Threat intelligence workspace

DexSentinel.

Real-time intel aggregation for map visibility, reputation lookups, CVE pressure, and active campaign watch.

The build is now connected to live OSINT feeds. The backend leverages a distributed architecture with Redis caching and Supabase persistence to provide sub-second lookup responses for verified threat indicators.

Investigate IOC
Surface v0.2.0

GLOBAL THREAT MAP

Live attack surface pressure.

0 hotspots above watch threshold · Connecting...
Session 0
Public 0
Hybrid 0

ATTACK VOLUME

0

CORRELATED SOURCES

0

LOOKUP CONSOLE

Reputation and source consensus.

IP, domain, and hash workflow ready

185.220.101.42

HOSTILE / IP

RISK SCORE

83/100

Multiple feeds agree this target behaves like active malicious infrastructure.

Country

India

Provider

Leaseweb

Last seen

13m ago

Confidence

80%

credential-spraybotnetphishing

Source opinions

AbuseIPDB
28

Community abuse reports trending up

VirusTotal
-21

Engine consensus malicious

Shodan
-31

Open services: 8080, 8443

Open services

:8080:8443

LIVE THREAT FEEDDATA: connecting...

Operator stream.

Fixed viewport, live append-only rows, oldest visible row dropped after the seventh entry.

INGEST

SYNC

PRIORITY

0

TimeActorVector / targetStatus

PIPELINE MODEL

Queue-first architecture.

01

Collect

AbuseIPDB, VirusTotal, Shodan, honeypots, NVD

02

Correlate

IOC joins, actor overlap, campaign tagging

03

Score

Risk engine weights detections, ports, behavior

04

Alert

Escalate high-confidence threats into the queue

TRENDING CVES

Vulnerability pressure.

Pulling the latest NVD matches for the selected lens...

Active campaigns

Lazarus / AppleJeusactive

Crypto exchanges

Credential theft and macOS loaders

Volt Typhoonwatch

Critical infrastructure

Stealthy edge-device persistence

Storm-1811contained

Public sector

Phishing to ransomware staging

What this surface proves

Reputation lookup is already interactive.

Live feed and map both simulate continuous ingest.

CVE panel now pulls current NVD data through a route.

Architecture trace

Next.js App Router interface
Route handlers for auth, cache, and queue writes
BullMQ workers for enrichment and scoring
Postgres and Redis for history, caching, and relationships
Public feeds, CVE APIs, and honeypot telemetry

Discovery history

No recent session lookups.

Engineering principles

External feeds stay off the request path. Queue and cache first.

Every lookup is historical, scored, and ready for correlation.

Map, feed, CVEs, and campaigns share one operator workspace.