Malicious IPs
Free feed of C2, scanner and malware-delivery IPs from Twitter/X researchers
Malicious IPs
C2, scanner and malware-delivery IPs from Twitter/X
Related Threat Intelligence feeds: URLs · Domains · SHA-256 · MD5 · All IOC types
IPs by window
-
malicious IPs
-
malicious IPs
-
malicious IPs
-
malicious IPs
What this list contains
- Sourced from ~95 Twitter/X security researchers, refreshed every 15 minutes.
- C2 servers, malware-delivery hosts, scanners and known abuse IPs.
- IPv4 only in the current dataset. Onion infrastructure surfaced as URLs/domains, not IPs.
- Caveat: many IPs sit on shared hosting or CDN ranges. Treat as enrichment signal, not standalone block decision.
Recent samples
Latest 10 IPs from the past 7 days. Live from api.tweetfeed.live/v1/week/ip.
Top tags for malicious IPs
Formats and how to use
Every TweetFeed feed is free and public domain (CC0 1.0) with no API key or sign-up. The malicious IPs are available in four formats:
| Format | Where | Best for |
|---|---|---|
| JSON API | api.tweetfeed.live/v1/<window>/ip | SOAR / SIEM enrichment, scripts |
| CSV | today / week / month / year .csv | bulk import, spreadsheets, blocklists |
| RSS | rss.xml | watch new IOCs in a reader |
| MCP | mcp.tweetfeed.live | live lookups from AI agents / Claude |
Load the IP list into your firewall or IDS/IPS as a deny rule, or query the JSON API from your SIEM. IP feeds carry higher false-positive risk on shared hosting, so scope blocks carefully. Validate against VirusTotal or your own sandbox before blocking outright, since OSINT feeds can carry false positives.
Frequently asked questions
What is a malicious IP feed?
A malicious IP feed is a continuously updated list of IPv4 addresses observed in adversary infrastructure. Common categories include C2 servers, malware-delivery hosts, port scanners and brute-force sources. Security teams ingest these into firewalls, IDS/IPS and SIEM correlation rules. TweetFeed publishes the IPs spotted by ~95 infosec researchers on Twitter/X, refreshed every 15 minutes.