GithubHelp home page GithubHelp logo

ipsum's Introduction

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2023-03-06)

IP DNS lookup Number of (black)lists
51.89.153.112 ns3145504.ip-51-89-153.eu 10
206.189.24.86 - 9
2.189.59.146 - 9
171.25.193.77 tor-exit-read-me.dfri.se 9
171.25.193.78 tor-exit-read-me.dfri.se 9
212.49.81.249 lbda.co.ke 9
166.70.207.2 this.is.a.tor.node.xmission.com 9
45.154.98.173 powered.by.rdp.sh 9
179.60.147.106 - 9
171.25.193.20 tor-exit-read-me.dfri.se 9
171.25.193.25 tor-exit-read-me.dfri.se 9
185.56.83.83 onion.xor.sc 9
107.189.5.217 - 9
128.31.0.13 tor-exit.csail.mit.edu 8
34.93.90.205 205.90.93.34.bc.googleusercontent.com 8
23.95.164.237 23-95-164-237-host.colocrossing.com 8
198.98.60.107 - 8
162.247.74.74 - 8
23.129.64.218 - 8
141.98.11.87 m11-87.silversender.net 8
103.251.167.21 tor-exit-at-the.quesadilla.party 8
137.184.191.244 - 8
198.96.155.3 exit.tor.uwaterloo.ca 8
165.232.121.37 - 8
192.42.116.16 tor-exit.hartvoorinternetvrijheid.nl 8
5.8.10.202 - 8
104.244.79.40 tor-exit.deinonychus.deinonychus.xyz 8
162.247.74.27 - 8
23.129.64.136 - 8
4.224.22.134 - 8
104.155.236.172 172.236.155.104.bc.googleusercontent.com 8
141.98.11.144 - 8
197.26.19.193 - 8
167.86.94.107 master-of-disaster.tor-exit.laarnes.nl 8
106.247.242.82 - 8
222.186.21.35 - 8
144.217.86.109 vps-3d00216c.vps.ovh.ca 8
80.67.172.162 algrothendieck.nos-oignons.net 8
23.129.64.229 - 8
188.171.35.7 cm-188-171-35-7.telecable.es 8
23.129.64.141 - 8
103.252.89.72 - 8
8.219.234.194 - 8
51.38.60.137 ns31116717.ip-51-38-60.eu 8
185.129.62.62 tor01.zencurity.com 8
34.100.211.26 26.211.100.34.bc.googleusercontent.com 8
209.141.51.30 tor-exit.dicedonions.xyz 8
185.246.188.67 - 8
203.69.37.212 203-69-37-212.hinet-ip.hinet.net 8
34.100.226.200 200.226.100.34.bc.googleusercontent.com 8
159.89.168.40 - 8
202.50.52.106 - 8
134.122.111.133 - 8
80.82.77.33 sky.census.shodan.io 7
183.146.30.163 - 7
162.247.74.200 kiriakou.tor-exit.calyxinstitute.org 7
162.247.74.206 - 7
203.28.246.189 - 7
34.100.208.250 250.208.100.34.bc.googleusercontent.com 7
107.189.31.134 tor.reichsfunkma.st 7
124.123.100.138 124.123.100.138.actcorp.in 7
89.234.157.254 marylou.nos-oignons.net 7
141.98.10.217 - 7
23.129.64.138 - 7
23.129.64.139 - 7
23.129.64.131 - 7
23.129.64.133 - 7
139.0.22.6 ln-static-139-0-22-6.link.net.id 7
185.36.81.95 - 7
146.59.44.45 vps-65b1c1c0.vps.ovh.net 7
45.154.98.176 powered.by.rdp.sh 7
185.220.102.244 185-220-102-244.torservers.net 7
185.220.102.248 tor-exit-relay-2.anonymizing-proxy.digitalcourage.de 7
167.94.138.117 scanner-27.ch1.censys-scanner.com 7
143.198.64.133 - 7
45.79.181.179 andorra.scan.bufferover.run 7
146.190.76.34 - 7
157.7.88.211 v157-7-88-211.18zy.static.cnode.io 7
45.125.66.18 cocf2.foris.com 7
37.228.129.24 - 7
23.129.64.219 - 7
23.129.64.211 - 7
23.129.64.217 - 7
115.242.133.6 115.242.133.6.static.jio.com 7
186.96.218.14 cuscon218014.amplia.co.tt 7
152.32.128.128 - 7
162.247.72.199 - 7
202.87.36.138 - 7
128.199.74.173 - 7
103.251.167.20 - 7
161.115.86.188 - 7
146.19.169.228 - 7
94.230.208.147 tor3e1.digitale-gesellschaft.ch 7
45.184.71.175 45-184-71-175.canaatelecom.net.br 7
189.6.45.130 bd062d82.virtua.com.br 7
66.115.189.148 - 7
84.239.46.144 - 7
23.129.64.147 - 7
23.129.64.142 - 7
131.153.48.242 a2-04-kvm.sg.my-hosting-panel.com 7
23.129.64.134 - 7
87.241.14.21 - 7
211.253.10.96 - 7
162.247.74.216 - 7
162.247.74.217 - 7
120.48.14.121 - 7
171.25.193.234 tor-exit-read-me.dfri.se 7
167.172.90.18 - 7
61.177.173.48 - 7
137.184.153.57 - 7
35.201.191.191 191.191.201.35.bc.googleusercontent.com 7
135.148.132.45 va-01-exit-relay.snavward.co.uk 7
185.233.100.23 elenagb.nos-oignons.net 7
34.100.189.218 218.189.100.34.bc.googleusercontent.com 7
141.98.10.76 - 7
185.220.102.250 tor-exit-relay-4.anonymizing-proxy.digitalcourage.de 7
34.93.198.164 164.198.93.34.bc.googleusercontent.com 7
23.129.64.228 - 7
103.86.47.17 - 7
146.59.233.33 vps-f61f0c8d.vps.ovh.net 7
222.168.30.19 - 7
185.241.208.206 - 7
185.241.208.204 - 7
185.241.208.202 - 7
68.183.86.160 - 7
41.224.4.17 - 7
61.177.172.124 - 7
23.129.64.149 - 7
23.129.64.148 - 7
23.129.64.143 - 7
146.19.215.16 - 7
190.144.14.170 - 7
59.4.194.202 - 7
89.248.167.131 mason.census.shodan.io 7
94.75.225.70 - 7
192.241.138.149 - 7
139.99.130.36 ns536305.ip-139-99-130.net 7
192.42.116.24 this-is-a-tor-exit-node-hviv124.hviv.nl 7
62.193.68.91 - 7
124.79.242.86 86.242.79.124.broad.xw.sh.dynamic.163data.com.cn 7
185.220.101.165 tor-exit-165.relayon.org 7
46.101.102.168 - 7
185.225.74.53 - 7
114.32.89.21 114-32-89-21.hinet-ip.hinet.net 7
199.195.253.156 aramis-tor73 7
51.222.86.79 vps-48f58fc2.vps.ovh.ca 7
45.139.122.241 - 7
61.177.173.37 - 7
61.177.173.36 - 7
45.125.66.143 srv.etbregister.org 7
186.122.177.117 host117.186-122-177.telmex.net.ar 7
61.177.172.19 - 7

ipsum's People

Contributors

stamparm avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.