Skip to content

stamparm/ipsum

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-06-26)

IP DNS lookup Number of (black)lists
45.148.10.174 - 10
183.81.169.238 - 10
95.214.27.139 - 10
34.172.237.230 230.237.172.34.bc.googleusercontent.com 10
141.98.11.82 airplane.medyamol.com 9
168.75.64.214 - 9
212.76.27.39 - 8
93.123.39.174 - 8
171.25.193.77 tor-exit-read-me.dfri.se 8
118.253.177.161 - 8
113.133.177.77 - 8
85.209.11.227 - 8
93.174.95.106 battery.census.shodan.io 8
36.110.228.254 - 8
14.103.20.212 - 8
14.103.61.166 - 8
170.64.200.53 - 8
103.162.36.154 - 8
185.165.191.27 - 8
194.169.175.36 - 8
194.169.175.35 - 8
211.114.124.31 - 8
194.50.16.26 - 8
185.129.62.62 tor01.zencurity.com 8
101.47.6.209 - 8
141.98.10.106 - 8
141.98.10.125 imp-moment.trumpbuyer.com 8
77.91.78.132 scintillating-books.aeza.network 8
193.201.9.156 - 7
194.59.30.110 - 7
152.89.198.106 - 7
128.201.78.253 - 7
199.45.154.136 - 7
45.148.10.69 - 7
165.227.85.21 officehuddle.com-main-site 7
61.80.1.225 - 7
218.92.0.34 - 7
218.92.0.31 - 7
193.32.162.79 - 7
94.102.49.193 cloud.census.shodan.io 7
162.62.213.161 - 7
91.243.50.206 up-bdiff-ztest.jabdisc.com 7
85.209.11.27 - 7
164.92.71.158 - 7
61.177.172.179 - 7
118.43.127.7 - 7
218.92.0.76 - 7
59.2.250.91 - 7
193.32.162.38 pex28.dream-bal.com 7
199.45.154.149 - 7
138.197.14.180 - 7
45.141.215.21 - 7
218.92.0.107 - 7
159.65.147.224 - 7
82.200.65.218 gw-bell-xen.ll-nsk.zsttk.ru 7
218.92.0.56 - 7
192.42.116.217 20.tor-exit.nothingtohide.nl 7
218.7.217.229 - 7
80.82.77.139 dojo.census.shodan.io 7
61.177.172.136 - 7
43.153.0.227 - 7
71.6.146.186 inspire.census.shodan.io 7
5.8.11.202 - 7
170.231.224.198 - 7
103.251.167.20 - 7
103.39.93.93 - 7
218.92.0.112 - 7
52.139.235.212 - 7
207.90.244.2 - 7
207.90.244.3 - 7
207.90.244.6 - 7
49.248.148.165 gateway4.octashop.com 7
141.98.10.15 - 7
61.177.172.140 - 7
218.92.0.29 - 7
218.92.0.22 - 7
218.92.0.24 - 7
218.92.0.27 - 7
47.180.114.229 - 7
61.177.172.160 - 7
206.168.34.45 unused-space.coop.net 7
193.32.162.29 mail.whatami.co 7
170.64.234.60 - 7
71.6.135.131 soda.census.shodan.io 7
80.82.77.202 rnd.group-ib.com 7
218.92.0.113 - 7
218.92.0.118 - 7
180.101.88.197 - 7
180.101.88.196 - 7
218.156.108.222 - 7
170.210.155.249 - 7
103.136.186.73 - 7
218.90.122.26 - 7
85.209.11.254 - 7
61.93.186.125 061093186125.static.ctinets.com 7
152.32.150.7 - 7
92.118.39.133 - 7

Releases

No releases published

Packages

No packages published