IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 183.81.169.238 | - | 11 |
| 101.47.6.209 | - | 11 |
| 95.214.27.139 | - | 10 |
| 212.76.27.39 | - | 9 |
| 45.148.10.174 | - | 9 |
| 141.98.11.82 | airplane.medyamol.com | 9 |
| 34.172.237.230 | 230.237.172.34.bc.googleusercontent.com | 9 |
| 194.169.175.35 | - | 9 |
| 168.75.64.214 | - | 9 |
| 143.244.165.222 | - | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 218.92.0.34 | - | 8 |
| 218.152.25.113 | - | 8 |
| 128.199.33.46 | - | 8 |
| 161.35.108.241 | - | 8 |
| 85.209.11.27 | - | 8 |
| 218.92.0.107 | - | 8 |
| 218.92.0.56 | - | 8 |
| 80.82.77.139 | dojo.census.shodan.io | 8 |
| 43.153.0.227 | - | 8 |
| 178.20.55.16 | marcuse.nos-oignons.net | 8 |
| 194.50.16.17 | - | 8 |
| 218.92.0.112 | - | 8 |
| 72.240.125.133 | cm-72-240-125-133.buckeyecom.net | 8 |
| 50.192.223.205 | 50-192-223-205-static.hfc.comcastbusiness.net | 8 |
| 141.98.10.15 | - | 8 |
| 218.92.0.27 | - | 8 |
| 92.55.190.215 | - | 8 |
| 194.169.175.36 | - | 8 |
| 218.92.0.113 | - | 8 |
| 218.92.0.118 | - | 8 |
| 190.144.14.170 | - | 8 |
| 125.99.173.162 | - | 8 |
| 141.98.10.125 | imp-moment.trumpbuyer.com | 8 |
| 43.131.232.11 | - | 7 |
| 129.226.215.132 | - | 7 |
| 194.59.30.110 | - | 7 |
| 206.168.34.123 | unused-space.coop.net | 7 |
| 213.217.31.51 | 213-217-31-51.digiturunc.com | 7 |
| 43.163.198.121 | - | 7 |
| 197.5.145.102 | - | 7 |
| 61.177.172.179 | - | 7 |
| 170.187.181.93 | 170-187-181-93.ip.linodeusercontent.com | 7 |
| 65.73.231.122 | - | 7 |
| 128.201.78.253 | - | 7 |
| 170.106.142.138 | - | 7 |
| 96.84.198.29 | 96-84-198-29-static.hfc.comcastbusiness.net | 7 |
| 182.93.7.194 | n18293z7l194.static.ctmip.net | 7 |
| 103.37.80.92 | - | 7 |
| 43.163.202.245 | - | 7 |
| 154.93.0.138 | - | 7 |
| 79.104.0.82 | - | 7 |
| 124.45.40.189 | g189.124-45-40.ppp.wakwak.ne.jp | 7 |
| 43.156.153.61 | - | 7 |
| 80.66.83.187 | - | 7 |
| 186.10.86.130 | z328.entelchile.net | 7 |
| 43.163.194.3 | - | 7 |
| 71.6.199.23 | einstein.census.shodan.io | 7 |
| 106.63.7.92 | - | 7 |
| 105.28.108.165 | - | 7 |
| 24.144.86.27 | - | 7 |
| 165.227.85.21 | officehuddle.com-main-site | 7 |
| 218.92.0.76 | - | 7 |
| 165.154.145.156 | - | 7 |
| 178.128.110.36 | - | 7 |
| 103.198.172.10 | - | 7 |
| 43.134.25.193 | - | 7 |
| 116.55.245.26 | - | 7 |
| 152.32.210.193 | - | 7 |
| 177.91.80.11 | ns2.clicktelecomunicacoes.com.br | 7 |
| 195.158.4.210 | agmk.uz | 7 |
| 119.246.15.94 | 119246015094.ctinets.com | 7 |
| 129.226.211.164 | - | 7 |
| 103.154.63.71 | - | 7 |
| 94.102.49.193 | cloud.census.shodan.io | 7 |
| 206.168.34.52 | unused-space.coop.net | 7 |
| 161.35.142.140 | - | 7 |
| 167.71.232.170 | - | 7 |
| 117.247.178.81 | - | 7 |
| 213.6.203.226 | - | 7 |
| 129.226.155.110 | - | 7 |
| 188.166.255.224 | - | 7 |
| 43.159.32.200 | - | 7 |
| 129.226.210.126 | - | 7 |
| 43.153.173.92 | - | 7 |
| 101.255.87.180 | mail.indofarma.id | 7 |
| 164.92.71.158 | - | 7 |
| 132.145.185.47 | - | 7 |
| 14.241.229.11 | static.vnpt.vn | 7 |
| 118.101.192.62 | - | 7 |
| 94.180.247.20 | 94x180x247x20.static-business.kzn.ertelecom.ru | 7 |
| 122.114.252.47 | - | 7 |
| 141.98.210.31 | - | 7 |
| 43.135.175.232 | - | 7 |
| 124.156.193.215 | - | 7 |
| 193.32.162.38 | pex28.dream-bal.com | 7 |
| 43.153.178.198 | - | 7 |
| 103.66.62.129 | - | 7 |
| 103.213.238.91 | 103-213-238-91.inspirebroadband.net | 7 |
| 93.123.39.174 | - | 7 |
| 87.255.193.50 | - | 7 |
| 171.25.193.77 | tor-exit-read-me.dfri.se | 7 |
| 12.156.67.18 | - | 7 |
| 43.134.92.252 | - | 7 |
| 147.182.255.2 | - | 7 |
| 121.227.31.13 | - | 7 |
| 81.28.167.30 | - | 7 |
| 137.184.123.158 | - | 7 |
| 39.109.104.153 | - | 7 |
| 68.183.88.70 | - | 7 |
| 103.91.136.18 | - | 7 |
| 192.42.116.216 | 19.tor-exit.nothingtohide.nl | 7 |
| 164.77.117.10 | - | 7 |
| 122.54.18.220 | 122.54.18.220.static.pldt.net | 7 |
| 43.128.79.160 | - | 7 |
| 71.6.146.185 | pirate.census.shodan.io | 7 |
| 43.128.225.10 | - | 7 |
| 173.181.139.154 | 173-181-139-154-ent-barlow-staticipwest.wireless.telus.com | 7 |
| 175.6.146.184 | - | 7 |
| 199.45.154.119 | - | 7 |
| 164.90.211.134 | - | 7 |
| 39.129.9.180 | - | 7 |
| 221.156.126.1 | - | 7 |
| 180.71.47.198 | - | 7 |
| 79.137.195.62 | stereotyped-creature.aeza.network | 7 |
| 43.153.8.173 | - | 7 |
| 103.149.86.21 | - | 7 |
| 159.89.199.244 | - | 7 |
| 51.178.43.161 | prod1.masterit.fr | 7 |
| 124.156.199.148 | - | 7 |
| 194.152.206.17 | - | 7 |
| 184.18.211.199 | static-184-18-211-199.ftwy.in.frontiernet.net | 7 |
| 146.190.124.203 | - | 7 |
| 203.172.76.4 | reverse-203-172-76-4.csloxinfo.net | 7 |
| 46.101.97.27 | - | 7 |
| 64.23.182.107 | - | 7 |
| 107.173.179.195 | 107-173-179-195-host.colocrossing.com | 7 |
| 138.68.105.55 | - | 7 |
| 162.243.168.76 | - | 7 |
| 58.214.249.122 | - | 7 |
| 103.44.237.68 | - | 7 |
| 45.250.0.92 | - | 7 |
| 154.68.39.6 | wimax-154.68.39.6.aviso.ci | 7 |
| 170.106.65.5 | - | 7 |
| 139.59.64.179 | - | 7 |
| 43.163.212.28 | - | 7 |
| 129.226.151.216 | - | 7 |
| 43.128.109.248 | - | 7 |
| 113.133.177.77 | - | 7 |
| 134.209.168.219 | - | 7 |
| 192.42.116.219 | 45.tor-exit.nothingtohide.nl | 7 |
| 103.217.78.2 | - | 7 |
| 85.209.11.227 | - | 7 |
| 167.71.212.130 | - | 7 |
| 43.134.167.39 | - | 7 |
| 207.90.244.5 | - | 7 |
| 101.89.215.129 | - | 7 |
| 43.153.136.203 | - | 7 |
| 107.175.33.240 | 107-175-33-240-host.colocrossing.com | 7 |
| 51.75.253.68 | vps-94085b09.vps.ovh.net | 7 |
| 218.92.0.31 | - | 7 |
| 129.226.156.158 | - | 7 |
| 36.110.228.254 | - | 7 |
| 188.166.211.7 | - | 7 |
| 36.255.3.203 | - | 7 |
| 91.231.219.109 | - | 7 |
| 43.155.156.253 | - | 7 |
| 147.45.77.165 | rough-cattle.aeza.network | 7 |
| 60.191.23.20 | - | 7 |
| 193.32.162.65 | - | 7 |
| 183.240.157.2 | - | 7 |
| 206.168.34.119 | unused-space.coop.net | 7 |
| 128.199.144.161 | - | 7 |
| 61.177.172.136 | - | 7 |
| 43.134.15.112 | - | 7 |
| 43.134.142.65 | - | 7 |
| 43.153.16.13 | - | 7 |
| 103.115.24.11 | - | 7 |
| 150.109.7.125 | - | 7 |
| 218.92.0.29 | - | 7 |
| 218.92.0.22 | - | 7 |
| 218.92.0.24 | - | 7 |
| 64.227.27.87 | - | 7 |
| 61.177.172.140 | - | 7 |
| 129.226.211.65 | - | 7 |
| 187.45.100.0 | - | 7 |
| 160.20.186.237 | smtp.enternetprovedor.com.br | 7 |
| 47.180.114.229 | - | 7 |
| 43.133.36.238 | - | 7 |
| 61.177.172.160 | - | 7 |
| 113.219.252.195 | - | 7 |
| 206.168.34.45 | unused-space.coop.net | 7 |
| 206.168.34.40 | unused-space.coop.net | 7 |
| 119.73.179.114 | - | 7 |
| 103.130.215.82 | ip.bkhost.vn | 7 |
| 80.67.172.162 | algrothendieck.nos-oignons.net | 7 |
| 209.97.186.17 | - | 7 |
| 150.109.5.130 | - | 7 |
| 139.59.23.154 | - | 7 |
| 101.126.11.251 | - | 7 |
| 65.181.73.155 | 65-181-73-155.static.imsbiz.com | 7 |
| 159.65.154.162 | - | 7 |
| 146.190.102.53 | - | 7 |
| 128.199.217.163 | - | 7 |
| 203.106.164.74 | gbk-164-74.tm.net.my | 7 |
| 141.11.74.148 | - | 7 |
| 185.165.191.27 | - | 7 |
| 170.64.129.182 | - | 7 |
| 43.157.179.247 | - | 7 |
| 183.62.183.74 | - | 7 |
| 103.97.177.91 | - | 7 |
| 43.153.8.122 | - | 7 |
| 207.90.244.14 | - | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 80.82.77.202 | rnd.group-ib.com | 7 |
| 103.245.236.208 | - | 7 |
| 134.209.27.56 | - | 7 |
| 91.205.128.170 | - | 7 |
| 64.227.133.211 | - | 7 |
| 154.221.28.214 | - | 7 |
| 43.157.183.148 | - | 7 |
| 185.246.152.16 | free.ds.melbicom.net | 7 |
| 181.94.215.202 | host-202.181-94-215.personal.net.py | 7 |
| 43.135.147.76 | - | 7 |
| 157.230.240.227 | - | 7 |
| 164.90.199.99 | - | 7 |
| 162.62.126.85 | - | 7 |
| 181.2.151.236 | host236.181-2-151.telecom.net.ar | 7 |
| 134.122.87.190 | - | 7 |
| 71.6.158.166 | ninja.census.shodan.io | 7 |
| 182.78.142.4 | - | 7 |
| 101.33.79.22 | - | 7 |
| 146.59.98.3 | ip3.ip-146-59-98.eu | 7 |
| 180.101.88.197 | - | 7 |
| 180.101.88.196 | - | 7 |
| 103.31.225.246 | ip246-225-31-103.as131755.net | 7 |
| 179.185.90.114 | 179.185.90.114.static.gvt.net.br | 7 |
| 193.32.162.83 | - | 7 |
| 199.45.154.127 | - | 7 |
| 107.173.83.53 | 107-173-83-53-host.colocrossing.com | 7 |
| 14.116.189.74 | - | 7 |
| 150.109.25.111 | - | 7 |
| 162.243.50.8 | dev.rcms.io | 7 |
| 146.190.61.160 | iums-oic.org | 7 |
| 190.145.81.37 | - | 7 |
| 43.163.199.124 | - | 7 |
| 1.13.79.144 | - | 7 |
| 152.228.217.94 | vps-769a2355.vps.ovh.net | 7 |
| 82.151.65.155 | - | 7 |
| 104.236.253.20 | delta.clnotifs.tk | 7 |
| 139.59.127.178 | - | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 103.145.163.221 | - | 7 |
| 134.209.181.159 | - | 7 |
| 161.35.137.136 | - | 7 |
| 43.135.139.184 | - | 7 |
| 104.248.134.222 | - | 7 |
| 186.228.76.26 | 186-228-76-26.ded.intelignet.com.br | 7 |
| 202.21.123.196 | - | 7 |
| 107.180.73.148 | _unknown.ip.secureserver.net | 7 |
| 46.101.171.235 | - | 7 |
| 218.90.122.26 | - | 7 |
| 85.209.11.254 | - | 7 |
| 103.31.224.224 | resolv1.axarva.net | 7 |
| 43.153.14.132 | - | 7 |
| 222.165.138.144 | - | 7 |
| 103.113.105.228 | 103.113.105.228.dynamic-ekowebtech.net | 7 |
| 41.82.208.182 | - | 7 |
| 5.11.145.151 | - | 7 |
| 159.203.60.162 | - | 7 |
| 5.56.132.119 | asiatech.dn-server.com | 7 |
| 167.172.111.94 | - | 7 |
| 150.223.14.166 | - | 7 |
| 59.24.160.227 | - | 7 |
| 159.89.233.77 | - | 7 |
| 187.235.63.121 | dsl-187-235-63-121-dyn.prod-infinitum.com.mx | 7 |
| 141.98.83.197 | - | 7 |
| 180.101.88.205 | - | 7 |
| 157.230.7.5 | - | 7 |
| 43.163.241.129 | - | 7 |
| 159.65.91.105 | - | 7 |
| 43.157.15.205 | - | 7 |
| 119.28.156.59 | - | 7 |
| 192.210.226.109 | 192-210-226-109-host.colocrossing.com | 7 |
| 206.189.133.78 | - | 7 |
| 170.106.67.24 | - | 7 |
| 61.93.186.125 | 061093186125.static.ctinets.com | 7 |
| 114.96.71.150 | - | 7 |
| 218.94.137.246 | - | 7 |
| 103.92.24.242 | - | 7 |
| 185.100.53.120 | - | 7 |
| 43.156.35.214 | - | 7 |
| 68.116.41.2 | syn-068-116-041-002.biz.spectrum.com | 7 |
| 43.153.199.39 | - | 7 |
| 43.134.67.148 | - | 7 |
| 124.152.181.97 | - | 7 |
| 154.198.213.36 | - | 7 |