{"id":28722313,"url":"https://github.com/ddrimus/http-threat-blocklist","last_synced_at":"2026-01-31T18:30:55.404Z","repository":{"id":301997712,"uuid":"1007004999","full_name":"ddrimus/http-threat-blocklist","owner":"ddrimus","description":"A daily-updated blocklist of IP addresses involved in malicious HTTP attacks that bypassed multiple security layers. Ideal for protecting web servers against probing, exploits, and bot traffic.","archived":false,"fork":false,"pushed_at":"2026-01-26T02:00:42.000Z","size":265,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-26T17:39:42.400Z","etag":null,"topics":["blocklist","cybersecurity","firewall","malware","security","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ddrimus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-23T10:15:14.000Z","updated_at":"2026-01-26T02:00:45.000Z","dependencies_parsed_at":"2026-01-19T04:02:27.980Z","dependency_job_id":null,"html_url":"https://github.com/ddrimus/http-threat-blocklist","commit_stats":null,"previous_names":["ddrimus/http-threat-blocklist"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ddrimus/http-threat-blocklist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddrimus%2Fhttp-threat-blocklist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddrimus%2Fhttp-threat-blocklist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddrimus%2Fhttp-threat-blocklist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddrimus%2Fhttp-threat-blocklist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ddrimus","download_url":"https://codeload.github.com/ddrimus/http-threat-blocklist/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddrimus%2Fhttp-threat-blocklist/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28949335,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T18:30:42.805Z","status":"ssl_error","status_checked_at":"2026-01-31T18:30:19.593Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blocklist","cybersecurity","firewall","malware","security","threat-intelligence"],"created_at":"2025-06-15T08:08:42.372Z","updated_at":"2026-01-31T18:30:55.399Z","avatar_url":"https://github.com/ddrimus.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# HTTP Threat Blocklist\n\nThis repository provides a **daily-updated blocklist** of IP addresses involved in malicious HTTP attacks targeting servers. Designed to protect both your systems and mine, the blocklist defends against common HTTP-based threats, including **probing**, **exploit attempts**, and **malicious bots**.\n\n[![Threat Level](https://img.shields.io/badge/Threat%20Level-HIGH-red)](.)\n[![IPs Blocked](https://img.shields.io/badge/IPs%20Blocked-333-blue)](.)\n[![Last Updated](https://img.shields.io/badge/Updated-2026--01--31-brightgreen)](.)\n\n## 🔍 About This List\n\nThis is my **private blocklist**, built from traffic that actually made it through multiple layers of defense — including **Cloudflare**, **CrowdSec**, and IP rate limits. I also block entire regions like **China** and **Russia**, so if something shows up here, it means it **slipped through all of that** and still tried something shady.\n\n*In short: this list catches the ones that got further than they should have.*\n\n## 📈 Current Threat Status\n\n```\n+--------------------------------------+\n|           THREAT OVERVIEW            |\n+--------------------------------------+\n| Status: HIGH                         |\n| Active IPs: 333                      |\n| Total Reports: 11,199                |\n| Unique Sources: 3,050                |\n+--------------------------------------+\n```\n\n*Threat levels: significant malicious activity detected!*\n\n## 🎯 Attack Patterns\n\n```\n🔥 Most Common Attack Types\n──────────────────────────\n\n                HTTP Probing ▏ 3284 ███████████████████████████████████ ( 29.4%)\n         HTTP Bad User Agent ▏ 2438 █████████████████████████ ( 21.9%)\nHTTP Admin Interface Probing ▏ 1264 █████████████ ( 11.3%)\n        HTTP Sensitive Files ▏ 1218 ████████████ ( 10.9%)\n         HTTP Wordpress Scan ▏  747 ███████ (  6.7%)\n      HTTP Crawl Non Statics ▏  472 █████ (  4.2%)\n     HTTP Backdoors Attempts ▏  451 ████ (  4.0%)\n       CVE-2017-9841 Exploit ▏  415 ████ (  3.7%)\n            HTTP CVE Probing ▏  383 ████ (  3.4%)\n   CVE-2018-20062 (Thinkphp) ▏  142 █ (  1.3%)\n      CVE-2022-41082 Exploit ▏  114 █ (  1.0%)\n                 Netgear RCE ▏   91 █ (  0.8%)\n       CVE-2021-26086 (Jira) ▏   51 █ (  0.5%)\n HTTP Path Traversal Probing ▏   42 █ (  0.4%)\n      CVE-2019-18935 Exploit ▏   40 █ (  0.4%)\n```\n\n## 🌍 Geographic Distribution\n\n```\n🗺️ Top Source Countries\n───────────────────────\n\n United States ▏ 3449 ███████████████████████████████████ ( 35.9%)\nUnited Kingdom ▏ 1734 █████████████████ ( 18.0%)\n       Ireland ▏ 1030 ██████████ ( 10.7%)\n   Netherlands ▏  726 ███████ (  7.5%)\n         Japan ▏  551 █████ (  5.7%)\n        France ▏  535 █████ (  5.6%)\n     Singapore ▏  526 █████ (  5.5%)\n       Germany ▏  385 ███ (  4.0%)\n     Australia ▏  357 ███ (  3.7%)\n         India ▏  327 ███ (  3.4%)\n```\n\n## 📊 Activity Timeline\n\n```\n📅 Recent Activity (7 days)\n──────────────────────────\n\n2026-01-24 ▏   21 █████████████████ (  9.3%)\n2026-01-25 ▏   40 ██████████████████████████████████ ( 17.6%)\n2026-01-26 ▏   41 ███████████████████████████████████ ( 18.1%)\n2026-01-27 ▏   33 ████████████████████████████ ( 14.5%)\n2026-01-28 ▏   23 ███████████████████ ( 10.1%)\n2026-01-29 ▏   31 ██████████████████████████ ( 13.7%)\n2026-01-30 ▏   33 ████████████████████████████ ( 14.5%)\n2026-01-31 ▏    5 ████ (  2.2%)\n```\n\n## 🔒 Security Notes\n\n- **False Positives**: This blocklist is generated from automated threat detection.\n- **Legitimate Traffic**: Review before implementing in production environments.\n- **Rate Limiting**: Consider implement rate limiting alongside IP blocking.\n- **Monitoring**: Monitor your logs for blocked legitimate traffic.\n\n## 🤝 Contributing\n\nIf you have any improvements, additional information, or notice any IPs that shouldn't be on the list, we'd love to hear from you! Feel free to open a pull request with your suggestions or details.\n\nIf you believe your IP has been mistakenly blocked and would like to request an unban, please provide all relevant information in an issue. I will review your case and address it promptly. Your contributions, suggestions, and feedback are always welcome and appreciated!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fddrimus%2Fhttp-threat-blocklist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fddrimus%2Fhttp-threat-blocklist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fddrimus%2Fhttp-threat-blocklist/lists"}