MalExt Sentry

Live

Malicious browser extension tracker GitHub → —

Free threat intelligence database - malicious and policy-violating browser extensions including those removed from the Chrome Web Store and still active in the wild · community reports + automated store monitoring · adware, data theft, session hijacking, cryptomining

Total Threats

—

Sources

—

Latest

—

/ Ctrl K ?

Show rows

Fetching threat database...

Pulling latest intelligence from GitHub

Usage: Copy a URL to subscribe directly from your platform, or Download for an offline snapshot. Feeds update automatically on every database commit. TLP:CLEAR.

MISP Events › Import › MISP JSON / Warninglists › New

MISP Event

Full event with extension ID attributes, CWS URLs, source tags, and TLP:CLEAR markings. Import once or re-import to update.

EventsImportMISP JSONupload file

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_misp_event.json

MISP Warning List

Standalone warninglist of all malicious extension IDs. Triggers a warning in MISP whenever a flagged ID appears in any event attribute.

WarninglistsNewimport JSON

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_misp_warninglist.json

STIX 2.1 TAXII 2.x · OpenCTI · any STIX-aware platform

STIX 2.1 Bundle

Complete bundle — Indicator objects, Malware objects, and indicates relationships. TLP:CLEAR markings, deterministic UUIDs.

TAXII serverpush bundle or OpenCTIData › Import

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_stix2_bundle.json

OpenCTI Indicators CSV

CSV formatted for the OpenCTI CSV importer. Contains STIX pattern indicators with confidence score, labels, and observable type.

OpenCTIData › Importupload CSV

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_opencti_indicators.csv

Splunk Settings › Lookups › Lookup Table Files

Splunk Lookup Table

CSV lookup enriching registry events with extension metadata - ID, name, source, date, and Chrome Web Store URL. Drop-in for endpoint detection SPL queries.

SettingsLookupsLookup Table Filesupload CSV

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_splunk_lookup.csv

JSON Custom integrations · scripts · APIs

Generic JSON Feed

Flat JSON array with extension ID, name, source, insert date, and CWS URL. No schema overhead - ideal for custom scripts or in-house integrations.

fetch URLparse JSONuse indicators[]

URL https://raw.githubusercontent.com/toborrm9/malicious_extension_sentry/main/threat-intel-feeds/malext_feed.json