https://github.com/stamparm/ipsum

Daily feed of bad IPs (with blacklist hit scores)
https://github.com/stamparm/ipsum
blacklist ipset iptables security threats
Last synced: 18 days ago
JSON representation
Daily feed of bad IPs (with blacklist hit scores)
Host: GitHub
URL: https://github.com/stamparm/ipsum
Owner: stamparm
License: unlicense
Created: 2016-01-27T14:11:13.000Z (about 10 years ago)
Default Branch: master
Last Pushed: 2026-01-19T02:04:57.000Z (28 days ago)
Last Synced: 2026-01-19T11:50:47.368Z (27 days ago)
Topics: blacklist, ipset, iptables, security, threats
Homepage:
Size: 5.54 MB
Stars: 2,150
Watchers: 76
Forks: 177
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

awesome-security-collection - **335**星
awesome-hacking-lists - stamparm/ipsum - Daily feed of bad IPs (with blacklist hit scores) (Others)
README

          ![Logo](https://i.imgur.com/PyKLAe7.png)

[![License](https://img.shields.io/badge/license-The_Unlicense-red.svg)](https://unlicense.org/)

About

----

**IPsum** is a threat intelligence feed based on 30+ different publicly available [lists](https://github.com/stamparm/maltrail) of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (every 24 hours) basis and the final result is pushed to this repository. The feed contains IP addresses plus an occurrence count (how many source lists each IP appears on). Higher counts generally mean higher confidence and fewer false positives when blocking inbound traffic. Also, list is sorted by occurrence count (highest to lowest).

As an example, to get a fresh and ready-to-deploy auto-ban list of "bad IPs" that appear on at least 3 (black)lists you can run:

```

curl -fsSL https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "^#" | grep -Ev '[[:space:]]([12])$' | cut -f 1

```

If you want to try it with `ipset`, you can do the following:

```

sudo -i

apt-get update && apt-get install -y iptables ipset

ipset -q flush ipsum

ipset -q create ipsum hash:ip

for ip in $(curl https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -Ev '[[:space:]]([12])$' | cut -f 1); do ipset add ipsum $ip; done

iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null

iptables -I INPUT -m set --match-set ipsum src -j DROP

```

In directory [levels](levels) you can find preprocessed raw IP lists based on number of blacklist occurrences (e.g. [levels/3.txt](levels/3.txt) holds IP addresses that can be found on 3 or more blacklists).

Wall of Shame (2026-01-28)

----

|IP|DNS lookup|Number of (black)lists|

|---|---|--:|

213.209.159.159|-|11

80.94.92.171|-|10

80.94.92.184|-|10

213.209.159.158|-|10

2.57.122.210|-|9

45.148.10.151|-|9

61.245.11.87|-|9

91.224.92.108|srv-91-224-92-108.serveroffer.net|9

92.118.39.76|-|9

162.142.125.210|210.125.142.162.censys-scanner.com|9

193.32.162.157|-|9

2.57.122.238|-|8

3.130.96.91|scan.cypex.ai|8

37.120.213.13|-|8

38.248.14.48|-|8

45.148.10.121|-|8

45.148.10.141|-|8

45.148.10.147|-|8

45.148.10.152|-|8

45.148.10.157|-|8

45.227.254.170|-|8

54.38.190.246|vps-3d2e1516.vps.ovh.net|8

57.128.190.44|vps-b45b3ce9.vps.ovh.net|8

62.193.106.227|-|8

64.89.160.47|-|8

71.6.135.131|soda.census.shodan.io|8

80.82.77.33|sky.census.shodan.io|8

80.82.77.139|dojo.census.shodan.io|8

85.111.68.98|85.111.68.98.dynamic.ttnet.com.tr|8

91.202.233.33|-|8

91.224.92.54|ascrl6.writeresaychooseboltsnow.com|8

91.224.92.78|srv-91-224-92-78.serveroffer.net|8

91.224.92.190|srv-91-224-92-190.serveroffer.net|8

92.118.39.56|-|8

93.174.95.106|battery.census.shodan.io|8

95.58.255.251|95.58.255.251.static.telecom.kz|8

101.36.104.242|-|8

117.1.28.49|-|8

134.65.30.157|-|8

139.99.52.209|ip209.ip-139-99-52.net|8

152.32.188.177|quudquu.cn|8

152.53.184.147|v2202511309730395704.goodsrv.de|8

162.142.125.43|43.125.142.162.censys-scanner.com|8

162.142.125.114|114.125.142.162.censys-scanner.com|8

162.142.125.200|200.125.142.162.censys-scanner.com|8

167.94.146.53|53.146.94.167.censys-scanner.com|8

167.94.146.54|54.146.94.167.censys-scanner.com|8

167.94.146.55|55.146.94.167.censys-scanner.com|8

167.94.146.62|62.146.94.167.censys-scanner.com|8

175.200.104.40|-|8

176.120.22.13|-|8

187.16.96.250|mvx-187-16-96-250.mundivox.com|8

187.210.77.100|customer-187-210-77-100.uninet-ide.com.mx|8

193.32.162.145|-|8

195.40.154.8|-|8

204.76.203.233|204.76.203.233.ptr.pfcloud.network|8

206.168.34.33|33.34.168.206.censys-scanner.com|8

206.168.34.39|39.34.168.206.censys-scanner.com|8

206.168.34.48|48.34.168.206.censys-scanner.com|8

206.168.34.114|114.34.168.206.censys-scanner.com|8

206.168.34.211|211.34.168.206.censys-scanner.com|8

216.108.237.50|lasvegas-nv-datacenter.serverpoint.com|8

1.55.33.86|-|7

3.143.33.63|scan.cypex.ai|7

5.253.59.74|138544.ip-ptr.tech|7

8.243.50.114|-|7

14.55.144.22|-|7

23.227.147.163|-|7

23.236.169.182|-|7

24.199.94.128|-|7

27.111.32.174|-|7

36.64.68.99|-|7

36.66.16.233|-|7

36.189.207.209|-|7

36.255.3.203|-|7

37.59.110.4|vps-0b2df990.vps.ovh.net|7

38.47.94.55|-|7

45.43.37.254|-|7

45.78.198.194|-|7

45.79.128.205|lisbon.scan.bufferover.run|7

45.79.181.251|guernsey.scan.bufferover.run|7

45.91.64.6|-|7

45.92.33.82|-|7

45.119.81.249|-|7

45.120.216.232|-|7

45.121.147.47|-|7

45.153.34.158|-|7

51.89.166.236|vps-5f0ef624.vps.ovh.net|7

51.195.42.66|vps-46f7560c.vps.ovh.net|7

57.129.41.93|vps-d1981beb.vps.ovh.net|7

59.26.132.170|-|7

60.199.224.2|60-199-224-2.static.tfn.net.tw|7

60.241.212.36|60-241-212-36.static.tpgi.com.au|7

61.28.144.154|154.144.28.61.unassigned.static.eastern-tele.com|7

62.3.56.187|-|7

62.97.44.51|host-44-51.adsl.intred.it|7

62.133.61.220|118046.ip-ptr.tech|7

64.137.9.247|-|7

65.49.1.24|-|7

66.96.239.187|host-66-96-239-187.myrepublic.co.id|7

66.132.153.116|116.153.132.66.censys-scanner.com|7

66.132.153.124|124.153.132.66.censys-scanner.com|7

66.132.153.129|129.153.132.66.censys-scanner.com|7

66.132.153.134|134.153.132.66.censys-scanner.com|7

66.132.153.141|141.153.132.66.censys-scanner.com|7

66.154.117.138|-|7

67.205.185.159|-|7

67.213.118.111|-|7

68.233.116.124|-|7

71.6.158.166|ninja.census.shodan.io|7

77.87.40.114|77-87-40-114.znet.kiev.ua|7

79.104.0.82|-|7

81.9.158.147|cm-81-9-158-147.telecable.es|7

81.211.72.167|-|7

85.18.236.229|85-18-236-229.ip.fastwebnet.it|7

85.69.240.210|210.240.69.85.rev.sfr.net|7

86.54.42.176|-|7

88.142.46.185|185.46.142.88.rev.sfr.net|7

92.27.101.99|host-92-27-101-99.static.as13285.net|7

92.118.39.72|-|7

92.185.99.40|40.pool92-185-99.dynamic.orange.es|7

94.102.49.193|cloud.census.shodan.io|7

95.188.91.101|-|7

96.78.175.45|-|7

101.36.123.102|-|7

101.47.50.76|-|7

101.47.160.165|-|7

102.88.137.80|-|7

103.23.199.49|ip103-23-199-49.cloudhost.web.id|7

103.113.105.228|-|7

103.144.87.192|probation-proxy|7

103.148.100.146|-|7

103.164.81.65|-|7

103.176.79.137|-|7

103.181.143.73|-|7

103.232.121.71|nick8472839|7

103.233.206.154|-|7

103.236.95.173|-|7

103.252.73.37|-|7

105.27.148.94|-|7

106.54.176.158|-|7

106.75.239.166|-|7

110.227.238.182|abts-tn-dynamic-182.238.227.110.airtelbroadband.in|7

112.196.70.142|-|7

112.216.120.67|-|7

113.193.234.210|-|7

114.111.54.188|-|7

116.71.136.125|-|7

117.91.186.55|-|7

118.26.36.195|-|7

118.26.39.79|-|7

118.41.246.179|-|7

118.70.178.158|-|7

121.142.146.167|-|7

122.155.0.205|host1.bgs.co.th|7

125.132.34.65|-|7

130.12.180.95|-|7

130.12.180.107|-|7

135.125.174.140|vps-6e6dd5be.vps.ovh.net|7

138.204.127.54|-|7

144.217.13.134|vps-2cf81da8.vps.ovh.ca|7

145.239.85.111|vps-87a498e8.vps.ovh.net|7

149.62.187.236|149.62.187.236.hostvps.it|7

149.100.11.243|-|7

151.80.118.222|222.ip-151-80-118.eu|7

151.242.30.71|-|7

152.228.131.33|vps-a34f1667.vps.ovh.net|7

154.125.75.86|-|7

156.238.252.133|-|7

158.160.51.194|-|7

158.178.141.16|-|7

162.142.125.112|112.125.142.162.censys-scanner.com|7

162.142.125.113|113.125.142.162.censys-scanner.com|7

162.142.125.115|115.125.142.162.censys-scanner.com|7

162.142.125.116|116.125.142.162.censys-scanner.com|7

162.142.125.121|121.125.142.162.censys-scanner.com|7

162.142.125.124|124.125.142.162.censys-scanner.com|7

162.142.125.192|192.125.142.162.censys-scanner.com|7

162.142.125.199|199.125.142.162.censys-scanner.com|7

162.142.125.203|203.125.142.162.censys-scanner.com|7

162.142.125.207|207.125.142.162.censys-scanner.com|7

162.142.125.212|212.125.142.162.censys-scanner.com|7

162.142.125.216|216.125.142.162.censys-scanner.com|7

162.142.125.217|217.125.142.162.censys-scanner.com|7

162.142.125.220|220.125.142.162.censys-scanner.com|7

164.177.31.66|static-csq-cds-031066.business.bouyguestelecom.com|7

165.154.245.217|-|7

167.94.138.35|35.138.94.167.censys-scanner.com|7

167.94.138.180|180.138.94.167.censys-scanner.com|7

167.94.138.183|183.138.94.167.censys-scanner.com|7

167.94.146.48|48.146.94.167.censys-scanner.com|7

167.94.146.50|50.146.94.167.censys-scanner.com|7

167.94.146.51|51.146.94.167.censys-scanner.com|7

167.94.146.52|52.146.94.167.censys-scanner.com|7

167.94.146.56|56.146.94.167.censys-scanner.com|7

167.94.146.57|57.146.94.167.censys-scanner.com|7

167.94.146.60|60.146.94.167.censys-scanner.com|7

168.167.228.74|-|7

171.25.158.68|-|7

176.32.195.85|scan.f6.security|7

176.65.151.22|176.65.151.22.ptr.pfcloud.network|7

176.120.22.47|-|7

177.70.2.220|none.underplatform.com|7

179.33.186.151|-|7

181.188.172.6|LPZ-181-188-172-00006.tigo.bo|7

182.76.204.237|nsg-static-237.204.76.182-airtel.com|7

182.253.79.195|-|7

185.196.10.93|-|7

187.120.37.254|hosts-187-120-37-254.iz1telecom.com.br|7

189.50.142.82|mail.cacp.org.br|7

189.217.130.86|customer-189-217-130-86.cablevision.net.mx|7

189.222.218.218|189.222.218.218.dsl.dyn.telnor.net|7

190.124.153.17|customer-ftth-sl-190-124-153-17.megacable.com.ar|7

193.24.211.200|-|7

194.107.115.65|-|7

197.5.145.8|-|7

197.5.145.102|-|7

197.211.55.20|-|7

198.46.146.200|198-46-146-200-host.colocrossing.com|7

199.45.154.115|115.154.45.199.censys-scanner.com|7

199.45.154.152|152.154.45.199.censys-scanner.com|7

199.45.155.76|76.155.45.199.censys-scanner.com|7

200.77.172.159|200-77-172-159.cable.dyn.cablevision.net.mx|7

201.76.120.30|30.120.76.201.in-addr.arpa.verointernet.com.br|7

202.51.214.99|-|7

203.150.107.244|244.107.150.203.sta.inet.co.th|7

206.168.34.32|32.34.168.206.censys-scanner.com|7

206.168.34.35|35.34.168.206.censys-scanner.com|7

206.168.34.37|37.34.168.206.censys-scanner.com|7

206.168.34.46|46.34.168.206.censys-scanner.com|7

206.168.34.47|47.34.168.206.censys-scanner.com|7

206.168.34.53|53.34.168.206.censys-scanner.com|7

206.168.34.57|57.34.168.206.censys-scanner.com|7

206.168.34.121|121.34.168.206.censys-scanner.com|7

206.168.34.124|124.34.168.206.censys-scanner.com|7

206.168.34.125|125.34.168.206.censys-scanner.com|7

206.168.34.195|195.34.168.206.censys-scanner.com|7

206.168.34.205|205.34.168.206.censys-scanner.com|7

206.168.34.207|207.34.168.206.censys-scanner.com|7

206.168.34.215|215.34.168.206.censys-scanner.com|7

206.189.82.12|-|7

207.154.254.44|-|7

209.15.115.240|-|7

210.79.142.221|-|7

210.114.22.126|-|7

213.95.55.14|-|7

216.10.242.161|216-10-242-161.webhostbox.net|7

216.180.246.84|crawler084.deepfield.net|7

216.180.246.107|crawler107.deepfield.net|7

217.77.8.180|vmi3032384.contaboserver.net|7

217.154.38.135|-|7

220.247.223.56|56.sta.idc-2.slt.lk|7

220.247.224.226|-|7

221.161.235.168|-|7

222.107.156.227|-|7
ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/stamparm/ipsum

Awesome Lists containing this project

README
