Skip to main content
Topic: Malicious IPs or IP ranges (Read 446 times) previous topic - next topic

Malicious IPs or IP ranges

They are in different formats.



Spamhause DROP lists (Dont Route Or Peer)

Allegedly missing IPs in other lists

SSH attackers

FTP attackers

HTTP/Apache attackers

SMTP/E-Mail Attackers

VOIP/SIP Attackers

IRC / Bots

Shodan (add ?json or ?csv for a different format than xml)

Per country/continent

Datacenters (old)

Tor exit nodes (add ?json or ?csv for a different format than xml)

Some other feeds:
Make sure to only pick ones that have had updates recently. Rest will return an error that they are not maintained.
When you choose a feed, for example "Scanners Operated by", you open the url with the type at the end, for example: or for "Rapid 7 Project Sonar" -

And some IPs from one of the links with the title "Top Attackers" (selectel, ipvolume, novogara, digitalocean, clouvider, etc.)