IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 183.81.169.238 | - | 10 |
| 209.38.26.153 | - | 10 |
| 141.98.10.125 | imp-moment.trumpbuyer.com | 10 |
| 34.172.237.230 | 230.237.172.34.bc.googleusercontent.com | 9 |
| 185.196.8.22 | - | 9 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 138.68.104.130 | - | 8 |
| 211.253.10.96 | - | 8 |
| 218.92.0.34 | - | 8 |
| 218.92.0.31 | - | 8 |
| 212.76.27.39 | - | 8 |
| 61.177.172.179 | - | 8 |
| 82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 8 |
| 218.92.0.107 | - | 8 |
| 218.92.0.56 | - | 8 |
| 51.89.153.112 | ns3145504.ip-51-89-153.eu | 8 |
| 154.68.39.6 | wimax-154.68.39.6.aviso.ci | 8 |
| 218.92.0.76 | - | 8 |
| 85.209.11.227 | - | 8 |
| 207.90.244.4 | - | 8 |
| 207.90.244.6 | - | 8 |
| 93.174.95.106 | battery.census.shodan.io | 8 |
| 61.177.172.136 | - | 8 |
| 61.177.172.140 | - | 8 |
| 218.92.0.29 | - | 8 |
| 218.92.0.22 | - | 8 |
| 218.92.0.24 | - | 8 |
| 218.92.0.27 | - | 8 |
| 103.63.108.25 | static.cmcti.vn | 8 |
| 61.177.172.160 | - | 8 |
| 194.169.175.36 | - | 8 |
| 194.169.175.35 | - | 8 |
| 80.82.77.202 | rnd.group-ib.com | 8 |
| 218.92.0.112 | - | 8 |
| 218.92.0.113 | - | 8 |
| 218.92.0.118 | - | 8 |
| 211.114.124.31 | - | 8 |
| 192.42.116.208 | 11.tor-exit.nothingtohide.nl | 8 |
| 190.144.14.170 | - | 8 |
| 181.2.151.236 | host236.181-2-151.telecom.net.ar | 8 |
| 180.101.88.197 | - | 8 |
| 180.101.88.196 | - | 8 |
| 134.209.98.12 | - | 8 |
| 180.101.88.205 | - | 8 |
| 144.34.212.238 | localhost.localdomain | 7 |
| 193.201.9.156 | - | 7 |
| 54.37.73.222 | vps-606253ad.vps.ovh.net | 7 |
| 87.128.104.138 | p5780688a.dip0.t-ipconnect.de | 7 |
| 213.194.140.33 | static.33.140.194.213.ibercom.com | 7 |
| 165.227.85.21 | officehuddle.com-main-site | 7 |
| 79.110.62.145 | - | 7 |
| 116.55.245.26 | - | 7 |
| 43.156.19.40 | - | 7 |
| 111.21.161.162 | - | 7 |
| 123.30.157.54 | static.vnpt.vn | 7 |
| 185.196.20.201 | vmi1814094.contaboserver.net | 7 |
| 107.173.210.201 | 107-173-210-201-host.colocrossing.com | 7 |
| 5.19.118.77 | 5x19x118x77.static-business.spb.ertelecom.ru | 7 |
| 79.175.176.225 | - | 7 |
| 43.156.57.127 | - | 7 |
| 144.217.13.134 | vps-2cf81da8.vps.ovh.ca | 7 |
| 101.36.127.102 | - | 7 |
| 128.14.209.26 | zl-dal-us-gp1-wk119.internet-census.org | 7 |
| 138.197.14.180 | - | 7 |
| 103.248.43.98 | - | 7 |
| 2.189.110.159 | - | 7 |
| 71.128.32.25 | - | 7 |
| 194.152.206.17 | - | 7 |
| 162.142.125.202 | - | 7 |
| 202.157.186.116 | - | 7 |
| 103.91.136.18 | - | 7 |
| 118.70.134.18 | - | 7 |
| 39.109.126.161 | - | 7 |
| 43.133.74.235 | - | 7 |
| 170.64.200.53 | - | 7 |
| 206.168.34.38 | unused-space.coop.net | 7 |
| 213.109.202.127 | - | 7 |
| 43.130.229.179 | - | 7 |
| 221.156.126.1 | - | 7 |
| 199.45.154.27 | scanner-201.hk2.censys-scanner.com | 7 |
| 199.45.154.24 | scanner-201.hk2.censys-scanner.com | 7 |
| 150.109.84.218 | - | 7 |
| 80.229.18.62 | maryfindlay.plus.com | 7 |
| 125.94.71.207 | - | 7 |
| 94.254.0.234 | h-94-254-0-234.na.cust.bahnhof.se | 7 |
| 177.93.111.166 | www3.dicaquente.net.br | 7 |
| 182.57.16.58 | static-mum-182.57.16.58.mtnl.net.in | 7 |
| 43.163.237.103 | - | 7 |
| 209.38.20.201 | - | 7 |
| 104.248.19.132 | - | 7 |
| 175.207.13.22 | - | 7 |
| 42.200.78.78 | 42-200-78-78.static.imsbiz.com | 7 |
| 49.51.48.160 | - | 7 |
| 113.133.177.77 | - | 7 |
| 51.89.216.178 | vps-c61559cf.vps.ovh.net | 7 |
| 45.15.157.104 | vpn.aeza.network | 7 |
| 34.42.224.67 | 67.224.42.34.bc.googleusercontent.com | 7 |
| 71.6.165.200 | census12.shodan.io | 7 |
| 8.220.215.78 | - | 7 |
| 103.200.30.97 | - | 7 |
| 41.138.54.13 | - | 7 |
| 165.22.248.47 | - | 7 |
| 66.240.219.146 | burger.census.shodan.io | 7 |
| 144.217.89.216 | www.canadavirtualnumber.ca | 7 |
| 122.166.156.246 | abts-kk-static-246.156.166.122.airtelbroadband.in | 7 |
| 187.110.238.50 | 187.110.238.50.mobtelecom.com.br | 7 |
| 124.156.193.184 | - | 7 |
| 43.163.241.112 | - | 7 |
| 92.222.9.245 | vps-9b1c16fc.vps.ovh.net | 7 |
| 124.156.204.245 | - | 7 |
| 134.209.19.26 | - | 7 |
| 43.153.46.251 | - | 7 |
| 95.181.43.122 | 95-181-43-122.goodline.info | 7 |
| 103.15.50.21 | - | 7 |
| 193.32.162.65 | - | 7 |
| 183.240.157.2 | - | 7 |
| 206.168.34.119 | unused-space.coop.net | 7 |
| 206.189.55.247 | - | 7 |
| 147.185.132.79 | - | 7 |
| 198.23.143.193 | host.sindad.cloud | 7 |
| 218.78.82.244 | 244.82.78.218.dial.xw.sh.dynamic.163data.com.cn | 7 |
| 161.35.66.235 | - | 7 |
| 51.178.182.201 | vps-d9c515f6.vps.ovh.net | 7 |
| 14.103.61.166 | - | 7 |
| 69.49.246.187 | 69-49-246-187.webhostbox.net | 7 |
| 165.232.79.130 | - | 7 |
| 43.156.98.81 | - | 7 |
| 92.55.190.215 | - | 7 |
| 121.17.222.38 | - | 7 |
| 71.6.146.185 | pirate.census.shodan.io | 7 |
| 43.153.54.101 | - | 7 |
| 178.176.250.39 | - | 7 |
| 120.48.36.126 | - | 7 |
| 119.73.179.114 | - | 7 |
| 50.84.211.204 | syn-050-084-211-204.biz.spectrum.com | 7 |
| 65.181.73.155 | 65-181-73-155.static.imsbiz.com | 7 |
| 161.35.78.86 | - | 7 |
| 220.134.113.188 | 220-134-113-188.hinet-ip.hinet.net | 7 |
| 66.240.192.138 | census8.shodan.io | 7 |
| 185.165.191.27 | - | 7 |
| 143.198.87.140 | - | 7 |
| 157.245.157.93 | - | 7 |
| 106.57.253.254 | - | 7 |
| 23.247.130.85 | - | 7 |
| 58.34.180.42 | 42.180.34.58.broad.xw.sh.dynamic.163data.com.cn | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 80.67.167.81 | nosoignons.cust.milkywan.net | 7 |
| 209.38.38.20 | - | 7 |
| 115.231.78.9 | - | 7 |
| 111.68.98.152 | 111.68.98.152.pern.pk | 7 |
| 43.128.111.12 | - | 7 |
| 80.94.95.81 | - | 7 |
| 43.159.38.60 | - | 7 |
| 192.42.116.209 | 12.tor-exit.nothingtohide.nl | 7 |
| 174.138.61.67 | - | 7 |
| 189.195.123.57 | customer-pue-123-57.megared.net.mx | 7 |
| 194.50.16.26 | - | 7 |
| 43.159.52.75 | - | 7 |
| 182.78.142.4 | - | 7 |
| 172.245.226.223 | 172-245-226-223-host.colocrossing.com | 7 |
| 125.99.173.162 | - | 7 |
| 138.197.173.66 | - | 7 |
| 43.128.131.205 | - | 7 |
| 47.91.11.16 | - | 7 |
| 109.75.33.121 | host-121.33.75.109.ucom.am | 7 |
| 180.184.161.144 | - | 7 |
| 190.145.81.37 | - | 7 |
| 141.98.10.106 | - | 7 |
| 170.210.155.249 | - | 7 |
| 137.184.183.109 | ifacturalo.com | 7 |
| 118.145.8.50 | - | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 162.62.209.101 | - | 7 |
| 134.209.181.159 | - | 7 |
| 146.190.76.99 | - | 7 |
| 199.45.154.71 | scanner-205.hk2.censys-scanner.com | 7 |
| 38.72.132.135 | - | 7 |
| 85.209.11.254 | - | 7 |
| 43.131.251.147 | - | 7 |
| 43.155.145.252 | - | 7 |
| 96.69.13.140 | 96-69-13-140-static.hfc.comcastbusiness.net | 7 |
| 118.123.105.86 | - | 7 |
| 43.163.237.234 | - | 7 |
| 199.45.154.28 | scanner-201.hk2.censys-scanner.com | 7 |
| 61.155.106.101 | - | 7 |
| 173.255.200.184 | 173-255-200-184.ip.linodeusercontent.com | 7 |
| 199.45.154.50 | scanner-203.hk2.censys-scanner.com | 7 |
| 170.64.146.71 | - | 7 |
| 14.18.105.210 | - | 7 |
| 187.188.0.71 | fixed-187-188-0-71.totalplay.net | 7 |
| 183.47.14.74 | - | 7 |
| 167.71.222.230 | - | 7 |
| 124.156.197.192 | - | 7 |
| 43.130.37.20 | - | 7 |
| 211.221.43.144 | - | 7 |
| 190.85.15.251 | - | 7 |
| 64.227.126.250 | - | 7 |