7 comments

[ 2.7 ms ] story [ 23.2 ms ] thread
Yes, this map is based on the iPew map.

The data is sourced from the HashPlane threat intel network.

The data to the websocket is almost real time but its sampled so its not a complete threat feed. If you want to use the data please drop me a note.

I'm not sure how random this is...

CN (110.249.212.46) attacks AU (172.X.X.X) (Port PING)

... (x20)

CN (110.249.212.46) attacks AU (172.X.X.X) (Port PING)

Its not random data, its almost-live attack/scan data. Basically we packet capture everything, process it then shovel it off to our backend datastore. Its a minute or two delayed. I realize it may not be the most interesting thing to look at and I'll probably downsample stuff like that in the future, but its real!

I've seen unwanted contact from that IP 7600 times, its hit pretty much all of our nodes and appears to be scanning for some commonly known ports. Its probably a bot or someone attempting to gather intelligence for attacks.

Since its from China in the Hebei Province my guess right now its from the Alibaba datacenter there or possibly China's APT1 unit. Either way its doing bad stuff and you'd want to block it on your edge (if you have one) or load that IP onto a blocklist with your WAF.

Edit: I just updated the map data stream so it dedupes, it should make it a little prettier :)

    Uncaught TypeError: Failed to execute 'setTimeout' on 'Window': 1 argument required, but only 0 present.
    at Object.init ((index):405)
    at (index):531
In Chrome and Edge on Windows.
Thanks! I'll take a look, I thought I'd cleaned up most of the errors, whoops!
Site doesn't appear to be working in Firefox or Chrome at the moment. No idea what it is supposed to show based on the title.
Hrm, I tested with Firefox and Safari. I don't use Chrome. Looks like there was a deploy error I didn't catch, which is now fixed.