This is only going to do so much. If a connection is trully malicious, it’ll probably route through a domestic or EU IP (azure, digital ocean, linode, aws, hetzner, etc)
That said it would be interesting to monitor and see who all your devices are talking too
I just came here to say hi to a fellow badger! :)