IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 179.43.180.108 | hostedby.privatelayer.com | 11 |
| 183.81.169.238 | - | 10 |
| 179.43.190.218 | hostedby.privatelayer.com | 10 |
| 92.118.39.229 | edc74.daten-de.com | 8 |
| 152.89.245.140 | bluerivercommunications.org.uk | 8 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 8 |
| 118.123.105.85 | - | 7 |
| 218.92.0.34 | - | 7 |
| 218.92.0.31 | - | 7 |
| 210.183.113.11 | - | 7 |
| 185.74.4.20 | - | 7 |
| 186.67.248.8 | - | 7 |
| 61.177.172.179 | - | 7 |
| 218.92.0.76 | - | 7 |
| 51.159.5.102 | 51-159-5-102.rev.poneytelecom.eu | 7 |
| 218.92.0.107 | - | 7 |
| 218.92.0.56 | - | 7 |
| 206.168.34.189 | unused-space.coop.net | 7 |
| 206.168.34.184 | unused-space.coop.net | 7 |
| 206.168.34.186 | unused-space.coop.net | 7 |
| 206.168.34.182 | unused-space.coop.net | 7 |
| 143.255.142.80 | 143-255-142-80.giganet.net.py | 7 |
| 80.82.77.139 | dojo.census.shodan.io | 7 |
| 213.109.202.127 | - | 7 |
| 178.20.55.16 | marcuse.nos-oignons.net | 7 |
| 170.64.178.151 | - | 7 |
| 141.98.10.96 | - | 7 |
| 175.207.13.22 | - | 7 |
| 199.45.154.69 | scanner-205.hk2.censys-scanner.com | 7 |
| 199.45.154.65 | scanner-205.hk2.censys-scanner.com | 7 |
| 212.70.149.150 | - | 7 |
| 189.6.45.130 | bd062d82.virtua.com.br | 7 |
| 85.209.11.227 | - | 7 |
| 122.255.0.85 | - | 7 |
| 61.177.172.136 | - | 7 |
| 61.177.172.140 | - | 7 |
| 218.92.0.29 | - | 7 |
| 218.92.0.22 | - | 7 |
| 218.92.0.24 | - | 7 |
| 218.92.0.27 | - | 7 |
| 61.177.172.160 | - | 7 |
| 180.232.75.76 | 76.75.232.180.dsl.static.inet.as18190 | 7 |
| 122.224.37.86 | - | 7 |
| 220.80.223.144 | - | 7 |
| 80.67.167.81 | nosoignons.cust.milkywan.net | 7 |
| 220.80.70.60 | - | 7 |
| 218.92.0.112 | - | 7 |
| 218.92.0.113 | - | 7 |
| 218.92.0.118 | - | 7 |
| 14.48.52.161 | - | 7 |
| 45.125.66.43 | srv-45-125-66-43.minehost.eu | 7 |
| 87.98.138.142 | ip142.ip-87-98-138.eu | 7 |
| 211.43.80.245 | - | 7 |
| 180.101.88.197 | - | 7 |
| 180.101.88.196 | - | 7 |
| 211.62.68.204 | - | 7 |
| 103.56.61.130 | - | 7 |
| 115.91.84.132 | - | 7 |
| 178.20.55.182 | marcuse-2.nos-oignons.net | 7 |
| 180.101.88.205 | - | 7 |