https://github.com/capelabs/threatmesh-feed

ThreatMesh is an integrated threat intelligence engine that connects malicious IPs, scripts, and open-source signals into a unified mesh for real-time detection and context-rich analysis.
https://github.com/capelabs/threatmesh-feed

dataset security security-tools threat threat-intelligence

Last synced: 4 months ago
JSON representation

ThreatMesh is an integrated threat intelligence engine that connects malicious IPs, scripts, and open-source signals into a unified mesh for real-time detection and context-rich analysis.

• Host: GitHub
• URL: https://github.com/capelabs/threatmesh-feed
• Owner: capelabs
• Created: 2025-06-10T14:39:23.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2026-02-03T00:30:53.000Z (5 months ago)
• Last Synced: 2026-02-03T13:59:43.233Z (4 months ago)
• Topics: dataset, security, security-tools, threat, threat-intelligence
• Homepage: https://threatmesh.info
• Size: 1000 KB
• Stars: 3
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# ThreatMesh: Open Threat Intelligence Feed

The **ThreatMesh Feed** provides a daily list of attacker IP addresses detected around the world. This feed includes **only IPs that have been involved in verified attacks or scanning activity within the last 7 days**, ensuring high relevance and up-to-date threat intelligence.

## 📅 Update Schedule

- Updated **daily at 12:30 AM UTC**

- Automatically refreshed with the latest data

## 🌐 Data Source: ThreatMesh

ThreatMesh collects attacker IP data using a globally distributed network of **attack detection sensors**. These sensors capture real-world malicious activities.

## 🎯 Use Cases

This feed is ideal for:

- **Automating firewall blocklists**

- **Enriching SIEM/EDR threat detection rules**

- **IOC (Indicator of Compromise) analysis**

- **Threat monitoring and automation pipelines**

## ⚠️ Disclaimer

- While ThreatMesh provides IPs with a high likelihood of malicious behavior, we do not guarantee 100% accuracy for every environment.

- Please evaluate and test before deploying in production to avoid false positives or disruption.

- The IPs listed are limited to **those seen actively scanning or attacking within the last 7 days**.

## 📬 Contact & Contributions

We welcome community contributions and feedback to help improve this threat feed.

- Email: `contact@thecapelabs.com`

- Open an issue or pull request on GitHub to suggest improvements