Skip to content

stamparm/ipsum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
levels
levels
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ipsum.txt
ipsum.txt
 
 

Repository files navigation

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-07-30)

IP DNS lookup Number of (black)lists
183.81.169.238 - 11
194.169.175.36 - 11
194.169.175.35 - 11
61.177.172.136 - 10
213.109.202.127 - 10
61.177.172.160 - 10
180.101.88.197 - 10
180.101.88.196 - 10
61.177.172.179 - 10
85.209.11.27 - 10
61.177.172.140 - 10
180.101.88.205 - 10
95.214.27.253 - 10
85.209.11.254 - 10
218.92.0.34 - 9
218.92.0.31 - 9
218.92.0.76 - 9
54.37.10.124 vps-1e3810b9.vps.ovh.net 9
218.92.0.112 - 9
218.92.0.113 - 9
92.118.39.133 - 9
218.92.0.107 - 9
218.92.0.56 - 9
80.82.77.139 dojo.census.shodan.io 9
218.92.0.29 - 9
218.92.0.24 - 9
218.92.0.27 - 9
80.82.77.33 sky.census.shodan.io 8
119.42.148.98 - 8
79.110.62.145 - 8
221.156.126.1 - 8
66.66.116.251 syn-066-066-116-251.res.spectrum.com 8
95.214.27.196 - 8
185.165.191.26 - 8
207.90.244.14 - 8
128.14.209.34 zl-dal-us-gp1-wk121.internet-census.org 8
80.82.77.202 rnd.group-ib.com 8
220.80.223.144 - 8
218.92.0.118 - 8
195.144.21.56 red3.census.shodan.io 8
154.68.39.6 wimax-154.68.39.6.aviso.ci 8
182.229.10.141 - 8
93.120.240.202 93-120-240-202.static.mts-nn.ru 8
213.6.203.226 - 8
83.222.191.62 - 8
218.206.136.24 - 8
221.222.184.230 - 8
199.45.154.137 - 8
193.32.162.65 - 8
45.135.132.161 vm268589.bitweb.cloud 8
103.86.180.10 - 8
223.197.186.7 223-197-186-7.static.imsbiz.com 8
65.181.73.155 65-181-73-155.static.imsbiz.com 8
66.240.192.138 census8.shodan.io 8
45.148.10.202 - 8
82.151.65.155 - 8
190.85.15.251 - 8
128.199.99.204 ekualsys.com 7
159.89.227.175 - 7
193.201.9.156 - 7
112.163.28.218 - 7
159.65.41.104 - 7
49.13.234.229 static.229.234.13.49.clients.your-server.de 7
45.180.136.12 45-180-136-12.azarititelecom.com.br 7
103.96.148.81 - 7
199.45.154.134 - 7
185.213.167.89 - 7
213.194.140.33 static.33.140.194.213.ibercom.com 7
66.240.236.116 ubtuntu20236116.aspadmin.net 7
71.6.199.23 einstein.census.shodan.io 7
105.28.108.165 - 7
45.148.10.69 - 7
159.203.142.63 - 7
128.14.211.186 zl-dal-us-gp1-wk143.internet-census.org 7
218.255.245.10 static.reserve.wtt.net.hk 7
103.247.13.244 ip-244-13-247.terabit.net.id 7
64.227.125.48 - 7
58.33.58.37 37.58.33.58.broad.xw.sh.dynamic.163data.com.cn 7
118.201.79.222 - 7
143.244.165.222 - 7
34.123.134.194 194.134.123.34.bc.googleusercontent.com 7
165.227.84.172 - 7
51.68.172.35 vps-4e12aea0.vps.ovh.net 7
152.42.246.102 - 7
23.95.248.83 23-95-248-83-host.colocrossing.com 7
186.96.145.241 fixed-186-96-145-241.totalplay.net 7
45.161.176.1 45.161.176.1.serginetbandalarga.com.br 7
83.81.239.100 83-81-239-100.cable.dynamic.v4.ziggo.nl 7
80.94.95.81 - 7
139.59.25.164 - 7
178.20.55.16 marcuse.nos-oignons.net 7
178.128.161.183 - 7
149.50.96.100 - 7
212.113.102.128 server3.aeza.network 7
185.220.100.255 tor-exit-4.zbau.f3netze.de 7
80.253.31.232 - 7
43.134.250.195 - 7
136.228.161.66 - 7
107.180.88.176 176.88.180.107.host.secureserver.net 7
80.66.75.163 - 7
199.45.154.156 - 7
211.217.39.221 - 7
140.246.28.249 - 7
38.9.146.107 - 7
82.197.58.234 - 7
27.254.235.4 - 7
85.209.11.227 - 7
43.128.116.7 - 7
77.232.142.143 cautious-payment.aeza.network 7
64.227.133.133 - 7
172.245.126.142 172-245-126-142-host.colocrossing.com 7
190.188.212.86 86-212-188-190.cab.prima.net.ar 7
217.197.107.182 late-geese.aeza.network 7
118.36.15.126 - 7
150.109.11.104 - 7
183.240.157.2 - 7
147.185.132.78 - 7
220.86.29.35 - 7
181.171.38.85 85-38-171-181.fibertel.com.ar 7
103.63.108.25 static.cmcti.vn 7
46.101.164.50 - 7
216.10.245.180 216-10-245-180.webhostbox.net 7
209.97.186.17 - 7
212.42.97.108 oon-912-108.elcat.kg 7
167.94.145.97 - 7
203.106.164.74 gbk-164-74.tm.net.my 7
185.165.191.27 - 7
129.226.201.243 - 7
89.208.104.113 whispering-blade.aeza.network 7
103.151.20.4 - 7
134.209.168.219 - 7
167.94.145.107 - 7
167.86.75.112 vmi586418.contaboserver.net 7
8.222.181.172 - 7
136.232.98.230 - 7
192.42.116.208 11.tor-exit.nothingtohide.nl 7
71.6.165.200 census12.shodan.io 7
185.129.62.62 tor01.zencurity.com 7
183.136.239.218 - 7
43.133.62.48 - 7
14.116.189.74 - 7
190.129.60.125 - 7
152.32.201.142 - 7
185.74.4.17 - 7
64.227.185.138 - 7
134.122.8.241 - 7
199.45.154.149 - 7
89.97.218.142 89-97-218-142.ip19.fastwebnet.it 7
77.105.181.192 - 7
193.32.162.83 - 7
185.22.67.81 - 7
46.101.171.235 - 7
43.133.42.162 - 7
159.203.129.103 - 7
156.38.58.9 - 7
89.46.223.34 34.223.46.89.baremetal.zare.com 7
43.153.24.194 - 7
191.100.25.45 45.191-100-25.etapanet.net 7
104.248.31.141 - 7
124.156.205.16 - 7
188.166.59.144 - 7
221.159.150.85 - 7
146.190.60.168 - 7
36.255.159.130 - 7
42.51.28.151 - 7
211.193.31.52 - 7
206.168.34.124 unused-space.coop.net 7
200.105.183.118 static-200-105-183-118.acelerate.net 7
101.202.40.4 - 7
128.201.78.253 - 7
182.93.7.194 n18293z7l194.static.ctmip.net 7
121.204.164.96 - 7
110.45.145.194 - 7
79.104.0.82 - 7
211.253.10.96 - 7
202.125.139.10 webconcepts.lhr63d1.pie.net.pk 7
190.202.124.93 correo.grupoplumas.net 7
212.233.136.201 212-233-136-201.optisprint.net 7
193.32.162.79 - 7
43.156.4.31 - 7
13.71.23.17 - 7
194.145.208.178 - 7
82.200.65.218 gw-bell-xen.ll-nsk.zsttk.ru 7
146.185.134.177 sexyakutsk.love 7
151.252.84.225 151.252.84.225.ip.tele-plus.ru 7
68.183.134.171 - 7
14.63.196.175 - 7
117.83.83.235 - 7
195.154.176.37 195-154-176-37.rev.poneytelecom.eu 7
192.42.116.179 27.tor-exit.nothingtohide.nl 7
162.142.125.206 - 7
129.226.209.202 - 7
43.159.194.101 - 7
81.28.167.30 - 7
170.64.227.242 - 7
186.16.41.158 static-158-41-16-186.telecel.com.py 7
206.168.34.35 unused-space.coop.net 7
201.145.224.81 dsl-201-145-224-81-dyn.prod-infinitum.com.mx 7
62.28.222.221 - 7
203.86.123.54 - 7
85.133.216.253 - 7
161.35.18.131 jurgenengineering.com 7
186.4.222.45 host-186-4-222-45.netlife.ec 7
45.156.129.70 sh-chi-us-gp1-wk103.internet-census.org 7
185.157.247.10 brdnicolas 7
67.205.187.255 - 7
212.76.27.39 - 7
112.161.86.234 - 7
157.245.154.62 - 7
202.21.123.196 - 7
202.51.208.170 - 7
103.55.75.8 - 7
43.153.192.182 - 7
206.189.112.87 - 7
193.118.52.34 zl-ams-nl-gp1-wk146.internet-census.org 7
178.20.191.244 - 7
137.184.58.29 - 7
213.215.140.6 - 7
190.145.81.37 - 7
182.59.139.27 - 7
206.189.230.76 - 7
207.90.244.2 - 7
207.90.244.4 - 7
152.32.180.86 - 7
61.178.65.2 - 7
154.221.21.234 - 7
43.163.242.150 - 7
122.176.122.24 abts-north-static-024.122.176.122.airtelbroadband.in 7
197.248.187.251 197-248-187-251.safaricombusiness.co.ke 7
188.166.99.20 - 7
147.185.132.55 - 7
115.23.23.103 - 7
103.237.144.204 - 7
71.6.135.131 soda.census.shodan.io 7
45.5.159.36 - 7
193.118.61.118 - 7
87.236.176.200 appealing.monitoring.internet-measurement.com 7
218.92.0.22 - 7
190.144.14.170 - 7
57.128.68.47 - 7
104.236.201.173 - 7
165.154.164.57 - 7
128.14.211.190 zl-dal-us-gp1-wk144.internet-census.org 7
176.31.253.67 ns388286.ip-176-31-253.eu 7
213.55.85.202 - 7
172.206.146.132 azpdss78.stretchoid.com 7
158.69.53.112 ns518479.ip-158-69-53.net 7
8.213.212.50 - 7
189.195.123.57 customer-pue-123-57.megared.net.mx 7
157.245.58.108 - 7
61.93.186.125 061093186125.static.ctinets.com 7
199.45.154.127 - 7
190.188.241.93 93-241-188-190.cab.prima.net.ar 7
182.253.47.126 - 7
139.59.127.178 - 7
201.81.240.66 c951f042.virtua.com.br 7
92.63.206.99 - 7
162.142.125.197 - 7
124.156.197.192 - 7
68.183.237.40 - 7
128.199.252.176 - 7
128.199.182.19 - 7

About

Daily feed of bad IPs (with blacklist hit scores)

Topics

security blacklist iptables ipset threats

Resources

Readme

License

Unlicense license
Activity

Stars

1.4k stars

Watchers

65 watching

Forks

136 forks
Report repository

Releases

No releases published

Packages

No packages published