IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 104.234.254.118 | - | 10 |
| 183.81.169.238 | - | 10 |
| 45.148.10.69 | - | 9 |
| 61.177.172.172 | - | 9 |
| 218.92.0.76 | - | 9 |
| 61.177.172.136 | - | 9 |
| 89.22.226.216 | assorted-knot.aeza.network | 9 |
| 61.177.172.161 | - | 9 |
| 61.177.172.160 | - | 9 |
| 61.177.172.168 | - | 9 |
| 218.92.0.112 | - | 9 |
| 218.92.0.113 | - | 9 |
| 218.92.0.118 | - | 9 |
| 77.91.85.126 | chummy-activity.aeza.network | 9 |
| 180.101.88.197 | - | 9 |
| 61.177.172.179 | - | 9 |
| 45.139.122.176 | - | 9 |
| 91.103.140.42 | - | 9 |
| 85.209.11.27 | - | 9 |
| 218.92.0.107 | - | 9 |
| 218.92.0.56 | - | 9 |
| 141.255.160.234 | hostedby.privatelayer.com | 9 |
| 164.90.183.255 | flexomatei.ro | 9 |
| 61.177.172.140 | - | 9 |
| 218.92.0.29 | - | 9 |
| 218.92.0.24 | - | 9 |
| 218.92.0.22 | - | 9 |
| 194.169.175.37 | - | 9 |
| 194.169.175.38 | - | 9 |
| 139.59.92.140 | - | 9 |
| 85.209.11.254 | - | 9 |
| 218.92.0.34 | - | 8 |
| 218.92.0.31 | - | 8 |
| 178.20.55.16 | marcuse.nos-oignons.net | 8 |
| 159.65.147.193 | panel.mydigitalads.in | 8 |
| 192.42.116.198 | 8.tor-exit.nothingtohide.nl | 8 |
| 193.32.162.83 | - | 8 |
| 64.23.244.21 | - | 8 |
| 193.32.162.38 | pex28.dream-bal.com | 8 |
| 171.25.193.77 | tor-exit-read-me.dfri.se | 8 |
| 185.220.101.28 | berlin01.tor-exit.artikel10.org | 8 |
| 103.142.86.221 | - | 8 |
| 109.70.100.70 | tor-exit-anonymizer.appliedprivacy.net | 8 |
| 192.42.116.219 | 45.tor-exit.nothingtohide.nl | 8 |
| 218.92.0.27 | - | 8 |
| 116.205.230.173 | ecs-116-205-230-173.compute.hwclouds-dns.com | 8 |
| 77.221.156.122 | worthy-plane.aeza.network | 8 |
| 193.32.162.29 | mail.whatami.co | 8 |
| 178.20.55.182 | marcuse-2.nos-oignons.net | 8 |
| 196.241.66.194 | - | 7 |
| 45.84.89.2 | server-0-2.survey.inspici.com | 7 |
| 92.246.84.133 | - | 7 |
| 79.110.62.145 | - | 7 |
| 106.12.222.76 | - | 7 |
| 45.148.10.111 | - | 7 |
| 159.223.105.130 | - | 7 |
| 186.96.145.241 | fixed-186-96-145-241.totalplay.net | 7 |
| 201.144.8.115 | cajasolidariaguachinango.com.mx | 7 |
| 185.220.100.253 | tor-exit-2.zbau.f3netze.de | 7 |
| 185.220.100.255 | tor-exit-4.zbau.f3netze.de | 7 |
| 109.74.204.123 | academyforinternetresearch.org | 7 |
| 189.7.17.61 | bd07113d.virtua.com.br | 7 |
| 118.41.204.48 | - | 7 |
| 43.136.95.69 | - | 7 |
| 192.42.116.192 | 2.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.196 | 6.tor-exit.nothingtohide.nl | 7 |
| 92.118.39.120 | - | 7 |
| 93.113.63.8 | - | 7 |
| 80.67.172.162 | algrothendieck.nos-oignons.net | 7 |
| 222.186.160.114 | - | 7 |
| 27.210.152.236 | - | 7 |
| 182.253.36.150 | - | 7 |
| 223.167.13.232 | - | 7 |
| 185.132.53.12 | - | 7 |
| 192.42.116.200 | 10.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.208 | 11.tor-exit.nothingtohide.nl | 7 |
| 185.220.101.16 | berlin01.tor-exit.artikel10.org | 7 |
| 185.220.101.13 | berlin01.tor-exit.artikel10.org | 7 |
| 85.172.189.189 | - | 7 |
| 81.19.137.146 | cared-lumber.aeza.network | 7 |
| 185.220.101.17 | berlin01.tor-exit.artikel10.org | 7 |
| 185.243.218.110 | tor-exit1-terrahost06.tuxli.org | 7 |
| 92.118.39.133 | - | 7 |
| 213.6.203.226 | - | 7 |
| 128.199.225.7 | - | 7 |
| 185.220.101.9 | berlin01.tor-exit.artikel10.org | 7 |
| 192.42.116.178 | 26.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.176 | 24.tor-exit.nothingtohide.nl | 7 |
| 81.28.167.30 | - | 7 |
| 192.42.116.214 | 17.tor-exit.nothingtohide.nl | 7 |
| 80.82.77.139 | dojo.census.shodan.io | 7 |
| 152.42.244.23 | - | 7 |
| 160.22.175.93 | - | 7 |
| 45.148.10.251 | - | 7 |
| 185.220.101.27 | berlin01.tor-exit.artikel10.org | 7 |
| 185.220.101.24 | berlin01.tor-exit.artikel10.org | 7 |
| 185.220.101.25 | berlin01.tor-exit.artikel10.org | 7 |
| 185.253.54.52 | devling.fr | 7 |
| 207.90.244.4 | - | 7 |
| 93.174.95.106 | battery.census.shodan.io | 7 |
| 82.151.65.155 | - | 7 |
| 14.40.8.125 | - | 7 |