Malicious IPs API information/statistic

I recently published an open API to obtain information about IPs used by bots. You can read more about the API in these two blog posts: article 1, article 2

Except for Tor exit nodes, I DON'T crawl any malicious IP list. All the IPs flagged as bots are obtained through several techniques that enables me to be sure about the fact they were/are used by bots (proxies, honeypots). However, keep in mind that some of these IPs may be also shared by legitimate human users.

Number of IPs per category

For the moment I consider 4 categories of IPs:

• Proxy: any type of proxies (data center, residential, paid/free)
• Residential proxy: proxies likely to belong to ISPs or labelled as "premium" by proxy providers
• Vulnerability scanning: IPs used to conduct vulnerability scanning (detected through honeypots)
• Tor exist nodes: although it may be debatable to include these IPs in such a list, most of them are heavily used by bots

Number of IPs per country

Disclaimer: IP locations are obtained with Maxmind, they may not be 100% accurate.

Number of IPs per autonomous system

Disclaimer: Autonomous systems are obtained with Maxmind, they may not be 100% accurate.