The FAQ attached is excellent: https://gist.github.com/Rucknium/76edd249c363b9ecf2517db4fab42e88#faqs

Looks like some slow gov’t project:

a large number of the suspected spy IP addresses are the same IP addresses implicated in "LinkingLion"spying on the BTC node network as far back as March 2023. The spying adversary is likely using the same IP addresses to spy on BTC and Monero. […] The LinkingLion BTC spying adversary is still using these IP addresses even though the spying has been publicly revealed for at least 21 months, which suggests that the adversary cannot easily change their IP addresses.

Monero GUI wallet

If your run your own local node through the GUI wallet, go to Settings. In the “Daemon startup flags” box, input “–ban-list <file-path-to-ban-list>”. Then click the orange “Stop daemon” button. It will take a few seconds for the daemon to shut down. Then click the orange “Start daemon” button. If you use a remote node, whoever operates the remote node will decide if the ban list is enabled.