THREAT INTEL // <?php echo htmlspecialchars($site_name); ?>

0 ? 1 : 0; } $ip = $e['ip'] ?? '?'; $country = $e['country'] ?? '??'; $ips[$ip] = ($ips[$ip] ?? 0) + 1; if ($country && $country !== '??') { $countries[$country] = ($countries[$country] ?? 0) + 1; } $hour = substr($e['timestamp'] ?? '', 0, 13); if ($hour) $hours[$hour] = ($hours[$hour] ?? 0) + 1; if (!empty($e['username'])) { $usernames[$e['username']] = ($usernames[$e['username']] ?? 0) + 1; } if (!empty($e['password'])) { $passwords[$e['password']] = ($passwords[$e['password']] ?? 0) + 1; } if (!empty($e['username']) && !empty($e['password'])) { $creds[] = [ 'ts' => substr($e['timestamp'] ?? '', 0, 19), 'ip' => $ip, 'cc' => $country, 'user' => $e['username'], 'pass' => $e['password'], 'att' => $e['attempt'] ?? 0, 'delay'=> $e['delay_applied'] ?? 0, ]; } if (!isset($ip_details[$ip])) { $ip_details[$ip] = ['country' => $country, 'attempts' => 0, 'first' => $e['timestamp'] ?? '', 'last' => '']; } $ip_details[$ip]['attempts']++; $ip_details[$ip]['last'] = $e['timestamp'] ?? ''; $last_event_time = $e['timestamp'] ?? $last_event_time; } arsort($usernames); arsort($passwords); arsort($ips); arsort($countries); ksort($hours); $unique_ips = count($ips); $top_user = $usernames ? array_key_first($usernames) : '-'; $top_pass = $passwords ? array_key_first($passwords) : '-'; // Threat level $threat_level = 'NOMINAL'; $threat_class = 'nominal'; if ($total_attempts > 100) { $threat_level = 'ELEVATED'; $threat_class = 'elevated'; } if ($total_attempts > 500) { $threat_level = 'HIGH'; $threat_class = 'high'; } if ($total_attempts > 2000) { $threat_level = 'CRITICAL'; $threat_class = 'critical'; } // Time since last event $last_ago = '-'; if ($last_event_time) { $diff = time() - strtotime($last_event_time); if ($diff < 60) $last_ago = $diff . 's ago'; elseif ($diff < 3600) $last_ago = floor($diff/60) . 'm ago'; elseif ($diff < 86400) $last_ago = floor($diff/3600) . 'h ago'; else $last_ago = floor($diff/86400) . 'd ago'; } // Last 12 hours for compact timeline $recent_hours = array_slice($hours, -12, 12, true); // Active tab $tab = $_GET['tab'] ?? 'overview'; ?> THREAT INTEL // <?php echo htmlspecialchars($site_name); ?>

Login Attempts

Recon Probes

Scan / enumeration

Unique Sources

Distinct IP addresses

Countries

Geographic origins

Credentials

Unique pairs captured

'Overview', 'intercepts' => 'Intercepts', 'intel' => 'Intel']; ?>

Target Usernames

unique

$c): ?>

Username	Hits

Awaiting data

Captured Passwords

unique

$c): ?>

Password	Hits

Awaiting data

Top Sources

IPs

$c): $d = $ip_details[$ip] ?? []; ?>

IP	CC	Hits

Awaiting data

GeoINT

countries

$c): ?>

Country	Events

No geo data

Timeline

Last h

$c): ?>

Hour	Events

No data

Recent Activity

Last captures

→

# +s

Awaiting threat data

Credential Intercepts

pairs captured

Timestamp	Source IP	Origin	Username	Password	Attempt	Tarpit
					#	+s

No credentials intercepted

Password Intelligence

unique

$c): ?>

Password	Freq

No passwords

Username Enumeration

unique

$c): ?>

Username	Freq

No usernames

All Threat Sources

IPs

$c): $d = $ip_details[$ip] ?? []; ?>

Source IP	Origin	Hits	First Contact	Last Contact	Activity

No sources

Geographic Intelligence

countries

$c): ?>

Country	Events

No geo data

Attack Timeline

Hourly distribution

$c): ?>

Hour	Events

No data