Bitwire IP Blocklist
Mirror of bitwire-it/ipblocklist (338 stars, updated every 2h). Two complementary lists: inbound.txt (attack sources — apply on WAN IN) and outbound.txt (C2 / malware destinations — apply on LAN OUT). Aggregated from AbuseIPDB, FireHOL, ipsum, ThreatFox, Spamhaus DROP, SANS, Binary Defense, CINSscore and 20+ other sources.
Data: CC BY-NC-SA 4.0 (commercial use requires per-source agreements — Spamhaus etc.). Pairs with /dfir/blocklists (the consolidated pfSense / iptables / Suricata generator that already includes these lists), /threatintel/live-iocs (unified IOC firehose) and the upstream stats dashboard.
Cross-list overlap (sampled)
Loading both lists…
Inbound blocklist
inbound.txtApply to your firewall WAN IN / INPUT chain — drops scan, brute-force and exploit traffic from these sources.
Sampled IPs (0)
Attribution
The Bitwire list is an aggregation. Underlying sources include AbuseIPDB, FireHOL, ipsum, ThreatFox, ShadowWhisperer IPs, romainmarcoux/malicious-ip, CriticalPathSecurity, Binary Defense, Bruteforceblocker, Spamhaus DROP, SANS ISC, CINSscore, dataplane.org, AlienVault OTX, Tor exit list, hagezi DNS blocklists, and others. Each is governed by its own license — the aggregated file is CC BY-NC-SA 4.0. See the upstream README for the full attribution list.
This platform consumes the file under fair-use / research terms and surfaces it as a research aid. Do not use the aggregated data for commercial products.