A transparent, community-first repository of curated threat feeds in .txt, .cvs, and .json formats. Built from real-world firewall logs and IDS/IPS alerts from our network, these datasets help sysadmins defend their networks with actionable, ethically-sourced data. Each feed includes timestamps, offense counts, and traffic metadata—supporting responsible threat sharing and collaborative defense.
Github Pages - Intelegence feed
Threat files are refreshed every 30 minutes, ensuring timely access to active indicators of compromise.
We prioritize the most common and impactful threats, with lesser-known patterns placed in an uncategorized catch-all.
Structured blocklists are maintained across distinct malicious behavior categories:
- Compromised Hosts
- Port Scanners
- Targeted Attackers
- TOR Exit Nodes
- High Offense IPs
- Uncategorized Threats (Catch all other threats)
Each feed includes offense counts, first/last seen timestamps, threat signatures, and country of origin when available.
Available formats:
.txt: Pipe-delimited, human-readable.csv: Tab-delimited, ideal for automation.json: Schema-based for direct parsing and enrichment
We believe responsible sharing is key to sustainable cybersecurity:
- Feeds are built solely from confirmed malicious activity
- CGNAT awareness and de-duplication help reduce false positives
- No personal or non-malicious traffic is ever included
- We avoid tracking user-identifiable data and follow responsible disclosure practices
- Blocklisting malicious IPs at the firewall or WAF level
- Enriching SIEM/SOAR intelligence pipelines
- Powering anomaly detection and machine learning models
- Researching threat trends across geography and ASN
Plain Text (.txt):
IP | Severity | Signature | Country | First Seen | Last Seen | Count
193.32.162.141 | HIGH | ET COMPROMISED Known Compromised or Hostile Host Traffic group 9 | GB | 2025-07-13 | 2025-07-13 | 1
CSV (.csv):
IP First Seen Last Seen Count Severity Signature Protocol Country
193.32.162.141 2025-07-13T10:22:38.935Z 2025-07-13T10:22:38.935Z 1 high ET COMPROMISED Known Compromised or Hostile Host Traffic group 9 TCP GB
JSON (.json):
{
"metadata": {
"category": "Compromised_Host",
"generated": "2025-07-13T11:21:42.025Z",
"source": "Ethical Threat Feeds by Devs, for Devs",
"total_threats": 7,
"expiry_days": 30,
"format_version": "1.0"
},
"threats": [
{
"ip": "193.32.162.141",
"first_seen": "2025-07-13T10:22:38.935Z",
"last_seen": "2025-07-13T10:22:38.935Z",
"count": 1,
"severity": "high",
"signature": "ET COMPROMISED Known Compromised or Hostile Host Traffic group 9",
"protocol": "TCP",
"country": "GB"
}
]
}If our blocklists or threat feeds help secure your network, consider buying us a coffee.
Even £1/$1 helps offset infrastructure costs and keeps everything updated and open every 30 minutes.
Transparent. Non-commercial. Community-powered cybersecurity.
For more information, updates, and future developments, visit
Tempest Solutions — powering ethical threat intelligence and community-first cybersecurity.