Probing Blocklist

This is a public feed of IP addresses blocked on im.forsale after probing sensitive paths (our honeypot) or manual abuse review. It is intended for other site operators who want to block the same scanners, crawlers, and exploit bots hitting common vulnerability paths.

Active entries
3,185
Last updated
Jul 7, 2026 17:38 UTC

What gets listed

  • Honeypot blocks — permanent block on the first request to sensitive paths such as .env, wp-admin, phpMyAdmin, .git, and similar probe targets.
  • Manual blocks — IPs blocked by administrators for abusive behaviour.

This is an IP address list, not a User-Agent bot list. Many bad bots share the same IPs across sites.

Download formats

Plain text is one IP per line for firewalls, fail2ban, nginx deny, and WAF import. JSON includes source and trigger metadata.

# Example — plain text (one IP per line)
curl -s https://im.forsale/blocklist.txt
# Example — JSON with metadata
curl -s https://im.forsale/blocklist.json | jq '.count, .entries[0]'

How others publish blocklists

Most community blocklists ship a plain-text file with one IP per line for direct import into firewalls, fail2ban, nginx deny, Cloudflare/WAF rules, or scripts. JSON feeds are common when extra fields (reason, first seen, category) are useful. Feeds are typically cached and include a Last-Modified header so consumers only re-fetch when updated.

Provided as-is for community use. No warranty; verify before blocking in production.

Request removal from blocklist

If your IP was blocked after accidentally triggering our honeypot, you can request removal here. You must complete this form from a different network than the blocked IP (for example mobile data or another location). Blocked IPs cannot load this site until unblocked.

Used only to validate the form; we do not store or contact this address.

Please confirm you are not a robot:

Re-probing sensitive paths after unblock will block the IP again; repeat hits are tracked on the existing record.