https://github.com/stamparm/ipsum
Daily feed of bad IPs (with blacklist hit scores)
https://github.com/stamparm/ipsum
blacklist ipset iptables security threats
Last synced: 20 days ago
JSON representation
Daily feed of bad IPs (with blacklist hit scores)
- Host: GitHub
- URL: https://github.com/stamparm/ipsum
- Owner: stamparm
- License: unlicense
- Created: 2016-01-27T14:11:13.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2024-04-17T01:23:35.000Z (12 months ago)
- Last Synced: 2024-04-17T14:17:22.551Z (12 months ago)
- Topics: blacklist, ipset, iptables, security, threats
- Homepage:
- Size: 4.92 MB
- Stars: 1,299
- Watchers: 63
- Forks: 129
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-security-collection - **335**星
- awesome-hacking-lists - stamparm/ipsum - Daily feed of bad IPs (with blacklist hit scores) (Others)
README
[](https://unlicense.org/)
About
----
**IPsum** is a threat intelligence feed based on 30+ different publicly available [lists](https://github.com/stamparm/maltrail) of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.
As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:
```
curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1
```
If you want to try it with `ipset`, you can do the following:
```
sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
```
In directory [levels](levels) you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. [levels/3.txt](levels/3.txt) holds IP addresses that can be found on 3 or more blacklists).
Wall of Shame (2025-03-26)
----
|IP|DNS lookup|Number of (black)lists|
|---|---|--:|
134.209.120.69|-|8
194.0.234.36|-|8
218.92.0.103|-|8
218.92.0.223|-|8
218.92.0.227|-|8
218.92.0.235|-|8
185.213.173.44|-|8
93.174.95.106|battery.census.shodan.io|7
45.148.10.131|-|7
92.255.85.188|-|7
103.197.184.162|-|7
111.67.196.52|-|7
194.0.234.35|-|7
195.178.110.31|-|7
195.178.110.207|-|7
196.251.66.71|-|7
218.92.0.111|-|7
218.92.0.112|-|7
218.92.0.198|-|7
218.92.0.216|-|7
218.92.0.217|-|7
218.92.0.218|-|7
218.92.0.219|-|7
218.92.0.220|-|7
218.92.0.221|-|7
218.92.0.222|-|7
218.92.0.225|-|7
218.92.0.226|-|7
218.92.0.228|-|7
218.92.0.229|-|7
218.92.0.230|-|7
218.92.0.231|-|7
218.92.0.232|-|7
218.92.0.233|-|7
218.92.0.236|-|7
218.92.0.237|-|7
185.213.173.51|-|7
81.181.129.243|-|7