About

IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (every 24 hours) basis and the final result is pushed to this repository. The feed contains IP addresses plus an occurrence count (how many source lists each IP appears on). Higher counts generally mean higher confidence and fewer false positives when blocking inbound traffic. Also, list is sorted by occurrence count (highest to lowest).

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

curl -fsSL https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "^#" | grep -Ev '[[:space:]]([12])$' | cut -f 1

If you want to try it with ipset, you can do the following:

sudo -i
apt-get update && apt-get install -y iptables ipset
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -Ev '[[:space:]]([12])$' | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP

In directory levels you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. levels/3.txt holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2026-02-14)

IP	DNS lookup	Number of (black)lists
2.57.122.238	-	10
89.185.81.112	153823.ip-ptr.tech	10
92.118.39.56	-	10
43.156.109.210	-	9
45.148.10.151	-	9
45.148.10.152	-	9
47.252.35.152	-	9
61.245.11.87	-	9
80.94.92.171	-	9
91.224.92.54	ascrl6.writeresaychooseboltsnow.com	9
92.118.39.72	-	9
128.241.229.30	-	9
160.187.165.218	-	9
2.57.121.25	hosting25.tronicsat.com	8
2.57.121.112	dns112.personaliseplus.com	8
2.57.122.210	-	8
12.156.67.18	-	8
14.63.196.175	-	8
36.91.166.34	-	8
45.121.147.47	-	8
45.148.10.121	-	8
45.148.10.141	-	8
45.148.10.147	-	8
50.84.211.204	syn-050-084-211-204.biz.spectrum.com	8
50.149.203.166	c-50-149-203-166.hsd1.tn.comcast.net	8
66.132.153.135	135.153.132.66.censys-scanner.com	8
71.6.165.200	census12.shodan.io	8
80.82.77.33	sky.census.shodan.io	8
80.94.92.168	-	8
80.94.92.182	-	8
80.94.92.184	-	8
82.165.66.87	ip82-165-66-87.pbiaas.com	8
87.120.191.65	-	8
91.224.92.78	srv-91-224-92-78.serveroffer.net	8
91.224.92.190	srv-91-224-92-190.serveroffer.net	8
92.118.39.76	-	8
92.118.39.95	-	8
93.174.95.106	battery.census.shodan.io	8
101.36.104.242	-	8
103.40.61.98	-	8
103.252.73.37	-	8
130.12.180.103	-	8
144.79.133.252	-	8
151.80.61.151	vps-5d95afd4.vps.ovh.net	8
162.142.125.117	117.125.142.162.censys-scanner.com	8
162.142.125.120	120.125.142.162.censys-scanner.com	8
162.142.125.198	198.125.142.162.censys-scanner.com	8
162.142.125.203	203.125.142.162.censys-scanner.com	8
162.142.125.213	213.125.142.162.censys-scanner.com	8
165.154.227.13	-	8
167.94.146.54	54.146.94.167.censys-scanner.com	8
167.94.146.55	55.146.94.167.censys-scanner.com	8
195.178.110.15	-	8
197.211.55.20	-	8
213.209.159.158	-	8
1.55.33.86	-	7
2.59.22.234	red3.census.shodan.io	7
3.131.220.121	scan.visionheight.com	7
5.182.83.231	undefined.hostname.localhost	7
14.34.157.138	-	7
14.51.236.211	mail.dazzleu.co.kr	7
18.218.118.203	scan.visionheight.com	7
20.59.121.110	-	7
23.82.99.105	105.99.82.23.hosted.by.hostdzire.com	7
23.94.166.112	23-94-166-112-host.colocrossing.com	7
24.65.233.27	S0106000fff9fa308.ed.shawcable.net	7
34.66.72.251	251.72.66.34.bc.googleusercontent.com	7
34.142.110.144	144.110.142.34.bc.googleusercontent.com	7
36.255.3.203	-	7
41.59.86.232	232.86-59-41.static-zone.ttcldata.net	7
41.223.40.78	-	7
43.159.141.115	-	7
43.224.126.107	-	7
43.245.249.251	ns2.smartmedia.net.id	7
45.55.57.187	-	7
45.91.64.6	-	7
45.91.64.7	-	7
45.91.64.8	-	7
45.120.216.232	-	7
45.148.10.157	-	7
47.180.114.229	47-180-114-229.944e76fe48b133ae6f88b784db937d44.ip.frontiernet.net	7
49.64.169.153	-	7
51.79.165.204	vps-a14139eb.vps.ovh.ca	7
51.83.71.110	mx0.mail.nsam.cloud	7
54.37.229.48	vps-5def7abb.vps.ovh.net	7
59.12.160.91	-	7
64.62.156.10	-	7
64.62.197.2	-	7
64.89.160.82	-	7
64.225.55.168	-	7
64.227.174.243	-	7
66.132.153.114	114.153.132.66.censys-scanner.com	7
66.132.153.116	116.153.132.66.censys-scanner.com	7
66.132.153.118	118.153.132.66.censys-scanner.com	7
66.132.153.129	129.153.132.66.censys-scanner.com	7
66.132.153.133	133.153.132.66.censys-scanner.com	7
66.132.153.134	134.153.132.66.censys-scanner.com	7
66.132.153.139	139.153.132.66.censys-scanner.com	7
66.240.219.146	burger.census.shodan.io	7
71.6.134.235	centos7134235.aspadmin.net	7
71.6.135.131	soda.census.shodan.io	7
71.6.199.23	einstein.census.shodan.io	7
80.82.77.139	dojo.census.shodan.io	7
80.82.77.202	rnd.group-ib.com	7
80.94.92.186	-	7
81.192.46.45	adsl-45-46-192-81.adsl.iam.net.ma	7
83.168.68.72	hosted-by.SkillHost.PL	7
86.54.31.38	blue2.census.shodan.io	7
86.54.42.205	-	7
88.142.46.185	185.46.142.88.rev.sfr.net	7
90.180.197.128	90-180-197-128.rcn.o2.cz	7
91.202.233.33	-	7
91.224.92.108	srv-91-224-92-108.serveroffer.net	7
92.207.4.157	-	7
95.215.0.144	scan.f6.security	7
101.36.107.228	-	7
101.47.161.84	-	7
102.88.137.80	-	7
102.88.137.213	-	7
103.143.238.207	-	7
103.147.211.2	-	7
103.148.195.198	-	7
103.164.221.138	138.221.164.103.net.iforte.net.id	7
103.182.132.154	-	7
103.187.146.107	mail.balaidkijabar-pelayananpublik.web.id	7
103.232.121.71	nick8472839	7
103.236.95.173	-	7
103.239.252.132	mail.carnival.com.bd	7
106.251.244.178	-	7
108.173.137.12	d108-173-137-12.abhsia.telus.net	7
109.172.55.64	143005.ip-ptr.tech	7
112.217.188.122	-	7
113.193.234.210	-	7
116.193.191.104	ip116-193-191-104.cloudhost.web.id	7
117.50.51.119	-	7
117.200.238.52	-	7
118.70.178.158	-	7
125.21.59.218	-	7
130.12.180.95	-	7
130.12.181.151	-	7
130.12.181.157	-	7
134.65.30.157	-	7
142.93.126.22	-	7
144.217.13.134	vps-2cf81da8.vps.ovh.ca	7
147.185.132.150	-	7
147.185.133.7	-	7
148.135.81.179	mail.munao.com.au	7
151.252.84.225	151.252.84.225.ip.tele-plus.ru	7
152.32.188.177	quudquu.cn	7
152.32.213.68	-	7
154.82.111.18	-	7
156.227.236.72	-	7
160.191.243.61	-	7
162.142.125.35	35.125.142.162.censys-scanner.com	7
162.142.125.37	37.125.142.162.censys-scanner.com	7
162.142.125.38	38.125.142.162.censys-scanner.com	7
162.142.125.39	39.125.142.162.censys-scanner.com	7
162.142.125.40	40.125.142.162.censys-scanner.com	7
162.142.125.113	113.125.142.162.censys-scanner.com	7
162.142.125.114	114.125.142.162.censys-scanner.com	7
162.142.125.118	118.125.142.162.censys-scanner.com	7
162.142.125.119	119.125.142.162.censys-scanner.com	7
162.142.125.127	127.125.142.162.censys-scanner.com	7
162.142.125.197	197.125.142.162.censys-scanner.com	7
162.142.125.199	199.125.142.162.censys-scanner.com	7
162.142.125.204	204.125.142.162.censys-scanner.com	7
162.142.125.207	207.125.142.162.censys-scanner.com	7
162.142.125.208	208.125.142.162.censys-scanner.com	7
162.142.125.211	211.125.142.162.censys-scanner.com	7
162.142.125.212	212.125.142.162.censys-scanner.com	7
162.142.125.219	219.125.142.162.censys-scanner.com	7
162.142.125.222	222.125.142.162.censys-scanner.com	7
162.142.125.223	223.125.142.162.censys-scanner.com	7
162.216.149.95	95.149.216.162.bc.googleusercontent.com	7
162.216.150.43	43.150.216.162.bc.googleusercontent.com	7
162.216.150.245	245.150.216.162.bc.googleusercontent.com	7
162.240.54.168	162-240-54-168.unifiedlayer.com	7
164.177.31.66	static-csq-cds-031066.business.bouyguestelecom.com	7
165.22.72.144	portscanner-fra1-04.prod.cyberresilience.io	7
165.154.11.172	-	7
167.94.138.32	32.138.94.167.censys-scanner.com	7
167.94.138.176	176.138.94.167.censys-scanner.com	7
167.94.146.48	48.146.94.167.censys-scanner.com	7
167.94.146.49	49.146.94.167.censys-scanner.com	7
167.94.146.50	50.146.94.167.censys-scanner.com	7
167.94.146.53	53.146.94.167.censys-scanner.com	7
167.94.146.56	56.146.94.167.censys-scanner.com	7
167.94.146.58	58.146.94.167.censys-scanner.com	7
167.94.146.59	59.146.94.167.censys-scanner.com	7
167.94.146.60	60.146.94.167.censys-scanner.com	7
167.94.146.63	63.146.94.167.censys-scanner.com	7
167.99.78.165	108.jobs-dev-database	7
171.244.37.103	-	7
176.65.132.218	-	7
176.65.134.22	176.65.134.22	7
176.120.22.13	-	7
176.120.22.47	-	7
177.70.2.220	none.underplatform.com	7
178.185.136.57	-	7
178.251.140.3	b32-mgmt-gw.dssv.ru	7
181.104.58.194	host194.181-104-58.telecom.net.ar	7
181.116.220.140	-	7
182.93.50.90	n18293z50l90.static.ctmip.net	7
184.168.21.211	211.21.168.184.host.secureserver.net	7
185.196.11.231	-	7
185.208.159.123	-	7
185.213.165.65	static.65.165.213.185.clients.irandns.com	7
185.239.84.249	-	7
187.210.77.100	customer-187-210-77-100.uninet-ide.com.mx	7
189.169.81.15	dsl-15-81-169-189-dynamic.prod-infinitum.com.mx	7
192.99.145.154	vps-f5ee4647.vps.ovh.ca	7
193.23.199.107	-	7
193.32.162.145	-	7
193.32.162.146	-	7
194.107.115.11	-	7
194.107.115.65	-	7
197.5.145.114	-	7
197.153.57.103	-	7
199.45.154.139	139.154.45.199.censys-scanner.com	7
199.45.154.149	149.154.45.199.censys-scanner.com	7
199.45.155.66	66.155.45.199.censys-scanner.com	7
200.69.236.207	seldon.tecnologica.com.ar	7
203.55.131.4	-	7
203.150.107.244	244.107.150.203.sta.inet.co.th	7
205.185.115.224	-	7
206.168.34.45	45.34.168.206.censys-scanner.com	7
207.90.244.25	-	7
209.141.41.212	-	7
209.141.47.217	a	7
209.142.100.37	-	7
210.79.190.22	ip210-79-190-22.cloudhost.web.id	7
210.91.73.167	-	7
210.211.122.97	-	7
212.233.136.201	212-233-136-201.optisprint.net	7
213.6.203.226	-	7
216.180.246.110	crawler110.deepfield.net	7
217.154.69.208	-	7
220.80.223.144	-	7
220.247.223.56	56.sta.idc-2.slt.lk	7
221.156.126.1	-	7
221.229.218.50	-	7