IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 193.32.162.157 | - | 11 |
| 176.65.148.55 | hosted-by.pfcloud.io | 10 |
| 196.251.88.103 | - | 10 |
| 176.65.148.12 | hosted-by.pfcloud.io | 9 |
| 193.32.162.145 | - | 9 |
| 193.32.162.146 | - | 9 |
| 195.178.110.160 | - | 9 |
| 218.102.217.85 | pcd685085.netvigator.com | 9 |
| 3.130.96.91 | scan.cypex.ai | 8 |
| 14.63.196.175 | - | 8 |
| 34.171.244.191 | 191.244.171.34.bc.googleusercontent.com | 8 |
| 45.131.155.254 | - | 8 |
| 45.148.10.240 | - | 8 |
| 46.105.70.190 | b5.scanner.modat.io | 8 |
| 71.6.199.23 | einstein.census.shodan.io | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 80.82.77.139 | dojo.census.shodan.io | 8 |
| 80.82.77.202 | rnd.group-ib.com | 8 |
| 80.94.95.115 | - | 8 |
| 86.54.31.34 | wine.census.shodan.io | 8 |
| 92.118.39.92 | - | 8 |
| 93.19.172.217 | 217.172.19.93.rev.sfr.net | 8 |
| 93.123.109.191 | - | 8 |
| 104.244.77.50 | - | 8 |
| 107.173.37.111 | 107-173-37-111-host.colocrossing.com | 8 |
| 118.70.178.158 | - | 8 |
| 162.142.125.46 | - | 8 |
| 162.142.125.119 | scanner-19.ch1.censys-scanner.com | 8 |
| 162.142.125.127 | scanner-20.ch1.censys-scanner.com | 8 |
| 162.142.125.207 | - | 8 |
| 162.142.125.214 | scanner-05.ch1.censys-scanner.com | 8 |
| 185.93.89.118 | - | 8 |
| 185.156.73.234 | - | 8 |
| 186.117.149.128 | - | 8 |
| 216.10.250.218 | server.digitalspoint.com | 8 |
| 223.130.11.165 | - | 8 |
| 1.55.33.86 | - | 7 |
| 3.131.215.38 | ec2-3-131-215-38.us-east-2.compute.amazonaws.com | 7 |
| 3.132.23.201 | scan.cypex.ai | 7 |
| 3.134.148.59 | scan.cypex.ai | 7 |
| 3.138.185.30 | scan.cypex.ai | 7 |
| 5.167.76.48 | 5x167x76x48.static-business.cheb.ertelecom.ru | 7 |
| 5.193.232.234 | - | 7 |
| 14.116.156.100 | - | 7 |
| 27.254.235.3 | - | 7 |
| 34.64.41.134 | 134.41.64.34.bc.googleusercontent.com | 7 |
| 34.75.26.147 | 147.26.75.34.bc.googleusercontent.com | 7 |
| 34.175.118.185 | 185.118.175.34.bc.googleusercontent.com | 7 |
| 39.129.9.180 | - | 7 |
| 45.120.216.232 | - | 7 |
| 45.148.10.26 | - | 7 |
| 47.180.114.229 | 47-180-114-229.944e76fe48b133ae6f88b784db937d44.ip.frontiernet.net | 7 |
| 51.75.64.35 | vps-3d54f2a3.vps.ovh.net | 7 |
| 51.159.54.22 | 51-159-54-22.rev.poneytelecom.eu | 7 |
| 61.188.205.76 | 76.205.188.61.broad.nj.sc.dynamic.163data.com.cn | 7 |
| 61.240.156.16 | - | 7 |
| 66.240.192.138 | census8.shodan.io | 7 |
| 68.183.88.186 | - | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 71.6.165.200 | census12.shodan.io | 7 |
| 77.82.90.210 | - | 7 |
| 80.191.247.45 | - | 7 |
| 82.66.48.36 | lon92-2_migr-82-66-48-36.fbx.proxad.net | 7 |
| 85.18.236.229 | 85-18-236-229.ip.fastwebnet.it | 7 |
| 85.208.139.157 | 55363.ip-ptr.tech | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 89.248.167.131 | mason.census.shodan.io | 7 |
| 89.248.172.16 | house.census.shodan.io | 7 |
| 91.240.15.18 | 91.240.15.18.ip.nano.uz | 7 |
| 92.118.39.95 | - | 7 |
| 92.154.95.236 | lstlambert-656-1-48-236.w92-154.abo.wanadoo.fr | 7 |
| 93.176.2.87 | ftthcc.93-176-2-87.sfrcaraibe.fr | 7 |
| 95.215.0.144 | - | 7 |
| 96.78.175.36 | - | 7 |
| 96.78.175.39 | - | 7 |
| 101.47.5.97 | - | 7 |
| 101.126.88.79 | - | 7 |
| 103.39.93.93 | - | 7 |
| 103.48.192.48 | - | 7 |
| 103.113.105.228 | 103.113.105.228.dynamic-ekowebtech.net | 7 |
| 103.144.87.192 | - | 7 |
| 103.165.218.190 | 190.218.165.103.net.iforte.net.id | 7 |
| 103.210.22.17 | - | 7 |
| 105.73.164.78 | - | 7 |
| 106.13.78.99 | - | 7 |
| 109.75.33.121 | host-121.33.75.109.ucom.am | 7 |
| 115.241.83.2 | - | 7 |
| 116.110.89.98 | - | 7 |
| 117.2.142.24 | dynamic-ip-adsl.viettel.vn | 7 |
| 117.50.51.198 | - | 7 |
| 117.50.165.23 | - | 7 |
| 117.241.78.89 | - | 7 |
| 118.45.205.44 | - | 7 |
| 118.145.211.128 | - | 7 |
| 118.194.253.212 | - | 7 |
| 119.96.157.188 | - | 7 |
| 121.52.147.5 | upesh.edu.pk | 7 |
| 136.232.203.134 | - | 7 |
| 137.184.202.107 | nauru.production | 7 |
| 139.59.64.179 | - | 7 |
| 139.59.188.13 | - | 7 |
| 142.93.116.14 | - | 7 |
| 147.185.132.43 | - | 7 |
| 154.221.20.67 | - | 7 |
| 162.142.125.35 | - | 7 |
| 162.142.125.113 | scanner-19.ch1.censys-scanner.com | 7 |
| 162.142.125.117 | scanner-19.ch1.censys-scanner.com | 7 |
| 162.142.125.118 | scanner-19.ch1.censys-scanner.com | 7 |
| 162.142.125.125 | scanner-20.ch1.censys-scanner.com | 7 |
| 162.142.125.204 | - | 7 |
| 162.142.125.205 | - | 7 |
| 162.142.125.211 | scanner-05.ch1.censys-scanner.com | 7 |
| 162.142.125.212 | scanner-05.ch1.censys-scanner.com | 7 |
| 162.142.125.219 | scanner-25.ch1.censys-scanner.com | 7 |
| 164.177.31.66 | static-csq-cds-031066.business.bouyguestelecom.com | 7 |
| 167.94.138.178 | - | 7 |
| 167.94.145.108 | - | 7 |
| 167.94.145.111 | - | 7 |
| 167.94.146.48 | - | 7 |
| 167.94.146.51 | - | 7 |
| 167.94.146.55 | - | 7 |
| 167.94.146.63 | - | 7 |
| 171.244.37.96 | - | 7 |
| 179.33.186.151 | - | 7 |
| 181.176.156.130 | - | 7 |
| 182.18.161.165 | static-182-18-161-165.ctrls.in | 7 |
| 182.93.50.90 | n18293z50l90.static.ctmip.net | 7 |
| 182.229.10.141 | - | 7 |
| 185.83.127.17 | - | 7 |
| 185.165.191.26 | purple.census.shodan.io | 7 |
| 185.165.191.27 | red.census.shodan.io | 7 |
| 186.13.43.41 | host41.186-13-43.telmex.net.ar | 7 |
| 186.56.11.17 | - | 7 |
| 186.96.166.237 | fixed-186-96-166-237.totalplay.net | 7 |
| 187.45.100.0 | - | 7 |
| 189.217.130.86 | customer-189-217-130-86.cablevision.net.mx | 7 |
| 190.85.15.251 | - | 7 |
| 192.42.116.179 | 27.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.211 | 14.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.213 | 16.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.214 | 17.tor-exit.nothingtohide.nl | 7 |
| 193.32.162.141 | - | 7 |
| 193.32.162.151 | - | 7 |
| 194.0.234.93 | - | 7 |
| 194.113.236.217 | - | 7 |
| 195.165.181.16 | mobile-user-c3a5b5-16.dhcp.inet.fi | 7 |
| 195.178.110.108 | - | 7 |
| 196.251.67.42 | - | 7 |
| 196.251.81.116 | undefined.hostname.localhost | 7 |
| 196.251.87.35 | - | 7 |
| 197.227.8.186 | - | 7 |
| 204.44.127.231 | - | 7 |
| 206.168.34.72 | unused-space.coop.net | 7 |
| 209.14.85.59 | gru-209-14-85-59.ip4.99.network | 7 |
| 211.253.10.96 | - | 7 |
| 216.172.190.206 | col.colettelounge.com | 7 |
| 216.194.174.27 | - | 7 |
| 220.80.223.144 | - | 7 |
| 221.159.150.85 | - | 7 |
| 221.163.227.238 | - | 7 |
| 222.172.32.246 | - | 7 |