Probing Blocklist
This is a public feed of IP addresses blocked on im.forsale after probing sensitive paths (our honeypot) or manual abuse review. It is intended for other site operators who want to block the same scanners, crawlers, and exploit bots hitting common vulnerability paths.
What gets listed
- Honeypot blocks — permanent block on the first request to sensitive paths such as
.env,wp-admin,phpMyAdmin,.git, and similar probe targets. - Manual blocks — IPs blocked by administrators for abusive behaviour.
This is an IP address list, not a User-Agent bot list. Many bad bots share the same IPs across sites.
Download formats
Plain text is one IP per line for firewalls, fail2ban, nginx deny, and WAF import. JSON includes source and trigger metadata.
curl -s https://im.forsale/blocklist.txt
curl -s https://im.forsale/blocklist.json | jq '.count, .entries[0]'
How others publish blocklists
Most community blocklists ship a plain-text file with one IP per line for direct import into
firewalls, fail2ban, nginx deny, Cloudflare/WAF rules, or scripts.
JSON feeds are common when extra fields (reason, first seen, category) are useful. Feeds are typically cached and
include a Last-Modified header so consumers only re-fetch when updated.
Provided as-is for community use. No warranty; verify before blocking in production.
Request removal from blocklist
If your IP was blocked after accidentally triggering our honeypot, you can request removal here. You must complete this form from a different network than the blocked IP (for example mobile data or another location). Blocked IPs cannot load this site until unblocked.