This repository contains a list of IP addresses associated with various malicious activities on the internet. Many of them belong to botnets or VPN/proxy networks used to carry out attacks, including DDoS and other forms of abuse. If you find this repository helpful, consider leaving a star. Thank you, have a nice day!
π A trustworthy whitelist of known bot IP addresses is available at sefinek/known-bots-ip-whitelist.
π For solid and effective Cloudflare WAF rules, check out sefinek/Cloudflare-WAF-Expressions.
Tip
Looking for a better alternative? Visit sniffcat.com - a new and efficient alternative to AbuseIPDB.
The service provides detailed reports on malicious IP addresses and offers filtering by confidence score, countries, categories, and IP version.
Data can be downloaded in JSON or TXT format and is regularly updated based on submissions from our users. Results are generated automatically and available completely free of charge!
You can find the documentation here.
Do you have any questions or need assistance? Create a new issue or join my Discord server. I also post important updates and announcements there. My email address: contact@sefinek.net π
The main purpose of this repository is threat identification, not direct IP blocking. The list contains IP addresses belonging to VPNs or proxies that have previously been involved in abuse activity and/or DDoS attacks. Entries are added continuously and are generally not removed, as the list serves as a long-term reputation blacklist. For blocking malicious traffic at the firewall level, consider using sniffcat.com.
- β
DDoS attacks (L7 - HTTP flood)
- HTTP requests originating from known botnets
- Traffic with unusual HTTP headers or suspicious endpoints
- Connections from sources with confirmed malicious activity
- Requests impersonating real browsers
- β Malicious bots and crawlers
- β Bots generating artificial views (especially useful if you use Google AdSense)
- β Malicious VPNs and proxies used for abuse
Updates usually occur every 2 hours, but sometimes a delay of several days may occur. If you notice a longer lack of updates, you can report it via an Issue. The list is actively maintained and will not be abandoned.
https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/main.txt
curl -fsS -o blacklist.txt https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/main.txtwget -nv -O blacklist.txt https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/main.txthttps://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/details.csv
Important
This file contains user agents, endpoints, and IP addresses that have been blacklisted. Not all IP addresses from main.txt are included in details.csv!
curl -fsS -o blacklist.csv https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/details.csvwget -nv -O blacklist.csv https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/details.csvCopyright Β© 2024-2026 Sefinek
