Skip to content

stamparm/ipsum

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-06-13)

IP DNS lookup Number of (black)lists
183.81.169.238 - 10
209.38.26.153 - 10
141.98.10.125 imp-moment.trumpbuyer.com 10
34.172.237.230 230.237.172.34.bc.googleusercontent.com 9
185.196.8.22 - 9
80.82.77.33 sky.census.shodan.io 8
138.68.104.130 - 8
211.253.10.96 - 8
218.92.0.34 - 8
218.92.0.31 - 8
212.76.27.39 - 8
61.177.172.179 - 8
82.200.65.218 gw-bell-xen.ll-nsk.zsttk.ru 8
218.92.0.107 - 8
218.92.0.56 - 8
51.89.153.112 ns3145504.ip-51-89-153.eu 8
154.68.39.6 wimax-154.68.39.6.aviso.ci 8
218.92.0.76 - 8
85.209.11.227 - 8
207.90.244.4 - 8
207.90.244.6 - 8
93.174.95.106 battery.census.shodan.io 8
61.177.172.136 - 8
61.177.172.140 - 8
218.92.0.29 - 8
218.92.0.22 - 8
218.92.0.24 - 8
218.92.0.27 - 8
103.63.108.25 static.cmcti.vn 8
61.177.172.160 - 8
194.169.175.36 - 8
194.169.175.35 - 8
80.82.77.202 rnd.group-ib.com 8
218.92.0.112 - 8
218.92.0.113 - 8
218.92.0.118 - 8
211.114.124.31 - 8
192.42.116.208 11.tor-exit.nothingtohide.nl 8
190.144.14.170 - 8
181.2.151.236 host236.181-2-151.telecom.net.ar 8
180.101.88.197 - 8
180.101.88.196 - 8
134.209.98.12 - 8
180.101.88.205 - 8
144.34.212.238 localhost.localdomain 7
193.201.9.156 - 7
54.37.73.222 vps-606253ad.vps.ovh.net 7
87.128.104.138 p5780688a.dip0.t-ipconnect.de 7
213.194.140.33 static.33.140.194.213.ibercom.com 7
165.227.85.21 officehuddle.com-main-site 7
79.110.62.145 - 7
116.55.245.26 - 7
43.156.19.40 - 7
111.21.161.162 - 7
123.30.157.54 static.vnpt.vn 7
185.196.20.201 vmi1814094.contaboserver.net 7
107.173.210.201 107-173-210-201-host.colocrossing.com 7
5.19.118.77 5x19x118x77.static-business.spb.ertelecom.ru 7
79.175.176.225 - 7
43.156.57.127 - 7
144.217.13.134 vps-2cf81da8.vps.ovh.ca 7
101.36.127.102 - 7
128.14.209.26 zl-dal-us-gp1-wk119.internet-census.org 7
138.197.14.180 - 7
103.248.43.98 - 7
2.189.110.159 - 7
71.128.32.25 - 7
194.152.206.17 - 7
162.142.125.202 - 7
202.157.186.116 - 7
103.91.136.18 - 7
118.70.134.18 - 7
39.109.126.161 - 7
43.133.74.235 - 7
170.64.200.53 - 7
206.168.34.38 unused-space.coop.net 7
213.109.202.127 - 7
43.130.229.179 - 7
221.156.126.1 - 7
199.45.154.27 scanner-201.hk2.censys-scanner.com 7
199.45.154.24 scanner-201.hk2.censys-scanner.com 7
150.109.84.218 - 7
80.229.18.62 maryfindlay.plus.com 7
125.94.71.207 - 7
94.254.0.234 h-94-254-0-234.na.cust.bahnhof.se 7
177.93.111.166 www3.dicaquente.net.br 7
182.57.16.58 static-mum-182.57.16.58.mtnl.net.in 7
43.163.237.103 - 7
209.38.20.201 - 7
104.248.19.132 - 7
175.207.13.22 - 7
42.200.78.78 42-200-78-78.static.imsbiz.com 7
49.51.48.160 - 7
113.133.177.77 - 7
51.89.216.178 vps-c61559cf.vps.ovh.net 7
45.15.157.104 vpn.aeza.network 7
34.42.224.67 67.224.42.34.bc.googleusercontent.com 7
71.6.165.200 census12.shodan.io 7
8.220.215.78 - 7
103.200.30.97 - 7
41.138.54.13 - 7
165.22.248.47 - 7
66.240.219.146 burger.census.shodan.io 7
144.217.89.216 www.canadavirtualnumber.ca 7
122.166.156.246 abts-kk-static-246.156.166.122.airtelbroadband.in 7
187.110.238.50 187.110.238.50.mobtelecom.com.br 7
124.156.193.184 - 7
43.163.241.112 - 7
92.222.9.245 vps-9b1c16fc.vps.ovh.net 7
124.156.204.245 - 7
134.209.19.26 - 7
43.153.46.251 - 7
95.181.43.122 95-181-43-122.goodline.info 7
103.15.50.21 - 7
193.32.162.65 - 7
183.240.157.2 - 7
206.168.34.119 unused-space.coop.net 7
206.189.55.247 - 7
147.185.132.79 - 7
198.23.143.193 host.sindad.cloud 7
218.78.82.244 244.82.78.218.dial.xw.sh.dynamic.163data.com.cn 7
161.35.66.235 - 7
51.178.182.201 vps-d9c515f6.vps.ovh.net 7
14.103.61.166 - 7
69.49.246.187 69-49-246-187.webhostbox.net 7
165.232.79.130 - 7
43.156.98.81 - 7
92.55.190.215 - 7
121.17.222.38 - 7
71.6.146.185 pirate.census.shodan.io 7
43.153.54.101 - 7
178.176.250.39 - 7
120.48.36.126 - 7
119.73.179.114 - 7
50.84.211.204 syn-050-084-211-204.biz.spectrum.com 7
65.181.73.155 65-181-73-155.static.imsbiz.com 7
161.35.78.86 - 7
220.134.113.188 220-134-113-188.hinet-ip.hinet.net 7
66.240.192.138 census8.shodan.io 7
185.165.191.27 - 7
143.198.87.140 - 7
157.245.157.93 - 7
106.57.253.254 - 7
23.247.130.85 - 7
58.34.180.42 42.180.34.58.broad.xw.sh.dynamic.163data.com.cn 7
71.6.135.131 soda.census.shodan.io 7
80.67.167.81 nosoignons.cust.milkywan.net 7
209.38.38.20 - 7
115.231.78.9 - 7
111.68.98.152 111.68.98.152.pern.pk 7
43.128.111.12 - 7
80.94.95.81 - 7
43.159.38.60 - 7
192.42.116.209 12.tor-exit.nothingtohide.nl 7
174.138.61.67 - 7
189.195.123.57 customer-pue-123-57.megared.net.mx 7
194.50.16.26 - 7
43.159.52.75 - 7
182.78.142.4 - 7
172.245.226.223 172-245-226-223-host.colocrossing.com 7
125.99.173.162 - 7
138.197.173.66 - 7
43.128.131.205 - 7
47.91.11.16 - 7
109.75.33.121 host-121.33.75.109.ucom.am 7
180.184.161.144 - 7
190.145.81.37 - 7
141.98.10.106 - 7
170.210.155.249 - 7
137.184.183.109 ifacturalo.com 7
118.145.8.50 - 7
89.97.218.142 89-97-218-142.ip19.fastwebnet.it 7
162.62.209.101 - 7
134.209.181.159 - 7
146.190.76.99 - 7
199.45.154.71 scanner-205.hk2.censys-scanner.com 7
38.72.132.135 - 7
85.209.11.254 - 7
43.131.251.147 - 7
43.155.145.252 - 7
96.69.13.140 96-69-13-140-static.hfc.comcastbusiness.net 7
118.123.105.86 - 7
43.163.237.234 - 7
199.45.154.28 scanner-201.hk2.censys-scanner.com 7
61.155.106.101 - 7
173.255.200.184 173-255-200-184.ip.linodeusercontent.com 7
199.45.154.50 scanner-203.hk2.censys-scanner.com 7
170.64.146.71 - 7
14.18.105.210 - 7
187.188.0.71 fixed-187-188-0-71.totalplay.net 7
183.47.14.74 - 7
167.71.222.230 - 7
124.156.197.192 - 7
43.130.37.20 - 7
211.221.43.144 - 7
190.85.15.251 - 7
64.227.126.250 - 7

Releases

No releases published

Packages

No packages published