Skip to content

ufukart/Blacklist

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

869 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Blacklist πŸ›‘οΈ

A comprehensive, automatically maintained IP blacklist compiled from multiple trusted threat intelligence sources to help protect servers, firewalls, and network infrastructure against malicious traffic.

License: MIT Last Updated IPs Blacklist File Size Visitors Donate


🚫 Live Statistics

Metric Value
Blocked IP Addresses 239957
Update Frequency Every 6 hours
Security Sources 15
Duplicates Automatically Removed
Private IPs Filtered Out
Format Plain Text

πŸ”₯ The blacklist currently contains 239957 unique malicious IP addresses, aggregated from 15 trusted security feeds and refreshed every 6 hours.


πŸ“₯ Quick Download

curl -O https://raw.githubusercontent.com/ufukart/Blacklist/main/blacklist.txt

or

wget https://raw.githubusercontent.com/ufukart/Blacklist/main/blacklist.txt

πŸ“– Description

This repository provides a continuously updated blacklist of malicious IPv4 addresses aggregated from multiple reputable threat intelligence providers.

At a glance:

  • Total IPs: 239957 (varies with updates)
  • Update Frequency: Every 6 hours
  • Sources: 15 trusted security feeds
  • Format: Plain text, one IP per line
  • Duplicates: Automatically removed
  • Private IPs: Filtered out (RFC 1918)

The blacklist is designed for use with:

  • Firewalls
  • Intrusion Prevention Systems (IPS)
  • Intrusion Detection Systems (IDS)
  • Web Application Firewalls (WAF)
  • Reverse Proxies
  • Security Appliances
  • Custom Security Scripts

The list includes addresses associated with:

  • Malicious bots
  • Brute-force attacks
  • Spam sources
  • Tor exit nodes
  • Known attackers
  • Threat intelligence feeds

βœ… Compatible With

  • iptables
  • ipset
  • nftables
  • Fail2Ban
  • CSF
  • UFW
  • pfSense
  • OPNsense
  • MikroTik

πŸ“‚ File Format

1.2.3.4
8.8.8.8
203.0.113.0/24
...
  • Plain text
  • One IP/CIDR per line
  • UTF-8
  • IPv4 only
  • No comments
  • Ready for automation

πŸ“Š πŸ“š Blacklist Data Sources

This project aggregates, deduplicates, and merges IP blacklist feeds from the following trusted open-source threat intelligence sources:

Source Description
Zumbo Threat Intelligence IP addresses detected in real time by the Zumbo server infrastructure for malicious activities such as brute-force attacks, vulnerability scanning, exploit attempts, and other abusive behavior.
AbuseIPDB (Borestad Mirror) IP addresses reported for abuse within the last 30 days with a 100% confidence score.
RTBH Blocklist A Remote Triggered Black Hole (RTBH) blacklist of IP addresses associated with malicious traffic, maintained in TΓΌrkiye.
Blocklist.de Aggregated IP addresses detected attacking SSH, mail, web, and other Internet services.
CINS Score – Bad Guys Malicious IP addresses identified by the CINS Army and assigned a poor reputation score.
FireHOL – StopForumSpam (7d) IP addresses involved in forum and comment spam activity during the past 7 days.
GreenSnow IP addresses observed performing brute-force attacks, port scanning, and other malicious activities.
FireHOL Level 1 A low false-positive, general-purpose blacklist covering widely recognized malicious IPs.
Spamhaus DROP Network ranges that are fully controlled by cybercriminals or allocated exclusively for malicious activity.
Tor Bulk Exit List The current list of Tor exit node IP addresses.
BruteForceBlocker IP addresses observed conducting SSH brute-force attacks.
Project Honey Pot IP addresses detected engaging in malicious activity by the Project Honey Pot network.
Emerging Threats – Compromised IPs IP addresses of known compromised servers and devices.
Feodo Tracker IP addresses associated with command-and-control (C2) infrastructure used by malware families such as Feodo, Dridex, and Emotet.
ThreatView – High Confidence Feed High-confidence threat intelligence feed containing verified malicious IP addresses.
IPsum A reputation-ranked IP list compiled from numerous threat intelligence sources.

Why Blacklist?

βœ” Multiple trusted sources

βœ” Duplicate removal

βœ” Private IP filtering

βœ” Ready for production

βœ” Free forever

βœ” Updated every 6 hours


πŸ”„ Update Schedule

The blacklist is automatically regenerated every 6 hours.

Each update performs the following:

  • Downloads all source lists
  • Removes duplicates
  • Filters private IP ranges
  • Removes localhost addresses
  • Removes invalid entries
  • Generates the final blacklist

⚠️ Filtering Rules

The following entries are automatically excluded:

  • RFC1918 Private Networks
  • Localhost
  • Link-local addresses
  • Multicast ranges
  • Duplicate entries
  • Invalid records

πŸ’‘ Usage Example

iptables

while read ip; do
    iptables -A INPUT -s "$ip" -j DROP
done < blacklist.txt

nftables

while read ip; do
    nft add element inet blacklist blocked_ips { $ip }
done < blacklist.txt

🀝 Contributing

Contributions are welcome.

You can help by:

  • Reporting false positives
  • Suggesting new security feeds
  • Improving documentation
  • Submitting pull requests

πŸ“„ License

Released under the MIT License.


❀️ Support

If this project helps protect your infrastructure, consider:

  • ⭐ Starring the repository
  • 🍴 Forking the project
  • πŸ’™ Supporting via PayPal

Keywords

blacklist ip-blacklist iptables firewall security malware botnet threat-intelligence cybersecurity network-security

About

πŸ›‘οΈ Comprehensive IP blacklist from trusted security sources - Updated regularly | Free to use Malware, Botnet, Spam & Attack Prevention for security, firewall, or research purposes.

Topics

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Contributors