Frequently Asked Questions

Common questions about ipban.one and how we detect malicious IP addresses

What is ipban.one?

ipban.one (IP Security Analysis & Alert System) is a free public database of IP addresses that have been detected performing malicious activities such as hacking attempts, brute force attacks, SQL injection, XSS attacks, and other security threats.

How do you detect malicious IPs?

We use a multi-layered detection system that analyzes:
  • Server access logs for suspicious URL patterns (SQL injection, XSS, path traversal)
  • SSH authentication logs for brute force attempts
  • Request rates to detect DDoS and scanning activities
  • Patterns associated with known attack tools and malware
When an IP triggers multiple detection rules or exhibits persistent malicious behavior, it is automatically added to our public database.

How often is the database updated?

Our database is updated in real-time. When a new attack is detected, the offending IP is immediately added to the public list. The "Last Seen" timestamp shows when the most recent malicious activity was detected from that IP.

Can I use this data to block IPs on my server?

Yes! The data is freely available for use in protecting your own infrastructure. You can manually add IPs to your firewall, or integrate with our list programmatically. However, we recommend reviewing IPs before blocking, as some may be shared hosting or VPNs where one malicious user can affect many.

My IP is listed. How do I get it removed?

If you believe your IP was incorrectly listed (e.g., you're a security researcher conducting authorized testing, or your IP was compromised and has since been secured), please contact us with:
  • The IP address in question
  • An explanation of why it should be removed
  • Evidence that the malicious activity has stopped (if applicable)
We review all removal requests and will delist legitimate cases.

What information do you store about each IP?

For each detected IP, we store:
  • The IP address itself
  • Reverse DNS (if available)
  • Geographic location (country, city, region)
  • ISP/hosting provider information
  • Type of attack(s) detected
  • First and last seen timestamps
  • Total number of attacks detected
We do not store or publish personal information beyond what is publicly available through standard network lookups.

How can I contribute reports about an IP?

On each IP detail page, there's a comment form where you can submit additional information about malicious activity you've observed. All comments are reviewed by our team before being published to ensure quality and accuracy.

Do you provide an API?

Currently, we don't offer a public API. However, if you have a legitimate use case that would benefit from programmatic access to our data, please contact us to discuss options.

How is this different from other IP reputation services?

ipban.one is a specialized, real-time threat detection system focused on attacks we directly observe on our monitored infrastructure. Unlike aggregated blacklists, every IP in our database was detected attacking our systems, ensuring high accuracy. We're smaller in scope but more precise in our detections.

Is this service free?

Yes, ipban.one is completely free to use. We believe that sharing threat intelligence benefits the entire security community. There are no hidden fees, subscriptions, or premium tiers. The service is provided as a contribution to internet security.