11 layers
Honeypot attackers, botnet C2, ransomware victims, malware distribution, phishing, Tor exits, exploited CVEs, BGP hijacks, IP reputation, SSL abuse, underground intel.
Threat map
The whole world,
triaged on a single pane.
CTP247 geolocates the indicators it ingests — honeypot attackers, botnet C2s, ransomware victims, malware distribution, phishing infrastructure, exploited CVEs — and layers them on a world map inside the product. The globe below is an illustration of that layer system, rendered with representative data; your in-app map draws from your actual feeds.
27 default feeds
abuse.ch · dshield · OTX · CISA KEV · GreyNoise · urlhaus · phishtank · ransomware leak sites · feodo · sslbl · firehol — and any STIX/TAXII you bring.
Geo-resolved on ingest
URLs and domains are resolved through DNS, then to lat/lng via the bundled DB-IP Lite database with API fallbacks. IPs that don't geo-resolve get a country fallback, never a fake coordinate.
Your map sees your stack.
This page's globe is an illustration. Inside CTP247, the map is filtered against the assets, brands, and IOCs your org actually owns — so a phishing domain three jumps from your CDN gets a different severity than one targeting an unrelated brand on the other side of the world.
See it on your stack