Skip to content

stamparm/ipsum

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Dec 1, 2022

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2022-12-01)

IP DNS lookup Number of (black)lists
141.94.110.90 ns3199579.ip-141-94-110.eu 10
171.25.193.77 tor-exit-read-me.dfri.se 10
185.129.62.62 tor01.zencurity.com 10
144.172.73.16 tor-exit4.riverside.rocks 10
125.17.153.207 - 9
149.202.74.37 ns3013144.ip-149-202-74.eu 9
103.200.24.48 - 9
171.25.193.25 tor-exit-read-me.dfri.se 9
178.88.161.82 - 9
185.246.188.67 - 9
80.82.77.33 sky.census.shodan.io 8
89.234.157.254 marylou.nos-oignons.net 8
185.220.102.248 tor-exit-relay-2.anonymizing-proxy.digitalcourage.de 8
162.247.74.74 wiebe.tor-exit.calyxinstitute.org 8
185.247.206.56 - 8
171.25.193.78 tor-exit-read-me.dfri.se 8
2.58.56.101 powered.by.rdp.sh 8
80.82.77.139 dojo.census.shodan.io 8
51.89.153.112 ns3145504.ip-51-89-153.eu 8
103.251.167.21 tor-exit-at-the.quesadilla.party 8
185.100.87.174 torexit1.flokinet.net 8
192.42.116.16 tor-exit.hartvoorinternetvrijheid.nl 8
178.60.204.50 50.204.60.178.static.reverse-mundo-r.com 8
117.1.29.242 localhost 8
167.86.94.107 master-of-disaster.tor-exit.laarnes.nl 8
185.56.83.83 onion.xor.sc 8
5.135.142.115 gitlab.vedrenne-guillaume.com 8
162.210.173.17 suck.it.tor-exit.forked.net 8
222.168.30.19 - 8
185.241.208.204 - 8
80.67.167.81 nosoignons.cust.milkywan.net 8
57.128.11.39 ip39.ip-57-128-11.eu 8
190.144.161.145 - 8
185.165.190.34 red.census.shodan.io 8
51.178.81.115 vps-b05597af.vps.ovh.net 8
157.245.109.127 - 8
45.139.122.241 - 8
197.26.19.254 - 8
165.232.69.156 - 8
23.129.64.221 - 7
200.232.114.219 - 7
66.45.234.206 - 7
185.117.215.9 tor3.digineo.de 7
36.112.171.51 - 7
195.176.3.20 tor4e3.digitale-gesellschaft.ch 7
152.228.206.64 ip64.ip-152-228-206.eu 7
61.177.173.51 - 7
61.177.173.50 - 7
198.98.60.107 - 7
185.36.81.95 - 7
68.183.188.159 - 7
46.105.58.146 ip146.ip-46-105-58.eu 7
45.154.98.176 powered.by.rdp.sh 7
185.220.102.241 185-220-102-241.torservers.net 7
183.146.30.220 - 7
183.91.11.130 static.cmcti.vn 7
45.137.201.3 - 7
125.34.240.29 - 7
168.167.72.179 - 7
37.228.129.24 - 7
185.220.101.4 berlin01.tor-exit.artikel10.org 7
185.220.101.1 berlin01.tor-exit.artikel10.org 7
23.129.64.218 - 7
20.51.196.76 - 7
159.203.102.122 - 7
185.100.87.139 bucarest02.tor-exit.artikel10.org 7
165.227.25.154 - 7
178.20.55.16 marcuse.nos-oignons.net 7
106.10.122.53 - 7
185.51.61.82 - 7
223.240.96.1 - 7
103.186.66.83 - 7
162.247.72.199 jaffer.tor-exit.calyxinstitute.org 7
20.163.208.188 - 7
128.199.74.173 - 7
54.36.108.162 ns3112521.ip-54-36-108.eu 7
185.220.100.253 tor-exit-2.zbau.f3netze.de 7
185.220.100.252 tor-exit-1.zbau.f3netze.de 7
185.220.100.255 tor-exit-4.zbau.f3netze.de 7
103.251.167.20 - 7
94.230.208.147 tor3e1.digitale-gesellschaft.ch 7
209.141.41.103 tor-relay-3.mnpnk.com 7
205.185.116.34 tor-exit-relay-002.carlos1001.com 7
46.245.182.226 46-245-182-226.static.mivitec.net 7
166.70.207.2 this.is.a.tor.node.xmission.com 7
128.199.177.127 - 7
185.246.188.60 - 7
71.6.165.200 census12.shodan.io 7
107.189.6.124 farnsworth.rst.schiller.im 7
66.240.219.146 burger.census.shodan.io 7
162.247.74.27 - 7
20.85.226.10 - 7
185.220.103.8 mariellefranco.tor-exit.calyxinstitute.org 7
36.110.228.254 - 7
183.77.35.93 ac035093.dynamic.ppp.asahi-net.or.jp 7
91.134.167.2 - 7
162.247.74.217 - 7
106.249.240.114 - 7
171.25.193.235 tor-exit-read-me.dfri.se 7
134.249.100.114 134-249-100-114.broadband.kyivstar.net 7
46.105.58.27 ip27.ip-46-105-58.eu 7
61.177.173.47 - 7
61.177.173.48 - 7
171.25.193.20 tor-exit-read-me.dfri.se 7
223.240.83.206 - 7
62.102.148.68 - 7
143.110.153.150 - 7
165.154.228.202 - 7
107.189.1.155 - 7
144.172.73.34 tor-exit-nl.prsv.ch 7
179.43.159.195 hostedby.privatelayer.com 7
179.43.159.194 hostedby.privatelayer.com 7
146.59.233.33 vps-f61f0c8d.vps.ovh.net 7
5.161.177.194 static.194.177.161.5.clients.your-server.de 7
103.195.236.159 - 7
185.14.97.176 tor-exit1-terrahost03.tuxli.org 7
104.236.182.223 editoracip.sfo1 7
62.102.148.69 - 7
185.165.190.17 purple.census.shodan.io 7
108.6.225.64 pool-108-6-225-64.nycmny.fios.verizon.net 7
190.144.14.170 - 7
104.244.76.13 tor-exit-node.spongebob.nicdex.com 7
49.247.197.182 - 7
185.129.62.63 tor02.zencurity.com 7
5.255.99.205 - 7
137.184.194.129 - 7
185.220.101.32 tor-exit-32.for-privacy.net 7
23.129.64.223 - 7
209.141.54.195 tor1.friendlyexitnode.com 7
58.229.6.213 - 7
67.205.143.26 - 7
162.247.73.192 mario-louis-sylvester-lap.tor-exit.calyxinstitute.org 7
185.142.236.35 wine.census.shodan.io 7
185.142.236.34 hat.census.shodan.io 7
185.34.33.2 tor.laquadrature.net 7
186.122.177.117 host117.186-122-177.telmex.net.ar 7
61.177.173.36 - 7
61.177.173.35 - 7
61.177.173.39 - 7
24.199.92.95 - 7

About

Daily feed of bad IPs (with blacklist hit scores)

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published