This repository has been archived on
. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
DNSBunker CTI — Cyber Threat Intelligence
A continuously updated threat intelligence feed of malicious, phishing, and dangerous domains, verified through automated multi-source corroboration.
What This Is
Every listed domain has been independently flagged by multiple security intelligence APIs and confirmed resolvable at time of evaluation. No domain is listed based on a single signal.
Domain Lifecycle
Added: flagged by APIs and confirmed live.
Removed: no longer flagged by APIs with a complete picture,
or no longer resolvable. Removed domains are recorded in unflagged.txt.
Privacy
All evaluation queries are ephemeral. No user data, query content, or network metadata is retained or published.
File Reference
| File | Description |
|---|---|
domains.txt |
Active threat domains, alphabetically sorted |
rpz.txt |
DNS Response Policy Zone (RFC 5782) – load into BIND / Knot / Unbound |
adblock.txt |
Adblock Plus / uBlock Origin filter list – auto-refreshes every hour |
unflagged.txt |
Domains removed from the feed with original API attribution |
STATS.md |
Live statistics, updated on every push |
Statistics
See STATS.md for per-push, per-hour, per-day, per-week, per-month, and all-time breakdowns, the Hall of Shame, and detection distribution across 11 independent security intelligence APIs.
License
GNU General Public License v2.0
Copyright (C) DNSBunker.org — xRuffKez
SPDX-License-Identifier: GPL-2.0-only
Project: dnsbunker.org · Repo: codeberg.org/xRuffKez/tif