IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:net
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 62.102.148.68 | - | 10 |
| 171.25.193.78 | tor-exit4-readme.dfri.se | 10 |
| 185.220.101.1 | - | 10 |
| 198.98.51.189 | tor.teitel.net | 10 |
| 185.220.101.206 | - | 10 |
| 185.220.102.249 | tor-exit-relay-3.anonymizing-proxy.digitalcourage.de | 9 |
| 162.247.74.74 | wiebe.tor-exit.calyxinstitute.org | 9 |
| 162.247.74.206 | rosaluxemburg.tor-exit.calyxinstitute.org | 9 |
| 162.247.72.199 | jaffer.tor-exit.calyxinstitute.org | 9 |
| 209.127.17.242 | - | 9 |
| 192.42.116.16 | tor-exit.hartvoorinternetvrijheid.nl | 9 |
| 192.42.116.13 | this-is-a-tor-exit-node-hviv113.hviv.nl | 9 |
| 66.230.230.230 | - | 9 |
| 162.247.74.27 | turing.tor-exit.calyxinstitute.org | 9 |
| 5.2.69.42 | - | 9 |
| 138.68.138.162 | - | 9 |
| 178.165.72.177 | 178-165-72-177-kh.maxnet.ua | 9 |
| 89.163.252.230 | ca262.calcit.dedicated.server-hosting.expert | 9 |
| 162.247.74.200 | kiriakou.tor-exit.calyxinstitute.org | 9 |
| 89.234.157.254 | marylou.nos-oignons.net | 9 |
| 5.2.69.50 | - | 9 |
| 171.25.193.77 | tor-exit1-readme.dfri.se | 9 |
| 62.210.37.82 | 62-210-37-82.rev.poneytelecom.eu | 9 |
| 185.220.102.8 | 185-220-102-8.torservers.net | 9 |
| 171.25.193.20 | tor-exit0-readme.dfri.se | 9 |
| 171.25.193.25 | tor-exit5-readme.dfri.se | 9 |
| 198.144.120.177 | - | 9 |
| 185.220.102.252 | tor-exit-relay-6.anonymizing-proxy.digitalcourage.de | 9 |
| 89.163.154.91 | srv1258.dedicated.server-hosting.expert | 9 |
| 23.129.64.249 | - | 9 |
| 62.210.105.116 | 62-210-105-116.rev.poneytelecom.eu | 9 |
| 185.213.155.169 | - | 8 |
| 89.163.249.244 | srv1264.dedicated.server-hosting.expert | 8 |
| 185.220.102.244 | 185-220-102-244.torservers.net | 8 |
| 185.220.102.245 | 185-220-102-245.torservers.net | 8 |
| 185.220.102.248 | tor-exit-relay-2.anonymizing-proxy.digitalcourage.de | 8 |
| 199.195.250.77 | ny1.exit.tor.alkyl.eu.org | 8 |
| 178.20.55.18 | marcuse-2.nos-oignons.net | 8 |
| 178.20.55.16 | marcuse-1.nos-oignons.net | 8 |
| 209.141.52.246 | lab.lv.dgv.dev.br | 8 |
| 203.159.80.73 | - | 8 |
| 198.144.120.234 | - | 8 |
| 91.149.225.131 | undefined.hostname.localhost | 8 |
| 185.220.101.215 | - | 8 |
| 162.247.74.217 | perry.fellwock.tor-exit.calyxinstitute.org | 8 |
| 104.244.72.168 | LuxembourgTor7.lu | 8 |
| 209.141.42.231 | tor.relay.com | 8 |
| 141.98.10.193 | - | 8 |
| 209.127.17.234 | - | 8 |
| 89.163.252.12 | srv1358.dedicated.server-hosting.expert | 8 |
| 185.220.102.243 | 185-220-102-243.torservers.net | 8 |
| 205.185.122.102 | - | 8 |
| 192.42.116.22 | this-is-a-tor-exit-node-hviv122.hviv.nl | 8 |
| 193.32.126.161 | - | 8 |
| 89.163.249.192 | srv1116.dedicated.server-hosting.expert | 8 |
| 185.191.124.152 | - | 8 |
| 185.191.124.151 | - | 8 |
| 23.129.64.232 | - | 8 |
| 23.129.64.231 | - | 8 |
| 209.141.45.127 | mx03.edmdmdm.com | 8 |
| 5.199.143.202 | ca235.calcit.dedicated.server-hosting.expert | 8 |
| 198.96.155.3 | exit.tor.uwaterloo.ca | 8 |
| 5.104.110.89 | ca248.calcit.dedicated.server-hosting.expert | 8 |
| 195.154.56.235 | 195-154-56-235.rev.poneytelecom.eu | 8 |
| 185.165.168.229 | - | 8 |
| 185.220.102.4 | communityexit.torservers.net | 8 |
| 185.220.102.6 | 185-220-102-6.torservers.net | 8 |
| 185.36.81.178 | rendesxis.ga | 8 |
| 77.247.181.163 | lumumba.torservers.net | 8 |
| 89.163.243.88 | ca011.calcit.dedicated.server-hosting.expert | 8 |
| 104.244.72.36 | LuxembourgTor10.lu | 8 |
| 185.220.103.7 | anatkamm.tor-exit.calyxinstitute.org | 8 |
| 213.202.216.189 | h176.helix.dedi.server-hosting.expert | 8 |
| 185.220.102.253 | tor-exit-relay-7.anonymizing-proxy.digitalcourage.de | 8 |
| 185.220.102.250 | tor-exit-relay-4.anonymizing-proxy.digitalcourage.de | 8 |
| 64.113.32.29 | tor.t-3.net | 8 |
| 167.71.0.98 | - | 8 |
| 23.129.64.203 | - | 8 |
| 45.129.56.200 | - | 8 |
| 185.220.101.197 | - | 8 |
| 185.220.101.194 | - | 8 |
| 23.129.64.242 | - | 8 |
| 23.129.64.240 | - | 8 |
| 83.97.20.189 | 189.20.97.83.ro.ovo.sc | 8 |
| 185.220.101.207 | - | 8 |
| 185.220.101.204 | - | 8 |
| 167.71.253.251 | - | 7 |
| 128.31.0.13 | tor-exit.csail.mit.edu | 7 |
| 45.133.1.92 | - | 7 |
| 31.210.21.37 | - | 7 |
| 182.161.55.66 | - | 7 |
| 185.100.87.241 | - | 7 |
| 149.56.44.47 | 47.ip-149-56-44.net | 7 |
| 188.214.104.146 | api.squired.ro | 7 |
| 120.224.50.233 | - | 7 |
| 185.220.102.246 | 185-220-102-246.torservers.net | 7 |
| 185.220.102.240 | 185-220-102-240.torservers.net | 7 |
| 185.220.102.241 | 185-220-102-241.torservers.net | 7 |
| 91.132.147.168 | netcupDE.tor-exit.de | 7 |
| 195.254.135.76 | - | 7 |
| 212.83.165.111 | 212-83-165-111.rev.poneytelecom.eu | 7 |
| 104.244.76.170 | tor2.panhu.xyz | 7 |
| 23.129.64.237 | - | 7 |
| 23.129.64.236 | - | 7 |
| 165.227.229.167 | - | 7 |
| 23.129.64.209 | - | 7 |
| 213.74.22.134 | host-213-74-22-134.superonline.net | 7 |
| 45.154.255.147 | cust-147.keff.org | 7 |
| 23.129.64.208 | - | 7 |
| 205.185.114.222 | - | 7 |
| 156.146.58.134 | nyc-exit.privateinternetaccess.com | 7 |
| 167.71.15.122 | - | 7 |
| 213.202.218.55 | h074.helix.dedi.server-hosting.expert | 7 |
| 104.244.77.95 | - | 7 |
| 94.230.208.147 | tor3e1.digitale-gesellschaft.ch | 7 |
| 209.141.54.56 | - | 7 |
| 192.42.116.18 | this-is-a-tor-exit-node-hviv118.hviv.nl | 7 |
| 185.36.81.58 | - | 7 |
| 205.185.114.8 | - | 7 |
| 166.70.207.2 | this.is.a.tor.node.xmission.com | 7 |
| 104.244.73.13 | LuxembourgTorExit1 | 7 |
| 185.130.44.108 | tor-exit-se1.privex.cc | 7 |
| 205.185.121.119 | n00bminer.info | 7 |
| 185.220.101.218 | - | 7 |
| 185.220.101.211 | - | 7 |
| 185.220.101.212 | - | 7 |
| 185.220.101.213 | - | 7 |
| 123.59.195.173 | - | 7 |
| 205.185.122.155 | - | 7 |
| 128.199.205.98 | our.group | 7 |
| 185.220.102.7 | 185-220-102-7.torservers.net | 7 |
| 162.247.74.216 | phoolandevi.tor-exit.calyxinstitute.org | 7 |
| 207.244.70.35 | - | 7 |
| 198.98.50.112 | tor.your-domain.tld | 7 |
| 209.141.50.79 | mail.chinanetdomain.com | 7 |
| 124.90.54.24 | - | 7 |
| 185.233.100.23 | elenagb.nos-oignons.net | 7 |
| 162.247.74.7 | korematsu.tor-exit.calyxinstitute.org | 7 |
| 205.185.119.198 | cymeow.xyz | 7 |
| 209.141.49.133 | fsc.dostres.com | 7 |
| 185.220.100.247 | tor-exit-8.zbau.f3netze.de | 7 |
| 185.67.82.114 | tor-ou.effi.org | 7 |
| 185.36.81.186 | - | 7 |
| 199.19.224.108 | bv1.bv1.bv1.bv1 | 7 |
| 62.102.148.69 | - | 7 |
| 89.163.150.213 | ca144.calcit.dedicated.server-hosting.expert | 7 |
| 104.244.76.13 | tor-exit-node.spongebob.nicdex.com | 7 |
| 45.133.1.115 | - | 7 |
| 203.159.80.176 | - | 7 |
| 185.220.101.13 | - | 7 |
| 185.220.101.11 | - | 7 |
| 192.42.116.20 | this-is-a-tor-exit-node-hviv120.hviv.nl | 7 |
| 192.42.116.27 | this-is-a-tor-exit-node-hviv127.hviv.nl | 7 |
| 192.42.116.26 | this-is-a-tor-exit-node-hviv126.hviv.nl | 7 |
| 192.42.116.24 | this-is-a-tor-exit-node-hviv124.hviv.nl | 7 |
| 192.42.116.28 | this-is-a-tor-exit-node-hviv128.hviv.nl | 7 |
| 107.189.10.42 | tor-exit.demfloro.ru | 7 |
| 104.244.79.196 | LuxembourgTor11.lu | 7 |
| 205.185.114.91 | - | 7 |
| 45.133.1.158 | - | 7 |
| 209.141.62.52 | only.fags.ddos.legit.streamers | 7 |
| 192.42.116.19 | this-is-a-tor-exit-node-hviv119.hviv.nl | 7 |
| 185.34.33.2 | tor.laquadrature.net | 7 |
| 209.141.40.156 | - | 7 |
| 163.172.213.212 | trenecito.noconname.org | 7 |
| 104.244.77.122 | LuxembourgTor9.lu | 7 |
| 185.220.103.111 | - | 7 |
| 162.247.74.202 | djb.tor-exit.calyxinstitute.org | 7 |
| 162.247.74.201 | kunstler.tor-exit.calyxinstitute.org | 7 |
| 162.247.74.204 | billsf.tor-exit.calyxinstitute.org | 7 |
| 205.185.117.246 | chenximiao.com | 7 |
| 199.195.251.84 | ny1.nixnet.xyz | 7 |
| 84.53.192.243 | - | 7 |
| 104.244.74.211 | LuxembourgTor6.lu | 7 |
| 91.250.242.12 | - | 7 |
| 82.221.131.5 | - | 7 |
| 205.185.125.36 | my.filerot.com | 7 |
| 209.141.60.60 | artemis.pokeradio.net | 7 |
| 41.226.25.4 | - | 7 |
| 185.191.124.153 | - | 7 |
| 185.191.124.150 | - | 7 |
| 23.129.64.235 | - | 7 |
| 23.129.64.234 | - | 7 |
| 185.220.103.5 | chelseamanning.tor-exit.calyxinstitute.org | 7 |
| 185.220.101.9 | - | 7 |
| 185.220.101.3 | - | 7 |
| 18.27.197.252 | wholesomeserver.media.mit.edu | 7 |
| 192.187.111.130 | - | 7 |
| 209.141.58.231 | ak92.com | 7 |
| 80.82.77.139 | dojo.census.shodan.io | 7 |
| 209.141.54.195 | tor1.friendlyexitnode.com | 7 |
| 23.129.64.253 | - | 7 |
| 162.247.74.213 | snowden.tor-exit.calyxinstitute.org | 7 |
| 31.210.21.172 | - | 7 |
| 209.141.49.67 | backup.adtoo.net | 7 |
| 23.154.177.68 | - | 7 |
| 198.144.121.93 | - | 7 |
| 167.71.0.205 | - | 7 |
| 209.141.45.88 | - | 7 |
| 209.141.59.243 | - | 7 |
| 209.141.43.13 | web1.feedbk.co.il | 7 |
| 176.10.104.240 | tor1e1.digitale-gesellschaft.ch | 7 |
| 185.220.103.9 | katherinegun.tor-exit.calyxinstitute.org | 7 |
| 185.247.224.14 | tor-exit-ro.letztermensch.com | 7 |
| 209.141.50.18 | svr.tingtao.org | 7 |
| 176.10.99.200 | accessnow.org | 7 |
| 199.19.225.14 | - | 7 |
| 51.159.94.134 | 51-159-94-134.rev.poneytelecom.eu | 7 |
| 185.191.124.143 | - | 7 |
| 185.220.102.251 | tor-exit-relay-5.anonymizing-proxy.digitalcourage.de | 7 |
| 222.168.30.19 | - | 7 |
| 23.129.64.200 | - | 7 |
| 23.129.64.205 | - | 7 |
| 51.255.106.85 | tor-exit-node.strangled.net | 7 |
| 144.172.118.4 | Houston.Texas4Tor.com | 7 |
| 79.158.88.134 | 134.red-79-158-88.dynamicip.rima-tde.net | 7 |
| 185.220.101.198 | - | 7 |
| 185.220.101.193 | - | 7 |
| 45.133.1.63 | - | 7 |
| 89.163.252.30 | srv1016.dedicated.server-hosting.expert | 7 |
| 95.128.43.164 | exit-1.fr.tor.aquaray.com | 7 |
| 209.141.43.233 | - | 7 |
| 105.203.195.68 | host-105.203.195.68.etisalat.com.eg | 7 |
| 23.129.64.244 | - | 7 |
| 198.23.172.240 | 198-23-172-240-host.colocrossing.com | 7 |
| 45.9.13.235 | - | 7 |
| 209.141.61.83 | - | 7 |
| 23.154.177.131 | - | 7 |
| 23.154.177.133 | - | 7 |
| 185.220.101.208 | - | 7 |
| 185.220.101.205 | - | 7 |
| 185.220.101.203 | - | 7 |
| 80.67.172.162 | algrothendieck.nos-oignons.net | 7 |
| 185.100.87.202 | - | 7 |