IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 68.69.186.182 | - | 11 |
| 148.178.22.92 | - | 11 |
| 176.65.149.231 | hosted-by.pfcloud.io | 11 |
| 179.43.189.98 | hostedby.privatelayer.com | 11 |
| 81.181.129.172 | - | 10 |
| 148.178.22.9 | - | 10 |
| 148.178.22.13 | - | 10 |
| 148.178.22.14 | - | 10 |
| 148.178.22.17 | - | 10 |
| 148.178.22.20 | - | 10 |
| 148.178.22.25 | - | 10 |
| 148.178.22.26 | - | 10 |
| 148.178.22.28 | - | 10 |
| 148.178.22.30 | - | 10 |
| 148.178.22.32 | - | 10 |
| 148.178.22.40 | - | 10 |
| 148.178.22.50 | - | 10 |
| 148.178.22.56 | - | 10 |
| 148.178.22.65 | - | 10 |
| 148.178.22.67 | - | 10 |
| 148.178.22.69 | - | 10 |
| 148.178.22.70 | - | 10 |
| 148.178.22.86 | - | 10 |
| 148.178.22.247 | - | 10 |
| 185.93.89.4 | - | 10 |
| 193.46.255.217 | hostingmailto131.statics.servermail.org | 10 |
| 80.94.93.119 | - | 9 |
| 80.94.93.233 | - | 9 |
| 93.174.95.106 | battery.census.shodan.io | 9 |
| 148.178.22.73 | - | 9 |
| 193.32.162.157 | - | 9 |
| 195.178.110.160 | - | 9 |
| 195.178.110.211 | - | 9 |
| 195.178.110.224 | - | 9 |
| 27.112.79.10 | ip27-112-79-10.cloudhost.web.id | 8 |
| 27.254.192.185 | - | 8 |
| 36.91.166.34 | - | 8 |
| 45.43.33.210 | colby.probe.onyphe.net | 8 |
| 45.148.10.240 | - | 8 |
| 60.199.224.2 | 60-199-224-2.static.tfn.net.tw | 8 |
| 66.240.192.138 | census8.shodan.io | 8 |
| 71.6.199.23 | einstein.census.shodan.io | 8 |
| 80.82.77.33 | sky.census.shodan.io | 8 |
| 80.82.77.139 | dojo.census.shodan.io | 8 |
| 80.82.77.202 | rnd.group-ib.com | 8 |
| 81.22.132.75 | - | 8 |
| 86.54.31.42 | green.census.shodan.io | 8 |
| 93.123.109.185 | - | 8 |
| 94.102.49.193 | cloud.census.shodan.io | 8 |
| 95.167.225.76 | - | 8 |
| 109.167.197.20 | 109-167-197-20.westcall.net | 8 |
| 111.119.233.20 | ecs-111-119-233-20.compute.hwclouds-dns.com | 8 |
| 136.228.161.66 | - | 8 |
| 139.59.226.77 | - | 8 |
| 148.178.22.18 | - | 8 |
| 162.142.125.114 | - | 8 |
| 162.142.125.120 | - | 8 |
| 162.142.125.127 | - | 8 |
| 162.142.125.200 | scanner-202.ch1.censys-scanner.com | 8 |
| 167.94.138.188 | - | 8 |
| 167.94.146.49 | - | 8 |
| 167.94.146.61 | - | 8 |
| 176.65.148.12 | hosted-by.pfcloud.io | 8 |
| 176.65.148.235 | hosted-by.pfcloud.io | 8 |
| 176.65.148.240 | hosted-by.pfcloud.io | 8 |
| 176.109.80.72 | - | 8 |
| 185.93.89.24 | - | 8 |
| 187.16.96.250 | mvx-187-16-96-250.mundivox.com | 8 |
| 193.32.162.146 | - | 8 |
| 195.178.110.133 | - | 8 |
| 210.91.73.167 | - | 8 |
| 211.20.14.156 | 211-20-14-156.hinet-ip.hinet.net | 8 |
| 211.253.10.96 | - | 8 |
| 217.113.49.161 | 161.49.113.217.static.v4yip.hu | 8 |
| 1.55.33.86 | - | 7 |
| 3.131.215.38 | ec2-3-131-215-38.us-east-2.compute.amazonaws.com | 7 |
| 3.143.33.63 | scan.cypex.ai | 7 |
| 5.101.64.6 | scan.f6 | 7 |
| 5.195.226.17 | - | 7 |
| 14.29.198.130 | - | 7 |
| 14.63.196.175 | - | 7 |
| 14.103.127.243 | - | 7 |
| 14.103.202.110 | - | 7 |
| 14.116.156.100 | - | 7 |
| 14.116.189.74 | - | 7 |
| 27.254.137.144 | - | 7 |
| 34.85.163.94 | 94.163.85.34.bc.googleusercontent.com | 7 |
| 34.92.62.225 | 225.62.92.34.bc.googleusercontent.com | 7 |
| 34.142.110.144 | 144.110.142.34.bc.googleusercontent.com | 7 |
| 35.233.7.110 | 110.7.233.35.bc.googleusercontent.com | 7 |
| 36.66.16.233 | - | 7 |
| 36.67.70.198 | sehati.tanjabtimkab.go.id | 7 |
| 36.93.144.66 | - | 7 |
| 38.58.174.2 | - | 7 |
| 39.129.9.180 | - | 7 |
| 41.223.40.78 | - | 7 |
| 42.96.18.76 | - | 7 |
| 45.78.192.81 | - | 7 |
| 45.78.196.179 | - | 7 |
| 45.94.31.18 | tor01-ams1.rdp.sh | 7 |
| 45.118.146.109 | - | 7 |
| 45.119.81.249 | - | 7 |
| 45.120.216.232 | - | 7 |
| 45.121.147.47 | - | 7 |
| 45.172.152.74 | - | 7 |
| 45.175.157.53 | - | 7 |
| 45.232.73.84 | - | 7 |
| 46.161.50.108 | scan.f6 | 7 |
| 47.180.114.229 | 47-180-114-229.944e76fe48b133ae6f88b784db937d44.ip.frontiernet.net | 7 |
| 47.236.76.100 | - | 7 |
| 50.6.193.137 | 50-6-193-137.unifiedlayer.com | 7 |
| 50.84.211.204 | syn-050-084-211-204.biz.spectrum.com | 7 |
| 51.158.120.121 | 121-120-158-51.instances.scw.cloud | 7 |
| 51.159.54.22 | 51-159-54-22.rev.poneytelecom.eu | 7 |
| 51.178.43.161 | prod1.masterit.fr | 7 |
| 58.222.244.226 | - | 7 |
| 64.227.174.243 | - | 7 |
| 65.49.1.38 | - | 7 |
| 65.49.1.66 | - | 7 |
| 65.181.112.148 | markledo.com | 7 |
| 71.6.135.131 | soda.census.shodan.io | 7 |
| 71.6.146.130 | refrigerator.census.shodan.io | 7 |
| 71.6.158.166 | ninja.census.shodan.io | 7 |
| 71.6.165.200 | census12.shodan.io | 7 |
| 71.6.232.26 | - | 7 |
| 77.82.90.210 | - | 7 |
| 78.128.112.74 | ip-112-74.4vendeta.com | 7 |
| 79.13.33.136 | host-79-13-33-136.retail.telecomitalia.it | 7 |
| 79.106.73.114 | - | 7 |
| 80.94.95.15 | - | 7 |
| 80.94.95.112 | - | 7 |
| 80.191.247.45 | - | 7 |
| 81.30.107.110 | - | 7 |
| 81.192.87.130 | adsl-130-87-192-81.adsl2.iam.net.ma | 7 |
| 81.211.72.167 | - | 7 |
| 82.199.197.245 | host-245.197.199.82.ucom.am | 7 |
| 87.248.226.146 | 87.248.226.146.pool.sknt.ru | 7 |
| 88.147.30.59 | 88-147-30-59.static.eolo.it | 7 |
| 89.97.218.142 | 89-97-218-142.ip19.fastwebnet.it | 7 |
| 89.248.167.131 | mason.census.shodan.io | 7 |
| 89.248.172.16 | house.census.shodan.io | 7 |
| 91.205.219.185 | - | 7 |
| 92.27.101.99 | host-92-27-101-99.static.as13285.net | 7 |
| 92.118.228.249 | - | 7 |
| 93.123.109.181 | - | 7 |
| 94.182.107.27 | 94-182-107-27.shatel.ir | 7 |
| 94.254.0.234 | h-94-254-0-234.na.cust.bahnhof.se | 7 |
| 95.58.255.251 | 95.58.255.251.static.telecom.kz | 7 |
| 95.85.114.218 | - | 7 |
| 96.78.175.36 | - | 7 |
| 101.36.231.233 | - | 7 |
| 101.126.91.34 | - | 7 |
| 101.226.180.6 | - | 7 |
| 102.88.137.213 | - | 7 |
| 103.30.74.222 | - | 7 |
| 103.49.238.104 | ip103-49-238-104.cloudhost.web.id | 7 |
| 103.77.215.153 | - | 7 |
| 103.100.209.26 | - | 7 |
| 103.114.146.178 | - | 7 |
| 103.145.145.75 | - | 7 |
| 103.153.190.121 | - | 7 |
| 103.153.191.173 | - | 7 |
| 103.172.112.192 | - | 7 |
| 103.172.204.220 | ip103-172-204-220.cloudhost.web.id | 7 |
| 103.182.234.218 | 218.234.182.103.ipt.iforte.net.id | 7 |
| 103.189.234.253 | ip103-189-234-253.cloudhost.web.id | 7 |
| 103.237.144.204 | - | 7 |
| 103.249.112.25 | 103-249-112-25.ip4.servercluster.net | 7 |
| 104.168.58.11 | 104-168-58-11-host.colocrossing.com | 7 |
| 104.248.81.123 | - | 7 |
| 107.150.110.167 | furtvey.cn | 7 |
| 107.170.228.16 | wfinancial20230805-s-1vcpu-2gb-sfo1-01-ubuntu-16.04 | 7 |
| 107.174.2.136 | 107-174-2-136-host.colocrossing.com | 7 |
| 111.30.42.43 | - | 7 |
| 112.196.70.142 | - | 7 |
| 113.95.133.161 | - | 7 |
| 113.196.185.120 | 113.196.185.120.ll.static.sparqnet.net | 7 |
| 117.6.44.221 | - | 7 |
| 117.50.51.198 | - | 7 |
| 117.50.165.23 | - | 7 |
| 118.122.147.195 | - | 7 |
| 118.128.237.197 | - | 7 |
| 119.18.55.118 | 119-18-55-118.webhostbox.net | 7 |
| 121.52.147.5 | upesh.edu.pk | 7 |
| 121.201.125.75 | 121.201.125.75 | 7 |
| 122.155.0.205 | www.phatan.go.th | 7 |
| 122.168.194.41 | abts-mp-static-041.194.168.122.airtelbroadband.in | 7 |
| 123.253.162.254 | undefined.hostname.localhost | 7 |
| 128.199.24.112 | - | 7 |
| 128.199.113.218 | - | 7 |
| 128.199.148.185 | - | 7 |
| 128.199.157.145 | - | 7 |
| 128.199.168.119 | - | 7 |
| 136.232.98.230 | - | 7 |
| 138.204.127.54 | - | 7 |
| 139.59.14.27 | - | 7 |
| 139.59.21.124 | - | 7 |
| 139.59.64.179 | - | 7 |
| 139.59.188.13 | - | 7 |
| 139.150.69.56 | - | 7 |
| 142.93.116.14 | - | 7 |
| 142.171.17.100 | host-23-234-209-228-by.multacom.com | 7 |
| 143.110.205.196 | - | 7 |
| 143.110.237.160 | - | 7 |
| 144.172.83.37 | - | 7 |
| 146.185.182.65 | bettrade.stage.pg-1 | 7 |
| 147.182.226.162 | - | 7 |
| 148.178.22.48 | - | 7 |
| 150.136.129.10 | - | 7 |
| 150.138.115.76 | - | 7 |
| 154.83.12.242 | - | 7 |
| 154.86.0.35 | - | 7 |
| 154.210.129.37 | - | 7 |
| 154.210.129.206 | - | 7 |
| 157.10.160.97 | ip157-10-160-97.cloudhost.web.id | 7 |
| 157.10.252.109 | ip157-10-252-109.cloudhost.web.id | 7 |
| 157.230.211.56 | - | 7 |
| 159.65.146.196 | - | 7 |
| 161.49.89.39 | 161.49.89.39.convergeict.com | 7 |
| 162.142.125.33 | scanner-201.ch1.censys-scanner.com | 7 |
| 162.142.125.35 | scanner-201.ch1.censys-scanner.com | 7 |
| 162.142.125.112 | - | 7 |
| 162.142.125.116 | - | 7 |
| 162.142.125.117 | - | 7 |
| 162.142.125.119 | - | 7 |
| 162.142.125.121 | - | 7 |
| 162.142.125.122 | - | 7 |
| 162.142.125.124 | - | 7 |
| 162.142.125.198 | scanner-202.ch1.censys-scanner.com | 7 |
| 162.142.125.203 | scanner-202.ch1.censys-scanner.com | 7 |
| 162.142.125.205 | scanner-202.ch1.censys-scanner.com | 7 |
| 162.142.125.208 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.212 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.213 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.217 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.219 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.220 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.221 | scanner-207.ch1.censys-scanner.com | 7 |
| 162.142.125.223 | scanner-207.ch1.censys-scanner.com | 7 |
| 167.94.138.34 | scanner-06.ch1.censys-scanner.com | 7 |
| 167.94.138.181 | - | 7 |
| 167.94.138.189 | - | 7 |
| 167.94.138.201 | - | 7 |
| 167.94.145.99 | - | 7 |
| 167.94.145.108 | - | 7 |
| 167.94.146.50 | - | 7 |
| 167.94.146.51 | - | 7 |
| 167.94.146.56 | - | 7 |
| 167.94.146.57 | - | 7 |
| 167.94.146.58 | - | 7 |
| 167.172.153.88 | - | 7 |
| 168.167.228.123 | - | 7 |
| 175.107.32.186 | - | 7 |
| 175.204.200.36 | - | 7 |
| 176.32.195.85 | - | 7 |
| 176.213.141.182 | 176x213x141x182.dynamic.rostov.ertelecom.ru | 7 |
| 177.85.247.230 | - | 7 |
| 177.229.197.38 | customer-MCA-TGZ-197-38.megared.net.mx | 7 |
| 181.49.50.6 | - | 7 |
| 181.56.255.137 | static-ip-18156255137.cable.net.co | 7 |
| 181.188.176.250 | LPZ-181-188-176-00250.tigo.bo | 7 |
| 182.43.235.218 | - | 7 |
| 182.253.238.218 | - | 7 |
| 183.82.126.193 | 183.82.126.193.actcorp.in | 7 |
| 183.110.116.126 | - | 7 |
| 185.165.191.27 | red.census.shodan.io | 7 |
| 186.96.145.241 | fixed-186-96-145-241.totalplay.net | 7 |
| 186.96.151.198 | fixed-186-96-151-198.totalplay.net | 7 |
| 186.118.142.216 | - | 7 |
| 187.45.100.0 | - | 7 |
| 187.51.208.158 | 187-51-208-158.customer.tdatabrasil.net.br | 7 |
| 187.110.238.50 | 187.110.238.50.mobtelecom.com.br | 7 |
| 188.17.148.221 | - | 7 |
| 188.166.169.185 | - | 7 |
| 189.7.17.61 | bd07113d.virtua.com.br | 7 |
| 190.12.108.68 | static.68.108.12.190.cps.com.ar | 7 |
| 190.244.25.245 | 245-25-244-190.fibertel.com.ar | 7 |
| 192.210.233.234 | fina.myregserver.top | 7 |
| 193.24.211.3 | Support.mIRC-Scripters.eXplotom.Net | 7 |
| 193.32.162.145 | - | 7 |
| 193.70.87.152 | 152.ip-193-70-87.eu | 7 |
| 194.113.236.217 | - | 7 |
| 195.85.207.112 | mail.incatravel.net | 7 |
| 196.251.69.18 | - | 7 |
| 196.251.70.221 | - | 7 |
| 196.251.81.116 | undefined.hostname.localhost | 7 |
| 196.251.86.249 | - | 7 |
| 196.251.115.108 | - | 7 |
| 196.251.116.16 | - | 7 |
| 197.5.145.121 | - | 7 |
| 197.153.57.103 | - | 7 |
| 197.156.85.73 | - | 7 |
| 198.12.114.232 | 198-12-114-232-host.colocrossing.com | 7 |
| 198.46.207.98 | 198-46-207-98-host.colocrossing.com | 7 |
| 199.45.154.116 | scanner-201.hk2.censys-scanner.com | 7 |
| 199.45.155.92 | scanner-204.hk2.censys-scanner.com | 7 |
| 199.45.155.106 | scanner-206.hk2.censys-scanner.com | 7 |
| 200.73.135.75 | 75.135.73.200.cab.prima.net.ar | 7 |
| 200.118.99.170 | dynamic-ip-cr20011899170.cable.net.co | 7 |
| 200.130.15.176 | - | 7 |
| 201.17.133.138 | c911858a.virtua.com.br | 7 |
| 201.131.212.19 | - | 7 |
| 201.249.204.129 | 201-249-204-129.chc-00.rai.cantv.net | 7 |
| 202.103.55.158 | - | 7 |
| 203.23.199.85 | - | 7 |
| 203.69.224.47 | 203-69-224-47.hinet-ip.hinet.net | 7 |
| 203.145.34.114 | ip203-145-34-114.cloudhost.web.id | 7 |
| 203.145.34.222 | ip203-145-34-222.cloudhost.web.id | 7 |
| 206.42.56.228 | 206-42-56-228-tmp.static.brisanet.net.br | 7 |
| 206.123.145.35 | - | 7 |
| 206.168.34.75 | unused-space.coop.net | 7 |
| 206.189.97.6 | - | 7 |
| 209.38.228.147 | core1.bbe.masterit-dev.cloud | 7 |
| 211.253.9.49 | - | 7 |
| 212.25.35.66 | ip66.ru-se.com | 7 |
| 216.126.238.175 | node1.9mailwest00.net | 7 |
| 216.172.190.206 | col.colettelounge.com | 7 |
| 220.247.223.56 | 56.sta.idc-2.slt.lk | 7 |
| 221.161.235.168 | - | 7 |
| 222.172.32.246 | - | 7 |