Add abuseipdb lists

Question

Add abuseipdb lists

borestad opened this issue a year ago · 5 comments

Can this be of interest to implement? I'm currently using it at home, and I'd say ...it blocks 95% of the incoming backgroud noise.
I don't have time to make a PR, but someone else might?

stamparm commented a year ago

done

👍1

Answer 1 · 2023-10-07T18:24:58.000Z

Hello!

Currently we have https://github.com/stamparm/maltrail/blob/master/trails/feeds/abuseipdb.py feed.

What's the difference of Abuseipdb IP Aggregator compared to this feed? Thanks!

Answer 2 · 2023-10-07T18:40:52.000Z

Ah..ofc, I should have given some more context! 😊

https://github.com/stamparm/maltrail/blob/master/trails/feeds/abuseipdb.py only receives 10 (ten) ips ..... the script I'm using is aggregating AbuseIPDB's API (that gives 10.000 free ip's with 100% confidence)

So...difference is.

The current trail/feed gives 10 ips
My script gives between 18.000 - 100.000 ips (depending on how far one want to go back in time)

Updated every 5 hours via cron / github action.

abuseipdb-s100.ipv4 (18059 ip)
abuseipdb-s100-1d.ipv4 (29120 ip)
abuseipdb-s100-2d.ipv4 (32988 ip)
abuseipdb-s100-3d.ipv4 (35842 ip)
abuseipdb-s100-7d.ipv4 (42372 ip)
abuseipdb-s100-14d.ipv4 (51396 ip)
abuseipdb-s100-30d.ipv4 (66260 ip)
abuseipdb-s100-60d.ipv4 (92139 ip)
abuseipdb-s100-90d.ipv4 (116315 ip)
abuseipdb-s100-120d.ipv4 (128970 ip)
abuseipdb-s100-all.ipv4 (388688 ip)

Answer 3 · 2023-10-07T18:42:36.000Z

Imho...this is the most reliable iplist I've ever used, with zero false positives.

Answer 4 · 2023-10-07T18:44:35.000Z

OK. @stamparm Your opinion here?