Home

Awesome

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-11-05)

IPDNS lookupNumber of (black)lists
5.42.84.98peppy-calculator.aeza.network9
45.140.192.46-9
83.229.126.78-9
94.159.104.177yvk.ua9
129.146.26.210-9
195.178.110.6-9
195.178.110.112-9
203.81.86.34-9
37.44.238.68ssd5-5196.99958
45.148.10.117-8
45.148.10.119-8
45.148.10.240-8
47.236.156.253-8
80.64.30.138-8
80.64.30.139-8
80.82.77.33sky.census.shodan.io8
83.222.191.62-8
93.174.95.106battery.census.shodan.io8
128.14.129.10-8
129.146.37.6-8
152.228.128.55vps-54dc440b.vps.ovh.net8
167.99.74.130-8
183.105.155.146-8
206.189.22.108-8
213.55.85.202-8
218.92.0.111-8
218.92.0.114-8
218.92.0.198-8
218.92.0.217-8
218.92.0.218-8
218.92.0.219-8
218.92.0.220-8
218.92.0.221-8
218.92.0.222-8
218.92.0.223-8
218.92.0.225-8
218.92.0.226-8
218.92.0.227-8
218.92.0.228-8
218.92.0.229-8
218.92.0.230-8
218.92.0.231-8
218.92.0.232-8
218.92.0.233-8
218.92.0.235-8
218.92.0.236-8
218.92.0.237-8
4.189.255.15-7
8.149.243.112-7
8.154.32.31-7
14.225.254.35-7
24.199.85.200-7
36.139.55.219-7
36.139.63.123-7
41.59.86.232232.86-59-41.static-zone.ttcldata.net7
45.84.89.2server-0-2.survey.inspici.com7
45.148.10.196-7
47.236.70.237-7
47.236.159.118-7
47.237.81.18-7
51.79.230.233ns5008129.ip-51-79-230.net7
54.37.233.240vps-ac1bf43a.vps.ovh.net7
57.128.152.51ip51.ip-57-128-152.eu7
61.50.119.110-7
61.155.106.101-7
64.226.117.7-7
71.6.165.200census12.shodan.io7
79.104.0.82-7
79.137.206.88incredible-basketball.aeza.network7
80.67.167.81nosoignons.cust.milkywan.net7
80.82.77.139dojo.census.shodan.io7
80.82.77.202rnd.group-ib.com7
80.242.208.68-7
81.28.167.30-7
82.200.65.218gw-bell-xen.ll-nsk.zsttk.ru7
89.97.218.14289-97-218-142.ip19.fastwebnet.it7
89.234.157.254marylou.nos-oignons.net7
91.227.62.26-7
92.42.96.51-7
93.113.63.8-7
94.102.49.193cloud.census.shodan.io7
101.126.67.115-7
103.77.173.224-7
103.77.173.244-7
103.77.173.254-7
103.77.214.174-7
103.127.196.172-7
103.237.144.204-7
103.252.88.6rw-hosting.fr7
109.120.138.140marked-rod.aeza.network7
109.120.176.11AKoryakin.aeza.network7
109.196.143.106-7
112.186.229.119-7
118.194.238.196-7
138.68.88.167-7
141.98.10.82-7
144.126.229.46-7
152.32.158.35-7
164.92.86.73-7
176.124.205.32-7
178.20.55.182marcuse-2.nos-oignons.net7
182.229.10.141-7
184.18.211.199static-184-18-211-199.ftwy.in.frontiernet.net7
185.74.4.20-7
185.129.62.62tor01.zencurity.com7
185.220.100.249tor-exit-10.zbau.f3netze.de7
189.226.225.141dsl-189-226-225-141-dyn.prod-infinitum.com.mx7
190.85.15.251-7
192.42.116.17927.tor-exit.nothingtohide.nl7
192.42.116.20811.tor-exit.nothingtohide.nl7
192.42.116.21417.tor-exit.nothingtohide.nl7
192.42.116.21844.tor-exit.nothingtohide.nl7
192.241.153.100-7
194.169.175.37-7
195.178.110.114-7
198.211.96.205-7
199.45.154.137scanner-203.hk2.censys-scanner.com7
199.195.248.117abelha.shop7
206.168.34.40unused-space.coop.net7
211.253.10.96-7
213.109.202.127-7
218.56.160.82-7
218.92.0.178-7
218.92.0.216-7
219.154.234.122hn.kd.jz.adsl7
223.197.186.7223-197-186-7.static.imsbiz.com7