IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 78.153.140.19 | azioxwjsa.click | 10 |
| 80.94.93.119 | - | 10 |
| 176.65.149.231 | hosted-by.pfcloud.io | 10 |
| 193.46.255.7 | hostingmailto221.statics.servermail.org | 10 |
| 193.46.255.20 | hostingmailto112.statics.servermail.org | 10 |
| 193.46.255.33 | hostingmailto181.statics.servermail.org | 10 |
| 193.46.255.103 | hostingmailto005.statics.servermail.org | 10 |
| 193.46.255.159 | hostingmailto066.statics.servermail.org | 10 |
| 193.46.255.244 | hostingmailto161.statics.servermail.org | 10 |
| 23.147.8.240 | - | 9 |
| 68.69.186.226 | - | 9 |
| 80.94.93.233 | - | 9 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 9 |
| 91.224.92.79 | srv-91-224-92-79.serveroffer.net | 9 |
| 93.123.109.189 | - | 9 |
| 137.131.43.224 | - | 9 |
| 162.142.125.117 | - | 9 |
| 171.243.149.38 | dynamic-ip-adsl.viettel.vn | 9 |
| 176.65.148.214 | hosted-by.pfcloud.io | 9 |
| 185.93.89.4 | - | 9 |
| 193.32.162.157 | - | 9 |
| 193.46.255.99 | hostingmailto251.statics.servermail.org | 9 |
| 193.46.255.217 | hostingmailto131.statics.servermail.org | 9 |
| 3.137.73.221 | scan.cypex.ai | 8 |
| 27.254.235.4 | - | 8 |
| 41.223.40.78 | - | 8 |
| 45.43.33.210 | colby.probe.onyphe.net | 8 |
| 45.43.33.218 | chen.probe.onyphe.net | 8 |
| 45.132.1.172 | - | 8 |
| 62.193.106.227 | - | 8 |
| 71.6.146.186 | inspire.census.shodan.io | 8 |
| 78.128.112.74 | ip-112-74.4vendeta.com | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 80.82.77.139 | dojo.census.shodan.io | 8 |
| 80.82.77.202 | rnd.group-ib.com | 8 |
| 86.54.31.42 | green.census.shodan.io | 8 |
| 93.123.109.181 | - | 8 |
| 93.174.95.106 | battery.census.shodan.io | 8 |
| 94.102.49.193 | cloud.census.shodan.io | 8 |
| 102.210.80.6 | - | 8 |
| 111.119.234.186 | - | 8 |
| 119.18.55.217 | 119-18-55-217.webhostbox.net | 8 |
| 128.199.95.60 | - | 8 |
| 139.59.188.13 | - | 8 |
| 154.217.243.32 | - | 8 |
| 159.223.129.200 | - | 8 |
| 160.30.200.25 | - | 8 |
| 162.142.125.127 | - | 8 |
| 162.142.125.210 | scanner-207.ch1.censys-scanner.com | 8 |
| 162.142.125.211 | scanner-207.ch1.censys-scanner.com | 8 |
| 164.177.31.66 | static-csq-cds-031066.business.bouyguestelecom.com | 8 |
| 167.94.145.108 | - | 8 |
| 185.165.191.26 | purple.census.shodan.io | 8 |
| 185.165.191.27 | red.census.shodan.io | 8 |
| 187.210.77.100 | customer-187-210-77-100.uninet-ide.com.mx | 8 |
| 189.217.130.86 | customer-189-217-130-86.cablevision.net.mx | 8 |
| 193.32.162.151 | - | 8 |
| 200.69.236.207 | seldon.tecnologica.com.ar | 8 |
| 204.76.203.28 | hosted-by.pfcloud.io | 8 |
| 206.123.145.35 | - | 8 |
| 1.55.33.86 | - | 7 |
| 3.130.96.91 | scan.cypex.ai | 7 |
| 3.131.215.38 | ec2-3-131-215-38.us-east-2.compute.amazonaws.com | 7 |
| 3.132.23.201 | scan.cypex.ai | 7 |
| 3.143.33.63 | scan.cypex.ai | 7 |
| 3.149.59.26 | scan.cypex.ai | 7 |
| 12.156.67.18 | - | 7 |
| 14.63.160.31 | - | 7 |
| 14.103.172.199 | - | 7 |
| 14.103.176.19 | - | 7 |
| 20.65.195.48 | azpdss2w6a20.stretchoid.com | 7 |
| 27.128.174.164 | - | 7 |
| 27.254.137.144 | - | 7 |
| 27.254.149.199 | - | 7 |
| 27.254.192.185 | - | 7 |
| 27.254.235.3 | - | 7 |
| 27.254.235.12 | - | 7 |
| 34.75.26.147 | 147.26.75.34.bc.googleusercontent.com | 7 |
| 34.142.110.144 | 144.110.142.34.bc.googleusercontent.com | 7 |
| 35.237.94.18 | 18.94.237.35.bc.googleusercontent.com | 7 |
| 36.67.70.198 | sehati.tanjabtimkab.go.id | 7 |
| 37.202.225.90 | 37-202-225-90.shatel.ir | 7 |
| 39.109.104.252 | - | 7 |
| 41.216.178.82 | - | 7 |
| 43.225.158.4 | - | 7 |
| 45.33.80.243 | minsk.scan.bufferover.run | 7 |
| 45.74.16.90 | - | 7 |
| 45.78.193.110 | - | 7 |
| 45.79.181.223 | malta.scan.bufferover.run | 7 |
| 45.119.81.249 | - | 7 |
| 45.172.152.74 | - | 7 |
| 45.239.131.117 | - | 7 |
| 47.154.60.61 | 47-154-60-61.fdr01.ccmn.ca.ip.frontiernet.net | 7 |
| 47.180.114.229 | 47-180-114-229.944e76fe48b133ae6f88b784db937d44.ip.frontiernet.net | 7 |
| 51.159.54.22 | 51-159-54-22.rev.poneytelecom.eu | 7 |
| 57.129.64.219 | b2.scanner.modat.io | 7 |
| 59.26.132.170 | - | 7 |
| 60.199.224.2 | 60-199-224-2.static.tfn.net.tw | 7 |
| 64.62.156.122 | - | 7 |
| 64.62.156.142 | - | 7 |
| 64.62.156.192 | - | 7 |
| 64.62.197.122 | - | 7 |
| 64.227.170.229 | - | 7 |
| 64.227.174.243 | - | 7 |
| 65.49.1.132 | - | 7 |
| 65.49.1.202 | - | 7 |
| 66.175.213.4 | vilnius.scan.bufferover.run | 7 |
| 66.240.219.146 | burger.census.shodan.io | 7 |
| 68.183.88.186 | - | 7 |
| 68.233.116.124 | - | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 71.6.158.166 | ninja.census.shodan.io | 7 |
| 71.6.199.23 | einstein.census.shodan.io | 7 |
| 74.119.195.187 | vm3884920.example.com | 7 |
| 77.83.240.46 | 7 | |
| 78.159.131.219 | 103787.ip-ptr.tech | 7 |
| 80.75.212.17 | tube-hosting.com | 7 |
| 80.82.70.118 | rnd.group-ib.com | 7 |
| 80.94.95.15 | - | 7 |
| 80.94.95.112 | - | 7 |
| 81.192.46.29 | adsl-29-46-192-81.adsl.iam.net.ma | 7 |
| 81.192.46.45 | adsl-45-46-192-81.adsl.iam.net.ma | 7 |
| 81.192.46.49 | adsl-49-46-192-81.adsl.iam.net.ma | 7 |
| 81.211.72.167 | - | 7 |
| 81.215.228.18 | 81.215.228.18.dynamic.ttnet.com.tr | 7 |
| 84.51.43.58 | host-84-51-43-58.teletektelekom.com | 7 |
| 85.18.236.229 | 85-18-236-229.ip.fastwebnet.it | 7 |
| 86.54.31.32 | hat.census.shodan.io | 7 |
| 89.43.78.182 | static-89-43-78-182.ptr.name.tr | 7 |
| 89.248.167.131 | mason.census.shodan.io | 7 |
| 91.210.179.185 | 91-210-179-185.cl.giga.net.ru | 7 |
| 91.224.92.32 | srv-91-224-92-32.serveroffer.net | 7 |
| 91.224.92.108 | srv-91-224-92-108.serveroffer.net | 7 |
| 92.27.101.99 | host-92-27-101-99.static.as13285.net | 7 |
| 92.118.39.71 | - | 7 |
| 92.118.39.95 | - | 7 |
| 93.123.109.185 | - | 7 |
| 95.85.47.10 | sexolondon.com-1705306061476-s-1vcpu-2gb-ams2-01 | 7 |
| 95.167.225.76 | - | 7 |
| 101.36.119.98 | - | 7 |
| 101.36.122.139 | - | 7 |
| 102.88.137.80 | - | 7 |
| 102.140.97.134 | - | 7 |
| 103.10.44.105 | - | 7 |
| 103.48.84.29 | - | 7 |
| 103.48.192.48 | - | 7 |
| 103.59.95.12 | ip103-59-95-12.cloudhost.web.id | 7 |
| 103.67.79.165 | ip103-67-79-165.cloudhost.web.id | 7 |
| 103.82.20.226 | 103.82.20.226.cloudfly.vn | 7 |
| 103.124.94.57 | - | 7 |
| 103.137.75.74 | - | 7 |
| 103.148.100.146 | - | 7 |
| 103.149.28.105 | - | 7 |
| 103.153.110.189 | - | 7 |
| 103.172.204.127 | ip103-172-204-127.cloudhost.web.id | 7 |
| 103.172.236.15 | - | 7 |
| 103.174.215.18 | - | 7 |
| 103.176.78.193 | ip103-176-78-193.cloudhost.web.id | 7 |
| 103.179.218.243 | - | 7 |
| 103.182.132.154 | - | 7 |
| 103.217.145.154 | ip103-217-145-154.cloudhost.web.id | 7 |
| 103.237.144.204 | - | 7 |
| 104.168.58.11 | 104-168-58-11-host.colocrossing.com | 7 |
| 104.248.81.123 | - | 7 |
| 111.33.45.42 | - | 7 |
| 111.119.233.20 | ecs-111-119-233-20.compute.hwclouds-dns.com | 7 |
| 112.196.70.142 | - | 7 |
| 113.57.20.40 | - | 7 |
| 115.135.235.61 | - | 7 |
| 118.179.219.137 | - | 7 |
| 121.52.147.5 | upesh.edu.pk | 7 |
| 121.186.31.54 | - | 7 |
| 122.155.0.205 | www.phatan.go.th | 7 |
| 122.168.194.41 | abts-mp-static-041.194.168.122.airtelbroadband.in | 7 |
| 123.59.135.110 | - | 7 |
| 125.88.174.211 | - | 7 |
| 125.142.37.91 | - | 7 |
| 129.148.21.13 | - | 7 |
| 135.0.208.122 | - | 7 |
| 137.184.202.107 | nauru.production | 7 |
| 139.59.64.179 | - | 7 |
| 142.93.116.14 | - | 7 |
| 146.70.146.50 | - | 7 |
| 146.185.182.65 | bettrade.stage.pg-1 | 7 |
| 147.45.198.127 | vm9782.hostinux.com | 7 |
| 150.138.115.76 | - | 7 |
| 152.32.134.231 | - | 7 |
| 152.32.210.227 | - | 7 |
| 155.93.89.195 | - | 7 |
| 161.49.89.39 | 161.49.89.39.convergeict.com | 7 |
| 162.142.125.47 | scanner-201.ch1.censys-scanner.com | 7 |
| 162.142.125.115 | - | 7 |
| 162.142.125.116 | - | 7 |
| 162.142.125.119 | - | 7 |
| 162.142.125.121 | - | 7 |
| 162.142.125.125 | - | 7 |
| 162.142.125.200 | scanner-202.ch1.censys-scanner.com | 7 |
| 162.142.125.209 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.221 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.222 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.144.192.82 | server.iabcanada.com | 7 |
| 165.154.163.10 | - | 7 |
| 165.154.217.96 | - | 7 |
| 167.94.138.60 | scanner-07.ch1.censys-scanner.com | 7 |
| 167.94.138.178 | - | 7 |
| 167.94.145.96 | - | 7 |
| 167.94.145.97 | - | 7 |
| 167.94.145.98 | - | 7 |
| 167.94.145.102 | - | 7 |
| 167.94.145.103 | - | 7 |
| 167.94.145.107 | - | 7 |
| 167.172.153.88 | - | 7 |
| 171.244.134.21 | - | 7 |
| 172.104.11.34 | edinburgh.scan.bufferover.run | 7 |
| 172.104.11.51 | venice.scan.bufferover.run | 7 |
| 172.105.128.11 | oslo.scan.bufferover.run | 7 |
| 175.110.65.134 | - | 7 |
| 176.65.148.240 | hosted-by.pfcloud.io | 7 |
| 177.12.2.75 | fttx.cable-17712275.predialnet.com.br | 7 |
| 178.176.250.39 | - | 7 |
| 179.51.153.37 | ip-179-51-153-37.eunapolis.netcentertelecom.net.br | 7 |
| 180.76.202.69 | - | 7 |
| 181.49.50.6 | - | 7 |
| 181.114.122.224 | LPZ-181-114-122-00224.tigo.bo | 7 |
| 182.18.161.232 | static-182-18-161-232.ctrls.in | 7 |
| 182.44.79.69 | - | 7 |
| 182.76.204.237 | nsg-static-237.204.76.182-airtel.com | 7 |
| 182.93.50.90 | n18293z50l90.static.ctmip.net | 7 |
| 183.110.116.126 | - | 7 |
| 185.118.15.236 | - | 7 |
| 185.156.73.233 | - | 7 |
| 185.213.165.72 | static.72.165.213.185.clients.irandns.com | 7 |
| 186.96.151.198 | fixed-186-96-151-198.totalplay.net | 7 |
| 187.16.96.250 | mvx-187-16-96-250.mundivox.com | 7 |
| 187.62.87.27 | - | 7 |
| 188.18.49.50 | - | 7 |
| 189.7.17.61 | bd07113d.virtua.com.br | 7 |
| 189.112.0.11 | 189-112-000-011.static.ctbctelecom.com.br | 7 |
| 191.98.191.214 | - | 7 |
| 192.155.90.220 | bern.scan.bufferover.run | 7 |
| 194.0.234.93 | - | 7 |
| 194.113.236.217 | - | 7 |
| 195.178.110.133 | - | 7 |
| 195.178.110.224 | - | 7 |
| 196.251.73.213 | ns1432.ztomy.com | 7 |
| 196.251.85.101 | - | 7 |
| 196.251.88.103 | - | 7 |
| 197.5.145.8 | - | 7 |
| 197.5.145.102 | - | 7 |
| 197.44.15.210 | - | 7 |
| 197.220.93.115 | - | 7 |
| 198.1.117.220 | 198-1-117-220.unifiedlayer.com | 7 |
| 198.23.143.193 | royaserver.com | 7 |
| 198.98.56.205 | bullshit-irc.net | 7 |
| 199.45.154.152 | scanner-205.hk2.censys-scanner.com | 7 |
| 199.45.155.94 | scanner-204.hk2.censys-scanner.com | 7 |
| 199.195.251.10 | - | 7 |
| 200.73.135.75 | 75.135.73.200.cab.prima.net.ar | 7 |
| 200.196.50.91 | mvx-200-196-50-91.mundivox.com | 7 |
| 200.225.246.102 | 200-225-246-102.dynamic.idial.com.br | 7 |
| 201.186.40.161 | - | 7 |
| 202.157.176.165 | vps.tokodagingnusantara.com | 7 |
| 202.157.177.33 | mail.simaster-brebeskab.id | 7 |
| 203.106.164.74 | gbk-164-74.tm.net.my | 7 |
| 203.190.53.154 | - | 7 |
| 206.42.56.228 | 206-42-56-228-tmp.static.brisanet.net.br | 7 |
| 206.168.34.49 | unused-space.coop.net | 7 |
| 206.168.34.72 | unused-space.coop.net | 7 |
| 206.168.34.74 | unused-space.coop.net | 7 |
| 206.168.34.119 | unused-space.coop.net | 7 |
| 206.168.34.124 | unused-space.coop.net | 7 |
| 206.168.34.192 | unused-space.coop.net | 7 |
| 209.97.161.72 | - | 7 |
| 209.141.33.240 | saphira.pwnation.net | 7 |
| 211.253.10.96 | - | 7 |
| 212.233.136.201 | 212-233-136-201.optisprint.net | 7 |
| 216.172.190.206 | col.colettelounge.com | 7 |
| 220.95.14.102 | - | 7 |
| 220.247.223.56 | 56.sta.idc-2.slt.lk | 7 |
| 221.159.150.85 | - | 7 |
| 223.197.186.7 | 223-197-186-7.static.imsbiz.com | 7 |