Daily feed of bad IPs (with blacklist hit scores)
Clone or download
Latest commit 96a6b63 Jan 17, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
levels Automatic update Jan 17, 2019
README.md Automatic update Jan 17, 2019
ipsum.txt Automatic update Jan 17, 2019

README.md

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Important: If you are planning to use git to get the content of this repository do it like git clone --depth 1 https://github.com/stamparm/ipsum.git

Wall of shame (2019-01-17)

IP DNS lookup Number of (black)lists
66.70.217.179 tor.cusse.org 10
121.17.18.219 - 10
58.42.228.170 - 9
171.25.193.235 tor-exit3-readme.dfri.se 9
60.12.215.85 - 9
185.220.102.8 - 9
178.73.215.171 178-73-215-171-static.glesys.net 9
176.10.104.240 tor1e1.digitale-gesellschaft.ch 9
197.231.221.211 exit1.ipredator.se 9
124.137.174.61 - 8
80.82.77.33 sky.census.shodan.io 8
119.195.167.248 - 8
171.25.193.20 tor-exit0-readme.dfri.se 8
89.234.157.254 marylou.nos-oignons.net 8
144.132.10.218 cpe-144-132-10-218.rjui-cr-101.win.vic.bigpond.net.au 8
170.253.216.168 cblmdm170-253-216-168.maxxsouthbb.net 8
171.25.193.25 tor-exit5-readme.dfri.se 8
176.10.99.200 - 8
222.89.85.158 - 8
65.19.167.132 - 8
211.201.237.99 - 8
71.229.24.115 c-71-229-24-115.hsd1.fl.comcast.net 8
31.220.0.225 exit3.tor-network.net 8
123.157.138.165 - 8
119.4.250.72 - 8
23.129.64.105 shelob.lucyparsonslabs.com 8
199.19.225.161 mxolution.info 8
176.31.208.193 tor-exit1.netnik.xyz 8
171.25.193.77 tor-exit1-readme.dfri.se 8
89.31.57.5 dreamatorium.badexample.net 8
199.87.154.255 tor.les.net 8
87.228.111.210 - 8
219.135.194.73 73.194.135.219.broad.gz.gd.dynamic.163data.com.cn 8
62.102.148.67 - 8
88.214.26.49 - 8
192.160.102.170 ogopogo.relay.coldhak.com 8
162.243.87.130 washington.lrei.org 8
198.96.155.3 exit.tor.uwaterloo.ca 8
124.197.72.234 234.72.197.124.unknown.m1.com.sg 8
166.70.207.2 this.is.a.tor.node.xmission.com 8
87.118.116.12 tormachine.keymachine.de 8
106.12.81.245 - 8
185.244.25.157 - 8
62.210.105.116 62-210-105-116.rev.poneytelecom.eu 8
204.85.191.30 tor00.telenet.unc.edu 8
180.210.34.35 - 8
122.2.223.242 122.2.223.242.static.pldt.net 8
80.67.172.162 algrothendieck.nos-oignons.net 8