IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with ipset, you can do the following:
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
| IP | DNS lookup | Number of (black)lists |
|---|---|---|
| 218.92.0.218 | - | 10 |
| 218.92.0.222 | - | 10 |
| 218.92.0.226 | - | 10 |
| 218.92.0.235 | - | 10 |
| 218.92.0.236 | - | 10 |
| 183.162.197.57 | - | 9 |
| 218.92.0.111 | - | 9 |
| 218.92.0.198 | - | 9 |
| 218.92.0.216 | - | 9 |
| 218.92.0.217 | - | 9 |
| 218.92.0.219 | - | 9 |
| 218.92.0.220 | - | 9 |
| 218.92.0.221 | - | 9 |
| 218.92.0.223 | - | 9 |
| 218.92.0.225 | - | 9 |
| 218.92.0.227 | - | 9 |
| 218.92.0.228 | - | 9 |
| 218.92.0.229 | - | 9 |
| 218.92.0.230 | - | 9 |
| 218.92.0.231 | - | 9 |
| 218.92.0.232 | - | 9 |
| 218.92.0.233 | - | 9 |
| 218.92.0.237 | - | 9 |
| 103.197.184.12 | - | 8 |
| 103.197.184.219 | - | 8 |
| 134.209.120.69 | - | 8 |
| 160.19.78.241 | - | 8 |
| 160.19.79.72 | - | 8 |
| 160.19.79.239 | - | 8 |
| 160.191.52.76 | - | 8 |
| 160.191.52.84 | - | 8 |
| 180.178.94.73 | - | 8 |
| 193.32.162.89 | - | 8 |
| 196.251.70.234 | - | 8 |
| 196.251.85.62 | - | 8 |
| 196.251.87.45 | - | 8 |
| 218.92.0.103 | - | 8 |
| 47.74.40.171 | - | 8 |
| 45.148.10.67 | - | 7 |
| 80.94.95.115 | - | 7 |
| 80.94.95.116 | - | 7 |
| 88.214.48.10 | - | 7 |
| 88.214.48.11 | - | 7 |
| 92.118.39.57 | - | 7 |
| 92.118.39.61 | - | 7 |
| 92.118.39.65 | - | 7 |
| 92.118.39.90 | - | 7 |
| 92.118.39.97 | - | 7 |
| 103.70.114.33 | - | 7 |
| 103.70.115.15 | - | 7 |
| 159.89.36.105 | - | 7 |
| 160.19.78.242 | - | 7 |
| 160.19.78.247 | - | 7 |
| 160.191.52.73 | - | 7 |
| 160.191.52.81 | - | 7 |
| 167.94.146.53 | - | 7 |
| 193.32.162.84 | - | 7 |
| 194.0.234.16 | - | 7 |
| 194.0.234.19 | - | 7 |
| 195.178.110.26 | - | 7 |
| 196.251.69.43 | - | 7 |
| 196.251.69.116 | - | 7 |
| 196.251.83.136 | undefined.hostname.localhost | 7 |
| 196.251.85.34 | - | 7 |
| 196.251.87.35 | - | 7 |
| 196.251.87.42 | - | 7 |
| 196.251.87.74 | - | 7 |
| 218.92.0.112 | - | 7 |
| 139.162.173.209 | dev05.academyforinternetresearch.org | 7 |
| 139.162.186.99 | 139-162-186-99.ip.linodeusercontent.com | 7 |
| 160.191.89.4 | - | 7 |
| 213.55.85.202 | - | 7 |