IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
183.81.169.238 | - | 11 |
194.169.175.36 | - | 11 |
194.169.175.35 | - | 11 |
61.177.172.136 | - | 10 |
213.109.202.127 | - | 10 |
61.177.172.160 | - | 10 |
180.101.88.197 | - | 10 |
180.101.88.196 | - | 10 |
61.177.172.179 | - | 10 |
85.209.11.27 | - | 10 |
61.177.172.140 | - | 10 |
180.101.88.205 | - | 10 |
95.214.27.253 | - | 10 |
85.209.11.254 | - | 10 |
218.92.0.34 | - | 9 |
218.92.0.31 | - | 9 |
218.92.0.76 | - | 9 |
54.37.10.124 | vps-1e3810b9.vps.ovh.net | 9 |
218.92.0.112 | - | 9 |
218.92.0.113 | - | 9 |
92.118.39.133 | - | 9 |
218.92.0.107 | - | 9 |
218.92.0.56 | - | 9 |
80.82.77.139 | dojo.census.shodan.io | 9 |
218.92.0.29 | - | 9 |
218.92.0.24 | - | 9 |
218.92.0.27 | - | 9 |
80.82.77.33 | sky.census.shodan.io | 8 |
119.42.148.98 | - | 8 |
79.110.62.145 | - | 8 |
221.156.126.1 | - | 8 |
66.66.116.251 | syn-066-066-116-251.res.spectrum.com | 8 |
95.214.27.196 | - | 8 |
185.165.191.26 | - | 8 |
207.90.244.14 | - | 8 |
128.14.209.34 | zl-dal-us-gp1-wk121.internet-census.org | 8 |
80.82.77.202 | rnd.group-ib.com | 8 |
220.80.223.144 | - | 8 |
218.92.0.118 | - | 8 |
195.144.21.56 | red3.census.shodan.io | 8 |
154.68.39.6 | wimax-154.68.39.6.aviso.ci | 8 |
182.229.10.141 | - | 8 |
93.120.240.202 | 93-120-240-202.static.mts-nn.ru | 8 |
213.6.203.226 | - | 8 |
83.222.191.62 | - | 8 |
218.206.136.24 | - | 8 |
221.222.184.230 | - | 8 |
199.45.154.137 | - | 8 |
193.32.162.65 | - | 8 |
45.135.132.161 | vm268589.bitweb.cloud | 8 |
103.86.180.10 | - | 8 |
223.197.186.7 | 223-197-186-7.static.imsbiz.com | 8 |
65.181.73.155 | 65-181-73-155.static.imsbiz.com | 8 |
66.240.192.138 | census8.shodan.io | 8 |
45.148.10.202 | - | 8 |
82.151.65.155 | - | 8 |
190.85.15.251 | - | 8 |
128.199.99.204 | ekualsys.com | 7 |
159.89.227.175 | - | 7 |
193.201.9.156 | - | 7 |
112.163.28.218 | - | 7 |
159.65.41.104 | - | 7 |
49.13.234.229 | static.229.234.13.49.clients.your-server.de | 7 |
45.180.136.12 | 45-180-136-12.azarititelecom.com.br | 7 |
103.96.148.81 | - | 7 |
199.45.154.134 | - | 7 |
185.213.167.89 | - | 7 |
213.194.140.33 | static.33.140.194.213.ibercom.com | 7 |
66.240.236.116 | ubtuntu20236116.aspadmin.net | 7 |
71.6.199.23 | einstein.census.shodan.io | 7 |
105.28.108.165 | - | 7 |
45.148.10.69 | - | 7 |
159.203.142.63 | - | 7 |
128.14.211.186 | zl-dal-us-gp1-wk143.internet-census.org | 7 |
218.255.245.10 | static.reserve.wtt.net.hk | 7 |
103.247.13.244 | ip-244-13-247.terabit.net.id | 7 |
64.227.125.48 | - | 7 |
58.33.58.37 | 37.58.33.58.broad.xw.sh.dynamic.163data.com.cn | 7 |
118.201.79.222 | - | 7 |
143.244.165.222 | - | 7 |
34.123.134.194 | 194.134.123.34.bc.googleusercontent.com | 7 |
165.227.84.172 | - | 7 |
51.68.172.35 | vps-4e12aea0.vps.ovh.net | 7 |
152.42.246.102 | - | 7 |
23.95.248.83 | 23-95-248-83-host.colocrossing.com | 7 |
186.96.145.241 | fixed-186-96-145-241.totalplay.net | 7 |
45.161.176.1 | 45.161.176.1.serginetbandalarga.com.br | 7 |
83.81.239.100 | 83-81-239-100.cable.dynamic.v4.ziggo.nl | 7 |
80.94.95.81 | - | 7 |
139.59.25.164 | - | 7 |
178.20.55.16 | marcuse.nos-oignons.net | 7 |
178.128.161.183 | - | 7 |
149.50.96.100 | - | 7 |
212.113.102.128 | server3.aeza.network | 7 |
185.220.100.255 | tor-exit-4.zbau.f3netze.de | 7 |
80.253.31.232 | - | 7 |
43.134.250.195 | - | 7 |
136.228.161.66 | - | 7 |
107.180.88.176 | 176.88.180.107.host.secureserver.net | 7 |
80.66.75.163 | - | 7 |
199.45.154.156 | - | 7 |
211.217.39.221 | - | 7 |
140.246.28.249 | - | 7 |
38.9.146.107 | - | 7 |
82.197.58.234 | - | 7 |
27.254.235.4 | - | 7 |
85.209.11.227 | - | 7 |
43.128.116.7 | - | 7 |
77.232.142.143 | cautious-payment.aeza.network | 7 |
64.227.133.133 | - | 7 |
172.245.126.142 | 172-245-126-142-host.colocrossing.com | 7 |
190.188.212.86 | 86-212-188-190.cab.prima.net.ar | 7 |
217.197.107.182 | late-geese.aeza.network | 7 |
118.36.15.126 | - | 7 |
150.109.11.104 | - | 7 |
183.240.157.2 | - | 7 |
147.185.132.78 | - | 7 |
220.86.29.35 | - | 7 |
181.171.38.85 | 85-38-171-181.fibertel.com.ar | 7 |
103.63.108.25 | static.cmcti.vn | 7 |
46.101.164.50 | - | 7 |
216.10.245.180 | 216-10-245-180.webhostbox.net | 7 |
209.97.186.17 | - | 7 |
212.42.97.108 | oon-912-108.elcat.kg | 7 |
167.94.145.97 | - | 7 |
203.106.164.74 | gbk-164-74.tm.net.my | 7 |
185.165.191.27 | - | 7 |
129.226.201.243 | - | 7 |
89.208.104.113 | whispering-blade.aeza.network | 7 |
103.151.20.4 | - | 7 |
134.209.168.219 | - | 7 |
167.94.145.107 | - | 7 |
167.86.75.112 | vmi586418.contaboserver.net | 7 |
8.222.181.172 | - | 7 |
136.232.98.230 | - | 7 |
192.42.116.208 | 11.tor-exit.nothingtohide.nl | 7 |
71.6.165.200 | census12.shodan.io | 7 |
185.129.62.62 | tor01.zencurity.com | 7 |
183.136.239.218 | - | 7 |
43.133.62.48 | - | 7 |
14.116.189.74 | - | 7 |
190.129.60.125 | - | 7 |
152.32.201.142 | - | 7 |
185.74.4.17 | - | 7 |
64.227.185.138 | - | 7 |
134.122.8.241 | - | 7 |
199.45.154.149 | - | 7 |
89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
77.105.181.192 | - | 7 |
193.32.162.83 | - | 7 |
185.22.67.81 | - | 7 |
46.101.171.235 | - | 7 |
43.133.42.162 | - | 7 |
159.203.129.103 | - | 7 |
156.38.58.9 | - | 7 |
89.46.223.34 | 34.223.46.89.baremetal.zare.com | 7 |
43.153.24.194 | - | 7 |
191.100.25.45 | 45.191-100-25.etapanet.net | 7 |
104.248.31.141 | - | 7 |
124.156.205.16 | - | 7 |
188.166.59.144 | - | 7 |
221.159.150.85 | - | 7 |
146.190.60.168 | - | 7 |
36.255.159.130 | - | 7 |
42.51.28.151 | - | 7 |
211.193.31.52 | - | 7 |
206.168.34.124 | unused-space.coop.net | 7 |
200.105.183.118 | static-200-105-183-118.acelerate.net | 7 |
101.202.40.4 | - | 7 |
128.201.78.253 | - | 7 |
182.93.7.194 | n18293z7l194.static.ctmip.net | 7 |
121.204.164.96 | - | 7 |
110.45.145.194 | - | 7 |
79.104.0.82 | - | 7 |
211.253.10.96 | - | 7 |
202.125.139.10 | webconcepts.lhr63d1.pie.net.pk | 7 |
190.202.124.93 | correo.grupoplumas.net | 7 |
212.233.136.201 | 212-233-136-201.optisprint.net | 7 |
193.32.162.79 | - | 7 |
43.156.4.31 | - | 7 |
13.71.23.17 | - | 7 |
194.145.208.178 | - | 7 |
82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 7 |
146.185.134.177 | sexyakutsk.love | 7 |
151.252.84.225 | 151.252.84.225.ip.tele-plus.ru | 7 |
68.183.134.171 | - | 7 |
14.63.196.175 | - | 7 |
117.83.83.235 | - | 7 |
195.154.176.37 | 195-154-176-37.rev.poneytelecom.eu | 7 |
192.42.116.179 | 27.tor-exit.nothingtohide.nl | 7 |
162.142.125.206 | - | 7 |
129.226.209.202 | - | 7 |
43.159.194.101 | - | 7 |
81.28.167.30 | - | 7 |
170.64.227.242 | - | 7 |
186.16.41.158 | static-158-41-16-186.telecel.com.py | 7 |
206.168.34.35 | unused-space.coop.net | 7 |
201.145.224.81 | dsl-201-145-224-81-dyn.prod-infinitum.com.mx | 7 |
62.28.222.221 | - | 7 |
203.86.123.54 | - | 7 |
85.133.216.253 | - | 7 |
161.35.18.131 | jurgenengineering.com | 7 |
186.4.222.45 | host-186-4-222-45.netlife.ec | 7 |
45.156.129.70 | sh-chi-us-gp1-wk103.internet-census.org | 7 |
185.157.247.10 | brdnicolas | 7 |
67.205.187.255 | - | 7 |
212.76.27.39 | - | 7 |
112.161.86.234 | - | 7 |
157.245.154.62 | - | 7 |
202.21.123.196 | - | 7 |
202.51.208.170 | - | 7 |
103.55.75.8 | - | 7 |
43.153.192.182 | - | 7 |
206.189.112.87 | - | 7 |
193.118.52.34 | zl-ams-nl-gp1-wk146.internet-census.org | 7 |
178.20.191.244 | - | 7 |
137.184.58.29 | - | 7 |
213.215.140.6 | - | 7 |
190.145.81.37 | - | 7 |
182.59.139.27 | - | 7 |
206.189.230.76 | - | 7 |
207.90.244.2 | - | 7 |
207.90.244.4 | - | 7 |
152.32.180.86 | - | 7 |
61.178.65.2 | - | 7 |
154.221.21.234 | - | 7 |
43.163.242.150 | - | 7 |
122.176.122.24 | abts-north-static-024.122.176.122.airtelbroadband.in | 7 |
197.248.187.251 | 197-248-187-251.safaricombusiness.co.ke | 7 |
188.166.99.20 | - | 7 |
147.185.132.55 | - | 7 |
115.23.23.103 | - | 7 |
103.237.144.204 | - | 7 |
71.6.135.131 | soda.census.shodan.io | 7 |
45.5.159.36 | - | 7 |
193.118.61.118 | - | 7 |
87.236.176.200 | appealing.monitoring.internet-measurement.com | 7 |
218.92.0.22 | - | 7 |
190.144.14.170 | - | 7 |
57.128.68.47 | - | 7 |
104.236.201.173 | - | 7 |
165.154.164.57 | - | 7 |
128.14.211.190 | zl-dal-us-gp1-wk144.internet-census.org | 7 |
176.31.253.67 | ns388286.ip-176-31-253.eu | 7 |
213.55.85.202 | - | 7 |
172.206.146.132 | azpdss78.stretchoid.com | 7 |
158.69.53.112 | ns518479.ip-158-69-53.net | 7 |
8.213.212.50 | - | 7 |
189.195.123.57 | customer-pue-123-57.megared.net.mx | 7 |
157.245.58.108 | - | 7 |
61.93.186.125 | 061093186125.static.ctinets.com | 7 |
199.45.154.127 | - | 7 |
190.188.241.93 | 93-241-188-190.cab.prima.net.ar | 7 |
182.253.47.126 | - | 7 |
139.59.127.178 | - | 7 |
201.81.240.66 | c951f042.virtua.com.br | 7 |
92.63.206.99 | - | 7 |
162.142.125.197 | - | 7 |
124.156.197.192 | - | 7 |
68.183.237.40 | - | 7 |
128.199.252.176 | - | 7 |
128.199.182.19 | - | 7 |