About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2022-04-16)
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 171.25.193.77 | tor-exit1-readme.dfri.se | 9 |
| 45.67.34.253 | - | 9 |
| 171.25.193.20 | tor-exit0-readme.dfri.se | 9 |
| 194.165.16.5 | - | 9 |
| 185.129.62.62 | tor01.zencurity.dk | 9 |
| 179.43.167.74 | - | 8 |
| 61.177.173.53 | - | 8 |
| 61.177.172.114 | - | 8 |
| 185.220.102.4 | communityexit.torservers.net | 8 |
| 23.129.64.213 | - | 8 |
| 179.43.168.126 | - | 8 |
| 36.110.228.254 | - | 8 |
| 45.154.255.139 | cust-139.keff.org | 8 |
| 80.67.172.162 | algrothendieck.nos-oignons.net | 8 |
| 62.102.148.69 | - | 8 |
| 185.220.101.1 | berlin01.tor-exit.artikel10.org | 7 |
| 185.117.215.9 | tor3.digineo.de | 7 |
| 64.225.64.101 | - | 7 |
| 89.234.157.254 | marylou.nos-oignons.net | 7 |
| 61.177.173.51 | - | 7 |
| 61.177.173.50 | - | 7 |
| 162.247.74.74 | - | 7 |
| 61.177.172.108 | - | 7 |
| 164.92.220.20 | - | 7 |
| 171.25.193.78 | tor-exit4-readme.dfri.se | 7 |
| 178.20.55.18 | marcuse-2.nos-oignons.net | 7 |
| 130.149.80.199 | tor.dsi.tu-berlin.de | 7 |
| 144.172.73.66 | tor | 7 |
| 45.153.160.129 | - | 7 |
| 185.220.100.255 | tor-exit-4.zbau.f3netze.de | 7 |
| 185.220.100.254 | tor-exit-3.zbau.f3netze.de | 7 |
| 199.249.230.87 | tor38.quintex.com | 7 |
| 116.110.3.253 | - | 7 |
| 179.43.154.138 | - | 7 |
| 166.70.207.2 | this.is.a.tor.node.xmission.com | 7 |
| 176.113.115.82 | - | 7 |
| 2.58.56.14 | powered.by.rdp.sh | 7 |
| 45.153.160.140 | - | 7 |
| 45.135.232.155 | - | 7 |
| 179.43.175.103 | - | 7 |
| 179.43.175.108 | - | 7 |
| 162.247.74.27 | turing.tor-exit.calyxinstitute.org | 7 |
| 130.162.183.218 | - | 7 |
| 171.25.193.25 | tor-exit5-readme.dfri.se | 7 |
| 61.177.173.46 | - | 7 |
| 61.177.173.47 | - | 7 |
| 165.22.202.10 | - | 7 |
| 161.35.89.112 | - | 7 |
| 45.125.65.31 | artdesigns.info | 7 |
| 159.65.113.87 | - | 7 |
| 185.107.47.215 | tor-exit.r1.ci.ax | 7 |
| 37.0.11.224 | - | 7 |
| 161.35.89.214 | - | 7 |
| 45.125.65.126 | srv-45-125-65-126.serveroffer.net | 7 |
| 61.177.172.124 | - | 7 |
| 159.223.229.50 | - | 7 |
| 104.244.76.13 | tor-exit-node.spongebob.nicdex.com | 7 |
| 45.153.160.133 | - | 7 |
| 61.177.173.39 | - | 7 |
| 61.177.172.98 | - | 7 |
| 185.220.100.244 | tor-exit-5.zbau.f3netze.de | 7 |
| 185.220.100.242 | tor-exit-15.zbau.f3netze.de | 7 |
| 185.220.100.243 | tor-exit-16.zbau.f3netze.de | 7 |
| 185.220.100.241 | tor-exit-14.zbau.f3netze.de | 7 |
| 167.86.117.183 | vmi741124.contaboserver.net | 7 |
| 45.67.34.100 | - | 7 |
| 61.177.173.36 | - | 7 |
| 61.177.173.35 | - | 7 |