I'm attempted to eliminate a lot of the malicious traffic on my webserver as possible. In doing so I have performed a few tests and found that when my server is not listed on shodan there are no port scans or any attempts to break in. But once shodan indexes the server and relists it again we are flood with attempts.
So to complete the project I need to block their scanning servers. Which netblocks and/or server addresses are they using?
(note: this is not how to defend against scans as suggested by a few moderators this is a legit question on which servers that shodan/@achillean actually uses for their scans)
