mirror/stamparm.ipsum
1
0
Fork 0
mirror of https://github.com/stamparm/ipsum.git synced 2026-01-31 23:44:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Daily feed of bad IPs (with blacklist hit scores) IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
1 commit 1 branch 0 tags 449 MiB
Find a file
Exact
Miroslav Stampar 1fc3fcd10f Automatic update
2026-01-31 03:05:19 +01:00
levels Automatic update 2026-01-31 03:05:19 +01:00
ipsum.txt Automatic update 2026-01-31 03:05:19 +01:00
LICENSE Automatic update 2026-01-31 03:05:19 +01:00
README.md Automatic update 2026-01-31 03:05:19 +01:00

README.md

Logo

License

About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (every 24 hours) basis and the final result is pushed to this repository. The feed contains IP addresses plus an occurrence count (how many source lists each IP appears on). Higher counts generally mean higher confidence and fewer false positives when blocking inbound traffic. Also, list is sorted by occurrence count (highest to lowest).

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl -fsSL https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "^#" | grep -Ev '[[:space:]]([12])$' | cut -f 1

If you want to try it with ipset, you can do the following:

sudo -i
apt-get update && apt-get install -y iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -Ev '[[:space:]]([12])$' | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2026-01-31)

IP DNS lookup Number of (black)lists
80.82.77.33 sky.census.shodan.io 10
213.209.159.158 - 10
45.227.254.170 - 9
80.94.92.171 - 9
82.165.66.87 ip82-165-66-87.pbiaas.com 9
92.118.39.56 - 9
92.118.39.72 - 9
92.118.39.76 - 9
93.174.95.106 battery.census.shodan.io 9
103.232.121.71 nick8472839 9
162.142.125.201 201.125.142.162.censys-scanner.com 9
2.57.121.25 hosting25.tronicsat.com 8
2.57.121.112 dns112.personaliseplus.com 8
2.57.122.238 - 8
14.63.217.28 - 8
36.91.166.34 - 8
45.120.216.232 - 8
45.148.10.121 - 8
45.148.10.141 - 8
45.148.10.151 - 8
45.148.10.157 - 8
61.245.11.87 - 8
66.132.153.131 131.153.132.66.censys-scanner.com 8
68.233.116.124 - 8
71.6.135.131 soda.census.shodan.io 8
80.94.92.184 - 8
85.111.68.98 85.111.68.98.dynamic.ttnet.com.tr 8
91.224.92.54 ascrl6.writeresaychooseboltsnow.com 8
91.224.92.78 srv-91-224-92-78.serveroffer.net 8
91.224.92.108 srv-91-224-92-108.serveroffer.net 8
94.74.70.65 ecs-94-74-70-65.compute.hwclouds-dns.com 8
101.36.104.242 - 8
101.36.107.228 - 8
117.1.28.49 - 8
140.83.84.95 - 8
144.31.249.128 - 8
147.135.76.204 - 8
149.62.187.236 149.62.187.236.hostvps.it 8
152.228.131.33 vps-a34f1667.vps.ovh.net 8
162.142.125.116 116.125.142.162.censys-scanner.com 8
162.142.125.117 117.125.142.162.censys-scanner.com 8
162.142.125.196 196.125.142.162.censys-scanner.com 8
162.142.125.222 222.125.142.162.censys-scanner.com 8
182.253.79.195 - 8
199.45.155.69 69.155.45.199.censys-scanner.com 8
206.168.34.53 53.34.168.206.censys-scanner.com 8
206.168.34.59 59.34.168.206.censys-scanner.com 8
206.168.34.112 112.34.168.206.censys-scanner.com 8
206.168.34.199 199.34.168.206.censys-scanner.com 8
206.168.34.214 214.34.168.206.censys-scanner.com 8
213.209.159.159 - 8
220.247.224.226 - 8
1.55.33.86 - 7
2.57.122.210 - 7
3.130.96.91 scan.cypex.ai 7
3.134.148.59 scan.cypex.ai 7
3.149.59.26 scan.cypex.ai 7
5.187.97.40 - 7
5.253.59.74 138544.ip-ptr.tech 7
27.79.2.106 localhost 7
36.64.68.99 - 7
37.120.213.13 - 7
43.252.231.122 - 7
45.9.168.192 - 7
45.43.37.254 - 7
45.78.221.89 - 7
45.78.235.71 - 7
45.79.128.205 lisbon.scan.bufferover.run 7
45.79.181.94 luxembourg.scan.bufferover.run 7
45.91.64.6 - 7
45.148.10.147 - 7
45.148.10.152 - 7
45.207.201.221 - 7
47.90.209.221 - 7
51.77.194.132 ggeneve.fr 7
60.199.224.2 60-199-224-2.static.tfn.net.tw 7
61.190.114.203 - 7
62.133.62.102 143005.ip-ptr.tech 7
64.62.156.192 - 7
64.62.197.92 - 7
64.227.174.243 - 7
65.49.1.24 - 7
66.240.219.146 burger.census.shodan.io 7
70.54.182.130 ipagstaticip-0e05dd42-0a3b-c881-e51c-fdd5f9e43762.sdsl.bell.ca 7
71.6.158.166 ninja.census.shodan.io 7
71.6.199.23 einstein.census.shodan.io 7
80.82.77.139 dojo.census.shodan.io 7
81.192.46.45 adsl-45-46-192-81.adsl.iam.net.ma 7
86.54.31.34 wine.census.shodan.io 7
86.54.31.40 blue.census.shodan.io 7
86.54.31.42 green.census.shodan.io 7
87.248.237.138 87.248.237.138.pool.sknt.ru 7
89.248.167.131 mason.census.shodan.io 7
91.224.92.190 srv-91-224-92-190.serveroffer.net 7
91.239.148.70 - 7
92.27.101.99 host-92-27-101-99.static.as13285.net 7
94.102.49.193 cloud.census.shodan.io 7
103.27.60.83 103.27.60.83.vhost.vn 7
103.40.61.98 - 7
103.49.238.104 ip103-49-238-104.cloudhost.web.id 7
103.59.163.133 - 7
103.113.105.228 - 7
103.148.100.146 - 7
103.165.139.145 145.139.165.103.net.iforte.net.id 7
103.179.56.51 ip103-179-56-51.cloudhost.web.id 7
103.181.143.73 - 7
103.187.165.26 - 7
103.236.95.173 - 7
105.28.108.165 - 7
114.10.47.96 - 7
118.70.178.158 - 7
119.203.251.187 - 7
123.58.196.49 - 7
123.233.245.135 - 7
125.21.59.218 - 7
134.65.30.157 - 7
138.204.127.54 - 7
144.217.13.134 vps-2cf81da8.vps.ovh.ca 7
151.80.118.222 222.ip-151-80-118.eu 7
152.32.188.177 quudquu.cn 7
152.53.184.147 v2202511309730395704.goodsrv.de 7
158.178.141.16 - 7
162.142.125.34 34.125.142.162.censys-scanner.com 7
162.142.125.37 37.125.142.162.censys-scanner.com 7
162.142.125.47 47.125.142.162.censys-scanner.com 7
162.142.125.112 112.125.142.162.censys-scanner.com 7
162.142.125.113 113.125.142.162.censys-scanner.com 7
162.142.125.115 115.125.142.162.censys-scanner.com 7
162.142.125.118 118.125.142.162.censys-scanner.com 7
162.142.125.123 123.125.142.162.censys-scanner.com 7
162.142.125.127 127.125.142.162.censys-scanner.com 7
162.142.125.193 193.125.142.162.censys-scanner.com 7
162.142.125.202 202.125.142.162.censys-scanner.com 7
162.142.125.203 203.125.142.162.censys-scanner.com 7
162.142.125.208 208.125.142.162.censys-scanner.com 7
162.142.125.209 209.125.142.162.censys-scanner.com 7
162.142.125.211 211.125.142.162.censys-scanner.com 7
162.142.125.213 213.125.142.162.censys-scanner.com 7
162.142.125.216 216.125.142.162.censys-scanner.com 7
162.142.125.221 221.125.142.162.censys-scanner.com 7
165.90.27.250 - 7
167.94.138.38 38.138.94.167.censys-scanner.com 7
167.94.138.117 117.138.94.167.censys-scanner.com 7
167.94.138.124 124.138.94.167.censys-scanner.com 7
167.94.138.176 176.138.94.167.censys-scanner.com 7
167.94.138.187 187.138.94.167.censys-scanner.com 7
167.94.138.191 191.138.94.167.censys-scanner.com 7
167.94.146.50 50.146.94.167.censys-scanner.com 7
167.94.146.54 54.146.94.167.censys-scanner.com 7
167.94.146.57 57.146.94.167.censys-scanner.com 7
167.94.146.61 61.146.94.167.censys-scanner.com 7
168.167.228.74 - 7
171.104.143.176 - 7
172.104.11.51 venice.scan.bufferover.run 7
172.235.40.131 172-235-40-131.ip.linodeusercontent.com 7
172.236.228.111 172-236-228-111.ip.linodeusercontent.com 7
172.236.228.115 172-236-228-115.ip.linodeusercontent.com 7
172.236.228.202 172-236-228-202.ip.linodeusercontent.com 7
176.65.139.8 - 7
177.70.2.220 none.underplatform.com 7
179.33.186.151 - 7
180.100.217.164 - 7
187.16.96.250 mvx-187-16-96-250.mundivox.com 7
190.181.4.12 static-190-181-4-12.acelerate.net 7
192.109.200.225 flowingwall.ptr.network 7
193.32.162.145 - 7
194.146.42.105 mc-5.hoster.kz 7
195.40.154.8 - 7
195.178.110.15 - 7
197.5.145.73 - 7
199.45.154.114 114.154.45.199.censys-scanner.com 7
200.46.125.168 zolicol.gob.pa 7
202.51.214.99 - 7
202.70.78.237 - 7
206.168.34.40 40.34.168.206.censys-scanner.com 7
206.168.34.41 41.34.168.206.censys-scanner.com 7
206.168.34.42 42.34.168.206.censys-scanner.com 7
206.168.34.47 47.34.168.206.censys-scanner.com 7
206.168.34.54 54.34.168.206.censys-scanner.com 7
206.168.34.57 57.34.168.206.censys-scanner.com 7
206.168.34.58 58.34.168.206.censys-scanner.com 7
206.168.34.114 114.34.168.206.censys-scanner.com 7
206.168.34.121 121.34.168.206.censys-scanner.com 7
206.168.34.122 122.34.168.206.censys-scanner.com 7
206.168.34.125 125.34.168.206.censys-scanner.com 7
206.168.34.211 211.34.168.206.censys-scanner.com 7
206.168.34.217 217.34.168.206.censys-scanner.com 7
206.168.34.218 218.34.168.206.censys-scanner.com 7
206.168.34.220 220.34.168.206.censys-scanner.com 7
206.168.34.222 222.34.168.206.censys-scanner.com 7
210.79.142.221 - 7
211.219.22.213 - 7
212.233.136.201 212-233-136-201.optisprint.net 7
213.55.85.204 - 7
216.108.237.50 lasvegas-nv-datacenter.serverpoint.com 7
217.154.69.208 - 7
220.80.223.144 - 7
220.247.223.56 56.sta.idc-2.slt.lk 7