About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROPIn directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2024-09-12)
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 159.65.147.193 | panel.mydigitalads.in | 10 |
| 183.81.169.238 | - | 10 |
| 194.169.175.37 | - | 10 |
| 5.42.74.254 | finicky-business.aeza.network | 9 |
| 49.51.199.39 | - | 9 |
| 77.91.85.126 | chummy-activity.aeza.network | 9 |
| 77.221.156.122 | many-sky.aeza.network | 9 |
| 85.209.11.27 | - | 9 |
| 85.209.11.254 | - | 9 |
| 91.103.140.42 | - | 9 |
| 128.199.225.7 | - | 9 |
| 154.213.184.15 | - | 9 |
| 194.169.175.38 | - | 9 |
| 209.38.249.215 | - | 9 |
| 45.148.10.242 | - | 8 |
| 46.101.1.149 | - | 8 |
| 46.101.208.77 | - | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 80.82.77.139 | dojo.census.shodan.io | 8 |
| 80.82.77.202 | rnd.group-ib.com | 8 |
| 89.248.167.131 | mason.census.shodan.io | 8 |
| 106.12.222.76 | - | 8 |
| 134.209.208.37 | - | 8 |
| 185.129.62.62 | tor01.zencurity.com | 8 |
| 206.168.34.125 | - | 8 |
| 207.90.244.5 | - | 8 |
| 5.8.11.202 | - | 7 |
| 5.42.76.224 | resonant-sign.aeza.network | 7 |
| 8.212.134.63 | - | 7 |
| 8.216.85.26 | - | 7 |
| 8.216.86.166 | - | 7 |
| 8.216.89.241 | - | 7 |
| 8.221.141.114 | - | 7 |
| 14.40.8.125 | - | 7 |
| 27.185.52.202 | - | 7 |
| 39.129.9.180 | - | 7 |
| 42.200.78.78 | 42-200-78-78.static.imsbiz.com | 7 |
| 61.177.172.136 | - | 7 |
| 61.177.172.140 | - | 7 |
| 61.177.172.160 | - | 7 |
| 61.177.172.161 | - | 7 |
| 61.177.172.168 | - | 7 |
| 61.177.172.172 | - | 7 |
| 61.177.172.179 | - | 7 |
| 64.227.126.250 | - | 7 |
| 65.49.1.55 | - | 7 |
| 71.6.146.185 | pirate.census.shodan.io | 7 |
| 71.6.146.186 | inspire.census.shodan.io | 7 |
| 71.6.199.23 | einstein.census.shodan.io | 7 |
| 71.6.232.23 | - | 7 |
| 72.240.125.133 | cm-72-240-125-133.buckeyecom.net | 7 |
| 80.66.83.225 | - | 7 |
| 82.200.65.218 | gw-bell-xen.ll-nsk.zsttk.ru | 7 |
| 85.190.243.5 | vmi2118930.contaboserver.net | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 91.205.128.170 | - | 7 |
| 92.118.39.120 | - | 7 |
| 93.174.95.106 | battery.census.shodan.io | 7 |
| 94.254.0.234 | h-94-254-0-234.na.cust.bahnhof.se | 7 |
| 103.173.227.187 | - | 7 |
| 109.74.204.123 | academyforinternetresearch.org | 7 |
| 115.231.78.14 | - | 7 |
| 117.72.83.61 | - | 7 |
| 123.31.29.192 | static.vnpt.vn | 7 |
| 128.199.83.142 | - | 7 |
| 138.68.82.23 | e154df25ea.scan.leakix.org | 7 |
| 138.68.144.227 | c165c2962c.scan.leakix.org | 7 |
| 139.59.79.179 | - | 7 |
| 139.59.127.178 | - | 7 |
| 142.93.129.190 | f20a02ce01.scan.leakix.org | 7 |
| 147.185.132.34 | - | 7 |
| 147.185.132.40 | - | 7 |
| 147.185.132.54 | - | 7 |
| 147.185.132.66 | - | 7 |
| 147.185.132.90 | - | 7 |
| 147.185.132.240 | - | 7 |
| 158.51.96.38 | unknown.ip-xfer.net | 7 |
| 159.65.91.105 | - | 7 |
| 159.89.12.166 | c5d51acfea.scan.leakix.org | 7 |
| 159.223.3.111 | - | 7 |
| 159.223.105.130 | - | 7 |
| 161.35.108.241 | - | 7 |
| 163.47.36.33 | - | 7 |
| 165.154.33.91 | - | 7 |
| 165.227.107.177 | - | 7 |
| 171.25.193.77 | tor-exit-read-me.dfri.se | 7 |
| 171.241.53.222 | dynamic-ip-adsl.viettel.vn | 7 |
| 174.138.26.166 | - | 7 |
| 178.128.161.183 | - | 7 |
| 178.163.244.13 | test.tuf.by | 7 |
| 180.101.88.197 | - | 7 |
| 182.59.139.27 | - | 7 |
| 185.77.3.123 | - | 7 |
| 185.165.191.26 | - | 7 |
| 185.165.191.27 | - | 7 |
| 185.196.9.210 | - | 7 |
| 185.224.128.59 | - | 7 |
| 185.224.128.187 | - | 7 |
| 185.242.226.40 | security.criminalip.com | 7 |
| 185.242.226.47 | security.criminalip.com | 7 |
| 186.10.125.209 | z407.entelchile.net | 7 |
| 186.96.145.241 | fixed-186-96-145-241.totalplay.net | 7 |
| 190.85.15.251 | - | 7 |
| 190.144.14.170 | - | 7 |
| 190.202.124.93 | - | 7 |
| 193.32.162.65 | - | 7 |
| 194.152.206.17 | - | 7 |
| 199.45.154.131 | scanner-203.hk2.censys-scanner.com | 7 |
| 199.45.154.142 | scanner-203.hk2.censys-scanner.com | 7 |
| 205.185.113.140 | - | 7 |
| 206.168.34.33 | - | 7 |
| 206.168.34.39 | - | 7 |
| 206.168.34.46 | - | 7 |
| 206.168.34.47 | - | 7 |
| 206.168.34.53 | - | 7 |
| 206.168.34.56 | - | 7 |
| 206.168.34.214 | - | 7 |
| 207.90.244.3 | - | 7 |
| 207.90.244.14 | - | 7 |
| 211.253.10.96 | - | 7 |
| 213.6.203.226 | - | 7 |
| 218.92.0.22 | - | 7 |
| 218.92.0.24 | - | 7 |
| 218.92.0.27 | - | 7 |
| 218.92.0.31 | - | 7 |
| 218.92.0.34 | - | 7 |
| 218.92.0.56 | - | 7 |
| 218.92.0.76 | - | 7 |
| 218.92.0.112 | - | 7 |
| 218.92.0.113 | - | 7 |
| 218.92.0.118 | - | 7 |
| 162.142.125.192 | - | 7 |
| 162.142.125.194 | - | 7 |
| 162.142.125.219 | scanner-25.ch1.censys-scanner.com | 7 |
| 167.94.146.49 | - | 7 |
| 167.94.146.51 | - | 7 |