
Show HN: HashPlane Attack Map - bifrost
https://map.hashplane.com/
======
zamadatix

        Uncaught TypeError: Failed to execute 'setTimeout' on 'Window': 1 argument required, but only 0 present.
        at Object.init ((index):405)
        at (index):531
    

In Chrome and Edge on Windows.

~~~
bifrost
Thanks! I'll take a look, I thought I'd cleaned up most of the errors, whoops!

------
bifrost
Yes, this map is based on the iPew map.

The data is sourced from the HashPlane threat intel network.

The data to the websocket is almost real time but its sampled so its not a
complete threat feed. If you want to use the data please drop me a note.

------
Scaevolus
I'm not sure how random this is...

CN (110.249.212.46) attacks AU (172.X.X.X) (Port PING)

... (x20)

CN (110.249.212.46) attacks AU (172.X.X.X) (Port PING)

~~~
bifrost
Its not random data, its almost-live attack/scan data. Basically we packet
capture everything, process it then shovel it off to our backend datastore.
Its a minute or two delayed. I realize it may not be the most interesting
thing to look at and I'll probably downsample stuff like that in the future,
but its real!

I've seen unwanted contact from that IP 7600 times, its hit pretty much all of
our nodes and appears to be scanning for some commonly known ports. Its
probably a bot or someone attempting to gather intelligence for attacks.

Since its from China in the Hebei Province my guess right now its from the
Alibaba datacenter there or possibly China's APT1 unit. Either way its doing
bad stuff and you'd want to block it on your edge (if you have one) or load
that IP onto a blocklist with your WAF.

Edit: I just updated the map data stream so it dedupes, it should make it a
little prettier :)

------
yfiapo
Site doesn't appear to be working in Firefox or Chrome at the moment. No idea
what it is supposed to show based on the title.

~~~
bifrost
Hrm, I tested with Firefox and Safari. I don't use Chrome. Looks like there
was a deploy error I didn't catch, which is now fixed.

