IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
183.81.169.238 | - | 11 |
101.47.6.209 | - | 11 |
95.214.27.139 | - | 10 |
212.76.27.39 | - | 9 |
45.148.10.174 | - | 9 |
141.98.11.82 | airplane.medyamol.com | 9 |
34.172.237.230 | 230.237.172.34.bc.googleusercontent.com | 9 |
194.169.175.35 | - | 9 |
168.75.64.214 | - | 9 |
143.244.165.222 | - | 8 |
80.82.77.33 | sky.census.shodan.io | 8 |
218.92.0.34 | - | 8 |
218.152.25.113 | - | 8 |
128.199.33.46 | - | 8 |
161.35.108.241 | - | 8 |
85.209.11.27 | - | 8 |
218.92.0.107 | - | 8 |
218.92.0.56 | - | 8 |
80.82.77.139 | dojo.census.shodan.io | 8 |
43.153.0.227 | - | 8 |
178.20.55.16 | marcuse.nos-oignons.net | 8 |
194.50.16.17 | - | 8 |
218.92.0.112 | - | 8 |
72.240.125.133 | cm-72-240-125-133.buckeyecom.net | 8 |
50.192.223.205 | 50-192-223-205-static.hfc.comcastbusiness.net | 8 |
141.98.10.15 | - | 8 |
218.92.0.27 | - | 8 |
92.55.190.215 | - | 8 |
194.169.175.36 | - | 8 |
218.92.0.113 | - | 8 |
218.92.0.118 | - | 8 |
190.144.14.170 | - | 8 |
125.99.173.162 | - | 8 |
141.98.10.125 | imp-moment.trumpbuyer.com | 8 |
43.131.232.11 | - | 7 |
129.226.215.132 | - | 7 |
194.59.30.110 | - | 7 |
206.168.34.123 | unused-space.coop.net | 7 |
213.217.31.51 | 213-217-31-51.digiturunc.com | 7 |
43.163.198.121 | - | 7 |
197.5.145.102 | - | 7 |
61.177.172.179 | - | 7 |
170.187.181.93 | 170-187-181-93.ip.linodeusercontent.com | 7 |
65.73.231.122 | - | 7 |
128.201.78.253 | - | 7 |
170.106.142.138 | - | 7 |
96.84.198.29 | 96-84-198-29-static.hfc.comcastbusiness.net | 7 |
182.93.7.194 | n18293z7l194.static.ctmip.net | 7 |
103.37.80.92 | - | 7 |
43.163.202.245 | - | 7 |
154.93.0.138 | - | 7 |
79.104.0.82 | - | 7 |
124.45.40.189 | g189.124-45-40.ppp.wakwak.ne.jp | 7 |
43.156.153.61 | - | 7 |
80.66.83.187 | - | 7 |
186.10.86.130 | z328.entelchile.net | 7 |
43.163.194.3 | - | 7 |
71.6.199.23 | einstein.census.shodan.io | 7 |
106.63.7.92 | - | 7 |
105.28.108.165 | - | 7 |
24.144.86.27 | - | 7 |
165.227.85.21 | officehuddle.com-main-site | 7 |
218.92.0.76 | - | 7 |
165.154.145.156 | - | 7 |
178.128.110.36 | - | 7 |
103.198.172.10 | - | 7 |
43.134.25.193 | - | 7 |
116.55.245.26 | - | 7 |
152.32.210.193 | - | 7 |
177.91.80.11 | ns2.clicktelecomunicacoes.com.br | 7 |
195.158.4.210 | agmk.uz | 7 |
119.246.15.94 | 119246015094.ctinets.com | 7 |
129.226.211.164 | - | 7 |
103.154.63.71 | - | 7 |
94.102.49.193 | cloud.census.shodan.io | 7 |
206.168.34.52 | unused-space.coop.net | 7 |
161.35.142.140 | - | 7 |
167.71.232.170 | - | 7 |
117.247.178.81 | - | 7 |
213.6.203.226 | - | 7 |
129.226.155.110 | - | 7 |
188.166.255.224 | - | 7 |
43.159.32.200 | - | 7 |
129.226.210.126 | - | 7 |
43.153.173.92 | - | 7 |
101.255.87.180 | mail.indofarma.id | 7 |
164.92.71.158 | - | 7 |
132.145.185.47 | - | 7 |
14.241.229.11 | static.vnpt.vn | 7 |
118.101.192.62 | - | 7 |
94.180.247.20 | 94x180x247x20.static-business.kzn.ertelecom.ru | 7 |
122.114.252.47 | - | 7 |
141.98.210.31 | - | 7 |
43.135.175.232 | - | 7 |
124.156.193.215 | - | 7 |
193.32.162.38 | pex28.dream-bal.com | 7 |
43.153.178.198 | - | 7 |
103.66.62.129 | - | 7 |
103.213.238.91 | 103-213-238-91.inspirebroadband.net | 7 |
93.123.39.174 | - | 7 |
87.255.193.50 | - | 7 |
171.25.193.77 | tor-exit-read-me.dfri.se | 7 |
12.156.67.18 | - | 7 |
43.134.92.252 | - | 7 |
147.182.255.2 | - | 7 |
121.227.31.13 | - | 7 |
81.28.167.30 | - | 7 |
137.184.123.158 | - | 7 |
39.109.104.153 | - | 7 |
68.183.88.70 | - | 7 |
103.91.136.18 | - | 7 |
192.42.116.216 | 19.tor-exit.nothingtohide.nl | 7 |
164.77.117.10 | - | 7 |
122.54.18.220 | 122.54.18.220.static.pldt.net | 7 |
43.128.79.160 | - | 7 |
71.6.146.185 | pirate.census.shodan.io | 7 |
43.128.225.10 | - | 7 |
173.181.139.154 | 173-181-139-154-ent-barlow-staticipwest.wireless.telus.com | 7 |
175.6.146.184 | - | 7 |
199.45.154.119 | - | 7 |
164.90.211.134 | - | 7 |
39.129.9.180 | - | 7 |
221.156.126.1 | - | 7 |
180.71.47.198 | - | 7 |
79.137.195.62 | stereotyped-creature.aeza.network | 7 |
43.153.8.173 | - | 7 |
103.149.86.21 | - | 7 |
159.89.199.244 | - | 7 |
51.178.43.161 | prod1.masterit.fr | 7 |
124.156.199.148 | - | 7 |
194.152.206.17 | - | 7 |
184.18.211.199 | static-184-18-211-199.ftwy.in.frontiernet.net | 7 |
146.190.124.203 | - | 7 |
203.172.76.4 | reverse-203-172-76-4.csloxinfo.net | 7 |
46.101.97.27 | - | 7 |
64.23.182.107 | - | 7 |
107.173.179.195 | 107-173-179-195-host.colocrossing.com | 7 |
138.68.105.55 | - | 7 |
162.243.168.76 | - | 7 |
58.214.249.122 | - | 7 |
103.44.237.68 | - | 7 |
45.250.0.92 | - | 7 |
154.68.39.6 | wimax-154.68.39.6.aviso.ci | 7 |
170.106.65.5 | - | 7 |
139.59.64.179 | - | 7 |
43.163.212.28 | - | 7 |
129.226.151.216 | - | 7 |
43.128.109.248 | - | 7 |
113.133.177.77 | - | 7 |
134.209.168.219 | - | 7 |
192.42.116.219 | 45.tor-exit.nothingtohide.nl | 7 |
103.217.78.2 | - | 7 |
85.209.11.227 | - | 7 |
167.71.212.130 | - | 7 |
43.134.167.39 | - | 7 |
207.90.244.5 | - | 7 |
101.89.215.129 | - | 7 |
43.153.136.203 | - | 7 |
107.175.33.240 | 107-175-33-240-host.colocrossing.com | 7 |
51.75.253.68 | vps-94085b09.vps.ovh.net | 7 |
218.92.0.31 | - | 7 |
129.226.156.158 | - | 7 |
36.110.228.254 | - | 7 |
188.166.211.7 | - | 7 |
36.255.3.203 | - | 7 |
91.231.219.109 | - | 7 |
43.155.156.253 | - | 7 |
147.45.77.165 | rough-cattle.aeza.network | 7 |
60.191.23.20 | - | 7 |
193.32.162.65 | - | 7 |
183.240.157.2 | - | 7 |
206.168.34.119 | unused-space.coop.net | 7 |
128.199.144.161 | - | 7 |
61.177.172.136 | - | 7 |
43.134.15.112 | - | 7 |
43.134.142.65 | - | 7 |
43.153.16.13 | - | 7 |
103.115.24.11 | - | 7 |
150.109.7.125 | - | 7 |
218.92.0.29 | - | 7 |
218.92.0.22 | - | 7 |
218.92.0.24 | - | 7 |
64.227.27.87 | - | 7 |
61.177.172.140 | - | 7 |
129.226.211.65 | - | 7 |
187.45.100.0 | - | 7 |
160.20.186.237 | smtp.enternetprovedor.com.br | 7 |
47.180.114.229 | - | 7 |
43.133.36.238 | - | 7 |
61.177.172.160 | - | 7 |
113.219.252.195 | - | 7 |
206.168.34.45 | unused-space.coop.net | 7 |
206.168.34.40 | unused-space.coop.net | 7 |
119.73.179.114 | - | 7 |
103.130.215.82 | ip.bkhost.vn | 7 |
80.67.172.162 | algrothendieck.nos-oignons.net | 7 |
209.97.186.17 | - | 7 |
150.109.5.130 | - | 7 |
139.59.23.154 | - | 7 |
101.126.11.251 | - | 7 |
65.181.73.155 | 65-181-73-155.static.imsbiz.com | 7 |
159.65.154.162 | - | 7 |
146.190.102.53 | - | 7 |
128.199.217.163 | - | 7 |
203.106.164.74 | gbk-164-74.tm.net.my | 7 |
141.11.74.148 | - | 7 |
185.165.191.27 | - | 7 |
170.64.129.182 | - | 7 |
43.157.179.247 | - | 7 |
183.62.183.74 | - | 7 |
103.97.177.91 | - | 7 |
43.153.8.122 | - | 7 |
207.90.244.14 | - | 7 |
71.6.135.131 | soda.census.shodan.io | 7 |
80.82.77.202 | rnd.group-ib.com | 7 |
103.245.236.208 | - | 7 |
134.209.27.56 | - | 7 |
91.205.128.170 | - | 7 |
64.227.133.211 | - | 7 |
154.221.28.214 | - | 7 |
43.157.183.148 | - | 7 |
185.246.152.16 | free.ds.melbicom.net | 7 |
181.94.215.202 | host-202.181-94-215.personal.net.py | 7 |
43.135.147.76 | - | 7 |
157.230.240.227 | - | 7 |
164.90.199.99 | - | 7 |
162.62.126.85 | - | 7 |
181.2.151.236 | host236.181-2-151.telecom.net.ar | 7 |
134.122.87.190 | - | 7 |
71.6.158.166 | ninja.census.shodan.io | 7 |
182.78.142.4 | - | 7 |
101.33.79.22 | - | 7 |
146.59.98.3 | ip3.ip-146-59-98.eu | 7 |
180.101.88.197 | - | 7 |
180.101.88.196 | - | 7 |
103.31.225.246 | ip246-225-31-103.as131755.net | 7 |
179.185.90.114 | 179.185.90.114.static.gvt.net.br | 7 |
193.32.162.83 | - | 7 |
199.45.154.127 | - | 7 |
107.173.83.53 | 107-173-83-53-host.colocrossing.com | 7 |
14.116.189.74 | - | 7 |
150.109.25.111 | - | 7 |
162.243.50.8 | dev.rcms.io | 7 |
146.190.61.160 | iums-oic.org | 7 |
190.145.81.37 | - | 7 |
43.163.199.124 | - | 7 |
1.13.79.144 | - | 7 |
152.228.217.94 | vps-769a2355.vps.ovh.net | 7 |
82.151.65.155 | - | 7 |
104.236.253.20 | delta.clnotifs.tk | 7 |
139.59.127.178 | - | 7 |
89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
103.145.163.221 | - | 7 |
134.209.181.159 | - | 7 |
161.35.137.136 | - | 7 |
43.135.139.184 | - | 7 |
104.248.134.222 | - | 7 |
186.228.76.26 | 186-228-76-26.ded.intelignet.com.br | 7 |
202.21.123.196 | - | 7 |
107.180.73.148 | _unknown.ip.secureserver.net | 7 |
46.101.171.235 | - | 7 |
218.90.122.26 | - | 7 |
85.209.11.254 | - | 7 |
103.31.224.224 | resolv1.axarva.net | 7 |
43.153.14.132 | - | 7 |
222.165.138.144 | - | 7 |
103.113.105.228 | 103.113.105.228.dynamic-ekowebtech.net | 7 |
41.82.208.182 | - | 7 |
5.11.145.151 | - | 7 |
159.203.60.162 | - | 7 |
5.56.132.119 | asiatech.dn-server.com | 7 |
167.172.111.94 | - | 7 |
150.223.14.166 | - | 7 |
59.24.160.227 | - | 7 |
159.89.233.77 | - | 7 |
187.235.63.121 | dsl-187-235-63-121-dyn.prod-infinitum.com.mx | 7 |
141.98.83.197 | - | 7 |
180.101.88.205 | - | 7 |
157.230.7.5 | - | 7 |
43.163.241.129 | - | 7 |
159.65.91.105 | - | 7 |
43.157.15.205 | - | 7 |
119.28.156.59 | - | 7 |
192.210.226.109 | 192-210-226-109-host.colocrossing.com | 7 |
206.189.133.78 | - | 7 |
170.106.67.24 | - | 7 |
61.93.186.125 | 061093186125.static.ctinets.com | 7 |
114.96.71.150 | - | 7 |
218.94.137.246 | - | 7 |
103.92.24.242 | - | 7 |
185.100.53.120 | - | 7 |
43.156.35.214 | - | 7 |
68.116.41.2 | syn-068-116-041-002.biz.spectrum.com | 7 |
43.153.199.39 | - | 7 |
43.134.67.148 | - | 7 |
124.152.181.97 | - | 7 |
154.198.213.36 | - | 7 |