Daily feed of bad IPs (with blacklist hit scores)
Available items
No Items, yet!
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
About
IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
If you want to try it with
ipset, you can do the following:
sudo su apt-get -qq install iptables ipset ipset -q flush ipsum ipset -q create ipsum hash:net for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done iptables -I INPUT -m set --match-set ipsum src -j DROP
In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).
Wall of shame (2020-09-28)
|IP|DNS lookup|Number of (black)lists| |---|---|--:| 185.220.101.16|-|10 171.25.193.78|tor-exit4-readme.dfri.se|10 176.10.104.240|tor1e1.digitale-gesellschaft.ch|9 192.42.116.13|this-is-a-tor-exit-node-hviv113.hviv.nl|9 107.189.10.174|-|9 35.0.127.52|tor-exit.eecs.umich.edu|9 192.42.116.24|this-is-a-tor-exit-node-hviv124.hviv.nl|9 51.15.43.205|tor4thepeople3.torexitnode.net|9 171.25.193.20|tor-exit0-readme.dfri.se|9 64.113.32.29|tor.t-3.net|9 188.214.104.146|api.squired.ro|8 54.38.81.231|ns31251136.ip-54-38-81.eu|8 162.247.74.74|wiebe.tor-exit.calyxinstitute.org|8 217.182.192.217|ns3073700.ip-217-182-192.eu|8 104.244.75.53|-|8 217.170.205.14|tor-exit-5014.nortor.no|8 104.244.77.95|-|8 93.93.46.180|mwittig.data-expertise.com|8 51.77.135.89|ns31066279.ip-51-77-135.eu|8 162.247.74.7|korematsu.tor-exit.calyxinstitute.org|8 62.102.148.68|-|8 23.160.208.250|relay13f.tor.ian.sh|8 192.42.116.22|this-is-a-tor-exit-node-hviv122.hviv.nl|8 194.180.224.130|-|8 212.47.229.4|-|8 171.25.193.77|tor-exit1-readme.dfri.se|8 185.220.101.9|-|8 209.95.51.11|nyc-exit.privateinternetaccess.com|8 185.165.168.229|-|8 185.220.102.8|185-220-102-8.torservers.net|8 77.247.181.165|politkovskaja.torservers.net|8 51.77.210.201|vps-b390c992.vps.ovh.net|8 54.39.16.73|ns555166.ip-54-39-16.net|8 171.25.193.25|tor-exit5-readme.dfri.se|8 145.239.92.26|relay3.tor.ian.sh|8 51.83.129.84|relay15f.tor.ian.sh|8 51.75.52.118|ns3130898.ip-51-75-52.eu|8 51.195.148.18|relay2.tor.ian.sh|8 62.210.105.116|62-210-105-116.rev.poneytelecom.eu|8 51.79.53.134|134.ip-51-79-53.net|7 128.31.0.13|tor-exit.csail.mit.edu|7 198.251.89.136|tor-exit-05.nonanet.net|7 195.154.179.3|195-154-179-3.rev.poneytelecom.eu|7 185.220.102.248|tor-exit-relay-2.anonymizing-proxy.digitalcourage.de|7 142.44.246.156|156.ip-142-44-246.net|7 192.99.247.176|vps-5cd32e87.vps.ovh.ca|7 185.107.47.171|tor-exit.r2.darknet.dev|7 185.220.101.207|-|7 178.20.55.18|marcuse-2.nos-oignons.net|7 107.189.10.93|exit.tor.gg|7 89.144.12.17|-|7 162.247.72.199|jaffer.tor-exit.calyxinstitute.org|7 192.42.116.19|this-is-a-tor-exit-node-hviv119.hviv.nl|7 94.102.51.78|vps1.torrentflame.org|7 192.42.116.15|this-is-a-tor-exit-node-hviv115.hviv.nl|7 192.42.116.18|this-is-a-tor-exit-node-hviv118.hviv.nl|7 164.132.51.91|91.ip-164-132-51.eu|7 193.218.118.131|131.118.218.193.urdn.com.ua|7 185.220.101.216|-|7 51.178.52.245|tor-exit-node.neowutran.ovh|7 209.141.45.189|tor2.friendlyexitnode.com|7 185.32.222.168|-|7 185.220.101.133|-|7 51.83.139.55|ip55.ip-51-83-139.eu|7 51.83.139.56|ip56.ip-51-83-139.eu|7 162.247.74.213|snowden.tor-exit.calyxinstitute.org|7 193.228.91.105|-|7 51.83.69.84|welcome-europe.website|7 198.100.155.37|vps-8d15e72e.vps.ovh.ca|7 212.83.166.62|as12876.tor.shh.sh|7 185.67.82.114|tor-ou.effi.org|7 51.79.86.175|175.ip-51-79-86.net|7 217.170.206.192|-|7 51.75.144.43|ns3129517.ip-51-75-144.eu|7 104.244.76.13|tor-exit-node.spongebob.nicdex.com|7 144.217.60.239|ip239.ip-144-217-60.net|7 62.102.148.69|-|7 185.220.101.15|-|7 192.42.116.26|this-is-a-tor-exit-node-hviv126.hviv.nl|7 217.170.206.146|-|7 195.206.105.217|zrh-exit.privateinternetaccess.com|7 51.158.111.157|157-111-158-51.instances.scw.cloud|7 162.247.74.200|kiriakou.tor-exit.calyxinstitute.org|7 162.247.74.204|billsf.tor-exit.calyxinstitute.org|7 209.141.54.153||7 91.250.242.12|-|7 156.146.63.65|unn-156-146-63-65.cdn77.com|7 192.42.116.27|this-is-a-tor-exit-node-hviv127.hviv.nl|7 185.220.101.8|-|7 185.220.101.3|-|7 104.244.75.153|-|7 51.75.64.187|relay4.tor.ian.sh|7 185.32.222.169|-|7 185.32.222.167|-|7 198.251.89.198|tor-exit-09.nonanet.net|7 195.206.107.147|-|7 185.220.102.7|185-220-102-7.torservers.net|7 173.244.209.5|slc-exit.privateinternetaccess.com|7 107.189.10.101|-|7 185.220.103.8|mariellefranco.tor-exit.calyxinstitute.org|7 185.220.102.254|tor-exit-relay-8.anonymizing-proxy.digitalcourage.de|7 185.220.102.253|tor-exit-relay-7.anonymizing-proxy.digitalcourage.de|7 185.132.53.14|vps32.virtual4host.pt|7 104.244.74.169|-|7 45.129.56.200|-|7 216.239.90.19|tor-gateway.vif.com|7 212.21.66.6|tor-exit-4.all.de|7 95.128.43.164|exit-1.fr.tor.aquaray.com|7 149.202.238.204|204.238.202.149.fr-sbg.flexcloud.seflow.it|7 209.141.54.195|tor1.friendlyexitnode.com|7 23.160.208.249|relay13f.tor.ian.sh|7 185.220.102.250|tor-exit-relay-4.anonymizing-proxy.digitalcourage.de|7 185.220.101.205|-|7