Blocked at One Client.
Blocked Everywhere.
In Under 6 Minutes.
The IP blacklist that learns from attacks targeting our clients — and propagates protection across the entire network in under 6 minutes.
Every day, thousands of bots scan your websites, mail servers, and VPNs looking for weaknesses — a weak password, an exposed .env file, an unpatched vulnerability. 10RUPTiV DNSBL blocks these attackers before they reach your infrastructure, with 1.15 million active malicious IPs updated every minute.
Your websites, mail servers, VPNs — everything connected to the Internet gets hit 24/7 by automated attackers. Brute force attempts on wp-login.php, WordPress plugin scans, SQL injection attempts, searches for forgotten configuration files… Most organizations absorb these attacks in silence, each on their own, without ever sharing what they see.
10RUPTiV DNSBL flips that model. An attack targeting one client automatically becomes protection for everyone else, propagated across the network within minutes. You pay for a single layer of protection. You benefit from the combined vigilance of the entire ecosystem.
Sherbrooke · 2:02 PM
A bot launches a brute force attack against a client’s website.
Our sensor detects it.
Montréal · 2:08 PM
That same IP is already banned on another client’s firewall — a client that doesn’t even know it exists.
Six minutes. That’s all it takes.
Five Layers. One Consolidated List.
📡
17 Sources, One Signal
The best public reputation feeds aggregated into a single intelligence layer.
Spamhaus (DROP/EDROP/SBL), FireHOL levels 1–4, abuse.ch (URLhaus, FeodoTracker), DShield, AlienVault OTX, Talos Intelligence, EmergingThreats, Project Honeypot, CINS Army, and more. Every IP is weighted based on source reliability and signal freshness.
🍯
Proprietary Sensors
Exclusive intelligence nobody else has.
Our honeypots emulate vulnerable targets (fake wp-login.php, fake /phpmyadmin, fake .env files, fake SSH services) — legitimate traffic should never reach them, so any IP touching them is considered 100% malicious. At the same time, our agent installed on every client WordPress site detects brute force attacks, SQL/XSS injection attempts, path traversal, scanners (sqlmap, nikto, nuclei, wpscan), and webshell deployment attempts.
→ 30+ new malicious IPs captured every minute.
⚡
Real-Time Firewalling
Layer 7 inspection of every HTTP/HTTPS request.
Automatic detection of out-of-region traffic, 39 known offensive scanner signatures, burst POST activity (>30 requests / 60s), reconnaissance-driven 404 spam, and targeted exploit attempts (vc_video.php, XML-RPC POST abuse, Next.js Server Actions RCE, prototype pollution). High-confidence detections are immediately blocked and propagated across the network.
🗺️
Full Enrichment
Every IP becomes a profile — not just an address.
Geolocation (MaxMind GeoLite2), ASN and organization data (WHOIS), reverse DNS, and categorization (residential, hosting provider, mobile, corporate, cloud, TOR, VPN). We treat rotating cloud IPs differently from targeted residential IPs — helping block real attackers without breaking your integrations.
✔️
False Positive Protection
We block attackers — not your partners.
Multi-layer allowlisting includes private RFC address ranges, 10RUPTiV corporate IP ranges, verified crawlers using forward-confirmed reverse DNS (real Googlebot, Bingbot, etc.), and manual operator exemptions for trusted partners. Fast delisting available in under 5 minutes when needed.
How It Works
1️⃣
We Detect.
An attack happens somewhere in the network.
Brute force attempts on a client’s wp-login.php, sqlmap scanners hitting our firewall, or an IP probing a fake phpMyAdmin on a honeypot. Telemetry captures the event with full context (IP, method, URI, User-Agent, payload), stored for forensic audit purposes.
2️⃣
We Enrich and Score.
Geolocation, ASN, category, confidence score.
The IP is validated, correlated with our 17+ public threat intelligence sources, and scored based on detection reliability. Zero-false-positive patterns (exploits, honeypot triggers) are given maximum weight. Public blocklists are weighted according to their historical reputation.
3️⃣
We Propagate. Everywhere.
In under 6 minutes, across all your defenses.
The consolidated list is regenerated every minute in three simultaneous formats: standard DNS (rbldnsd) for any DNSBL-compatible system, flat HTTP lists for tools like pfBlockerNG / fail2ban / Wazuh, and real-time updates pushed directly to HAProxy firewalls.
Under 6 minutes. All your defenses. At once.
Three Real-World Scenarios
WordPress Host
Multi-tenant WordPress hosting provider
You run 50, 200, or even 1,000 WordPress sites for SMB clients. Each site is a potential entry point. With 10RUPTiV DNSBL, an attack on one site instantly protects the other 999. No custom scripts, no per-site fail2ban maintenance.
MSP / Integrator
Heterogeneous firewall environments (pfSense, etc.)
Your clients run pfSense, OPNsense, MikroTik, sometimes Sophos. You need a single, clean, always-updated threat feed. The 10RUPTiV flat HTTP list feeds pfBlockerNG via hourly cron, fail2ban via pull, and Wazuh via real-time push. One integration, all firewalls covered.
Enterprise (Canada)
PIPEDA / Law 25 compliance
Your data cannot leave Canada — period. Foreign solutions are off the table. 10RUPTiV operates 100% in Canada, both infrastructure and data. You stay compliant without compromising on security.
1,15M+
Active malicious IPs
6 min
Detection → blocking latency
30+
New IPs per minute via honeypots
100%
Canadian sovereignty
17+ aggregated threat intelligence sources · 39 detected offensive scanner signatures · 5,590+ Next.js RCE attempts blocked in 7 days (May 2026)
Why 10RUPTiV DNSBL
✔️
Full Canadian Sovereignty
Infrastructure, data, and operations — everything stays in Canada. No reliance on U.S.-based SaaS. Ever.
✔️
Fast Delisting
A legitimate client accidentally caught in the filter? We delist within minutes via direct contact — not through a buried support ticket system.
✔️
Exclusive Intelligence
Our honeypots and WordPress sensors detect attacks before they appear in public feeds — you benefit from unique, early signals.
✔️
Native Compatibility
pfSense (pfBlockerNG), Wazuh Active Response, HAProxy, fail2ban, or any standard DNSBL-compatible system. Plug it in, it works.
✔️
Full Transparency
Every blocked IP is traceable: source, timestamp, reason, and score. No black box. Full forensic audit available on request.
✔️
Real Network Effect
The more clients we have, the more the network sees, and the better each client is protected. It’s mathematical — and it’s our key differentiator.
Stop Defending Your Perimeter Alone.
While you’re reading this page, bots are already attempting to brute-force a password on one of your websites. That’s not a metaphor — it’s statistically guaranteed.
The real question is: does your firewall already know that this IP has attacked 12 other Canadian companies this morning?
With 10RUPTiV DNSBL, the answer is yes. In under 6 minutes.
No commitment. No installation on your side. Hosted and operated in Canada. Fixed pricing in CAD.