Here's a number of lists of IP addresses, usernames, and URLs that have been used against my servers and honeypots.

Creative Commons License
These blocklists are made available under the Creative Commons Attribution-ShareAlike 4.0 International License.

Naughty URLs in CSV format

URLs used by people testing my webservers for vulnerabilities. Four columns: Source IP, Date, Protocol, Request. Click to download

Usernames used in brute-force attacks

Usernames used in password-guessing attacks. Three columns: Number of attempts, Username, Protocol (telnet or ssh) Click to download

IP sources of brute-force attacks

IPs that attempted password-guessing attacks. Three columns: Source IP, Date, Protocol (telnet or ssh) Click to download

Attempts to use the 'Shellshock' bug

IPs that attempted to compromise my webservers using the 'shellshock' vulnerability in th unix bash shell. Three columns: Source IP, Date, HTTP header that contains shellshock Click to download