IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
45.148.10.174 | - | 10 |
183.81.169.238 | - | 10 |
95.214.27.139 | - | 10 |
34.172.237.230 | 230.237.172.34.bc.googleusercontent.com | 10 |
141.98.11.82 | airplane.medyamol.com | 9 |
168.75.64.214 | - | 9 |
212.76.27.39 | - | 8 |
93.123.39.174 | - | 8 |
171.25.193.77 | tor-exit-read-me.dfri.se | 8 |
118.253.177.161 | - | 8 |
113.133.177.77 | - | 8 |
85.209.11.227 | - | 8 |
93.174.95.106 | battery.census.shodan.io | 8 |
36.110.228.254 | - | 8 |
14.103.20.212 | - | 8 |
14.103.61.166 | - | 8 |
170.64.200.53 | - | 8 |
103.162.36.154 | - | 8 |
185.165.191.27 | - | 8 |
194.169.175.36 | - | 8 |
194.169.175.35 | - | 8 |
211.114.124.31 | - | 8 |
194.50.16.26 | - | 8 |
185.129.62.62 | tor01.zencurity.com | 8 |
101.47.6.209 | - | 8 |
141.98.10.106 | - | 8 |
141.98.10.125 | imp-moment.trumpbuyer.com | 8 |
77.91.78.132 | scintillating-books.aeza.network | 8 |
193.201.9.156 | - | 7 |
194.59.30.110 | - | 7 |
152.89.198.106 | - | 7 |
128.201.78.253 | - | 7 |
199.45.154.136 | - | 7 |
45.148.10.69 | - | 7 |
165.227.85.21 | officehuddle.com-main-site | 7 |
61.80.1.225 | - | 7 |
218.92.0.34 | - | 7 |
218.92.0.31 | - | 7 |
193.32.162.79 | - | 7 |
94.102.49.193 | cloud.census.shodan.io | 7 |
162.62.213.161 | - | 7 |
91.243.50.206 | up-bdiff-ztest.jabdisc.com | 7 |
85.209.11.27 | - | 7 |
164.92.71.158 | - | 7 |
61.177.172.179 | - | 7 |
118.43.127.7 | - | 7 |
218.92.0.76 | - | 7 |
59.2.250.91 | - | 7 |
193.32.162.38 | pex28.dream-bal.com | 7 |
199.45.154.149 | - | 7 |
138.197.14.180 | - | 7 |
45.141.215.21 | - | 7 |
218.92.0.107 | - | 7 |
159.65.147.224 | - | 7 |
82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 7 |
218.92.0.56 | - | 7 |
192.42.116.217 | 20.tor-exit.nothingtohide.nl | 7 |
218.7.217.229 | - | 7 |
80.82.77.139 | dojo.census.shodan.io | 7 |
61.177.172.136 | - | 7 |
43.153.0.227 | - | 7 |
71.6.146.186 | inspire.census.shodan.io | 7 |
5.8.11.202 | - | 7 |
170.231.224.198 | - | 7 |
103.251.167.20 | - | 7 |
103.39.93.93 | - | 7 |
218.92.0.112 | - | 7 |
52.139.235.212 | - | 7 |
207.90.244.2 | - | 7 |
207.90.244.3 | - | 7 |
207.90.244.6 | - | 7 |
49.248.148.165 | gateway4.octashop.com | 7 |
141.98.10.15 | - | 7 |
61.177.172.140 | - | 7 |
218.92.0.29 | - | 7 |
218.92.0.22 | - | 7 |
218.92.0.24 | - | 7 |
218.92.0.27 | - | 7 |
47.180.114.229 | - | 7 |
61.177.172.160 | - | 7 |
206.168.34.45 | unused-space.coop.net | 7 |
193.32.162.29 | mail.whatami.co | 7 |
170.64.234.60 | - | 7 |
71.6.135.131 | soda.census.shodan.io | 7 |
80.82.77.202 | rnd.group-ib.com | 7 |
218.92.0.113 | - | 7 |
218.92.0.118 | - | 7 |
180.101.88.197 | - | 7 |
180.101.88.196 | - | 7 |
218.156.108.222 | - | 7 |
170.210.155.249 | - | 7 |
103.136.186.73 | - | 7 |
218.90.122.26 | - | 7 |
85.209.11.254 | - | 7 |
61.93.186.125 | 061093186125.static.ctinets.com | 7 |
152.32.150.7 | - | 7 |
92.118.39.133 | - | 7 |