OPEN THREAT INTELLIGENCE

Curated feeds for real threats

Plain-text threat intelligence lists — C2 servers, TOR exit nodes, ad trackers, and content filters. Updated regularly. No auth required. Drop them straight into your firewall.

Browse Feeds Read the Docs
6
Active Feeds
Plain Text
Format
Free
No Auth Required
Daily
Update Frequency

Threat Intelligence

Active threat indicators — block known-bad IPs, domains, and C2 infrastructure.

ccServers.txt
CHECKING

Active command and control server IPs. Known C2 infrastructure used by botnets and malware campaigns.

One IP per line Updated daily
Loading...
Download View Full List
torREN.txt
CHECKING

TOR exit relay node IPs. Use to identify or restrict traffic originating from the TOR network.

One IP per line Updated daily
Loading...
Download View Full List
comDomains.txt
CHECKING

Compromised domain names. Domains identified as hosting malicious content or participating in phishing.

One domain per line Updated daily
Loading feed data...
Download View Full List
comIPs.txt
CHECKING

Threat actor IPs. Addresses associated with active scanning, brute force attempts, and exploitation.

One IP per line Updated daily
Loading feed data...
Download View Full List

Ad Blocking

Advertising and tracker block lists — cut out ads, telemetry, and tracking at the DNS or firewall level.

adDomains.txt
COMING SOON

Advertising and tracker domains. Blocks ad networks, analytics trackers, and telemetry endpoints.

One domain per line TBD
adTrackers.txt
COMING SOON

Cross-site trackers and fingerprinting scripts. Focused on privacy-invasive tracking infrastructure.

One domain per line TBD

Content Filtering

Category-based block lists for content filtering — restrict access to specific types of websites.

catAdult.txt
COMING SOON

Adult content domains. For organizations and parents who need to restrict access to NSFW content.

One domain per line TBD
catGambling.txt
COMING SOON

Gambling and betting domains. Block access to online casinos, sports betting, and wagering sites.

One domain per line TBD
catSocialMedia.txt
COMING SOON

Social media domains. Restrict access to social platforms during work hours or on managed networks.

One domain per line TBD

Quick Start

Three ways to pull feeds into your infrastructure.

01 — CURL / WGET

Command Line

Download any feed directly with curl or wget. Automate with cron for scheduled updates.

curl -sO https://www.threathash.io/ccServers.txt
02 — FORTIGATE

Firewall Integration

Add as an external threat feed in FortiGate, pfSense, or any firewall that supports URL-based block lists.

config firewall address   edit "ThreatHash_C2"   set type fqdn   set fqdn "www.threathash.io" end
03 — PYTHON / SCRIPT

Programmatic Access

Fetch and parse feeds in Python, PowerShell, or any scripting language for SIEM or custom tooling.

import requests ips = requests.get(   "https://www.threathash.io/ccServers.txt" ).text.strip().split("\n")