Awesome
About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2024-11-21)
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 37.44.238.68 | ssd5-5196.9995 | 8 |
| 45.148.10.117 | - | 8 |
| 45.148.10.203 | - | 8 |
| 46.19.143.66 | hostedby.privatelayer.com | 8 |
| 47.84.32.175 | - | 8 |
| 47.245.119.234 | - | 8 |
| 83.222.191.62 | - | 8 |
| 94.159.104.177 | yvk.ua | 8 |
| 195.178.110.34 | - | 8 |
| 195.178.110.112 | - | 8 |
| 195.178.110.114 | - | 8 |
| 218.92.0.111 | - | 8 |
| 218.92.0.114 | - | 8 |
| 218.92.0.198 | - | 8 |
| 218.92.0.216 | - | 8 |
| 218.92.0.217 | - | 8 |
| 218.92.0.218 | - | 8 |
| 218.92.0.219 | - | 8 |
| 218.92.0.220 | - | 8 |
| 218.92.0.221 | - | 8 |
| 218.92.0.222 | - | 8 |
| 218.92.0.223 | - | 8 |
| 218.92.0.225 | - | 8 |
| 218.92.0.226 | - | 8 |
| 218.92.0.227 | - | 8 |
| 218.92.0.228 | - | 8 |
| 218.92.0.229 | - | 8 |
| 218.92.0.230 | - | 8 |
| 218.92.0.231 | - | 8 |
| 218.92.0.232 | - | 8 |
| 218.92.0.233 | - | 8 |
| 218.92.0.235 | - | 8 |
| 218.92.0.236 | - | 8 |
| 218.92.0.237 | - | 8 |
| 202.95.12.147 | - | 8 |
| 80.82.77.33 | sky.census.shodan.io | 7 |
| 8.222.152.112 | - | 7 |
| 45.148.10.46 | - | 7 |
| 45.148.10.118 | - | 7 |
| 45.148.10.119 | - | 7 |
| 47.236.252.254 | - | 7 |
| 47.237.81.18 | - | 7 |
| 62.210.127.204 | 62-210-127-204.rev.poneytelecom.eu | 7 |
| 68.183.139.206 | - | 7 |
| 81.161.238.12 | - | 7 |
| 91.151.95.24 | - | 7 |
| 139.144.52.241 | 139-144-52-241.ip.linodeusercontent.com | 7 |
| 144.126.229.46 | - | 7 |
| 162.142.125.32 | - | 7 |
| 167.94.145.107 | - | 7 |
| 167.94.146.56 | - | 7 |
| 167.94.146.63 | - | 7 |
| 195.178.110.67 | - | 7 |
| 195.178.110.113 | - | 7 |
| 128.14.129.10 | - | 7 |
| 147.45.42.188 | angry-knee.aeza.network | 7 |
| 185.220.101.110 | tor-exit-110.digitalcourage.de | 7 |
| 195.178.110.6 | - | 7 |
| 203.81.86.34 | - | 7 |
| 223.100.248.31 | - | 7 |
| 45.140.192.46 | - | 7 |
| 47.236.61.91 | - | 7 |
| 51.89.153.112 | ns3145504.ip-51-89-153.eu | 7 |
| 64.226.105.67 | www.indiaclubdubai.com | 7 |
| 64.226.117.7 | - | 7 |
| 8.222.181.107 | - | 7 |
| 80.242.208.68 | - | 7 |