About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2025-12-01)

IP	DNS lookup	Number of (black)lists
2.57.121.112	dns112.personaliseplus.com	10
80.82.77.33	sky.census.shodan.io	9
93.174.95.106	battery.census.shodan.io	9
178.62.201.8	-	9
2.57.121.25	hosting25.tronicsat.com	8
61.245.11.87	-	8
62.60.131.157	-	8
66.132.153.128	scanner-001.ch1.censys-scanner.com	8
71.6.135.131	soda.census.shodan.io	8
80.94.92.182	-	8
80.94.92.184	-	8
80.94.92.186	-	8
86.54.31.34	wine.census.shodan.io	8
89.35.130.146	-	8
106.75.239.166	-	8
150.241.115.127	-	8
162.142.125.115	-	8
162.142.125.122	-	8
162.142.125.205	scanner-202.ch1.censys-scanner.com	8
167.94.146.50	-	8
167.94.146.52	-	8
167.94.146.53	-	8
167.179.81.184	167.179.81.184.vultrusercontent.com	8
186.96.145.241	fixed-186-96-145-241.totalplay.net	8
193.46.255.103	hostingmailto005.statics.servermail.org	8
193.46.255.217	hostingmailto131.statics.servermail.org	8
196.188.63.85	-	8
198.98.53.110	-	8
206.168.34.61	unused-space.coop.net	8
206.168.34.113	unused-space.coop.net	8
220.80.223.144	-	8
1.55.33.86	-	7
3.130.96.91	scan.cypex.ai	7
3.131.215.38	ec2-3-131-215-38.us-east-2.compute.amazonaws.com	7
3.132.23.201	scan.cypex.ai	7
3.143.33.63	scan.cypex.ai	7
5.101.64.6	scan.f6.security	7
8.222.181.172	-	7
14.29.240.154	-	7
14.63.196.175	-	7
14.225.230.51	static.vnpt.vn	7
27.111.32.174	-	7
27.254.137.144	-	7
35.222.117.243	243.117.222.35.bc.googleusercontent.com	7
36.50.54.6	-	7
36.133.64.211	-	7
43.252.231.122	-	7
46.161.50.108	scan.f6.security	7
49.64.169.153	-	7
50.84.211.204	syn-050-084-211-204.biz.spectrum.com	7
57.128.190.44	vps-b45b3ce9.vps.ovh.net	7
58.49.26.202	-	7
59.12.160.91	-	7
60.199.224.2	60-199-224-2.static.tfn.net.tw	7
64.62.197.137	-	7
64.62.197.152	-	7
64.227.174.243	-	7
66.132.153.122	-	7
66.132.153.127	-	7
66.132.153.131	scanner-001.ch1.censys-scanner.com	7
66.132.153.134	scanner-001.ch1.censys-scanner.com	7
66.132.153.143	scanner-001.ch1.censys-scanner.com	7
66.175.213.4	vilnius.scan.bufferover.run	7
66.240.236.119	census6.shodan.io	7
68.183.88.186	-	7
71.6.158.166	ninja.census.shodan.io	7
71.6.199.23	einstein.census.shodan.io	7
80.82.77.139	dojo.census.shodan.io	7
80.94.92.164	-	7
80.94.92.165	-	7
80.94.92.166	-	7
80.94.93.119	-	7
81.211.72.167	-	7
83.168.69.9	hosted-by.SkillHost.PL	7
83.235.16.111	goevthes.static.otenet.gr	7
85.18.236.229	85-18-236-229.ip.fastwebnet.it	7
86.54.31.32	hat.census.shodan.io	7
86.54.31.42	green.census.shodan.io	7
92.118.39.92	-	7
92.118.39.95	-	7
94.76.235.230	94-76-235-230.static.as29550.net	7
94.102.49.193	cloud.census.shodan.io	7
95.58.255.251	95.58.255.251.static.telecom.kz	7
95.167.225.76	-	7
101.36.104.242	-	7
103.26.136.173	mail.gshakti.org	7
103.56.115.6	-	7
103.113.105.228	-	7
103.154.77.48	48.subs77.t2net.id	7
103.172.237.182	-	7
103.210.21.20	-	7
103.233.206.154	-	7
109.237.26.206	109-237-26-206.ip.linodeusercontent.com	7
119.96.157.188	-	7
121.52.147.5	upesh.edu.pk	7
121.224.115.232	-	7
122.155.0.205	host1.bgs.co.th	7
122.165.60.231	abts-tn-static-231.60.165.122.airtelbroadband.in	7
139.9.25.4	ecs-139-9-25-4.compute.hwclouds-dns.com	7
143.20.185.79	-	7
144.31.120.242	vm546906.hosted-by.u1host.com	7
147.185.132.22	-	7
152.32.250.188	-	7
156.245.248.226	-	7
160.174.129.232	-	7
161.118.129.223	-	7
162.142.125.42	scanner-201.ch1.censys-scanner.com	7
162.142.125.43	scanner-201.ch1.censys-scanner.com	7
162.142.125.118	-	7
162.142.125.124	-	7
162.142.125.193	scanner-202.ch1.censys-scanner.com	7
162.142.125.195	scanner-202.ch1.censys-scanner.com	7
162.142.125.197	scanner-202.ch1.censys-scanner.com	7
162.142.125.203	scanner-202.ch1.censys-scanner.com	7
162.142.125.206	scanner-202.ch1.censys-scanner.com	7
162.142.125.211	scanner-207.ch1.censys-scanner.com	7
162.142.125.217	scanner-207.ch1.censys-scanner.com	7
163.5.148.15	-	7
164.177.31.66	static-csq-cds-031066.business.bouyguestelecom.com	7
165.154.233.77	-	7
167.94.138.122	scanner-27.ch1.censys-scanner.com	7
167.94.146.49	-	7
167.94.146.51	-	7
167.94.146.55	-	7
167.94.146.56	-	7
167.94.146.57	-	7
167.94.146.59	-	7
167.94.146.62	-	7
168.194.164.218	218.164.194.168.reverse.firenettelecom.com.br	7
171.220.244.134	-	7
172.105.128.13	prague.scan.bufferover.run	7
176.32.195.85	scan.f6.security	7
178.176.250.39	-	7
179.33.186.151	-	7
181.212.81.228	181-212-81-228.baf.movistar.cl	7
185.141.132.26	-	7
185.228.135.173	-	7
186.96.151.198	fixed-186-96-151-198.totalplay.net	7
186.118.142.216	-	7
189.112.0.11	189-112-000-011.static.ctbctelecom.com.br	7
189.126.4.42	42-189-126-4.gabandalarga.com.br	7
190.111.211.81	static.81.211.111.190.cps.com.ar	7
190.124.153.17	customer-ftth-sl-190-124-153-17.megacable.com.ar	7
190.129.122.185	-	7
192.155.90.118	dublin.scan.bufferover.run	7
192.155.90.220	bern.scan.bufferover.run	7
193.32.162.157	-	7
193.46.255.7	hostingmailto221.statics.servermail.org	7
193.46.255.20	hostingmailto112.statics.servermail.org	7
193.46.255.33	hostingmailto181.statics.servermail.org	7
193.46.255.99	hostingmailto251.statics.servermail.org	7
193.46.255.159	hostingmailto066.statics.servermail.org	7
193.106.245.20	do-fn.rom.net.pl	7
193.142.147.209	-	7
198.12.114.232	198-12-114-232-host.colocrossing.com	7
200.118.99.170	dynamic-ip-cr20011899170.cable.net.co	7
200.196.50.91	mvx-200-196-50-91.mundivox.com	7
201.76.120.30	30.120.76.201.in-addr.arpa.verointernet.com.br	7
203.0.104.170	-	7
206.168.34.35	unused-space.coop.net	7
206.168.34.36	unused-space.coop.net	7
206.168.34.39	unused-space.coop.net	7
206.168.34.54	unused-space.coop.net	7
206.168.34.55	unused-space.coop.net	7
206.168.34.59	unused-space.coop.net	7
206.168.34.119	unused-space.coop.net	7
206.168.34.125	unused-space.coop.net	7
213.55.85.202	-	7
216.180.246.149	crawler149.deepfield.net	7
216.180.246.176	crawler176.deepfield.net	7
218.56.160.82	-	7
219.150.93.157	-	7
221.159.150.85	-	7
221.229.218.50	-	7
222.102.214.75	-	7
223.247.218.112	-	7