Where is the data sourced from?

Indicators and observables are gathered from an internationally distributed honeynet as well as through automated passive OSINT activities. This data is then enriched against various external open source CTI sources.

What is this website built with?

This site is generated by bash, zsh, python, perl, and ruby scripts which write markdown, which is then converted into html using jekyll. Some data enrichment takes place through Splunk with the majority of processing making use of modern unix tools. Charts and maps are built with amcharts and bing maps.

Can I use this threat intelligence?

The data provided here is currently TLP:White and free to use in any form for non-commercial purposes, use for commercial purposes requires prior approval. This is subject to change at any time, and will be updated here.

Can I have my IP Address removed from this page?

Please contact me at [email protected] to request removal from this website. Each request will be considered individually based upon the nature of the IP (dynamic/static), the observed activity, and the time since an event was logged.