Skip to content
This repository was archived by the owner on Apr 30, 2026. It is now read-only.

OpenSource-For-Freedom/SOURCE

BranchesTags

Repository files navigation

Database Statistics

Metric Value
Total Malicious IPs 1,367,404
Countries Affected 232
Average Threat Severity 3.00/5
Last Updated 2026-04-26 01:38:08 UTC

Top Countries

Country IPs
US 221297
CN 220704
HK 162405
SG 112355
JP 70096
NL 60185
IN 49116
DE 35068
GB 33990
BR 30487
SOURCE

source GitHub Actions Python 3.14 clicks

Malicious IP Intelligence Feed

Threat intelligence for network defense.
SOURCE provides regularly updated malicious IP data with geolocation, ASN enrichment, and severity scoring. It's designed for security teams, SOCs, and infrastructure automation.

Quickstart

Option A: Download CSV

# Linux/Mac
curl -sS https://raw.githubusercontent.com/OpenSource-For-Freedom/SOURCE/main/badip_list.csv -o badip_list.csv

# Windows PowerShell
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/OpenSource-For-Freedom/SOURCE/main/badip_list.csv" -OutFile "badip_list.csv"

Option B: Query SQLite Database

# Linux/Mac - Download the database
curl -sS https://raw.githubusercontent.com/OpenSource-For-Freedom/SOURCE/main/data/badips.db -o badips.db

# Windows PowerShell - Download the database
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/OpenSource-For-Freedom/SOURCE/main/data/badips.db" -OutFile "badips.db"

# Query high-severity threats from specific country (all platforms)
sqlite3 badips.db "SELECT ip_address, severity, threat_count FROM bad_ips WHERE severity >= 4 LIMIT 10;"

Option C: Python Integration

import pandas as pd

# Load and filter the dataset
df = pd.read_csv('badip_list.csv')
high_severity = df[df['severity'] >= 4]
print(f"Found {len(high_severity)} high-severity IPs")

What You Get

  • CSV Feed Easy-to-parse malicious IP list with enriched metadata
  • SQLite Database Queryable database with normalized tables and indexes
  • Geolocation Data Country, city, and coordinates for every IP
  • ASN Enrichment Autonomous System Numbers and ISP identification
  • Auto-Generated Charts Visual dashboards and geographic heatmaps
  • Weekly Updates Data refreshed every Sunday at midnight UTC via GitHub Actions

How It Works

graph LR
    A[Fetch Feeds] --> B[Normalize & Dedupe]
    B --> C[Enrich: Geo + ASN]
    C --> D[Score Severity]
    D --> E[Export CSV + DB]
    E --> F[Generate Charts]
    F --> G[Commit & Publish]
    
    style A fill:#2d3748,stroke:#4a5568,color:#fff
    style B fill:#2d3748,stroke:#4a5568,color:#fff
    style C fill:#2d3748,stroke:#4a5568,color:#fff
    style D fill:#2d3748,stroke:#4a5568,color:#fff
    style E fill:#2d3748,stroke:#4a5568,color:#fff
    style F fill:#2d3748,stroke:#4a5568,color:#fff
    style G fill:#2d3748,stroke:#4a5568,color:#fff
Loading

Pipeline Overview:
SOURCE collects malicious IPs from trusted threat feeds, removes duplicates, adds geolocation and ASN data, applies severity scoring, and exports to multiple formats. View detailed pipeline documentation

Data

CSV layout

Column Type Description
ip_address String IPv4 or IPv6 address
severity Integer Threat severity (1-5 scale)
first_seen Timestamp First detection date (ISO 8601)
last_updated Timestamp Most recent observation (ISO 8601)
threat_count Integer Number of threat reports
country String ISO 3166-1 alpha-2 country code
city String City name (if available)
latitude Float Geographic coordinate
longitude Float Geographic coordinate
asn String Autonomous System Number
isp String Internet Service Provider name

Severity Scale

Level Score Range Meaning
1 5 or fewer reports Low ΓÇö Minimal threat activity
2 6-10 reports Moderate ΓÇö Repeated reconnaissance
3 11-20 reports Elevated ΓÇö Active scanning and probing
4 21-50 reports High ΓÇö Coordinated attack attempts
5 50+ reports Critical ΓÇö Persistent hostile activity

Note: Severity is calculated based on total threat report counts. See scoring methodology for details.

Visualizations

Global Threat Dashboard

Dashboard

Last Generated: 2026-04-26 01:38:08 UTC

Pin Map

Pin Map

World Heatmap

World Map

Top Countries Distribution

Countries Chart

Cyber Attack Origins

Cyber Attack Origins

Wall of Shame

IP Domain/Host Severity Threats
83.219.248.37 AS41745 3/5 60
179.43.184.242 AS51852 3/5 58
114.111.54.188 AS54994 3/5 58
45.148.10.121 AS48090 3/5 58
80.94.92.182 AS47890 3/5 58
80.94.92.186 AS47890 3/5 58
129.45.84.93 AS327931 3/5 58
143.20.185.79 AS214209 3/5 58
45.93.168.13 AS48011 3/5 58
61.245.11.87 AS19970 3/5 58
62.60.131.157 AS208137 3/5 58
64.227.97.118 AS14061 3/5 58
66.132.153.113 AS398324 3/5 58
66.132.153.115 AS398324 3/5 58
66.132.153.123 AS398324 3/5 58
66.132.153.127 AS398324 3/5 58
66.240.192.138 AS10439 3/5 58
71.6.165.200 AS10439 3/5 58
71.6.199.23 AS10439 3/5 58
80.82.77.33 AS202425 3/5 58

About

An automated public malicious IP sql database with geolocation mapping.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 9

provenance-72 Latest
Apr 26, 2026
+ 8 releases

Packages

 
 
 

Contributors

Languages