About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2023-08-04)
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 185.224.128.142 | - | 11 |
| 171.25.193.78 | tor-exit-read-me.dfri.se | 9 |
| 51.89.153.112 | ns3145504.ip-51-89-153.eu | 9 |
| 67.21.53.157 | p-gil1-zixi-5.movetv.com | 9 |
| 185.129.62.62 | tor01.zencurity.com | 9 |
| 38.97.116.244 | - | 8 |
| 168.167.72.215 | - | 8 |
| 144.172.73.16 | tor-exit4.riverside.rocks | 8 |
| 45.95.147.201 | burgeons.harbormaker.com | 8 |
| 162.247.74.74 | wiebe.tor-exit.calyxinstitute.org | 8 |
| 218.92.0.76 | - | 8 |
| 120.29.225.106 | - | 8 |
| 120.29.225.107 | - | 8 |
| 120.29.225.104 | - | 8 |
| 178.20.55.16 | marcuse.nos-oignons.net | 8 |
| 5.8.10.202 | - | 8 |
| 162.247.74.27 | turing.tor-exit.calyxinstitute.org | 8 |
| 101.43.21.125 | - | 8 |
| 162.247.74.217 | perry.fellwock.tor-exit.calyxinstitute.org | 8 |
| 46.19.138.210 | hostedby.privatelayer.com | 8 |
| 128.199.64.100 | - | 8 |
| 118.33.82.133 | - | 8 |
| 1.235.198.19 | - | 8 |
| 61.111.11.240 | - | 8 |
| 185.246.188.67 | - | 8 |
| 128.31.0.13 | tor-exit.csail.mit.edu | 7 |
| 80.82.77.33 | sky.census.shodan.io | 7 |
| 185.74.4.17 | - | 7 |
| 175.209.20.52 | - | 7 |
| 180.101.88.247 | - | 7 |
| 89.234.157.254 | marylou.nos-oignons.net | 7 |
| 24.56.197.103 | c-24-56-197-103.customer.broadstripe.net | 7 |
| 124.230.124.250 | - | 7 |
| 185.220.102.243 | 185-220-102-243.torservers.net | 7 |
| 185.220.102.248 | tor-exit-relay-2.anonymizing-proxy.digitalcourage.de | 7 |
| 202.4.42.154 | - | 7 |
| 104.244.78.233 | luxembourgtornew22.quetzalcoatl-relays.org | 7 |
| 161.35.108.241 | - | 7 |
| 47.99.152.7 | - | 7 |
| 159.65.235.114 | - | 7 |
| 185.220.101.33 | tor-exit-33.for-privacy.net | 7 |
| 171.25.193.77 | tor-exit-read-me.dfri.se | 7 |
| 185.220.101.8 | berlin01.tor-exit.artikel10.org | 7 |
| 167.248.133.33 | scanner-08.ch1.censys-scanner.com | 7 |
| 61.177.172.136 | - | 7 |
| 94.127.215.194 | - | 7 |
| 120.29.225.108 | - | 7 |
| 120.29.225.109 | - | 7 |
| 120.29.225.105 | - | 7 |
| 120.29.225.103 | - | 7 |
| 130.149.80.199 | tor.dsi.tu-berlin.de | 7 |
| 185.220.101.64 | tor-exit-64.cccs.de | 7 |
| 167.94.138.34 | scanner-06.ch1.censys-scanner.com | 7 |
| 157.230.83.80 | - | 7 |
| 179.131.10.103 | - | 7 |
| 54.36.108.162 | ns3112521.ip-54-36-108.eu | 7 |
| 185.100.87.174 | torexit1.flokinet.net | 7 |
| 185.220.101.55 | tor-exit-55.for-privacy.net | 7 |
| 166.70.207.2 | this.is.a.tor.node.xmission.com | 7 |
| 222.124.214.10 | - | 7 |
| 185.246.188.74 | - | 7 |
| 170.210.208.108 | - | 7 |
| 189.6.45.130 | bd062d82.virtua.com.br | 7 |
| 35.230.148.14 | 14.148.230.35.bc.googleusercontent.com | 7 |
| 104.248.232.207 | - | 7 |
| 84.239.46.144 | - | 7 |
| 167.94.138.36 | scanner-06.ch1.censys-scanner.com | 7 |
| 221.226.108.174 | - | 7 |
| 185.220.101.40 | tor-exit-40.for-privacy.net | 7 |
| 111.95.141.34 | fm-dyn-111-95-141-34.fast.net.id | 7 |
| 185.220.103.7 | anatkamm.tor-exit.calyxinstitute.org | 7 |
| 211.118.45.181 | - | 7 |
| 36.110.228.254 | - | 7 |
| 89.58.30.164 | tor-exit-07.darklab.sh | 7 |
| 182.162.136.216 | addin.kr | 7 |
| 93.108.242.140 | 140.242.108.93.rev.vodafone.pt | 7 |
| 159.203.85.196 | - | 7 |
| 171.25.193.235 | tor-exit-read-me.dfri.se | 7 |
| 112.217.73.70 | - | 7 |
| 171.25.193.20 | tor-exit-read-me.dfri.se | 7 |
| 167.248.133.52 | scanner-09.ch1.censys-scanner.com | 7 |
| 112.161.214.48 | - | 7 |
| 167.86.94.107 | master-of-disaster.tor-exit.laarnes.nl | 7 |
| 120.202.35.182 | - | 7 |
| 167.94.138.124 | scanner-27.ch1.censys-scanner.com | 7 |
| 167.94.138.126 | scanner-27.ch1.censys-scanner.com | 7 |
| 185.56.83.83 | onion.xor.sc | 7 |
| 125.212.233.50 | - | 7 |
| 203.192.217.52 | dhcp-192-217-52.in2cable.com | 7 |
| 162.142.125.214 | scanner-05.ch1.censys-scanner.com | 7 |
| 120.29.225.102 | - | 7 |
| 120.29.225.101 | - | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 185.220.101.57 | tor-exit-57.for-privacy.net | 7 |
| 190.1.203.180 | dsl-emcali-190.1.203.180.emcali.net.co | 7 |
| 164.90.224.134 | - | 7 |
| 118.151.209.226 | yash-static-226.209.151.118.yashtel.co.in | 7 |
| 61.76.169.138 | - | 7 |
| 185.220.101.36 | tor-exit-36.for-privacy.net | 7 |
| 185.220.101.31 | berlin01.tor-exit.artikel10.org | 7 |
| 167.248.133.127 | scanner-26.ch1.censys-scanner.com | 7 |
| 167.94.138.51 | scanner-07.ch1.censys-scanner.com | 7 |
| 150.185.252.222 | - | 7 |