Sign In
Access your IPWhois.net account
No account? Create one
Home / Blacklist / Docs

IPWhois.net Blacklist

Community-driven IP threat intelligence. Search, check, and report malicious IP addresses.
184,733 IPs 7,370 reports Free API
Server & Firewall
Fail2Ban
Block + report banned IPs automatically. The most popular integration.
CSF Firewall
Sync blacklisted IPs to ConfigServer Security & Firewall deny list.
iptables / nftables
Block IPs at the kernel firewall level using ipset and nftables sets.
Nginx
Block blacklisted IPs directly in Nginx config with auto-updated deny list.
Apache
Block IPs via .htaccess or mod_rewrite with auto-generated deny rules.
Cloudflare
Block at the edge with Workers or Firewall Rules before traffic reaches your server.
Auto Reporting
Parse server logs and report malicious IPs on a schedule via cron.
CMS & Applications
WordPress
Block + report on wp-login, wp-admin and XML-RPC. Plugin or mu-plugin.
Joomla
Protect Joomla administrator login and forms from blacklisted IPs.
Drupal
Custom module to block blacklisted IPs on admin and login routes.
PrestaShop
Protect back office and checkout from blacklisted IPs.
Languages & Frameworks
PHP / Laravel
Standalone function with file cache and Laravel middleware.
Node.js
Express and Fastify middleware with in-memory cache.
Python
Flask, Django and FastAPI middleware for IP blocking.
Go
HTTP middleware for net/http, Gin, Echo and Chi.
Ruby
Rack middleware for Rails and Sinatra.
cURL
Command-line examples for checking and reporting IPs.
Quick Start

All integrations use the IPWhois.net Blacklist API. The two key endpoints are:

Check if an IP is blacklisted
GET https://bl.ipwhois.net/api/check?ip=1.2.3.4
Report a malicious IP
POST https://bl.ipwhois.net/api/report ip=1.2.3.4&type=brute-force&message=Description+here

Threat types: brute-force, spam, ddos, scan, phishing, malware, bot, other

Rate limit: The public API allows 500 free requests per day per source IP. For higher limits, use an API key from the API page.