This repository provides a daily-updated blocklist of IP addresses involved in malicious HTTP attacks targeting servers. Designed to protect both your systems and mine, the blocklist defends against common HTTP-based threats, including probing, exploit attempts, and malicious bots.
This is my private blocklist, built from traffic that actually made it through multiple layers of defense — including Cloudflare, CrowdSec, and IP rate limits. I also block entire regions like China and Russia, so if something shows up here, it means it slipped through all of that and still tried something shady.
In short: this list catches the ones that got further than they should have.
+--------------------------------------+
| THREAT OVERVIEW |
+--------------------------------------+
| Status: HIGH |
| Active IPs: 485 |
| Total Reports: 14,748 |
| Unique Sources: 3,953 |
+--------------------------------------+
Threat levels: significant malicious activity detected!
🔥 Most Common Attack Types
──────────────────────────
HTTP Probing ▏ 4375 ███████████████████████████████████ ( 29.8%)
HTTP Bad User Agent ▏ 2827 ██████████████████████ ( 19.3%)
HTTP Admin Interface Probing ▏ 1856 ██████████████ ( 12.6%)
HTTP Sensitive Files ▏ 1379 ███████████ ( 9.4%)
HTTP Wordpress Scan ▏ 1302 ██████████ ( 8.9%)
HTTP Crawl Non Statics ▏ 777 ██████ ( 5.3%)
HTTP Backdoors Attempts ▏ 628 █████ ( 4.3%)
HTTP CVE Probing ▏ 517 ████ ( 3.5%)
CVE-2017-9841 Exploit ▏ 442 ███ ( 3.0%)
CVE-2022-41082 Exploit ▏ 160 █ ( 1.1%)
CVE-2018-20062 (Thinkphp) ▏ 144 █ ( 1.0%)
Netgear RCE ▏ 113 █ ( 0.8%)
CVE-2021-26086 (Jira) ▏ 59 █ ( 0.4%)
HTTP Path Traversal Probing ▏ 50 █ ( 0.3%)
CVE-2019-18935 Exploit ▏ 48 █ ( 0.3%)
🗺️ Top Source Countries
───────────────────────
United States ▏ 4503 ███████████████████████████████████ ( 37.0%)
United Kingdom ▏ 1770 █████████████ ( 14.6%)
Ireland ▏ 1247 █████████ ( 10.3%)
Netherlands ▏ 871 ██████ ( 7.2%)
France ▏ 805 ██████ ( 6.6%)
Singapore ▏ 703 █████ ( 5.8%)
Japan ▏ 690 █████ ( 5.7%)
Canada ▏ 552 ████ ( 4.5%)
Germany ▏ 522 ████ ( 4.3%)
Australia ▏ 499 ███ ( 4.1%)
📅 Recent Activity (7 days)
──────────────────────────
2026-04-18 ▏ 58 ███████████████████████████████████ ( 16.4%)
2026-04-19 ▏ 48 ████████████████████████████ ( 13.6%)
2026-04-20 ▏ 53 ███████████████████████████████ ( 15.0%)
2026-04-21 ▏ 39 ███████████████████████ ( 11.0%)
2026-04-22 ▏ 55 █████████████████████████████████ ( 15.6%)
2026-04-23 ▏ 54 ████████████████████████████████ ( 15.3%)
2026-04-24 ▏ 39 ███████████████████████ ( 11.0%)
2026-04-25 ▏ 7 ████ ( 2.0%)
- False Positives: This blocklist is generated from automated threat detection.
- Legitimate Traffic: Review before implementing in production environments.
- Rate Limiting: Consider implement rate limiting alongside IP blocking.
- Monitoring: Monitor your logs for blocked legitimate traffic.
If you have any improvements, additional information, or notice any IPs that shouldn't be on the list, we'd love to hear from you! Feel free to open a pull request with your suggestions or details.
If you believe your IP has been mistakenly blocked and would like to request an unban, please provide all relevant information in an issue. I will review your case and address it promptly. Your contributions, suggestions, and feedback are always welcome and appreciated!