Internet Threat Intelligence, Visualized

Unique source IPs that attacked our honeypot sensors in the last 24 hours. Each IP is enriched with GeoIP, ASN, and confidence scoring.

Geographically distributed honeypot agents running cowrie and opencanary. Each node reports attacks in real-time to the IntrusionLabs collector.

Correlated clusters of attacking IPs identified through network-level correlation, ASN temporal clustering, and cross-sensor target pattern matching. A campaign is deactivated after 7 days with no correlated activity, and closed after 30 days—all historical data is preserved.

Legitimate security scanning organizations (Shadowserver, Censys, ONYPHE, etc.) detected by our sensors. Classified and excluded from threat campaigns.