GitHub - stamparm/ipsum: Daily feed of bad IPs (with blacklist hit scores)

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-06-12)

IP	DNS lookup	Number of (black)lists
211.114.124.31	-	11
34.172.237.230	230.237.172.34.bc.googleusercontent.com	10
80.82.77.33	sky.census.shodan.io	9
183.81.169.238	-	9
85.209.11.227	-	9
141.98.10.125	imp-moment.trumpbuyer.com	9
92.118.39.120	-	9
194.169.175.36	-	9
194.169.175.35	-	9
209.38.26.153	-	9
192.42.116.208	11.tor-exit.nothingtohide.nl	9
103.46.186.148	-	9
185.196.8.22	-	9
170.64.146.71	-	9
193.201.9.156	-	8
92.118.39.239	edc85.daten-de.com	8
211.253.10.96	-	8
218.92.0.34	-	8
218.92.0.31	-	8
79.110.62.145	-	8
27.222.11.186	-	8
85.209.11.27	-	8
43.155.152.6	-	8
212.76.27.39	-	8
61.177.172.179	-	8
157.245.96.186	-	8
193.32.162.38	pex28.dream-bal.com	8
199.45.154.48	scanner-203.hk2.censys-scanner.com	8
218.92.0.107	-	8
103.91.136.18	-	8
80.82.77.139	dojo.census.shodan.io	8
206.168.34.38	unused-space.coop.net	8
213.109.202.127	-	8
43.130.229.179	-	8
178.20.55.16	marcuse.nos-oignons.net	8
51.89.153.112	ns3145504.ip-51-89-153.eu	8
199.45.154.27	scanner-201.hk2.censys-scanner.com	8
80.229.18.62	maryfindlay.plus.com	8
164.90.164.93	-	8
218.92.0.56	-	8
92.205.108.83	83.108.205.92.host.secureserver.net	8
42.200.78.78	42-200-78-78.static.imsbiz.com	8
66.240.236.116	ubtuntu20236116.aspadmin.net	8
113.133.177.77	-	8
218.92.0.76	-	8
207.90.244.5	-	8
93.174.95.106	battery.census.shodan.io	8
206.168.34.119	unused-space.coop.net	8
61.177.172.136	-	8
61.177.172.140	-	8
218.92.0.29	-	8
218.92.0.22	-	8
218.92.0.24	-	8
218.92.0.27	-	8
71.6.146.185	pirate.census.shodan.io	8
61.177.172.160	-	8
206.168.34.49	unused-space.coop.net	8
185.165.191.27	-	8
71.6.135.131	soda.census.shodan.io	8
80.82.77.202	rnd.group-ib.com	8
218.92.0.112	-	8
218.92.0.113	-	8
218.92.0.118	-	8
71.6.199.23	einstein.census.shodan.io	8
80.94.95.81	-	8
71.6.158.166	ninja.census.shodan.io	8
180.101.88.197	-	8
180.101.88.196	-	8
183.106.216.43	-	8
82.151.65.155	-	8
85.209.11.254	-	8
199.45.154.28	scanner-201.hk2.censys-scanner.com	8
199.45.154.53	scanner-203.hk2.censys-scanner.com	8
180.101.88.205	-	8
190.12.106.242	host242.106.12.190.cps.com.ar	7
144.34.212.238	localhost.localdomain	7
27.111.32.174	-	7
104.248.153.120	-	7
139.59.127.73	-	7
45.155.91.134	-	7
104.248.228.79	-	7
206.168.34.124	unused-space.coop.net	7
206.168.34.123	unused-space.coop.net	7
206.168.34.121	unused-space.coop.net	7
79.137.198.143	kind-drop.aeza.network	7
104.248.134.69	-	7
185.180.143.143	sh-ams-nl-gp1-wk115.internet-census.org	7
72.167.32.109	109.32.167.72.host.secureserver.net	7
170.106.142.138	-	7
79.104.0.82	-	7
170.106.116.145	-	7
147.185.132.43	-	7
150.109.205.234	-	7
66.240.236.119	census6.shodan.io	7
105.28.108.165	-	7
45.148.10.69	-	7
147.185.132.63	-	7
128.199.33.46	-	7
116.55.245.26	-	7
43.156.19.40	-	7
94.102.49.193	cloud.census.shodan.io	7
206.168.34.51	unused-space.coop.net	7
206.168.34.52	unused-space.coop.net	7
120.48.97.128	-	7
161.35.108.241	-	7
45.147.250.233	-	7
219.150.93.157	-	7
50.47.208.178	50-47-208-178.evrt.wa.ptr.ziplyfiber.com	7
186.67.248.6	-	7
5.19.118.77	5x19x118x77.static-business.spb.ertelecom.ru	7
123.31.29.192	static.vnpt.vn	7
79.175.176.225	-	7
103.56.61.144	-	7
159.223.105.130	-	7
148.113.172.199	vps-c3b672a8.vps.ovh.ca	7
59.2.250.91	-	7
101.36.127.102	-	7
13.91.181.243	azpdws3.stretchoid.com	7
65.49.1.10	-	7
103.248.43.98	-	7
138.68.9.83	-	7
107.151.182.62	zl-lax-us-gp6-wk115.internet-census.org	7
211.224.41.185	-	7
82.200.65.218	gw-bell-xen.ll-nsk.zsttk.ru	7
200.122.249.203	static-dedicado-200-122-249-203.une.net.co	7
167.172.110.26	-	7
194.152.206.17	-	7
202.157.186.116	-	7
60.30.150.42	no-data	7
192.42.116.211	14.tor-exit.nothingtohide.nl	7
206.168.34.185	unused-space.coop.net	7
146.190.92.189	-	7
180.148.4.194	-	7
187.49.152.10	ns1.entertelecom.com.br	7
43.133.74.235	-	7
206.168.34.39	unused-space.coop.net	7
206.168.34.34	unused-space.coop.net	7
71.6.146.186	inspire.census.shodan.io	7
143.255.140.129	143-255-140-129.giganet.net.py	7
103.232.214.215	undefined.hostname.localhost	7
199.45.154.29	scanner-201.hk2.censys-scanner.com	7
199.45.154.23	scanner-201.hk2.censys-scanner.com	7
179.43.167.219	hostedby.privatelayer.com	7
180.71.47.198	-	7
42.200.66.164	42-200-66-164.static.imsbiz.com	7
43.153.101.149	-	7
111.92.191.20	hyunjinmetal.com	7
203.172.76.4	reverse-203-172-76-4.csloxinfo.net	7
206.189.158.144	-	7
177.93.111.166	www3.dicaquente.net.br	7
31.7.70.8	-	7
170.106.171.116	-	7
45.235.151.3	-	7
80.67.167.81	nosoignons.cust.milkywan.net	7
156.236.75.85	-	7
43.134.100.15	-	7
178.215.236.34	-	7
104.248.19.132	-	7
199.45.154.68	scanner-205.hk2.censys-scanner.com	7
199.45.154.65	scanner-205.hk2.censys-scanner.com	7
154.68.39.6	wimax-154.68.39.6.aviso.ci	7
207.154.217.168	-	7
43.156.40.178	-	7
195.144.21.56	red3.census.shodan.io	7
170.64.134.194	-	7
91.103.252.174	dandy-fold.aeza.network	7
71.6.165.200	census12.shodan.io	7
202.131.233.35	-	7
179.33.186.151	-	7
207.90.244.2	-	7
207.90.244.3	-	7
207.90.244.4	-	7
207.90.244.6	-	7
165.22.248.47	-	7
144.217.89.216	www.canadavirtualnumber.ca	7
167.94.146.50	-	7
43.131.245.109	-	7
14.29.64.91	-	7
71.6.134.230	-	7
142.93.102.52	-	7
43.134.227.87	-	7
104.248.157.166	-	7
35.198.146.69	69.146.198.35.bc.googleusercontent.com	7
118.123.105.92	-	7
124.160.96.242	-	7
43.134.3.202	-	7
143.110.245.76	-	7
43.133.197.134	-	7
43.128.233.205	-	7
45.142.182.121	-	7
193.32.162.65	-	7
129.226.147.252	-	7
206.168.34.116	unused-space.coop.net	7
68.183.180.246	-	7
170.106.74.218	-	7
71.6.146.130	refrigerator.census.shodan.io	7
193.248.45.12	laubervilliers-656-1-270-12.w193-248.abo.wanadoo.fr	7
92.55.190.215	-	7
206.168.34.178	unused-space.coop.net	7
36.156.22.4	-	7
206.168.34.45	unused-space.coop.net	7
206.168.34.41	unused-space.coop.net	7
165.154.149.178	-	7
161.35.78.86	-	7
176.109.0.30	-	7
117.2.142.24	dynamic-adsl.viettel.vn	7
66.240.192.138	census8.shodan.io	7
190.144.14.170	-	7
185.165.191.26	-	7
162.142.125.211	scanner-05.ch1.censys-scanner.com	7
162.142.125.212	scanner-05.ch1.censys-scanner.com	7
206.168.34.60	unused-space.coop.net	7
106.57.253.254	-	7
207.90.244.14	-	7
220.80.223.144	-	7
147.185.132.213	-	7
168.167.228.74	-	7
71.6.232.24	-	7
139.198.187.158	-	7
43.153.170.99	-	7
184.105.247.254	-	7
115.231.78.9	-	7
14.29.240.154	-	7
167.94.145.105	-	7
34.172.117.17	17.117.172.34.bc.googleusercontent.com	7
181.2.151.236	host236.181-2-151.telecom.net.ar	7
194.50.16.26	-	7
43.159.52.75	-	7
192.42.116.179	27.tor-exit.nothingtohide.nl	7
125.99.173.162	-	7
138.197.173.66	-	7
43.153.62.90	-	7
43.128.131.205	-	7
14.116.189.74	-	7
209.38.26.10	-	7
43.163.222.63	-	7
103.56.61.130	-	7
223.241.247.214	-	7
190.145.81.37	-	7
101.47.6.209	-	7
199.45.154.17	scanner-201.hk2.censys-scanner.com	7
199.45.154.18	scanner-201.hk2.censys-scanner.com	7
71.6.167.142	census9.shodan.io	7
182.253.47.126	-	7
188.166.160.119	-	7
163.172.154.32	32-154-172-163.instances.scw.cloud	7
43.134.189.26	-	7
89.97.218.142	89-97-218-142.ip19.fastwebnet.it	7
45.10.22.165	-	7
134.209.181.159	-	7
160.251.206.20	v160-251-206-20.w0tu.static.cnode.jp	7
199.45.154.74	scanner-205.hk2.censys-scanner.com	7
199.45.154.77	scanner-205.hk2.censys-scanner.com	7
199.45.154.73	scanner-205.hk2.censys-scanner.com	7
199.45.154.79	scanner-205.hk2.censys-scanner.com	7
202.21.123.196	-	7
54.37.73.222	vps-606253ad.vps.ovh.net	7
159.65.220.18	ulaportal.com	7
185.242.233.113	-	7
43.134.1.152	-	7
134.209.98.12	-	7
118.123.105.86	-	7
49.235.237.222	-	7
59.24.160.227	-	7
199.45.154.54	scanner-203.hk2.censys-scanner.com	7
199.45.154.52	scanner-203.hk2.censys-scanner.com	7
43.153.168.50	-	7
165.22.29.107	-	7
43.134.34.122	-	7
27.71.224.4	-	7
187.188.0.71	fixed-187-188-0-71.totalplay.net	7
190.85.15.251	-	7
43.134.76.213	-	7
64.227.126.250	-	7

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
levels		levels
LICENSE		LICENSE
README.md		README.md
ipsum.txt		ipsum.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

levels

levels

LICENSE

LICENSE

README.md

README.md

ipsum.txt

ipsum.txt

Repository files navigation

About

Wall of Shame (2024-06-12)

About

Releases

Packages

License

stamparm/ipsum

Folders and files

Latest commit

History

Repository files navigation

About

Wall of Shame (2024-06-12)

About

Topics

Resources

License

Stars

Watchers

Forks