darkforums-ip-intel

This project is an open-source intelligence tool for visualizing IP addresses associated with DarkForums, a cybercrime forum. The README is written in Spanish. The tool takes a database of IP addresses linked to specific threat actors from that forum and plots them on an interactive dark-themed map in a web browser.

Geolocation is handled offline using the GeoLite2 database, which maps IP addresses to countries and approximate locations without requiring any internet connection. When you click on a pin on the map, the tool calls the ipinfo.io API to enrich the result with more precise details: city, internet service provider, timezone, and hostname. The ipinfo.io free tier allows 50,000 lookups per month, and the map continues working without a token using GeoLite2 alone.

The interface includes username search with autocomplete, so you can type part of a name and jump to that actor's IP addresses. Clicking a suggestion filters the map to show only that actor's pins. There is also a country filter and a small inset map in the side panel that shows the exact location of whichever pin you selected. Duplicate IPs per actor are removed automatically.

To run it, you clone the repository, install the Python dependencies, optionally enter an ipinfo.io token when prompted, and open a local web address in your browser. The backend is a Flask web server and the map is rendered with Leaflet.js. The project is released under the MIT license.

The data in the repository covers IP addresses attributed to DarkForums activity. This is intended as a threat intelligence reference for security researchers.