Skip to main content

BlockList DE Feed

Download With Dependencies

Indicators feed from BlockList DE

Use the Blocklist.de feed integration to fetch indicators from the daily Threat Feed and Custom feeds.
When you configure your servers, you can use this information to reject a connection because of the indicators received from the Blocklist.de feed.

Custom Feeds

You can connect to a custom Blocklist.de feed by specifying the services from which to process indicators.

Feed Description
all All IP addresses that have attacked one of Blocklist.de's customers/servers in the last 48 hours.
apache All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.
bots All IP addresses reported within the last 48 hours as having run attacks attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = they has posted a Spam-Comment on a open Forum or Wiki).
bruteforcelogin All IP addresses which attacks Joomlas, Wordpress and other Web-Logins with Brute-Force Logins.
ftp All IP addresses which have been reported within the last 48 hours for attacks on the Service FTP.
imap All IP addresses which have been reported within the last 48 hours for attacks on the IMAP, SASL, or POP3 services.
mail All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix
sip All IP addresses that tried to login in to a SIP-, VOIP- or Asterisk-Server and are included in the IPs-List from http://www.infiltrated.net/
ssh All IP addresses which have been reported within the last 48 hours as having run attacks on the SSH service.
strongips All IP addresses which are older then 2 month and have more then 5.000 attacks.

Use the Blocklist.de feed integration to fetch indicators from the daily Threat Feed and Custom feeds.
When you configure your servers, you can use this information to reject a connection because of the indicators received from the Blocklist.de feed.

Custom Feeds

You can connect to a custom Blocklist.de feed by specifying the services from which to process indicators.

Feed Description
all All IP addresses that have attacked one of Blocklist.de's customers/servers in the last 48 hours.
apache All IP addresses which have been reported within the last 48 hours as having run attacks on the service Apache, Apache-DDOS, RFI-Attacks.
bots All IP addresses reported within the last 48 hours as having run attacks attacks on the RFI-Attacks, REG-Bots, IRC-Bots or BadBots (BadBots = they has posted a Spam-Comment on a open Forum or Wiki).
bruteforcelogin All IP addresses which attacks Joomlas, Wordpress and other Web-Logins with Brute-Force Logins.
ftp All IP addresses which have been reported within the last 48 hours for attacks on the Service FTP.
imap All IP addresses which have been reported within the last 48 hours for attacks on the IMAP, SASL, or POP3 services.
mail All IP addresses which have been reported within the last 48 hours as having run attacks on the service Mail, Postfix
sip All IP addresses that tried to login in to a SIP-, VOIP- or Asterisk-Server and are included in the IPs-List from http://www.infiltrated.net/
ssh All IP addresses which have been reported within the last 48 hours as having run attacks on the SSH service.
strongips All IP addresses which are older then 2 month and have more then 5.000 attacks.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 30, 2020
Last ReleaseOctober 20, 2025
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.