This study investigates extracting useful information from hacker forums, focusing on identifying malicious IP addresses reported in unstructured and ad hoc ways. The method developed automates the identification of these IPs using a matrix decomposition technique to extract latent features from user behavior combined with textual information from related posts. The approach is language-independent, relying on a small number of keywords and behavioral features. Approximately 600K posts from three different forums were analyzed, demonstrating high classification accuracy and over 88% precision in identifying malicious IPs. This method identified up to three times more potentially malicious IPs compared to the VirusTotal blacklist, highlighting the importance of early access to this information in cyber warfare.