About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1

If you want to try it with ipset, you can do the following:

sudo su
apt-get -qq install iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2025-09-06)

IP	DNS lookup	Number of (black)lists
38.211.193.130	-	10
80.94.93.233	-	10
91.224.92.79	srv-91-224-92-79.serveroffer.net	10
103.251.93.98	-	10
110.39.166.75	WGPON-39166-75.wateen.net	10
193.46.255.99	hostingmailto251.statics.servermail.org	10
193.46.255.159	hostingmailto066.statics.servermail.org	10
193.46.255.217	hostingmailto131.statics.servermail.org	10
193.46.255.244	hostingmailto161.statics.servermail.org	10
198.98.53.110	-	10
80.82.77.33	sky.census.shodan.io	9
91.224.92.28	srv-91-224-92-28.serveroffer.net	9
91.224.92.106	srv-91-224-92-106.serveroffer.net	9
91.224.92.108	srv-91-224-92-108.serveroffer.net	9
93.174.95.106	battery.census.shodan.io	9
141.98.10.225	-	9
176.65.148.27	hosted-by.pfcloud.io	9
193.32.162.157	-	9
193.46.255.7	hostingmailto221.statics.servermail.org	9
193.46.255.20	hostingmailto112.statics.servermail.org	9
193.46.255.33	hostingmailto181.statics.servermail.org	9
193.46.255.103	hostingmailto005.statics.servermail.org	9
3.130.96.91	scan.cypex.ai	8
3.132.23.201	scan.cypex.ai	8
12.156.67.18	-	8
27.111.32.174	-	8
27.254.149.199	-	8
34.123.181.51	51.181.123.34.bc.googleusercontent.com	8
34.142.110.144	144.110.142.34.bc.googleusercontent.com	8
43.225.53.200	43-225-53-200.webhostbox.net	8
45.119.81.249	-	8
62.193.106.227	-	8
71.6.158.166	ninja.census.shodan.io	8
77.83.240.46		8
80.82.77.139	dojo.census.shodan.io	8
80.82.77.202	rnd.group-ib.com	8
80.94.93.119	-	8
85.18.236.229	85-18-236-229.ip.fastwebnet.it	8
86.54.31.32	hat.census.shodan.io	8
86.54.31.42	green.census.shodan.io	8
89.248.172.16	house.census.shodan.io	8
91.224.92.32	srv-91-224-92-32.serveroffer.net	8
103.154.77.2	dns.77.2.t2net.id	8
119.18.55.217	119-18-55-217.webhostbox.net	8
121.186.31.54	-	8
146.185.182.65	bettrade.stage.pg-1	8
160.226.184.195	ns2.ecoweb.bf	8
162.142.125.200	scanner-202.ch1.censys-scanner.com	8
162.142.125.208	scanner-207.ch1.censys-scanner.com	8
162.142.125.213	scanner-207.ch1.censys-scanner.com	8
182.93.50.90	n18293z50l90.static.ctmip.net	8
186.96.151.198	fixed-186-96-151-198.totalplay.net	8
188.166.217.70	-	8
197.153.57.103	-	8
198.12.114.232	198-12-114-232-host.colocrossing.com	8
211.253.10.96	-	8
3.131.215.38	ec2-3-131-215-38.us-east-2.compute.amazonaws.com	7
3.134.148.59	scan.cypex.ai	7
5.101.64.6	scan.f6	7
5.104.86.61	vmi2727366.contaboserver.net	7
14.63.196.175	-	7
27.254.137.144	-	7
27.254.235.2	-	7
27.254.235.4	-	7
27.254.235.13	-	7
31.58.87.34	-	7
35.198.146.227	227.146.198.35.bc.googleusercontent.com	7
35.237.94.18	18.94.237.35.bc.googleusercontent.com	7
35.246.248.48	48.248.246.35.bc.googleusercontent.com	7
36.66.16.233	-	7
36.139.226.237	-	7
37.189.196.88	bl28-196-88.dsl.telepac.pt	7
41.59.229.33	-	7
41.223.40.77	-	7
42.200.78.78	42-200-78-78.static.imsbiz.com	7
43.156.79.144	-	7
45.79.181.179	andorra.scan.bufferover.run	7
45.79.181.223	malta.scan.bufferover.run	7
45.135.232.92	-	7
45.148.10.240	-	7
45.172.152.74	-	7
45.221.64.242	-	7
45.232.73.84	-	7
45.238.112.151	45-238-112-151.linkbaratotelecom.com.br	7
46.238.32.247	-	7
50.6.7.7	50-6-7-7.unifiedlayer.com	7
50.84.211.204	syn-050-084-211-204.biz.spectrum.com	7
51.158.120.121	121-120-158-51.instances.scw.cloud	7
57.129.64.237	o22.scanner.modat.io	7
59.12.160.91	-	7
60.199.224.2	60-199-224-2.static.tfn.net.tw	7
62.3.42.68	static.68.42.3.62.clients.irandns.com	7
64.227.174.243	-	7
66.175.213.4	vilnius.scan.bufferover.run	7
66.240.236.109	pdcscan2.scanning.cybcube.com	7
66.240.236.119	census6.shodan.io	7
68.183.88.186	-	7
71.6.135.131	soda.census.shodan.io	7
71.6.199.23	einstein.census.shodan.io	7
78.42.241.233	ip-078-042-241-233.um17.pools.vodafone-ip.de	7
78.153.140.19	azioxwjsa.click	7
80.94.95.15	-	7
80.94.95.112	-	7
80.253.31.232	-	7
81.192.46.45	adsl-45-46-192-81.adsl.iam.net.ma	7
81.192.87.130	adsl-130-87-192-81.adsl2.iam.net.ma	7
81.211.72.167	-	7
83.235.16.111	goevthes.static.otenet.gr	7
85.208.139.157	55363.ip-ptr.tech	7
85.208.253.217	static.217.253.208.85.clients.irandns.com	7
87.120.126.162	s168896.luxhost.cc	7
87.120.191.13	-	7
94.102.49.193	cloud.census.shodan.io	7
94.254.0.234	h-94-254-0-234.na.cust.bahnhof.se	7
95.85.114.218	-	7
95.167.225.76	-	7
96.78.175.36	-	7
101.47.5.97	-	7
102.88.137.80	-	7
102.208.184.2	-	7
102.210.148.153	-	7
103.20.122.54	-	7
103.28.57.98	98.sprint-f7.matrixglobal.net.id	7
103.48.192.48	-	7
103.49.238.251	ip103-49-238-251.cloudhost.web.id	7
103.67.78.132	ip103-67-78-132.cloudhost.web.id	7
103.77.215.153	-	7
103.81.85.15	-	7
103.81.86.208	-	7
103.86.198.162	host162.maishabd.net	7
103.106.194.74	portal.checkboxtechnology.com	7
103.124.100.181	-	7
103.137.75.74	-	7
103.144.28.85	-	7
103.149.27.228	-	7
103.176.78.193	ip103-176-78-193.cloudhost.web.id	7
103.179.57.172	ip103-179-57-172.cloudhost.web.id	7
103.200.25.196	-	7
103.210.22.17	-	7
103.237.144.204	-	7
103.250.10.200	svr56.coinmoon.email	7
103.252.73.219	-	7
104.168.58.11	104-168-58-11-host.colocrossing.com	7
111.42.133.43	-	7
112.163.28.230	-	7
114.219.157.97	-	7
115.91.91.182	-	7
115.248.8.65	-	7
117.6.44.221	-	7
118.107.44.111	-	7
118.194.230.250	-	7
119.5.157.124	-	7
119.96.173.169	-	7
119.96.174.235	-	7
121.185.89.74	-	7
121.224.115.232	-	7
122.155.0.205	www.thalaychupsorn.go.th	7
123.30.249.49	static.vnpt.vn	7
123.58.212.133	-	7
134.199.225.42	-	7
134.209.162.179	-	7
136.228.161.66	-	7
136.232.98.230	-	7
137.184.97.100	-	7
137.184.202.107	nauru.production	7
139.59.64.179	-	7
139.59.101.18	-	7
139.59.188.13	-	7
139.59.226.77	-	7
149.78.178.34	-	7
150.5.129.10	-	7
150.241.115.7	-	7
152.32.191.75	-	7
154.221.25.33	-	7
154.221.27.234	-	7
155.4.244.179	h-155-4-244-179.NA.cust.bahnhof.se	7
156.226.181.175	-	7
156.245.248.226	-	7
159.65.143.163	-	7
159.223.129.200	-	7
160.174.129.232	-	7
162.142.125.42	scanner-201.ch1.censys-scanner.com	7
162.142.125.47	scanner-201.ch1.censys-scanner.com	7
162.142.125.113	-	7
162.142.125.116	-	7
162.142.125.118	-	7
162.142.125.119	-	7
162.142.125.120	-	7
162.142.125.125	-	7
162.142.125.126	-	7
162.142.125.194	scanner-202.ch1.censys-scanner.com	7
162.142.125.195	scanner-202.ch1.censys-scanner.com	7
162.142.125.206	scanner-202.ch1.censys-scanner.com	7
162.142.125.210	scanner-207.ch1.censys-scanner.com	7
162.142.125.211	scanner-207.ch1.censys-scanner.com	7
162.142.125.214	scanner-207.ch1.censys-scanner.com	7
162.142.125.216	scanner-207.ch1.censys-scanner.com	7
162.142.125.218	scanner-207.ch1.censys-scanner.com	7
162.241.127.152	162-241-127-152.webhostbox.net	7
165.154.14.28	-	7
167.94.138.180	-	7
167.94.146.48	-	7
167.94.146.51	-	7
167.94.146.53	-	7
167.94.146.54	-	7
167.94.146.55	-	7
167.94.146.56	-	7
167.94.146.57	-	7
167.94.146.58	-	7
167.94.146.60	-	7
167.94.146.61	-	7
167.94.146.62	-	7
167.99.49.89	-	7
168.167.228.123	-	7
171.220.244.134	-	7
171.244.37.103	-	7
172.105.128.11	oslo.scan.bufferover.run	7
172.105.128.12	reykjavik.scan.bufferover.run	7
172.174.5.146	-	7
176.32.195.85	-	7
177.53.215.134	177-53-215-134.fibramax.ec	7
177.229.197.38	customer-MCA-TGZ-197-38.megared.net.mx	7
178.176.250.39	-	7
179.33.186.151	-	7
181.112.228.11	11.228.112.181.static.anycast.cnt-grms.ec	7
185.194.205.96	darkvpn.shop	7
185.213.165.65	static.65.165.213.185.clients.irandns.com	7
185.213.165.72	static.72.165.213.185.clients.irandns.com	7
187.16.96.250	mvx-187-16-96-250.mundivox.com	7
187.62.87.27	-	7
187.107.88.97	bb6b5861.virtua.com.br	7
188.18.49.50	-	7
189.112.0.11	189-112-000-011.static.ctbctelecom.com.br	7
190.12.102.58	static.58.102.12.190.cps.com.ar	7
190.60.51.173	173-51-60-190.ufinet.com.co	7
190.223.60.209	-	7
192.40.58.3	trulockchokes.com	7
193.70.87.152	152.ip-193-70-87.eu	7
194.113.236.217	-	7
194.226.49.149	-	7
195.178.110.133	-	7
196.251.83.84	undefined.hostname.localhost	7
197.5.145.8	-	7
197.5.145.73	-	7
197.220.93.115	-	7
198.23.242.50	198-23-242-50-host.colocrossing.com	7
198.46.249.175	198-46-249-175-host.colocrossing.com	7
199.45.154.124	scanner-201.hk2.censys-scanner.com	7
199.45.155.85	scanner-204.hk2.censys-scanner.com	7
199.195.248.191	nyc05.jlu5.com	7
200.69.236.207	seldon.tecnologica.com.ar	7
200.225.246.102	200-225-246-102.dynamic.idial.com.br	7
201.131.212.19	-	7
201.184.50.251	static-adsl201-184-50-251.une.net.co	7
202.51.214.99	-	7
202.157.177.33	mail.simaster-brebeskab.id	7
203.150.107.244	244.107.150.203.sta.inet.co.th	7
203.190.53.154	-	7
206.168.34.33	unused-space.coop.net	7
206.168.34.127	unused-space.coop.net	7
206.168.34.206	unused-space.coop.net	7
209.38.111.217	-	7
210.91.73.167	-	7
211.253.37.225	-	7
213.55.85.202	-	7
216.172.190.206	col.colettelounge.com	7
221.156.126.1	-	7
221.159.150.85	-	7
222.107.156.227	-	7
222.108.0.231	-	7