Awesome
About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2024-11-05)
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 5.42.84.98 | peppy-calculator.aeza.network | 9 |
| 45.140.192.46 | - | 9 |
| 83.229.126.78 | - | 9 |
| 94.159.104.177 | yvk.ua | 9 |
| 129.146.26.210 | - | 9 |
| 195.178.110.6 | - | 9 |
| 195.178.110.112 | - | 9 |
| 203.81.86.34 | - | 9 |
| 37.44.238.68 | ssd5-5196.9995 | 8 |
| 45.148.10.117 | - | 8 |
| 45.148.10.119 | - | 8 |
| 45.148.10.240 | - | 8 |
| 47.236.156.253 | - | 8 |
| 80.64.30.138 | - | 8 |
| 80.64.30.139 | - | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 83.222.191.62 | - | 8 |
| 93.174.95.106 | battery.census.shodan.io | 8 |
| 128.14.129.10 | - | 8 |
| 129.146.37.6 | - | 8 |
| 152.228.128.55 | vps-54dc440b.vps.ovh.net | 8 |
| 167.99.74.130 | - | 8 |
| 183.105.155.146 | - | 8 |
| 206.189.22.108 | - | 8 |
| 213.55.85.202 | - | 8 |
| 218.92.0.111 | - | 8 |
| 218.92.0.114 | - | 8 |
| 218.92.0.198 | - | 8 |
| 218.92.0.217 | - | 8 |
| 218.92.0.218 | - | 8 |
| 218.92.0.219 | - | 8 |
| 218.92.0.220 | - | 8 |
| 218.92.0.221 | - | 8 |
| 218.92.0.222 | - | 8 |
| 218.92.0.223 | - | 8 |
| 218.92.0.225 | - | 8 |
| 218.92.0.226 | - | 8 |
| 218.92.0.227 | - | 8 |
| 218.92.0.228 | - | 8 |
| 218.92.0.229 | - | 8 |
| 218.92.0.230 | - | 8 |
| 218.92.0.231 | - | 8 |
| 218.92.0.232 | - | 8 |
| 218.92.0.233 | - | 8 |
| 218.92.0.235 | - | 8 |
| 218.92.0.236 | - | 8 |
| 218.92.0.237 | - | 8 |
| 4.189.255.15 | - | 7 |
| 8.149.243.112 | - | 7 |
| 8.154.32.31 | - | 7 |
| 14.225.254.35 | - | 7 |
| 24.199.85.200 | - | 7 |
| 36.139.55.219 | - | 7 |
| 36.139.63.123 | - | 7 |
| 41.59.86.232 | 232.86-59-41.static-zone.ttcldata.net | 7 |
| 45.84.89.2 | server-0-2.survey.inspici.com | 7 |
| 45.148.10.196 | - | 7 |
| 47.236.70.237 | - | 7 |
| 47.236.159.118 | - | 7 |
| 47.237.81.18 | - | 7 |
| 51.79.230.233 | ns5008129.ip-51-79-230.net | 7 |
| 54.37.233.240 | vps-ac1bf43a.vps.ovh.net | 7 |
| 57.128.152.51 | ip51.ip-57-128-152.eu | 7 |
| 61.50.119.110 | - | 7 |
| 61.155.106.101 | - | 7 |
| 64.226.117.7 | - | 7 |
| 71.6.165.200 | census12.shodan.io | 7 |
| 79.104.0.82 | - | 7 |
| 79.137.206.88 | incredible-basketball.aeza.network | 7 |
| 80.67.167.81 | nosoignons.cust.milkywan.net | 7 |
| 80.82.77.139 | dojo.census.shodan.io | 7 |
| 80.82.77.202 | rnd.group-ib.com | 7 |
| 80.242.208.68 | - | 7 |
| 81.28.167.30 | - | 7 |
| 82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 89.234.157.254 | marylou.nos-oignons.net | 7 |
| 91.227.62.26 | - | 7 |
| 92.42.96.51 | - | 7 |
| 93.113.63.8 | - | 7 |
| 94.102.49.193 | cloud.census.shodan.io | 7 |
| 101.126.67.115 | - | 7 |
| 103.77.173.224 | - | 7 |
| 103.77.173.244 | - | 7 |
| 103.77.173.254 | - | 7 |
| 103.77.214.174 | - | 7 |
| 103.127.196.172 | - | 7 |
| 103.237.144.204 | - | 7 |
| 103.252.88.6 | rw-hosting.fr | 7 |
| 109.120.138.140 | marked-rod.aeza.network | 7 |
| 109.120.176.11 | AKoryakin.aeza.network | 7 |
| 109.196.143.106 | - | 7 |
| 112.186.229.119 | - | 7 |
| 118.194.238.196 | - | 7 |
| 138.68.88.167 | - | 7 |
| 141.98.10.82 | - | 7 |
| 144.126.229.46 | - | 7 |
| 152.32.158.35 | - | 7 |
| 164.92.86.73 | - | 7 |
| 176.124.205.32 | - | 7 |
| 178.20.55.182 | marcuse-2.nos-oignons.net | 7 |
| 182.229.10.141 | - | 7 |
| 184.18.211.199 | static-184-18-211-199.ftwy.in.frontiernet.net | 7 |
| 185.74.4.20 | - | 7 |
| 185.129.62.62 | tor01.zencurity.com | 7 |
| 185.220.100.249 | tor-exit-10.zbau.f3netze.de | 7 |
| 189.226.225.141 | dsl-189-226-225-141-dyn.prod-infinitum.com.mx | 7 |
| 190.85.15.251 | - | 7 |
| 192.42.116.179 | 27.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.208 | 11.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.214 | 17.tor-exit.nothingtohide.nl | 7 |
| 192.42.116.218 | 44.tor-exit.nothingtohide.nl | 7 |
| 192.241.153.100 | - | 7 |
| 194.169.175.37 | - | 7 |
| 195.178.110.114 | - | 7 |
| 198.211.96.205 | - | 7 |
| 199.45.154.137 | scanner-203.hk2.censys-scanner.com | 7 |
| 199.195.248.117 | abelha.shop | 7 |
| 206.168.34.40 | unused-space.coop.net | 7 |
| 211.253.10.96 | - | 7 |
| 213.109.202.127 | - | 7 |
| 218.56.160.82 | - | 7 |
| 218.92.0.178 | - | 7 |
| 218.92.0.216 | - | 7 |
| 219.154.234.122 | hn.kd.jz.adsl | 7 |
| 223.197.186.7 | 223-197-186-7.static.imsbiz.com | 7 |