Back when I was first dealing with the onslaught of hacking attempts at the beginning of covid, I was pretty methodical in giving each blacklist entry a good description, so I could tell later where they came from and what the date was. Lately I've been lazy and just click the Block button. The result of which, of course, is a long list of IP numbers with the description "IDS Block."
My suggestion is to add the country and the date the block was added automatically to the description so we don't have to edit each one after we add them (which requires a trip to another section of the admin site, and a good memory). We could then sort the description column and see which countries are hitting us hardest. Maybe even add a DateAdded column so we can sort on that as well.
Mik MullerMontague WebWorks