IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
51.89.153.112 | ns3145504.ip-51-89-153.eu | 10 |
206.189.24.86 | - | 9 |
2.189.59.146 | - | 9 |
171.25.193.77 | tor-exit-read-me.dfri.se | 9 |
171.25.193.78 | tor-exit-read-me.dfri.se | 9 |
212.49.81.249 | lbda.co.ke | 9 |
166.70.207.2 | this.is.a.tor.node.xmission.com | 9 |
45.154.98.173 | powered.by.rdp.sh | 9 |
179.60.147.106 | - | 9 |
171.25.193.20 | tor-exit-read-me.dfri.se | 9 |
171.25.193.25 | tor-exit-read-me.dfri.se | 9 |
185.56.83.83 | onion.xor.sc | 9 |
107.189.5.217 | - | 9 |
128.31.0.13 | tor-exit.csail.mit.edu | 8 |
34.93.90.205 | 205.90.93.34.bc.googleusercontent.com | 8 |
23.95.164.237 | 23-95-164-237-host.colocrossing.com | 8 |
198.98.60.107 | - | 8 |
162.247.74.74 | - | 8 |
23.129.64.218 | - | 8 |
141.98.11.87 | m11-87.silversender.net | 8 |
103.251.167.21 | tor-exit-at-the.quesadilla.party | 8 |
137.184.191.244 | - | 8 |
198.96.155.3 | exit.tor.uwaterloo.ca | 8 |
165.232.121.37 | - | 8 |
192.42.116.16 | tor-exit.hartvoorinternetvrijheid.nl | 8 |
5.8.10.202 | - | 8 |
104.244.79.40 | tor-exit.deinonychus.deinonychus.xyz | 8 |
162.247.74.27 | - | 8 |
23.129.64.136 | - | 8 |
4.224.22.134 | - | 8 |
104.155.236.172 | 172.236.155.104.bc.googleusercontent.com | 8 |
141.98.11.144 | - | 8 |
197.26.19.193 | - | 8 |
167.86.94.107 | master-of-disaster.tor-exit.laarnes.nl | 8 |
106.247.242.82 | - | 8 |
222.186.21.35 | - | 8 |
144.217.86.109 | vps-3d00216c.vps.ovh.ca | 8 |
80.67.172.162 | algrothendieck.nos-oignons.net | 8 |
23.129.64.229 | - | 8 |
188.171.35.7 | cm-188-171-35-7.telecable.es | 8 |
23.129.64.141 | - | 8 |
103.252.89.72 | - | 8 |
8.219.234.194 | - | 8 |
51.38.60.137 | ns31116717.ip-51-38-60.eu | 8 |
185.129.62.62 | tor01.zencurity.com | 8 |
34.100.211.26 | 26.211.100.34.bc.googleusercontent.com | 8 |
209.141.51.30 | tor-exit.dicedonions.xyz | 8 |
185.246.188.67 | - | 8 |
203.69.37.212 | 203-69-37-212.hinet-ip.hinet.net | 8 |
34.100.226.200 | 200.226.100.34.bc.googleusercontent.com | 8 |
159.89.168.40 | - | 8 |
202.50.52.106 | - | 8 |
134.122.111.133 | - | 8 |
80.82.77.33 | sky.census.shodan.io | 7 |
183.146.30.163 | - | 7 |
162.247.74.200 | kiriakou.tor-exit.calyxinstitute.org | 7 |
162.247.74.206 | - | 7 |
203.28.246.189 | - | 7 |
34.100.208.250 | 250.208.100.34.bc.googleusercontent.com | 7 |
107.189.31.134 | tor.reichsfunkma.st | 7 |
124.123.100.138 | 124.123.100.138.actcorp.in | 7 |
89.234.157.254 | marylou.nos-oignons.net | 7 |
141.98.10.217 | - | 7 |
23.129.64.138 | - | 7 |
23.129.64.139 | - | 7 |
23.129.64.131 | - | 7 |
23.129.64.133 | - | 7 |
139.0.22.6 | ln-static-139-0-22-6.link.net.id | 7 |
185.36.81.95 | - | 7 |
146.59.44.45 | vps-65b1c1c0.vps.ovh.net | 7 |
45.154.98.176 | powered.by.rdp.sh | 7 |
185.220.102.244 | 185-220-102-244.torservers.net | 7 |
185.220.102.248 | tor-exit-relay-2.anonymizing-proxy.digitalcourage.de | 7 |
167.94.138.117 | scanner-27.ch1.censys-scanner.com | 7 |
143.198.64.133 | - | 7 |
45.79.181.179 | andorra.scan.bufferover.run | 7 |
146.190.76.34 | - | 7 |
157.7.88.211 | v157-7-88-211.18zy.static.cnode.io | 7 |
45.125.66.18 | cocf2.foris.com | 7 |
37.228.129.24 | - | 7 |
23.129.64.219 | - | 7 |
23.129.64.211 | - | 7 |
23.129.64.217 | - | 7 |
115.242.133.6 | 115.242.133.6.static.jio.com | 7 |
186.96.218.14 | cuscon218014.amplia.co.tt | 7 |
152.32.128.128 | - | 7 |
162.247.72.199 | - | 7 |
202.87.36.138 | - | 7 |
128.199.74.173 | - | 7 |
103.251.167.20 | - | 7 |
161.115.86.188 | - | 7 |
146.19.169.228 | - | 7 |
94.230.208.147 | tor3e1.digitale-gesellschaft.ch | 7 |
45.184.71.175 | 45-184-71-175.canaatelecom.net.br | 7 |
189.6.45.130 | bd062d82.virtua.com.br | 7 |
66.115.189.148 | - | 7 |
84.239.46.144 | - | 7 |
23.129.64.147 | - | 7 |
23.129.64.142 | - | 7 |
131.153.48.242 | a2-04-kvm.sg.my-hosting-panel.com | 7 |
23.129.64.134 | - | 7 |
87.241.14.21 | - | 7 |
211.253.10.96 | - | 7 |
162.247.74.216 | - | 7 |
162.247.74.217 | - | 7 |
120.48.14.121 | - | 7 |
171.25.193.234 | tor-exit-read-me.dfri.se | 7 |
167.172.90.18 | - | 7 |
61.177.173.48 | - | 7 |
137.184.153.57 | - | 7 |
35.201.191.191 | 191.191.201.35.bc.googleusercontent.com | 7 |
135.148.132.45 | va-01-exit-relay.snavward.co.uk | 7 |
185.233.100.23 | elenagb.nos-oignons.net | 7 |
34.100.189.218 | 218.189.100.34.bc.googleusercontent.com | 7 |
141.98.10.76 | - | 7 |
185.220.102.250 | tor-exit-relay-4.anonymizing-proxy.digitalcourage.de | 7 |
34.93.198.164 | 164.198.93.34.bc.googleusercontent.com | 7 |
23.129.64.228 | - | 7 |
103.86.47.17 | - | 7 |
146.59.233.33 | vps-f61f0c8d.vps.ovh.net | 7 |
222.168.30.19 | - | 7 |
185.241.208.206 | - | 7 |
185.241.208.204 | - | 7 |
185.241.208.202 | - | 7 |
68.183.86.160 | - | 7 |
41.224.4.17 | - | 7 |
61.177.172.124 | - | 7 |
23.129.64.149 | - | 7 |
23.129.64.148 | - | 7 |
23.129.64.143 | - | 7 |
146.19.215.16 | - | 7 |
190.144.14.170 | - | 7 |
59.4.194.202 | - | 7 |
89.248.167.131 | mason.census.shodan.io | 7 |
94.75.225.70 | - | 7 |
192.241.138.149 | - | 7 |
139.99.130.36 | ns536305.ip-139-99-130.net | 7 |
192.42.116.24 | this-is-a-tor-exit-node-hviv124.hviv.nl | 7 |
62.193.68.91 | - | 7 |
124.79.242.86 | 86.242.79.124.broad.xw.sh.dynamic.163data.com.cn | 7 |
185.220.101.165 | tor-exit-165.relayon.org | 7 |
46.101.102.168 | - | 7 |
185.225.74.53 | - | 7 |
114.32.89.21 | 114-32-89-21.hinet-ip.hinet.net | 7 |
199.195.253.156 | aramis-tor73 | 7 |
51.222.86.79 | vps-48f58fc2.vps.ovh.ca | 7 |
45.139.122.241 | - | 7 |
61.177.173.37 | - | 7 |
61.177.173.36 | - | 7 |
45.125.66.143 | srv.etbregister.org | 7 |
186.122.177.117 | host117.186-122-177.telmex.net.ar | 7 |
61.177.172.19 | - | 7 |