DomainCare.
Start free trial
What breaksCoverageDocsBlogPricing
ToolsDomain health checkDNS propagation checkerSitemap validatorBlacklistsOpen ports
Sign in
All blacklists
Reference · IP blacklist

Blocklist.de

Community-driven IP blacklist aggregating fail2ban-style attack reports from operators worldwide.

DNS zone
bl.blocklist.de
Published by
Blocklist.de (community)
Established
2009
Scope
IP

What it detects

IPs that have been reported attacking SSH, mail, FTP, IMAP, SQL, or web services. Reports come from operators running fail2ban or equivalent intrusion-detection tooling that auto-submits.

Listing categories

127.0.0.2 (mail amavis), 127.0.0.3 (Apache DDoS), 127.0.0.6 (FTP brute force), 127.0.0.7 (IMAP attack), 127.0.0.9 (mail server attack), 127.0.0.13 (SASL brute force), 127.0.0.14 (SSH brute force), 127.0.0.17 (SQL injection), 127.0.0.21 (brute-force login). Multiple-category listings combine.

How to check a listing yourself

Query the reversed IP at `bl.blocklist.de`. Blocklist.de also offers a public lookup form on their website.

How to get delisted

Listings auto-expire 48 hours after the last reported attack. Manual delisting is also available through their web form for cases where an attack has been remediated and confirmation is urgent. Expect to provide details of the source IP's remediation.

Blocklist.de (community) delist portal

Other blacklists DomainCare monitors

  • SURBL Domain reputation list focused on URLs found in unsolicited mail. SURBL is one of the most widely deployed domain blocklists at receivers.
  • URIBL Real-time domain blacklist focused on URIs that appear in spam. Common at receivers using SpamAssassin and similar filters.
  • SpamCop SCBL SpamCop Blocking List — IP blacklist driven by reports submitted by mail recipients.
  • DroneBL IP blacklist focused on compromised hosts — drones, open proxies, brute-force attackers — rather than spam senders.