Home

Awesome

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2024-11-21)

IPDNS lookupNumber of (black)lists
37.44.238.68ssd5-5196.99958
45.148.10.117-8
45.148.10.203-8
46.19.143.66hostedby.privatelayer.com8
47.84.32.175-8
47.245.119.234-8
83.222.191.62-8
94.159.104.177yvk.ua8
195.178.110.34-8
195.178.110.112-8
195.178.110.114-8
218.92.0.111-8
218.92.0.114-8
218.92.0.198-8
218.92.0.216-8
218.92.0.217-8
218.92.0.218-8
218.92.0.219-8
218.92.0.220-8
218.92.0.221-8
218.92.0.222-8
218.92.0.223-8
218.92.0.225-8
218.92.0.226-8
218.92.0.227-8
218.92.0.228-8
218.92.0.229-8
218.92.0.230-8
218.92.0.231-8
218.92.0.232-8
218.92.0.233-8
218.92.0.235-8
218.92.0.236-8
218.92.0.237-8
202.95.12.147-8
80.82.77.33sky.census.shodan.io7
8.222.152.112-7
45.148.10.46-7
45.148.10.118-7
45.148.10.119-7
47.236.252.254-7
47.237.81.18-7
62.210.127.20462-210-127-204.rev.poneytelecom.eu7
68.183.139.206-7
81.161.238.12-7
91.151.95.24-7
139.144.52.241139-144-52-241.ip.linodeusercontent.com7
144.126.229.46-7
162.142.125.32-7
167.94.145.107-7
167.94.146.56-7
167.94.146.63-7
195.178.110.67-7
195.178.110.113-7
128.14.129.10-7
147.45.42.188angry-knee.aeza.network7
185.220.101.110tor-exit-110.digitalcourage.de7
195.178.110.6-7
203.81.86.34-7
223.100.248.31-7
45.140.192.46-7
47.236.61.91-7
51.89.153.112ns3145504.ip-51-89-153.eu7
64.226.105.67www.indiaclubdubai.com7
64.226.117.7-7
8.222.181.107-7
80.242.208.68-7