Welcome to the Spydi Threat Intelligence Repository – A curated collection of security indicators derived from real-world incidents and open-source feeds.
This repository aggregates IOCs (IPs and domains) from multiple OSINT feeds, enforces deduplication, and removes false positives to maintain clean, actionable blocklists. Designed for clarity and reliability, the feeds are optimized for use in personal networks, SMBs, and enterprise security systems.
- 🔥IP Threat Feeds
- 🌐Domain Blocklists
- 🕵️Tracked Threats
- 📦Permanent Blocklists
- 🙌Acknowledgements
- 🤝Community Contributions
- 📡Contact me
High-confidence indicators from multiple OSINT Feed, this deduplicated list provides a unified view of malicious IP addresses.
https://spydisec.com/maliciousips.txt
- Sources: 12+ curated feeds including C2 servers, honeypot data, Mass-scanners, and OSINT feeds.
📚 View Full Source List
| Sources | Source URL |
|---|---|
| C2 IP Feed | C2_iplist.txt |
| Honeypot Master list | honeypot_iplist.txt |
| maltrail_scanners | maltrail_ips.txt |
| botvrij_eu | botvrij_eu |
| feodotracker | feodotracker |
| feodotracker_recommended | feodotracker_recommended |
| Blocklist_de_all | Blocklist_de_all |
| ThreatView_High_Confidence | ThreatView_High_Confidence |
| IPsumLevel_7 | IPsumLevel7 |
| CINS_Score | CINS_Score |
| DigitalSide | DigitalSide |
| duggytuxy | duggytuxy |
| etnetera.cz | etnetera.cz |
| emergingthreats-compromised | ET_Comp |
| greensnow.co | greensnow.co |
| More coming Soon! | Future Updates |
https://spydisec.com/spamblocklist.txt
https://spydisec.com/maliciousblocklist.txt
https://spydisec.com/adsblocklist.txt
Actively monitored infrastructure across 50+ threat actors:
🔍 Expand Threat Catalog
| C2s | Malware | Botnets |
|---|---|---|
| Cobalt Strike | AcidRain Stealer | 7777 |
| Metasploit Framework | Misha Stealer (AKA Grand Misha) | BlackNET |
| Covenant | Patriot Stealer | Doxerina |
| Mythic | RAXNET Bitcoin Stealer | Scarab |
| Brute Ratel C4 | Titan Stealer | 63256 |
| Posh | Collector Stealer | Kaiji |
| Sliver | Mystic Stealer | MooBot |
| Deimos | Gotham Stealer | Mozi |
| PANDA | Meduza Stealer | |
| NimPlant C2 | Quasar RAT | |
| Havoc C2 | ShadowPad | |
| Caldera | AsyncRAT | |
| Empire | DcRat | |
| Ares | BitRAT | |
| Hak5 Cloud C2 | DarkComet Trojan | |
| Pantegana | XtremeRAT Trojan | |
| Supershell | NanoCore RAT Trojan | |
| Poseidon C2 | Gh0st RAT Trojan | |
| Viper C2 | DarkTrack RAT Trojan | |
| Vshell | njRAT Trojan | |
| Villain | Remcos Pro RAT Trojan | |
| Nimplant C2 | Poison Ivy Trojan | |
| RedGuard C2 | Orcus RAT Trojan | |
| Oyster C2 | ZeroAccess Trojan | |
| byob C2 | HOOKBOT Trojan | |
| RisePro Stealer | ||
| NetBus Trojan | ||
| Bandit Stealer | ||
| Mint Stealer | ||
| Mekotio Trojan | ||
| Gozi Trojan | ||
| Atlandida Stealer | ||
| VenomRAT | ||
| Orcus RAT | ||
| BlackDolphin | ||
| Artemis RAT | ||
| Godzilla Loader | ||
| Jinx Loader | ||
| Netpune Loader | ||
| SpyAgent | ||
| SpiceRAT | ||
| Dust RAT | ||
| Pupy RAT | ||
| Atomic Stealer | ||
| Lumma Stealer | ||
| Serpent Stealer | ||
| Axile Stealer | ||
| Vector Stealer | ||
| Z3us Stealer | ||
| Rastro Stealer | ||
| Darkeye Stealer | ||
| AgniStealer | ||
| Epsilon Stealer | ||
| Bahamut Stealer | ||
| Unam Web Panel / SilentCryptoMiner | ||
| Vidar Stealer | ||
| Kraken RAT | ||
| Bumblebee Loader | ||
| Viper RAT | ||
| Spectre Stealer |
Persistent IOCs with historical tracking:
| Type | Description | Raw URL |
|---|---|---|
| 📡 IPs | Permanent malicious IP addresses | permanent_IPList.txt |
| 🌍 Domains | Long-term malicious domains (WIP) | permanent_DomainList.txt |
Gratitude to our OSINT partners
This project stands on the shoulders of these valuable resources:
- Abuse.ch - Feodo Tracker
- Botvrij.eu - Threat Intelligence
- Blocklist.de - Attack Data
- CINS Army - Threat Scoring
- DigitalSide - Italian CERT
- ...and 10+ other community maintainers
Special Thanks to MontySecurity for their C2 Tracker framework.
The active sources listed contribute to the compilation of block lists but do not have a direct one-to-one correspondence. Each source has its own license; please consult the source files or repositories for details.
Build a cleaner, more actionable feed
We welcome contributions to enhance this resource for:
- Individuals: Simplify personal network security
- SMBs: Deploy cost-effective threat blocking
- Enterprises: Integrate scalable threat intelligence
Key Focus Areas:
🔹 Deduplication: Help eliminate redundant entries across feeds
🔹 Reduce False Positive: Help eliminate false positive IOCs from the feeds.
🔹 Validation: Flag false positives or outdated indicators
🔹 Context: Add threat actor/geo-tags for better filtering
🔹 Automation: Suggest workflow improvements for data curation
How to Help:
- Submit verified IOCs via Pull Request
- Report duplicate entries in Issues
- Report false positive in Issues
- Share feedback on enterprise/SMB integration patterns
- Improve documentation for non-technical users
All contributors are acknowledged in our Credits.
- E-Mail: spyditi@proton.me (PGP: Key)
