Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stamparm/ipsum
Daily feed of bad IPs (with blacklist hit scores)
https://github.com/stamparm/ipsum
blacklist ipset iptables security threats
Last synced: 8 days ago
JSON representation
Daily feed of bad IPs (with blacklist hit scores)
- Host: GitHub
- URL: https://github.com/stamparm/ipsum
- Owner: stamparm
- License: unlicense
- Created: 2016-01-27T14:11:13.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2024-04-17T01:23:35.000Z (8 months ago)
- Last Synced: 2024-04-17T14:17:22.551Z (8 months ago)
- Topics: blacklist, ipset, iptables, security, threats
- Homepage:
- Size: 4.92 MB
- Stars: 1,299
- Watchers: 63
- Forks: 129
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-security-collection - **335**星
- awesome-hacking-lists - stamparm/ipsum - Daily feed of bad IPs (with blacklist hit scores) (Others)
README
[](https://unlicense.org/)
About
----
**IPsum** is a threat intelligence feed based on 30+ different publicly available [lists](https://github.com/stamparm/maltrail) of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
```
curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
```
If you want to try it with `ipset`, you can do the following:
```
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
```
In directory [levels](levels) you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. [levels/3.txt](levels/3.txt) holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2024-12-03)
----
|IP|DNS lookup|Number of (black)lists|
|---|---|--:|
218.92.0.216|-|9
218.92.0.231|-|9
218.92.0.235|-|9
218.92.0.237|-|9
37.44.238.68|ssd5-5196.9995|8
45.148.10.203|-|8
148.153.158.114|-|8
202.95.12.147|-|8
218.92.0.111|-|8
218.92.0.114|-|8
218.92.0.198|-|8
218.92.0.217|-|8
218.92.0.218|-|8
218.92.0.219|-|8
218.92.0.220|-|8
218.92.0.221|-|8
218.92.0.222|-|8
218.92.0.223|-|8
218.92.0.225|-|8
218.92.0.226|-|8
218.92.0.227|-|8
218.92.0.228|-|8
218.92.0.229|-|8
218.92.0.230|-|8
218.92.0.232|-|8
218.92.0.233|-|8
218.92.0.236|-|8
195.178.110.6|-|8
203.81.86.34|-|8
82.200.65.218|gw-bell-xen.ll-nsk.zsttk.ru|7
2.57.122.32|-|7
45.148.10.46|-|7
141.98.10.198|1rja.talonted.eu.com|7
157.230.83.38|-|7
167.94.145.102|-|7
167.99.157.155|-|7
14.103.165.154|-|7
191.96.245.223|-|7
195.178.110.34|-|7
213.55.85.202|-|7
36.138.238.230|-|7
80.158.60.94|ecs-80-158-60-94.reverse.open-telekom-cloud.com|7
94.159.104.177|yvk.ua|7