Free Downloads
Blocklist Feeds
High-confidence, regularly-updated blocklists. Free to use, no registration required.
160,730
Active IPs
1,361,649
Signals
15min
Updates
4
Categories
By using Fraudcache data, you agree to our legal terms:
Available Feeds
Plain text, one IP per lineCombined Feed
All malicious IPs from all categories in a single feed
fraudcache-all.txt
4 minutes ago
DNS Blocklist (DNSBL)
Real-time IP lookups via DNS - perfect for mail servers
bl.fraudcache.com
127.0.0.3
Spam
127.0.0.4
Web Attack
127.0.0.5
Scanner
127.0.0.6
Botnet C2
Spam IPs
Email spam, SMTP abuse, bulk messaging
fraudcache-spam-ips.txt
4 minutes ago
API
https://fraudcache.com/api/v1/check/{ip}
Web Attacks
SQLi, XSS, credential stuffing, exploits
fraudcache-web-attacks.txt
4 minutes ago
API
https://fraudcache.com/api/v1/check/{ip}
Scanners
Port scanning, SSH/RDP brute force
fraudcache-scanners.txt
4 minutes ago
API
https://fraudcache.com/api/v1/check/{ip}
Botnet C2
Command & control infrastructure
fraudcache-botnet-c2.txt
4 minutes ago
API
https://fraudcache.com/api/v1/check/{ip}
Feed Format
All feeds are plain text files with one IP address per line. Comments start with # and are skipped when parsing.
# Fraudcache Spam Feed
# Generated: 2026-01-27T17:55:03+01:00
# Category: spam
# Entries: 160,730
# License: Free for any use
#
192.0.2.1
192.0.2.15
198.51.100.5
198.51.100.42
203.0.113.88
203.0.113.200
2001:db8::1
2001:db8:85a3::8a2e:370:7334
Integration Guide
Easy Integration
Works with any firewall, mail server, or security tool that accepts IP blocklists.
1 Download the Feeds
Using cURL
Most common method, available on all Linux/macOS systems
# Download spam feed
curl -o /etc/fraudcache/spam.txt \
https://fraudcache.com/feeds/fraudcache-spam-ips.txt
# Download all feeds
curl -o /etc/fraudcache/spam.txt https://fraudcache.com/feeds/fraudcache-spam-ips.txt
curl -o /etc/fraudcache/web_attack.txt https://fraudcache.com/feeds/fraudcache-web-attacks.txt
curl -o /etc/fraudcache/scanner.txt https://fraudcache.com/feeds/fraudcache-scanners.txt
curl -o /etc/fraudcache/botnet_c2.txt https://fraudcache.com/feeds/fraudcache-botnet-c2.txtUsing wget
Alternative to cURL, great for scripting
# Download spam feed
wget -O /etc/fraudcache/spam.txt \
https://fraudcache.com/feeds/fraudcache-spam-ips.txt
# Download with timestamping (only if newer)
wget -N -P /etc/fraudcache/ \
https://fraudcache.com/feeds/fraudcache-spam-ips.txt2 Set Up Automatic Updates
Cron Job (Recommended: Every 15 Minutes)
Keep your blocklists fresh with automatic updates
# Create the update script
cat > /usr/local/bin/update-fraudcache.sh << 'EOF'
#!/bin/bash
DIR="/etc/fraudcache"
BASE_URL="https://fraudcache.com/feeds"
mkdir -p $DIR
# Download all feeds
curl -sf -o "$DIR/spam.txt.tmp" "$BASE_URL/fraudcache-spam-ips.txt" && \
mv "$DIR/spam.txt.tmp" "$DIR/spam.txt"
curl -sf -o "$DIR/web_attack.txt.tmp" "$BASE_URL/fraudcache-web-attacks.txt" && \
mv "$DIR/web_attack.txt.tmp" "$DIR/web_attack.txt"
curl -sf -o "$DIR/scanner.txt.tmp" "$BASE_URL/fraudcache-scanners.txt" && \
mv "$DIR/scanner.txt.tmp" "$DIR/scanner.txt"
curl -sf -o "$DIR/botnet_c2.txt.tmp" "$BASE_URL/fraudcache-botnet-c2.txt" && \
mv "$DIR/botnet_c2.txt.tmp" "$DIR/botnet_c2.txt"
# Optional: Reload firewall rules after update
# systemctl reload firewalld
# /usr/local/bin/reload-ipset.sh
EOF
chmod +x /usr/local/bin/update-fraudcache.sh
# Add to crontab (run every 15 minutes)
echo "*/15 * * * * root /usr/local/bin/update-fraudcache.sh" > /etc/cron.d/fraudcache3 Integrate with Your Infrastructure
# Install ipset if not already installed
apt-get install ipset # Debian/Ubuntu
yum install ipset # CentOS/RHEL
# Create the ipset (hash:net supports CIDR notation too)
ipset create fraudcache-spam hash:net hashsize 65536 maxelem 1000000
ipset create fraudcache-attacks hash:net hashsize 65536 maxelem 1000000
# Load IPs into the set
curl -sf https://fraudcache.com/feeds/fraudcache-spam-ips.txt | \
grep -v '^#' | grep -v '^$' | while read ip; do
ipset add fraudcache-spam "$ip" 2>/dev/null
done
# Add iptables rule to drop matching traffic
iptables -I INPUT 1 -m set --match-set fraudcache-spam src -j DROP
iptables -I INPUT 1 -m set --match-set fraudcache-attacks src -j DROP
# Save rules to persist across reboots
ipset save > /etc/ipset.conf
iptables-save > /etc/iptables.rulesTip: Use ipset swap to atomically update the set without dropping connections.
# Create nftables set and rules
nft add table inet filter
nft add set inet filter fraudcache { type ipv4_addr\; flags interval\; }
nft add set inet filter fraudcache6 { type ipv6_addr\; flags interval\; }
# Add drop rule
nft add rule inet filter input ip saddr @fraudcache drop
nft add rule inet filter input ip6 saddr @fraudcache6 drop
# Load IPs from feed
curl -sf https://fraudcache.com/feeds/fraudcache-spam-ips.txt | \
grep -v '^#' | grep -v '^$' | while read ip; do
if [[ $ip == *":"* ]]; then
nft add element inet filter fraudcache6 { "$ip" }
else
nft add element inet filter fraudcache { "$ip" }
fi
done# Step 1: Convert feed to nginx geo format
curl -sf https://fraudcache.com/feeds/fraudcache-spam-ips.txt | \
grep -v '^#' | grep -v '^$' | \
awk '{print $1 " 1;"}' > /etc/nginx/fraudcache-spam.conf
# Step 2: Add to nginx.conf (http block)
geo $is_spam {
default 0;
include /etc/nginx/fraudcache-spam.conf;
}
# Step 3: Use in your server block
server {
listen 80;
server_name example.com;
if ($is_spam) {
return 403 "Access denied";
}
# ... rest of config
}
# Step 4: Reload nginx
nginx -t && systemctl reload nginx# Step 1: Download feed (strip comments)
curl -sf https://fraudcache.com/feeds/fraudcache-spam-ips.txt | \
grep -v '^#' | grep -v '^$' > /etc/haproxy/fraudcache-spam.lst
# Step 2: haproxy.cfg configuration
frontend http_front
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/
# Load blocklist ACL
acl is_spam src -f /etc/haproxy/fraudcache-spam.lst
acl is_attacker src -f /etc/haproxy/fraudcache-attacks.lst
# Block matching IPs
http-request deny deny_status 403 if is_spam
http-request deny deny_status 403 if is_attacker
# Or silently tarpit them
# http-request tarpit if is_spam
default_backend servers
# Step 3: Reload HAProxy
haproxy -c -f /etc/haproxy/haproxy.cfg && \
systemctl reload haproxy# Create a script to ban all IPs from feed
cat > /usr/local/bin/fraudcache-f2b.sh << 'EOF'
#!/bin/bash
JAIL="fraudcache"
# Fetch and ban each IP
curl -sf https://fraudcache.com/feeds/fraudcache-scanners.txt | \
grep -v '^#' | grep -v '^$' | while read ip; do
fail2ban-client set $JAIL banip "$ip" 2>/dev/null
done
EOF
chmod +x /usr/local/bin/fraudcache-f2b.sh
# Create fail2ban jail (/etc/fail2ban/jail.d/fraudcache.conf)
[fraudcache]
enabled = true
filter =
banaction = iptables-allports
maxretry = 1
findtime = 86400
bantime = 86400# Script to add rules to UFW
cat > /usr/local/bin/ufw-fraudcache.sh << 'EOF'
#!/bin/bash
# Download and add each IP
curl -sf https://fraudcache.com/feeds/fraudcache-botnet-c2.txt | \
grep -v '^#' | grep -v '^$' | while read ip; do
ufw insert 1 deny from "$ip" to any comment "Fraudcache"
done
EOF
chmod +x /usr/local/bin/ufw-fraudcache.sh
# Note: UFW can be slow with many rules.
# For large blocklists, use ipset instead.Note: UFW is not recommended for large blocklists. Use iptables+ipset for better performance.
# Generate .htaccess deny rules
echo "Order Allow,Deny" > /var/www/.htaccess-fraudcache
echo "Allow from all" >> /var/www/.htaccess-fraudcache
curl -sf https://fraudcache.com/feeds/fraudcache-web-attacks.txt | \
grep -v '^#' | grep -v '^$' | \
awk '{print "Deny from " $1}' >> /var/www/.htaccess-fraudcache
# Include in your main .htaccess
Include /var/www/.htaccess-fraudcache
# Or use mod_authz_host (Apache 2.4+)
# Require not ip 192.0.2.14 Best Practices
Update Every 15 Min
Feeds are refreshed frequently. Sync every 15-30 minutes for best protection.
Trust Botnet C2
C2 IPs are verified infrastructure. Block with high confidence.
Rate-Limit Scanners
Consider rate-limiting instead of blocking scanner IPs outright.
Handle False Positives
Have a process for legitimate traffic wrongly blocked. Link to our dispute form.
Need Real-Time Lookups?
Use the Fraudcache API for single IP checks, batch lookups, and detailed threat intelligence. Free tier included.