Threat Intelligence

IP Blocklist Subscriptions

This honeypot automatically reports malicious IPs to AbuseIPDB, Blocklist.de, SANS DShield and AlienVault OTX — every hour, 24/7. If you run your own server, you can use these same feeds to block the same attackers before they reach you.

⚡ Protect your server with the same stack

Copy-paste to install CrowdSec (blocks 60k+ IPs at firewall level) and add Blocklist.de to Pi-hole.

# 1. Install CrowdSec — community firewall that blocks 60k+ known attackers
$ curl -s https://packagecloud.io/crowdsec/crowdsec/script.deb.sh | sudo bash
$ sudo apt install crowdsec crowdsec-firewall-bouncer-iptables
$ sudo cscli hub update && sudo cscli collections install crowdsecurity/linux

# 2. Pi-hole — Admin → Adlists → paste all these URLs then run pihole -g
https://lists.blocklist.de/lists/all.txt
https://lists.blocklist.de/lists/ssh.txt
https://lists.blocklist.de/lists/ftp.txt
https://lists.blocklist.de/lists/smtp.txt
https://raw.githubusercontent.com/nicehash/blocklist/main/README.md
https://raw.githubusercontent.com/nicehash/blocklist/main/blocklist.txt
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/adblock/tif.mini.txt
https://raw.githubusercontent.com/nicehash/blocklist/main/README.md
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareAdGuard.txt
https://iplists.firehol.org/files/firehol_level1.netset
https://www.spamhaus.org/drop/drop.txt
https://www.spamhaus.org/drop/edrop.txt
$ pihole -g

# We use even more — see the full Recommended section below ↓

📤 Where we report

CONTRIBUTING LIVE

Our honeypot actively feeds attack data to these 4 platforms every hour.

📥 Recommended subscriptions

CURATED

We don't contribute here, but these are the best feeds to protect your infrastructure.

📡 Subscribe to this blog

Get notified whenever a new daily report drops via RSS.

RSS Feed https://threats.evitalios.com/rss.xml