - 80.94.95.255 : BT-HOSTER

NET(1): 14.102.240.0 - 23.19.47.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["20.78.36.222"]
NET(1): 45.146.55.0 - 45.146.55.255 : VCUS-45-146-55-0 -> ["45.146.55.231"]
NET(1): 80.94.95.0 - 80.94.95.255 : BT-HOSTER -> ["80.94.95.206"]
NET(1): 85.214.0.0 - 85.215.255.255 : DE-TECT-20050224 -> ["85.215.94.1"]
NET(1): 103.85.36.0 - 103.192.159.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["103.139.45.73"]
NET(1): 154.33.0.0 - 155.3.255.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["154.127.53.41"]
NET(1): 185.241.208.0 - 185.241.211.255 : NL-LEGACO-20180116 -> ["185.241.208.53"]
NET(1): 189.0.0.0 - 190.92.167.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["189.177.186.233"]
NET(1): 201.49.192.0 - 201.148.167.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["201.103.117.233"]
NET(1): 218.0.0.0 - 220.158.195.255 : NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK -> ["218.85.202.248"]
NET(3): 141.98.8.0 - 141.98.11.255 : LT-HOSTBALTIC-20190110 -> ["141.98.11.53","141.98.10.132","141.98.10.150"]
 2023-07-15 15:38:46 +02:00
William Desportes
8f5389e71a Add docs 2023-07-15 15:38:15 +02:00
William Desportes
c9b83784d7 Add IPv6 addresses for CloudFront 2023-06-23 18:58:45 +02:00
William Desportes
bfd1be4a73 use the global amazon endpoint and add more IPv4 for CloudFront 2023-06-23 18:57:14 +02:00
William Desportes
7bcf89346c Remove crowdsec IP list 
Ref: 39d1895653
 2023-06-23 18:34:07 +02:00
William Desportes
1d3525e300 Add cloudfront IP ranges 2023-06-23 18:33:43 +02:00
William Desportes
39d1895653 [temp] Update crowdsec list for microtik 2023-02-21 18:47:41 +01:00
William Desportes
900efe9ca8 [temp] Update crowdsec list for microtik 2023-02-21 14:20:28 +01:00
William Desportes
31e290a228 [temp] Add crowdsec list for microtik 2023-02-21 13:25:55 +01:00
William Desportes
eea32de73a Add more bad IPs 2022-12-09 23:45:03 +01:00
William Desportes
27dfddaef0 Add new bad IPs from crowdsec alerts list for emails 2022-11-21 21:40:30 +01:00
William Desportes
984627f4c6 Add more hacking emails IPs 2022-11-12 19:08:57 +01:00
William Desportes
c73ab8e070 Add more attacking IPs 
Most for postfix attacks majority are postscreen-rbl
 2022-11-12 18:56:37 +01:00
William Desportes
bf18ac538f Remove duplicates 2022-11-07 15:02:10 +01:00
William Desportes
c2e40487df Add more bad IPs that did more than 10 attacks found in my logs 
IP(11): 94.46.179.75
IP(14): 5.34.207.243
IP(20): 60.167.113.234
IP(20): 114.102.34.118
IP(20): 114.99.130.40
IP(20): 212.192.219.146
IP(20): 223.240.209.152
IP(21): 60.167.53.218
IP(21): 117.64.225.169
IP(21): 117.68.193.203
IP(21): 185.225.73.88
IP(31): 81.161.229.108
IP(31): 185.128.27.106
IP(42): 94.46.179.80
IP(43): 34.64.224.143
IP(57): 2.58.46.138
IP(69): 77.81.139.90
IP(72): 20.125.124.9
IP(72): 143.198.18.3
IP(76): 5.253.204.58
IP(82): 156.96.119.125
IP(90): 20.41.119.26
IP(110): 5.34.207.171
IP(112): 5.34.207.157
IP(113): 5.34.207.187
IP(119): 93.177.75.74
IP(136): 176.111.173.26
IP(150): 185.104.186.2
IP(194): 5.34.207.248
IP(383): 5.34.207.242
IP(386): 5.34.207.237
IP(388): 5.34.207.234
IP(423): 52.165.31.20
IP(503): 45.95.243.8
IP(557): 194.165.16.67
IP(588): 103.153.79.225
IP(614): 5.34.207.152
IP(1775): 141.98.11.17
IP(2120): 141.98.10.194
IP(2455): 141.98.10.108
IP(2467): 141.98.10.81
IP(2485): 91.224.92.110
IP(2505): 141.98.11.37
IP(2554): 45.125.65.37
IP(2701): 141.98.11.112
IP(2702): 141.98.10.84
IP(2727): 45.125.66.22
IP(2741): 45.125.65.159
IP(2767): 141.98.11.119
IP(2798): 141.98.11.81
IP(2798): 141.98.11.74
IP(2812): 141.98.10.24
IP(2816): 45.125.66.24
IP(2816): 141.98.11.113
IP(2818): 45.125.66.55
IP(2830): 141.98.11.51
IP(2848): 141.98.10.27
IP(2860): 141.98.10.70
IP(2869): 141.98.11.75
IP(2878): 141.98.10.203
IP(2899): 141.98.11.19
IP(2902): 141.98.10.217
IP(2908): 141.98.11.95
IP(2959): 141.98.10.82
IP(8585): 5.34.207.172
IP(9417): 5.34.207.116
IP(10728): 5.34.207.48
IP(11617): 87.246.7.75
IP(54742): 5.34.207.225
 2022-11-07 14:56:50 +01:00
William Desportes
72324ebe39 Add more bad IPs: 
Reasons:
212.70.149.71
EMAIL SPAM
45.141.101.215
EMAIL SPAM [RU]
212.70.149.72
EMAIL SPAM [GB]
23.94.218.159
EMAIL SPAM [USA]
5.34.207.225
EMAIL AUTH HACKS
103.153.79.225
EMAIL AUTH HACKS [Vietnam]
5.34.207.48
EMAIL AUTH HACKS
87.246.7.75
EMAIL AUTH HACKS
141.98.11.81
EMAIL AUTH HACKS
87.246.7.75
HIGH EMAIL AUTH HACKS
141.98.11.81
EMAIL AUTH HACKS
114.102.34.118
EMAIL AUTH HACKS [CN]
103.153.79.225
EMAIL AUTH HACKS
194.165.16.67
EMAIL AUTH HACKS
45.95.243.8
EMAIL AUTH HACKS
52.165.31.20
EMAIL AUTH HACKS
185.104.186.2
EMAIL AUTH HACKS
176.111.173.26
EMAIL AUTH HACKS
93.177.75.74
EMAIL AUTH HACKS
176.59.7.53
WTF ??
217.66.157.45
Strange port scans
209.142.101.67
Strange try to access port 17843
2.185.78.229
Strange port scans
20.29.94.192
EMAIL AUTH HACKS
 2022-11-07 14:47:44 +01:00
William Desportes
f445a46381 Add bad-ips 
Reason for : 2.57.122.118
- wdes/dovecot-pop3-plain-login
 2022-11-07 14:39:50 +01:00
William Desportes
db439cf974 Add all bad ranges of: AS15378 - T2 Mobile LLC - Tele2 Russia IP Network (SPB) 2022-11-02 17:31:12 +01:00
William Desportes
644798e94c Add all bad ranges of: AS8359 - MTS PJSC (strange packets sent) 2022-11-02 17:30:20 +01:00
William Desportes
370310c855 Add all bad ranges of: AS133398 - Tele Asia Limited - HostBaltic Lithuania 2022-11-02 17:29:28 +01:00
William Desportes
7a6f41f132 Add all bad ranges of: AS15828 - Blue Diamond Network Co., Ltd. and: AS204428 - SS-Net 2022-11-02 17:28:56 +01:00
William Desportes
c0abf709da Add all ranges of: AS209605 - AB Host Baltic 2022-11-02 17:27:54 +01:00
William Desportes
bd94e40539 Add UAB Host Baltic (AS209605) 2022-11-02 17:22:29 +01:00
William Desportes
0b2fa5222c __INIT__ 2022-11-02 17:21:22 +01:00