This repository contains a list of IP addresses associated with various malicious activities on the internet. Many of them are part of botnets or VPN/proxy networks used to conduct cyberattacks — including DDoS and more.
⭐ If you find this repository helpful, please consider giving it a star. Thank you!
📄 Looking for solid and effective Cloudflare WAF expressions? Check out sefinek/Cloudflare-WAF-Expressions
Looking for better blacklists? Visit sniffcat.com! SniffCat is the new alternative to AbuseIPDB!
- ✅ DDoS attacks (L7 – HTTP flood)
- HTTP requests from known botnets
- Requests with unusual HTTP headers or URI paths
- Traffic from known bad sources
- Requests impersonating real browsers
- ✅ Malicious bots & crawlers
- ✅ Bots generating artificial views (useful if you use Google AdSense)
- ✅ Malicious VPNs & proxies
Important
Blocking IP addresses should be done carefully to avoid disrupting legitimate traffic. Regularly updating the list is highly recommended.
Updates usually occur every 2 hours, but occasionally there may be a delay of several days. The list is actively maintained and will not be abandoned.
https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/main.txt
curl -L --progress-bar -o main.txt https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/main.txthttps://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/details.csv
curl -L --progress-bar -o details.csv https://raw.githubusercontent.com/sefinek/Malicious-IP-Addresses/main/lists/details.csvImportant
This file contains user agents, endpoints, and IP addresses that have been blacklisted. Not all IP addresses from main.txt are included in details.csv!
Copyright 2024-2025 © by Sefinek. All Rights Reserved.
