{"id":29921673,"url":"https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist","last_synced_at":"2025-08-02T08:03:25.872Z","repository":{"id":176764333,"uuid":"654659638","full_name":"duggytuxy/Data-Shield_IPv4_Blocklist","owner":"duggytuxy","description":"Data-Shield IPv4 Blocklist. DST = Europa","archived":false,"fork":false,"pushed_at":"2025-07-31T18:32:08.000Z","size":126520,"stargazers_count":301,"open_issues_count":0,"forks_count":38,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-07-31T21:56:29.345Z","etag":null,"topics":["attack-detection","blacklist-ips","blocklist","botnets","cyber-threat-intelligence","cybersecurity","ddos","dnssinkhole","firewall","firewall-configuration","firewall-rules","ipaddresses","ipv4","malicious","malware","network","network-security","web","webapplicationfirewall"],"latest_commit_sha":null,"homepage":"https://raw.githubusercontent.com/duggytuxy/Data-Shield_IPv4_Blocklist/refs/heads/main/prod_data-shield_ipv4_blocklist.txt","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/duggytuxy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"laurentmduggytuxy","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":null}},"created_at":"2023-06-16T16:14:41.000Z","updated_at":"2025-07-31T20:17:59.000Z","dependencies_parsed_at":"2023-10-11T09:10:45.727Z","dependency_job_id":"6c2c85a7-0d8c-43b4-b7f4-40bd99506b3e","html_url":"https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist","commit_stats":null,"previous_names":["duggytuxy/malicious_ip_addresses","duggytuxy/intelligence_ipv4_blocklists","duggytuxy/data-shield_ipv4_blocklist"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/duggytuxy/Data-Shield_IPv4_Blocklist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2FData-Shield_IPv4_Blocklist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2FData-Shield_IPv4_Blocklist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2FData-Shield_IPv4_Blocklist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2FData-Shield_IPv4_Blocklist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/duggytuxy","download_url":"https://codeload.github.com/duggytuxy/Data-Shield_IPv4_Blocklist/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duggytuxy%2FData-Shield_IPv4_Blocklist/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268351003,"owners_count":24236328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack-detection","blacklist-ips","blocklist","botnets","cyber-threat-intelligence","cybersecurity","ddos","dnssinkhole","firewall","firewall-configuration","firewall-rules","ipaddresses","ipv4","malicious","malware","network","network-security","web","webapplicationfirewall"],"created_at":"2025-08-02T08:01:47.060Z","updated_at":"2025-08-02T08:03:25.864Z","avatar_url":"https://github.com/duggytuxy.png","language":null,"readme":"# Data-Shield IPv4 Blocklist - Block malicious IP addresses\n\n\u003cp align=\"center\"\u003e\n\n\n ![Open Source](https://img.shields.io/badge/Open%20Source-100%25-brightgreen?style=for-the-badge\u0026logo=opensourceinitiative)\n ![Made with ❀️](https://img.shields.io/badge/Made%20with-%E2%9D%A4-red?style=for-the-badge)\n ![Fortinet](https://img.shields.io/badge/Fortinet-100%25-%23EE3124?style=for-the-badge\u0026logo=fortinet)\n ![Palo Alto](https://img.shields.io/badge/Palo_Alto-100%25-%23%23F04E23?style=for-the-badge\u0026logo=paloaltonetworks)\n ![pfSense](https://img.shields.io/badge/pfSense-100%25-%23212121?style=for-the-badge\u0026logo=pfsense)\n ![OPNsense](https://img.shields.io/badge/OPNsense-100%25-%23E44A20?style=for-the-badge\u0026logo=opnsense)\n ![No False Positive](https://img.shields.io/badge/No_False_Positive-100%25-green?style=for-the-badge\u0026logo=cachet)\n ![Last update](https://img.shields.io/github/last-commit/duggytuxy/Intelligence_IPv4_Blocklist?label=Last%20update\u0026color=informational\u0026style=for-the-badge\u0026logo=github)\n \u003c/p\u003e\n\n# About this project πŸ§ͺ\n\nThis project (blocking list) aims to reduce the number of attacks by inserting IP addresses known to be abusive, aggressive and malicious (confidence of abuse 100%).\n\n**This blocklist is made up of reliable, high-quality data from decoys placed geolocally in public and private infrastructures such as :**\n\n| **Country**🌍 | **OS**πŸ–₯️ | **Technologies/Services**πŸŽ›οΈ | OnlineπŸ›œ |\n|---|---|---|---|\n| **Belgium** | GNU/Linux | Scada-LTS, CVEs, Wireguard | **On** |\n| **Germany** | GNU/Linux | VPN-SSL, Nginx, Squid, SMB | **On** |\n| **Austria** | WinSrv 2022 | Apache, IIS, SMB, DC | **On** |\n| **Netherlands** | WinSrv 2022 | Apache, SMB, DC | **On** |\n| **France** | GNU/Linux | VPN-SSL, SMB, CVEs, Wordpress | **On** |\n| **France** | GNU/Linux | Scada-LTS, CVEs, Wireguard | **On** |\n| **Spain** | WinSrv 2025 | IIS, Apache, SMB, DC | **On** |\n| **Portugal** | GNU/Linux | DNS, Squid, Wireguard | **On** |\n| **Italy** | GNU/Linux | Apache, Nginx, Wordpress, Webmin | **On** |\n| **Greece** | GNU/Linux | VPN-SSL, CVEs | **On** |\n| **Lithuania** | GNU/Linux | CVEs, SMB, Squid, OpenVPN | **On** |\n| **Poland**| GNU/Linux | Scada-LTS, CVEs, Wireguard | **On** |\n\n**What's special about these decoys is that they contain several configurations, depending on the IS mapping and the specific needs of the customer or the data I want to collect, so I can correlate them with other CTI platforms**\n\n\u003e - To give you a few figures, I collect (on average) over 7195 IP addresses unique per day, and after analysis and feedback, once they're really reliable, I add them to this blocking list, which is closely monitored 24/7.\n\u003e - For the deletion part, the policy in force is that I keep these IP addresses for 30 days: if no activity has been reported within this period, these IP addresses are removed from the blocking list to be inserted in a β€œWhitelist” also monitored.\n\n**PS: I want to make it clear that this block list is an additional layer of protection to :**\n\n\u003e - **Reduce the number of attacks**\n\u003e - **Reduce the possibility of mapping your exposed assets (public IPs)**\n\u003e - **Slightly reduce the attack surface (e.g. Recon)**\n\n🫸***But under no circumstances will it replace all the best practices in your security posture.***\n\n# A few highlights 🧱\n\n- [**Data-Shield IPv4 Blocklist**](https://raw.githubusercontent.com/duggytuxy/Data-Shield_IPv4_Blocklist/refs/heads/main/prod_data-shield_ipv4_blocklist.txt) : target destination πŸ‘‰ Europa\n\n\u003e - **Some IP addresses have a relatively short lifespan (such as APTs, groups that deploy infostealers and malware, etc.)**.\n\u003e - πŸ‘‡Here are some of the vectors and types of attack these IP addresses can inflict at any given timeπŸ‘‡.\n\n# CVEs πŸ”©\n\n| **CVE**🐞 | **Description**πŸ“œ | **Link**🌍 |\n|---|---|---|\n| **CVE-2020-25078** | An issue was discovered on D-Link DCS-2530L... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2020-25078) |\n| **CVE-2021-42013** | It was found that the fix for CVE-2021-41773... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2021-42013) |\n| **CVE-2021-41773** | A flaw was found in a change made to path... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2021-41773) |\n| **CVE-2024-3400** | PAN-OS : A command injection as a result... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2024-3400) |\n| **CVE-2017-16894** | In Laravel framework through 5.5.21... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2017-16894) |\n| **CVE-2024-3721** | A vulnerability was found in TBK DVR-4104 and DVR-4216... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2024-3721) |\n| **CVE-2022-30023** | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2022-30023) |\n| **CVE-2017-9841** | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2017-9841) |\n| **CVE-2018-10561** | An issue was discovered on Dasan GPON home routers... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2018-10561) |\n| **CVE-2018-20062** | An issue was discovered in NoneCms V1.3... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2018-20062) |\n| **CVE-2022-44808** | Vulnerability has been found on D-Link DIR-823G devices... | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2022-44808) |\n| **CVE-2022-41040** | Microsoft Exchange Server Elevation of PV** | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2022-41040) |\n| **CVE-2022-41082**| Microsoft Exchange Server RCE Vulnerability** | [**Wazuh CTI Website**](https://cti.wazuh.com/vulnerabilities/cves/CVE-2022-41082) |\n\nEtc.\n\n# TTPs 🐞\n\n| **TTPs**πŸ₯· | **A few countries of origin**🌍 | **Avg IP addr per day**πŸ›œ |\n|---|---|---|\n| [**Apache Attack**](https://attack.mitre.org/techniques/T1190/) | **Belgium, UK, Poland, Russia** | NC |\n| [**Nginx Attack**](https://attack.mitre.org/techniques/T1102/) | **Brazil, USA, France, China** | NC |\n| [**Ransomware Attack**](https://attack.mitre.org/techniques/T1486/) | **Brazil, Lithuania, Russia** | NC |\n| [**VPN Attack**](https://attack.mitre.org/techniques/T1133/) | **Belgium, UK, Poland, Russia** | NC |\n| [**RDP Attack**](https://attack.mitre.org/techniques/T1021/001/) | **USA, Brazil, Peru, Morocco** | NC |\n| [**NTLM Attack**](https://attack.mitre.org/techniques/T1187/) | **China, UK, Poland, Belgium** | NC |\n| [**Kerberos Attack**](https://attack.mitre.org/techniques/T1558/003/) | **Venezuela, Brazil, Poland, Algeria** | NC | \n| [**Wordpress Enumeration**](https://attack.mitre.org/techniques/T1087/) | **USA, China, Russia, UK** | NC |\n| [**Botnet Recruitment**](https://attack.mitre.org/techniques/T1583/005/) | **USA, China, Brazil, Chile** | NC |\n| [**Brute-force Attack**](https://attack.mitre.org/techniques/T1110/) | **USA, China, UK, France** | NC |\n| [**Brute-Force SSH Login**](https://attack.mitre.org/techniques/T1110/) | **USA, China, Poland, Netherlands** | NC |\n| [**Directory Busting**](https://attack.mitre.org/techniques/T1083/) | **USA, China, Italy, India** | NC |\n| [**Credentials Dumping**](https://attack.mitre.org/techniques/T1003/) | **India, Japan, UK, Netherlands** | NC |\n| [**Email Attack**](https://attack.mitre.org/techniques/T1114/) | **USA, China, India, Spain** | NC |\n| [**SMB Attack**](https://attack.mitre.org/techniques/T1021/002/) | **USA, China, Poland, France** | NC |\n| [**FTP Attack**](https://attack.mitre.org/techniques/T1105/) | **UK, France, Poland, Vietnam** | NC |\n| [**IMAP Attack**](https://attack.mitre.org/techniques/T1071/003/) | **USA, China, Poland, France** | NC |\n| [**Information Gathering**](https://attack.mitre.org/techniques/T1591/) | **USA, China, India, Lithuania** | NC |\n| [**Remote Code Execution**](https://attack.mitre.org/techniques/T1210/) | **USA, India, Pakistan, Iran** | NC |\n| [**Scanning**](https://attack.mitre.org/techniques/T1595/) | **USA, China, India, Indonesia** | NC |\n| [**SSH Attack**](https://attack.mitre.org/techniques/T1021/004/) | **USA, China, India, France** | NC |\n| [**OT/ICS Attack**](https://attack.mitre.org/techniques/ics/) | **China, India, Vietnam, USA** | NC |\n| [**IoT Attack**](https://attack.mitre.org/campaigns/C0053/) | **China, Japan, Vietnam, UK** | NC |\n| [**Tor Exit Node**](https://attack.mitre.org/software/S0183/) | **Switzerland, France, Germany** | NC |\n| [**Tor Node**](https://attack.mitre.org/software/S0183/) | **Switzerland, France, Germany** | NC |\n| [**VOIP Attack**](https://attack.mitre.org/techniques/T1616/) | **Belgium, India, Vietnam, Indonesia** | NC |\n| [**Web Traversal**](https://capec.mitre.org/data/definitions/139.html) | **USA, China, Lithuania, France** | NC |\n\nEtc.\n\n**PS: this list will be updated every 4/24h**\n\n# Tips πŸ’‘\n\n\u003e - You can easily integrate this list into your FWs under the Inbound (e.g. Wan to Lan) policy rules, Threat feeds.\n\u003e - To add my blocklist to the Fortinet, CheckPoint, Palo Alto and OPNsense FWs, here are some interesting links\n\n| **Vendor**🧱 | **Description**πŸ“œ | **Link**🌍 |\n|---|---|---|\n| **Fortinet** | External blocklist policy | [**Fortinet Website**](https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/891236) |\n| **Checkpoint** | IP Block Feature | [**Checkpoint Website**](https://sc1.checkpoint.com/documents/R80.20SP/WebAdminGuides/EN/CP_R80.20SP_Maestro_AdminGuide/Topics-Maestro-AG/IP-Block-Feature.htm) |\n| **Palo Alto** | Configure the Firewall to Access an External Dynamic List | [**Palo Alto Website**](https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/configure-the-firewall-to-access-an-external-dynamic-list) |\n| **OPNsense** | OPNsense : Block malicious IPs | [**Slash-Root Website**](https://slash-root.fr/opnsense-block-malicious-ips/) |\n\n# A few figures πŸŽ–οΈ\n\n\u003e According to feedback, more than 70 small and medium-sized companies (Acensi as well) have already implemented this list in their FW Fortinet, Palo Alto, Checkpoint, etc.\n\n# Support my work with a donation πŸ™\n\n| **Site**πŸ“ | **Description**πŸ“œ | **Link**🌍 |\n|---|---|---|\n| **Ko-Fi** | Join all types of creators getting donations, memberships, etc. from their fans! | [**Thank you !!!**](https://ko-fi.com/laurentmduggytuxy) |\n\nData-Shield IPv4 Blocklist Β© 2023 by Duggy Tuxy is licensed [**License File**](/LICENSE)\n","funding_links":["https://ko-fi.com/laurentmduggytuxy"],"categories":["cybersecurity","Shell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduggytuxy%2FData-Shield_IPv4_Blocklist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fduggytuxy%2FData-Shield_IPv4_Blocklist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduggytuxy%2FData-Shield_IPv4_Blocklist/lists"}