Active Defense and HIDS/HIPS Orchestration for Critical Linux Infrastructure
-
Updated
Jul 15, 2026 - Go
Active Defense and HIDS/HIPS Orchestration for Critical Linux Infrastructure
Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables ...
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence collects static files.
Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.
A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.
Self-hosted Geolocation and Malicious IP Detection API
Curated block list including IPs, FQDNs, Domains, JA3, etc. Tailored for utmost precision to minimize false positives in personal or non-commercial environments. Updated regularly. For assistance or to support our initiatives, please reach out or consider participating in our sponsorship program
An automated mirror of malicious IP addresses from packetsdatabase.com, providing continuously updated blocklists and security feeds in multiple formats.
Criminal IP is a comprehensive OSINT-based Cyber Threat Intelligence (CTI) search engine that can be used as an automated Attack Surface Management solution.
HeimdallBlocklists is a project designed to merge and manage multiple community-maintained blocklists, making them easily usable across various firewall solutions.
Use the Prowl API to obtain IP Reputation, Techniques Tactics and Procedures, Indicators of Attacks and Indicators of Compromise related to a public IP.
This repository provides live Tor network data through simple HTTPS endpoints.
Triage an IP using powershell
A Node.js script that automates the reporting of malicious IP addresses detected by Cloudflare WAF to SniffCatDB ☁️🕵️
IP blacklist aggregator
🛡️ Comprehensive IP blacklist from trusted security sources - Updated regularly | Free to use Malware, Botnet, Spam & Attack Prevention for security, firewall, or research purposes.
SniffCat integration enabling automatic reporting of malicious activity detected by T-Pot honeypots by monitoring logs, analyzing attack attempts, and submitting reports automatically.
Automated IP blocklist aggregation with geolocation-based country filtering, Docker ready, and twice daily runs via GitHub Actions
Offline-first, budget-aware log+CTI pipeline with optional LLM enrichment; grouping/sampling gates, strong CTI cache, reproducible reports, Streamlit UI.
Takes a list of IP addresses stored in a file, looks them up using abuseipdb.com, and writes the output to a CSV file.
Add a description, image, and links to the malicious-ips topic page so that developers can more easily learn about it.
To associate your repository with the malicious-ips topic, visit your repo's landing page and select "manage topics."