Skip to content

tanglewreck/ipsum

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
levels
levels
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ipsum.txt
ipsum.txt
 
 

Repository files navigation

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2025-08-28)

IP DNS lookup Number of (black)lists
80.94.93.119 - 10
91.224.92.32 srv-91-224-92-32.serveroffer.net 10
193.46.255.7 hostingmailto221.statics.servermail.org 10
193.46.255.20 hostingmailto112.statics.servermail.org 10
193.46.255.33 hostingmailto181.statics.servermail.org 10
193.46.255.103 hostingmailto005.statics.servermail.org 10
193.46.255.159 hostingmailto066.statics.servermail.org 10
193.46.255.244 hostingmailto161.statics.servermail.org 10
38.211.193.130 - 9
80.94.93.233 - 9
91.224.92.28 srv-91-224-92-28.serveroffer.net 9
91.224.92.79 srv-91-224-92-79.serveroffer.net 9
91.224.92.106 srv-91-224-92-106.serveroffer.net 9
91.224.92.108 srv-91-224-92-108.serveroffer.net 9
92.118.39.62 - 9
93.123.109.176 - 9
154.217.243.32 - 9
176.65.149.231 hosted-by.pfcloud.io 9
182.93.50.90 n18293z50l90.static.ctmip.net 9
193.32.162.157 - 9
193.46.255.99 hostingmailto251.statics.servermail.org 9
193.46.255.217 hostingmailto131.statics.servermail.org 9
211.253.10.96 - 9
45.148.10.240 - 8
45.172.152.74 - 8
80.82.77.139 dojo.census.shodan.io 8
80.82.77.202 rnd.group-ib.com 8
85.18.236.229 85-18-236-229.ip.fastwebnet.it 8
86.54.31.42 green.census.shodan.io 8
93.174.95.106 battery.census.shodan.io 8
121.186.31.54 - 8
123.30.249.49 static.vnpt.vn 8
146.185.182.65 bettrade.stage.pg-1 8
150.241.115.7 - 8
156.245.248.226 - 8
167.94.145.111 - 8
170.238.160.191 - 8
171.243.150.245 dynamic-ip-adsl.viettel.vn 8
176.65.148.27 hosted-by.pfcloud.io 8
176.65.148.214 hosted-by.pfcloud.io 8
198.12.114.232 198-12-114-232-host.colocrossing.com 8
216.172.190.206 col.colettelounge.com 8
220.247.224.226 - 8
3.131.215.38 ec2-3-131-215-38.us-east-2.compute.amazonaws.com 7
3.132.23.201 scan.cypex.ai 7
3.137.73.221 scan.cypex.ai 7
3.149.59.26 scan.cypex.ai 7
12.156.67.18 - 7
14.63.160.31 - 7
27.254.235.3 - 7
27.254.235.4 - 7
34.45.31.108 108.31.45.34.bc.googleusercontent.com 7
34.81.185.243 243.185.81.34.bc.googleusercontent.com 7
34.85.163.94 94.163.85.34.bc.googleusercontent.com 7
35.222.117.243 243.117.222.35.bc.googleusercontent.com 7
36.64.68.99 - 7
36.66.16.233 - 7
36.67.70.198 sehati.tanjabtimkab.go.id 7
36.91.166.34 - 7
36.251.194.42 - 7
41.223.40.78 - 7
43.163.127.185 - 7
45.78.192.92 - 7
45.78.192.211 - 7
45.79.181.104 monaco.scan.bufferover.run 7
45.118.146.109 - 7
45.119.81.249 - 7
45.120.216.232 - 7
45.121.147.47 - 7
45.131.108.170 tube-server.com 7
46.238.32.247 - 7
47.180.114.229 47-180-114-229.944e76fe48b133ae6f88b784db937d44.ip.frontiernet.net 7
47.254.71.129 - 7
50.84.211.204 syn-050-084-211-204.biz.spectrum.com 7
51.178.43.161 prod1.masterit.fr 7
51.195.190.33 ns3193927.ip-51-195-190.eu 7
58.222.244.226 - 7
59.12.160.91 - 7
61.80.179.118 - 7
61.190.114.203 - 7
62.193.106.227 - 7
64.62.156.52 - 7
64.62.156.192 - 7
64.62.197.32 - 7
64.62.197.152 - 7
65.49.1.66 - 7
65.49.1.94 - 7
66.240.192.138 census8.shodan.io 7
66.240.219.146 burger.census.shodan.io 7
71.6.135.131 soda.census.shodan.io 7
71.6.146.186 inspire.census.shodan.io 7
71.6.158.166 ninja.census.shodan.io 7
71.6.199.65 - 7
71.6.232.28 - 7
77.83.240.47 7
79.137.36.161 161.ip-79-137-36.eu 7
80.82.70.118 rnd.group-ib.com 7
80.82.77.33 sky.census.shodan.io 7
80.94.95.15 - 7
80.94.95.112 - 7
80.253.31.232 - 7
81.133.106.57 host81-133-106-57.in-addr.btopenworld.com 7
85.172.55.166 - 7
86.54.31.38 blue2.census.shodan.io 7
87.120.191.13 - 7
91.108.227.66 - 7
91.219.23.38 124229.ip-ptr.tech 7
92.55.190.215 - 7
92.118.39.92 - 7
93.123.109.185 - 7
94.102.49.193 cloud.census.shodan.io 7
94.181.229.254 94x181x229x254.datakirov.com 7
95.58.255.251 95.58.255.251.static.telecom.kz 7
95.167.225.76 - 7
101.36.123.102 - 7
101.89.148.7 - 7
102.208.184.2 - 7
103.20.122.54 - 7
103.20.223.206 - 7
103.41.98.66 static-103-41-98-66.pol.net.in 7
103.48.84.29 - 7
103.67.78.49 ip103-67-78-49.cloudhost.web.id 7
103.144.87.192 probation-proxy 7
103.145.145.75 - 7
103.149.28.105 - 7
103.153.190.121 - 7
103.179.57.172 ip103-179-57-172.cloudhost.web.id 7
103.191.178.123 - 7
103.200.25.196 - 7
103.210.22.17 - 7
103.217.145.53 ip103-217-145-53.cloudhost.web.id 7
103.246.42.72 rw-0072-42.246.103.rcil.gov.in 7
103.247.19.152 - 7
104.168.56.59 104-168-56-59-host.colocrossing.com 7
107.170.228.16 wfinancial20230805-s-1vcpu-2gb-sfo1-01-ubuntu-16.04 7
109.122.251.9 - 7
113.196.185.120 113.196.185.120.ll.static.sparqnet.net 7
114.112.96.35 - 7
116.172.130.191 - 7
116.193.190.177 ip116-193-190-177.cloudhost.web.id 7
118.41.246.179 - 7
118.128.237.197 - 7
119.18.55.217 119-18-55-217.webhostbox.net 7
120.46.220.88 ecs-120-46-220-88.compute.hwclouds-dns.com 7
122.155.0.205 www.thalaychupsorn.go.th 7
123.253.22.8 - 7
125.88.174.211 - 7
134.122.35.79 - 7
137.131.43.224 - 7
139.59.226.77 - 7
139.150.69.56 - 7
146.70.146.50 - 7
148.66.155.22 22.155.66.148.host.secureserver.net 7
148.153.189.62 - 7
152.32.144.167 - 7
152.32.177.169 - 7
154.83.17.116 - 7
154.221.27.234 - 7
157.230.88.184 - 7
158.51.96.38 unknown.ip-xfer.net 7
159.65.146.196 - 7
159.223.129.200 - 7
160.30.44.110 - 7
160.30.200.25 - 7
161.132.51.153 - 7
162.142.125.114 - 7
162.142.125.115 - 7
162.142.125.116 - 7
162.142.125.120 - 7
162.142.125.121 - 7
162.142.125.127 - 7
162.142.125.192 scanner-202.ch1.censys-scanner.com 7
162.142.125.194 scanner-202.ch1.censys-scanner.com 7
162.142.125.195 scanner-202.ch1.censys-scanner.com 7
162.142.125.197 scanner-202.ch1.censys-scanner.com 7
162.142.125.209 scanner-207.ch1.censys-scanner.com 7
162.142.125.211 scanner-207.ch1.censys-scanner.com 7
162.142.125.214 scanner-207.ch1.censys-scanner.com 7
162.142.125.221 scanner-207.ch1.censys-scanner.com 7
165.154.105.128 - 7
167.94.138.113 scanner-27.ch1.censys-scanner.com 7
167.94.138.125 scanner-27.ch1.censys-scanner.com 7
167.94.138.178 - 7
167.94.138.180 - 7
167.94.138.207 - 7
167.94.145.103 - 7
167.94.145.107 - 7
167.94.145.108 - 7
167.94.145.110 - 7
167.94.146.51 - 7
167.94.146.55 - 7
167.94.146.58 - 7
168.167.228.74 - 7
170.64.166.123 - 7
171.220.241.201 - 7
171.243.149.84 dynamic-adsl.viettel.vn 7
171.244.37.96 - 7
173.24.234.197 173-24-234-197.client.mchsi.com 7
175.107.32.186 - 7
176.32.195.85 - 7
179.33.186.151 - 7
179.43.176.236 - 7
181.49.50.6 - 7
182.71.214.50 nsg-static-050.214.71.182.airtel.in 7
185.141.132.26 - 7
185.156.73.233 - 7
185.165.191.26 purple.census.shodan.io 7
185.180.143.144 sh-ams-nl-gp5-wk102a.internet-census.org 7
185.213.165.65 static.65.165.213.185.clients.irandns.com 7
185.213.175.140 - 7
186.96.151.198 fixed-186-96-151-198.totalplay.net 7
186.118.142.216 - 7
187.16.96.250 mvx-187-16-96-250.mundivox.com 7
187.107.88.97 bb6b5861.virtua.com.br 7
187.210.77.100 customer-187-210-77-100.uninet-ide.com.mx 7
188.166.247.75 - 7
189.8.108.156 156.108.8.189.redel.com.br 7
189.165.16.201 dsl-189-165-16-201-dyn.prod-infinitum.com.mx 7
190.12.102.58 static.58.102.12.190.cps.com.ar 7
190.104.25.221 LPZ-190-104-25-00221.tigo.bo 7
190.202.130.61 190-202-130-61.chc-00.rai.cantv.net 7
192.227.247.116 192-227-247-116-host.colocrossing.com 7
193.32.162.151 - 7
193.70.87.152 152.ip-193-70-87.eu 7
193.254.3.18 - 7
194.0.234.93 - 7
194.190.153.226 ib.systems 7
195.178.110.224 - 7
196.251.69.57 - 7
196.251.87.42 - 7
197.5.145.8 - 7
197.5.145.73 - 7
197.5.145.102 - 7
197.153.57.103 - 7
197.220.93.115 - 7
197.220.93.117 - 7
200.69.236.207 seldon.tecnologica.com.ar 7
200.129.17.192 - 7
200.196.50.91 mvx-200-196-50-91.mundivox.com 7
201.76.120.30 30.120.76.201.in-addr.arpa.verointernet.com.br 7
202.51.214.99 - 7
202.157.176.165 vps.tokodagingnusantara.com 7
203.150.107.244 244.107.150.203.sta.inet.co.th 7
204.76.203.28 hosted-by.pfcloud.io 7
206.123.145.35 - 7
206.168.34.91 unused-space.coop.net 7
206.168.34.124 unused-space.coop.net 7
209.141.41.212 - 7
211.20.14.156 211-20-14-156.hinet-ip.hinet.net 7
212.83.130.207 212-83-130-207.rev.poneytelecom.eu 7
212.233.136.201 212-233-136-201.optisprint.net 7
213.55.85.202 - 7
213.176.73.220 - 7
216.45.53.140 - 7
220.247.223.56 56.sta.idc-2.slt.lk 7
221.156.126.1 - 7

About

Daily feed of bad IPs (with blacklist hit scores)

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published