Honeypot Threat Feed
Public blacklist feed generated from my honeypot collector. The feed is sanitized before publishing: internal IPs, my own public IP, malformed/truncated-looking addresses, and raw logs are excluded.
JSON feed
Plain-text IP list
Honeypot telemetry
Sanitized export
Feeds
- ip-blacklist.json — structured JSON for tooling and dashboards.
- ip-blacklist.txt — one IP per line for firewalls, blocklists, and scripts.
Current summary
Loading feed status...
Loading preview...
Usage
Pull the plain-text feed with curl:
curl -fsSL https://whiskywaters.win/feeds/ip-blacklist.txt
Use this feed as an additional signal, not as your only detection source. IP ownership and attacker infrastructure can change.