{"id":51398035,"url":"https://github.com/kalidada18/threatbase","last_synced_at":"2026-07-04T04:01:06.052Z","repository":{"id":361818043,"uuid":"1255967031","full_name":"kalidada18/threatbase","owner":"kalidada18","description":"List of Bad IPs","archived":false,"fork":false,"pushed_at":"2026-06-27T18:17:20.000Z","size":589306,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-27T20:13:10.732Z","etag":null,"topics":["badips","cybersecurity","maliciousips"],"latest_commit_sha":null,"homepage":"https://threatbase.qzz.io/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kalidada18.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-01T10:38:37.000Z","updated_at":"2026-06-27T18:17:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/kalidada18/threatbase","commit_stats":null,"previous_names":["sujallamichhane18/himalayafeed","kalidada18/threatbase"],"tags_count":29,"template":false,"template_full_name":null,"purl":"pkg:github/kalidada18/threatbase","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kalidada18%2Fthreatbase","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kalidada18%2Fthreatbase/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kalidada18%2Fthreatbase/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kalidada18%2Fthreatbase/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kalidada18","download_url":"https://codeload.github.com/kalidada18/threatbase/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kalidada18%2Fthreatbase/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35109212,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-04T02:00:05.987Z","response_time":113,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["badips","cybersecurity","maliciousips"],"created_at":"2026-07-04T04:00:54.701Z","updated_at":"2026-07-04T04:01:06.043Z","avatar_url":"https://github.com/kalidada18.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cbr/\u003e\n  \u003cimg src=\"public/img/logo.png\" alt=\"Threatbase\" width=\"120\" style=\"border-radius: 50%;\"\u003e\n\n  \u003ch1\u003e⚔️\u0026nbsp; Threatbase\u003c/h1\u003e\n\n  \u003cp\u003e\u003cstrong\u003eEnterprise-grade, open-source threat intelligence.\u003c/strong\u003e\u003cbr/\u003eAutomated · Deduplicated · Zero-cost.\u003c/p\u003e\n\n  \u003cp\u003e\n    \u003ca href=\"https://github.com/kalidada18/threatbase/actions/workflows/update-feed.yml\"\u003e\u003cimg src=\"https://github.com/kalidada18/threatbase/actions/workflows/update-feed.yml/badge.svg\" alt=\"Feed Pipeline\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/badge/IOCs-Millions-ef4444\" alt=\"IOCs\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Feeds-54-f59e0b\" alt=\"Feeds\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Python-3.11%2B-3776AB?logo=python\u0026logoColor=white\" alt=\"Python\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/React-19-61DAFB?logo=react\u0026logoColor=black\" alt=\"React\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-MIT-22c55e\" alt=\"MIT License\"\u003e\n  \u003c/p\u003e\n\n  \u003cp\u003e\n    \u003ca href=\"https://threatbase.qzz.io\"\u003e\u003cb\u003e🌐 Live Dashboard\u003c/b\u003e\u003c/a\u003e\n    \u0026nbsp;·\u0026nbsp;\n    \u003ca href=\"#-using-the-feeds\"\u003e\u003cb\u003e📥 Raw Feeds\u003c/b\u003e\u003c/a\u003e\n    \u0026nbsp;·\u0026nbsp;\n    \u003ca href=\"https://github.com/kalidada18/threatbase/releases\"\u003e\u003cb\u003e📦 Archives\u003c/b\u003e\u003c/a\u003e\n    \u0026nbsp;·\u0026nbsp;\n    \u003ca href=\"https://threatbase.qzz.io/thanks\"\u003e\u003cb\u003e🙏 Sources\u003c/b\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\n  \u003cbr/\u003e\n\n  \u003cem\u003eBuilt to democratize access to high-quality threat intelligence — one indicator at a time.\u003c/em\u003e\n\n\u003c/div\u003e\n\n\u003cbr/\u003e\n\n---\n\n## 🧩 What is Threatbase?\n\nThreatbase is a **fully-automated threat-intelligence pipeline**. It ingests, validates, and deduplicates malicious indicators from **54 industry OSINT feeds**, then publishes them as ready-to-use blocklists and serves them through a fast React dashboard.\n\n\u003e **Millions** of unique indicators · refreshed continuously · no auth, no rate limits.\n\n```text\n  54 OSINT Feeds ──▶ Python Aggregator ──▶ GitHub Actions ─┬─▶ Raw Blocklists\n                     (fetch · dedup ·                       ├─▶ React Dashboard\n                      validate · classify)                  └─▶ Daily ZIP Archive\n```\n\n### 🏗️ Architecture\n\n| Layer | Stack | Responsibility |\n|:--|:--|:--|\n| **Intelligence Engine** | Python 3.11 · `ThreadPoolExecutor` | Concurrent ingestion, dedup, validation, classification |\n| **Automation** | GitHub Actions | Scheduled \u0026 on-demand pipeline runs |\n| **Dashboard** | React 19 · Chart.js · Cloudflare Pages | IOC search, live analytics, community reporting |\n| **Delivery** | GitHub Raw | Zero-infra, always-on blocklist serving |\n| **Archives** | GitHub Releases | Daily ZIP snapshots for retrospective hunting |\n\n---\n\n## 🛡️ IOC Coverage\n\n\u003cdiv align=\"center\"\u003e\n\n| Indicator Type | Primary Use Case |\n|:--|:--|\n| 🔴 \u0026nbsp;**IPv4** | Firewall blocklists, SIEM correlation |\n| 🟠 \u0026nbsp;**IPv6** | Next-gen network blocking |\n| 🟡 \u0026nbsp;**CIDR Ranges** | BGP null-routing, edge filtering |\n| 🟢 \u0026nbsp;**Domains** | DNS sinkholing, Pi-hole, AdGuard |\n| 🔵 \u0026nbsp;**URLs** | Web proxy / NGFW blocking |\n| 🟣 \u0026nbsp;**SHA-256 Hashes** | EDR ingestion, malware triage |\n\n\u003csub\u003eLive indicator metrics are tracked in real-time on the \u003ca href=\"https://threatbase.qzz.io\"\u003edashboard\u003c/a\u003e. Indicators are classified into categories such as \u003ccode\u003eC2\u003c/code\u003e, \u003ccode\u003eBotnet\u003c/code\u003e, \u003ccode\u003eBrute-Force\u003c/code\u003e, \u003ccode\u003eExploit\u003c/code\u003e, \u003ccode\u003eSpam\u003c/code\u003e, \u003ccode\u003eTor\u003c/code\u003e \u0026amp; more.\u003c/sub\u003e\n\n\u003c/div\u003e\n\n---\n\n## 📡 Upstream Intelligence Sources\n\nThreatbase curates and deduplicates from authoritative providers, including:\n\n\u003cdetails open\u003e\n\u003csummary\u003e\u003cstrong\u003eView source highlights\u003c/strong\u003e\u003c/summary\u003e\n\n\u003cbr/\u003e\n\n| Provider | Focus Area | IOC Types |\n|:--|:--|:--|\n| **Abuse.ch** — FeodoTracker, URLhaus, MalwareBazaar | Botnets, C2s, malware delivery | IPs, Domains, URLs, Hashes |\n| **Spamhaus** — DROP / EDROP | Spam networks, hijacked ASNs | IPs, CIDRs |\n| **FireHOL** | Botnets, cybercrime infrastructure | IPs |\n| **DShield** (SANS ISC) | Port scanners, brute-forcers | IPs |\n| **PhishTank / OpenPhish** | Phishing campaigns | Domains, URLs |\n| **Emerging Threats / CINS Army** | Compromised hosts | IPs |\n| **Hagezi** | DNS blocklists (malware \u0026 ads) | Domains |\n| **Blocklist.de / GreenSnow** | SSH/FTP brute-forcers | IPs |\n\n\u003e Full attribution on the **[Acknowledgements page →](https://threatbase.qzz.io/thanks)**\n\n\u003c/details\u003e\n\n---\n\n## 📥 Using the Feeds\n\nEvery feed is committed to this repo and served continuously via **GitHub Raw** — drop them straight into your tooling. No auth. No rate limits.\n\n### 🌐 Network Blocklists\n\n```text\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-ip.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-ipv6.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-cidr.txt\n```\n\n| Feed | File | Format |\n|:--|:--|:--|\n| IPv4 Blocklist | `threatbase-ip.txt` | `IP,FeedCount,RiskScore,Tags` |\n| IPv6 Blocklist | `threatbase-ipv6.txt` | One IP per line |\n| CIDR Blocklist | `threatbase-cidr.txt` | CIDR notation |\n\n#### 🎯 Category-Split IP Feeds\n\n\u003e Apply different policies per threat type — hard-block C2, just alert on Tor.\n\nPer-category IPv4 blocklists (same `IP,FeedCount,RiskScore,Tags` format) live under [`ioc/categories/`](ioc/categories/):\n\n```text\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-c2.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-botnet.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-bruteforce.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-tor.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-spam.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-exploit.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/categories/threatbase-ip-malware.txt\n```\n\n| Category | File | Use Case |\n|:--|:--|:--|\n| C2 | `threatbase-ip-c2.txt` | Command-and-control — block aggressively |\n| Botnet | `threatbase-ip-botnet.txt` | Known botnet members |\n| Brute-Force | `threatbase-ip-bruteforce.txt` | SSH/FTP/RDP brute-forcers |\n| Tor | `threatbase-ip-tor.txt` | Tor exit nodes — often alert-only |\n| Spam | `threatbase-ip-spam.txt` | Spam-source networks |\n| Exploit | `threatbase-ip-exploit.txt` | Active exploitation attempts |\n| Malware | `threatbase-ip-malware.txt` | Malware-hosting / delivery |\n\n\u003csub\u003ePer-file counts are published in \u003ca href=\"ioc/stats.json\"\u003e\u003ccode\u003estats.json\u003c/code\u003e\u003c/a\u003e under \u003ccode\u003eip_category_files\u003c/code\u003e.\u003c/sub\u003e\n\n### 🕸️ DNS \u0026 Web Blocklists\n\n\u003e Compatible with Pi-hole, AdGuard Home, Squid, and Palo Alto EDL.\n\n```text\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-domain.txt\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-url.txt\n```\n\n| Feed | File | Format |\n|:--|:--|:--|\n| Domain Blocklist | `threatbase-domain.txt` | One domain per line |\n| URL Blocklist | `threatbase-url.txt` | Full URL per line |\n\n### 💀 Malware File Hashes\n\n\u003e A vast, continuously updated repository of SHA-256 hashes for EDR ingestion and malware-triage pipelines.\n\n```text\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-hash.txt\n```\n\n| Feed | File | Format |\n|:--|:--|:--|\n| Malware Hash DB | `threatbase-hash.txt` | SHA-256, one per line |\n\n---\n\n## ⚡ Quick Integration\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eiptables — Linux firewall\u003c/strong\u003e\u003c/summary\u003e\n\n\u003cbr/\u003e\n\n```bash\ncurl -s https://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-ip.txt \\\n  | grep -v '^#' \\\n  | xargs -I{} sudo iptables -A INPUT -s {} -j DROP\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003ePi-hole / AdGuard — DNS blocklist\u003c/strong\u003e\u003c/summary\u003e\n\n\u003cbr/\u003e\n\nAdd this URL as a blocklist source:\n\n```text\nhttps://raw.githubusercontent.com/kalidada18/threatbase/main/ioc/threatbase-domain.txt\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eSplunk / SIEM — batch ingestion\u003c/strong\u003e\u003c/summary\u003e\n\n\u003cbr/\u003e\n\n```bash\n# Pull the latest daily archive for bulk lookup ingestion\nwget https://github.com/kalidada18/threatbase/releases/latest/download/threatbase-latest.zip\nunzip threatbase-latest.zip -d ./ioc-feeds/\n```\n\u003c/details\u003e\n\n---\n\n## 🗄️ Historical Archives\n\nA full ZIP of the complete feed is published daily to the **[Releases](https://github.com/kalidada18/threatbase/releases)** page.\n\n```text\nthreatbase-YYYY-MM-DD.zip\n├── threatbase-ip.txt\n├── threatbase-ipv6.txt\n├── threatbase-cidr.txt\n├── threatbase-domain.txt\n├── threatbase-url.txt\n└── threatbase-hash.txt\n```\n\nIdeal for **retrospective SIEM hunting**, academic research, and historical IOC enrichment.\n\n---\n\n## 🤝 Contributing\n\nThreatbase is community-powered. Contributions are welcome:\n\n- 📥 **New feed sources** — open an issue with the feed URL + license\n- 🐛 **Bug reports** — label as `bug`\n- 💡 **Feature requests** — label as `enhancement`\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cbr/\u003e\n  \u003csub\u003e\n    ⚖️ \u003ca href=\"LICENSE\"\u003eMIT License\u003c/a\u003e \u0026nbsp;·\u0026nbsp;\n    Upstream feed data remains subject to each provider's Terms of Service \u0026nbsp;·\u0026nbsp;\n    Made in 🇳🇵\n  \u003c/sub\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n  \u003csub\u003e\u003cem\u003eIf Threatbase helps your security ops, consider starring ⭐ the repo.\u003c/em\u003e\u003c/sub\u003e\n  \u003cbr/\u003e\u003cbr/\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkalidada18%2Fthreatbase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkalidada18%2Fthreatbase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkalidada18%2Fthreatbase/lists"}