IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset
, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
IP | DNS lookup | Number of (black)lists |
---|---|---|
211.114.124.31 | - | 11 |
34.172.237.230 | 230.237.172.34.bc.googleusercontent.com | 10 |
80.82.77.33 | sky.census.shodan.io | 9 |
183.81.169.238 | - | 9 |
85.209.11.227 | - | 9 |
141.98.10.125 | imp-moment.trumpbuyer.com | 9 |
92.118.39.120 | - | 9 |
194.169.175.36 | - | 9 |
194.169.175.35 | - | 9 |
209.38.26.153 | - | 9 |
192.42.116.208 | 11.tor-exit.nothingtohide.nl | 9 |
103.46.186.148 | - | 9 |
185.196.8.22 | - | 9 |
170.64.146.71 | - | 9 |
193.201.9.156 | - | 8 |
92.118.39.239 | edc85.daten-de.com | 8 |
211.253.10.96 | - | 8 |
218.92.0.34 | - | 8 |
218.92.0.31 | - | 8 |
79.110.62.145 | - | 8 |
27.222.11.186 | - | 8 |
85.209.11.27 | - | 8 |
43.155.152.6 | - | 8 |
212.76.27.39 | - | 8 |
61.177.172.179 | - | 8 |
157.245.96.186 | - | 8 |
193.32.162.38 | pex28.dream-bal.com | 8 |
199.45.154.48 | scanner-203.hk2.censys-scanner.com | 8 |
218.92.0.107 | - | 8 |
103.91.136.18 | - | 8 |
80.82.77.139 | dojo.census.shodan.io | 8 |
206.168.34.38 | unused-space.coop.net | 8 |
213.109.202.127 | - | 8 |
43.130.229.179 | - | 8 |
178.20.55.16 | marcuse.nos-oignons.net | 8 |
51.89.153.112 | ns3145504.ip-51-89-153.eu | 8 |
199.45.154.27 | scanner-201.hk2.censys-scanner.com | 8 |
80.229.18.62 | maryfindlay.plus.com | 8 |
164.90.164.93 | - | 8 |
218.92.0.56 | - | 8 |
92.205.108.83 | 83.108.205.92.host.secureserver.net | 8 |
42.200.78.78 | 42-200-78-78.static.imsbiz.com | 8 |
66.240.236.116 | ubtuntu20236116.aspadmin.net | 8 |
113.133.177.77 | - | 8 |
218.92.0.76 | - | 8 |
207.90.244.5 | - | 8 |
93.174.95.106 | battery.census.shodan.io | 8 |
206.168.34.119 | unused-space.coop.net | 8 |
61.177.172.136 | - | 8 |
61.177.172.140 | - | 8 |
218.92.0.29 | - | 8 |
218.92.0.22 | - | 8 |
218.92.0.24 | - | 8 |
218.92.0.27 | - | 8 |
71.6.146.185 | pirate.census.shodan.io | 8 |
61.177.172.160 | - | 8 |
206.168.34.49 | unused-space.coop.net | 8 |
185.165.191.27 | - | 8 |
71.6.135.131 | soda.census.shodan.io | 8 |
80.82.77.202 | rnd.group-ib.com | 8 |
218.92.0.112 | - | 8 |
218.92.0.113 | - | 8 |
218.92.0.118 | - | 8 |
71.6.199.23 | einstein.census.shodan.io | 8 |
80.94.95.81 | - | 8 |
71.6.158.166 | ninja.census.shodan.io | 8 |
180.101.88.197 | - | 8 |
180.101.88.196 | - | 8 |
183.106.216.43 | - | 8 |
82.151.65.155 | - | 8 |
85.209.11.254 | - | 8 |
199.45.154.28 | scanner-201.hk2.censys-scanner.com | 8 |
199.45.154.53 | scanner-203.hk2.censys-scanner.com | 8 |
180.101.88.205 | - | 8 |
190.12.106.242 | host242.106.12.190.cps.com.ar | 7 |
144.34.212.238 | localhost.localdomain | 7 |
27.111.32.174 | - | 7 |
104.248.153.120 | - | 7 |
139.59.127.73 | - | 7 |
45.155.91.134 | - | 7 |
104.248.228.79 | - | 7 |
206.168.34.124 | unused-space.coop.net | 7 |
206.168.34.123 | unused-space.coop.net | 7 |
206.168.34.121 | unused-space.coop.net | 7 |
79.137.198.143 | kind-drop.aeza.network | 7 |
104.248.134.69 | - | 7 |
185.180.143.143 | sh-ams-nl-gp1-wk115.internet-census.org | 7 |
72.167.32.109 | 109.32.167.72.host.secureserver.net | 7 |
170.106.142.138 | - | 7 |
79.104.0.82 | - | 7 |
170.106.116.145 | - | 7 |
147.185.132.43 | - | 7 |
150.109.205.234 | - | 7 |
66.240.236.119 | census6.shodan.io | 7 |
105.28.108.165 | - | 7 |
45.148.10.69 | - | 7 |
147.185.132.63 | - | 7 |
128.199.33.46 | - | 7 |
116.55.245.26 | - | 7 |
43.156.19.40 | - | 7 |
94.102.49.193 | cloud.census.shodan.io | 7 |
206.168.34.51 | unused-space.coop.net | 7 |
206.168.34.52 | unused-space.coop.net | 7 |
120.48.97.128 | - | 7 |
161.35.108.241 | - | 7 |
45.147.250.233 | - | 7 |
219.150.93.157 | - | 7 |
50.47.208.178 | 50-47-208-178.evrt.wa.ptr.ziplyfiber.com | 7 |
186.67.248.6 | - | 7 |
5.19.118.77 | 5x19x118x77.static-business.spb.ertelecom.ru | 7 |
123.31.29.192 | static.vnpt.vn | 7 |
79.175.176.225 | - | 7 |
103.56.61.144 | - | 7 |
159.223.105.130 | - | 7 |
148.113.172.199 | vps-c3b672a8.vps.ovh.ca | 7 |
59.2.250.91 | - | 7 |
101.36.127.102 | - | 7 |
13.91.181.243 | azpdws3.stretchoid.com | 7 |
65.49.1.10 | - | 7 |
103.248.43.98 | - | 7 |
138.68.9.83 | - | 7 |
107.151.182.62 | zl-lax-us-gp6-wk115.internet-census.org | 7 |
211.224.41.185 | - | 7 |
82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 7 |
200.122.249.203 | static-dedicado-200-122-249-203.une.net.co | 7 |
167.172.110.26 | - | 7 |
194.152.206.17 | - | 7 |
202.157.186.116 | - | 7 |
60.30.150.42 | no-data | 7 |
192.42.116.211 | 14.tor-exit.nothingtohide.nl | 7 |
206.168.34.185 | unused-space.coop.net | 7 |
146.190.92.189 | - | 7 |
180.148.4.194 | - | 7 |
187.49.152.10 | ns1.entertelecom.com.br | 7 |
43.133.74.235 | - | 7 |
206.168.34.39 | unused-space.coop.net | 7 |
206.168.34.34 | unused-space.coop.net | 7 |
71.6.146.186 | inspire.census.shodan.io | 7 |
143.255.140.129 | 143-255-140-129.giganet.net.py | 7 |
103.232.214.215 | undefined.hostname.localhost | 7 |
199.45.154.29 | scanner-201.hk2.censys-scanner.com | 7 |
199.45.154.23 | scanner-201.hk2.censys-scanner.com | 7 |
179.43.167.219 | hostedby.privatelayer.com | 7 |
180.71.47.198 | - | 7 |
42.200.66.164 | 42-200-66-164.static.imsbiz.com | 7 |
43.153.101.149 | - | 7 |
111.92.191.20 | hyunjinmetal.com | 7 |
203.172.76.4 | reverse-203-172-76-4.csloxinfo.net | 7 |
206.189.158.144 | - | 7 |
177.93.111.166 | www3.dicaquente.net.br | 7 |
31.7.70.8 | - | 7 |
170.106.171.116 | - | 7 |
45.235.151.3 | - | 7 |
80.67.167.81 | nosoignons.cust.milkywan.net | 7 |
156.236.75.85 | - | 7 |
43.134.100.15 | - | 7 |
178.215.236.34 | - | 7 |
104.248.19.132 | - | 7 |
199.45.154.68 | scanner-205.hk2.censys-scanner.com | 7 |
199.45.154.65 | scanner-205.hk2.censys-scanner.com | 7 |
154.68.39.6 | wimax-154.68.39.6.aviso.ci | 7 |
207.154.217.168 | - | 7 |
43.156.40.178 | - | 7 |
195.144.21.56 | red3.census.shodan.io | 7 |
170.64.134.194 | - | 7 |
91.103.252.174 | dandy-fold.aeza.network | 7 |
71.6.165.200 | census12.shodan.io | 7 |
202.131.233.35 | - | 7 |
179.33.186.151 | - | 7 |
207.90.244.2 | - | 7 |
207.90.244.3 | - | 7 |
207.90.244.4 | - | 7 |
207.90.244.6 | - | 7 |
165.22.248.47 | - | 7 |
144.217.89.216 | www.canadavirtualnumber.ca | 7 |
167.94.146.50 | - | 7 |
43.131.245.109 | - | 7 |
14.29.64.91 | - | 7 |
71.6.134.230 | - | 7 |
142.93.102.52 | - | 7 |
43.134.227.87 | - | 7 |
104.248.157.166 | - | 7 |
35.198.146.69 | 69.146.198.35.bc.googleusercontent.com | 7 |
118.123.105.92 | - | 7 |
124.160.96.242 | - | 7 |
43.134.3.202 | - | 7 |
143.110.245.76 | - | 7 |
43.133.197.134 | - | 7 |
43.128.233.205 | - | 7 |
45.142.182.121 | - | 7 |
193.32.162.65 | - | 7 |
129.226.147.252 | - | 7 |
206.168.34.116 | unused-space.coop.net | 7 |
68.183.180.246 | - | 7 |
170.106.74.218 | - | 7 |
71.6.146.130 | refrigerator.census.shodan.io | 7 |
193.248.45.12 | laubervilliers-656-1-270-12.w193-248.abo.wanadoo.fr | 7 |
92.55.190.215 | - | 7 |
206.168.34.178 | unused-space.coop.net | 7 |
36.156.22.4 | - | 7 |
206.168.34.45 | unused-space.coop.net | 7 |
206.168.34.41 | unused-space.coop.net | 7 |
165.154.149.178 | - | 7 |
161.35.78.86 | - | 7 |
176.109.0.30 | - | 7 |
117.2.142.24 | dynamic-adsl.viettel.vn | 7 |
66.240.192.138 | census8.shodan.io | 7 |
190.144.14.170 | - | 7 |
185.165.191.26 | - | 7 |
162.142.125.211 | scanner-05.ch1.censys-scanner.com | 7 |
162.142.125.212 | scanner-05.ch1.censys-scanner.com | 7 |
206.168.34.60 | unused-space.coop.net | 7 |
106.57.253.254 | - | 7 |
207.90.244.14 | - | 7 |
220.80.223.144 | - | 7 |
147.185.132.213 | - | 7 |
168.167.228.74 | - | 7 |
71.6.232.24 | - | 7 |
139.198.187.158 | - | 7 |
43.153.170.99 | - | 7 |
184.105.247.254 | - | 7 |
115.231.78.9 | - | 7 |
14.29.240.154 | - | 7 |
167.94.145.105 | - | 7 |
34.172.117.17 | 17.117.172.34.bc.googleusercontent.com | 7 |
181.2.151.236 | host236.181-2-151.telecom.net.ar | 7 |
194.50.16.26 | - | 7 |
43.159.52.75 | - | 7 |
192.42.116.179 | 27.tor-exit.nothingtohide.nl | 7 |
125.99.173.162 | - | 7 |
138.197.173.66 | - | 7 |
43.153.62.90 | - | 7 |
43.128.131.205 | - | 7 |
14.116.189.74 | - | 7 |
209.38.26.10 | - | 7 |
43.163.222.63 | - | 7 |
103.56.61.130 | - | 7 |
223.241.247.214 | - | 7 |
190.145.81.37 | - | 7 |
101.47.6.209 | - | 7 |
199.45.154.17 | scanner-201.hk2.censys-scanner.com | 7 |
199.45.154.18 | scanner-201.hk2.censys-scanner.com | 7 |
71.6.167.142 | census9.shodan.io | 7 |
182.253.47.126 | - | 7 |
188.166.160.119 | - | 7 |
163.172.154.32 | 32-154-172-163.instances.scw.cloud | 7 |
43.134.189.26 | - | 7 |
89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
45.10.22.165 | - | 7 |
134.209.181.159 | - | 7 |
160.251.206.20 | v160-251-206-20.w0tu.static.cnode.jp | 7 |
199.45.154.74 | scanner-205.hk2.censys-scanner.com | 7 |
199.45.154.77 | scanner-205.hk2.censys-scanner.com | 7 |
199.45.154.73 | scanner-205.hk2.censys-scanner.com | 7 |
199.45.154.79 | scanner-205.hk2.censys-scanner.com | 7 |
202.21.123.196 | - | 7 |
54.37.73.222 | vps-606253ad.vps.ovh.net | 7 |
159.65.220.18 | ulaportal.com | 7 |
185.242.233.113 | - | 7 |
43.134.1.152 | - | 7 |
134.209.98.12 | - | 7 |
118.123.105.86 | - | 7 |
49.235.237.222 | - | 7 |
59.24.160.227 | - | 7 |
199.45.154.54 | scanner-203.hk2.censys-scanner.com | 7 |
199.45.154.52 | scanner-203.hk2.censys-scanner.com | 7 |
43.153.168.50 | - | 7 |
165.22.29.107 | - | 7 |
43.134.34.122 | - | 7 |
27.71.224.4 | - | 7 |
187.188.0.71 | fixed-187-188-0-71.totalplay.net | 7 |
190.85.15.251 | - | 7 |
43.134.76.213 | - | 7 |
64.227.126.250 | - | 7 |