Sign in to Qriton Shield
Enter your email to receive a magic link
You're on the list!
We've added {{ loginEmail }} to our early access waitlist.
We'll review your request and send an invitation when your access is approved.
Check your email!
We've sent a magic link to {{ loginEmail }}
Click the link in the email to sign in. The link expires in 1 hour.
My Shields
Manage your registered Shield instances.
Register New Shield
New Shield Registered!
{{ newShieldCredentials.shieldId }}
{{ newShieldCredentials.apiKey }}
{{ newShieldCredentials.secret }}
Configuration
Add this to your Shield's settings.json:
{
"dasData": {
"enabled": true,
"serverUrl": "{{ origin }}",
"shieldId": "{{ newShieldCredentials.shieldId }}",
"apiKey": "{{ newShieldCredentials.apiKey }}",
"secret": "{{ newShieldCredentials.secret }}",
"region": "{{ newShieldForm.region }}"
}
}Your Shields
You haven't registered any shields yet.
Authentication Required
Please sign in to access AI Insights.
AI Insights
Neural network anomaly detection
No Shields Registered
Register a Shield to start monitoring with AI
Feature Analysis
20 featuresDecision History
{{ hopfieldHistory.length }}Affected IPs
{{ getAffectedIPs().length }} uniqueNo IPs flagged
IPs appear here when decisions are triggeredLoading AI data...
No AI Data Available
This Shield hasn't reported any Hopfield data yet. Make sure the Shield is running and connected to DasData.
How Shield AI Works
Understand the neural network behind autonomous threat detection
Neural Network Threat Detection
Qriton Shield uses a Modern Continuous Hopfield Network - the same architecture behind modern AI transformers - to detect threats in real-time without predefined rules.
Pattern Learning
Shield learns what "normal" traffic looks like for your application, then detects anomalies that deviate from learned patterns.
4-Tier Response
Based on anomaly score, Shield takes graduated actions: Allow → Rate Limit → Challenge → Block. No false positive storms.
Explainable Decisions
Every decision shows WHY it was made. Gradient attribution reveals which features contributed most to the detection.
Autonomous Adaptation
Shield auto-escalates during attacks and de-escalates when threats subside. Night mode ensures protection during off-hours.
Complete AI Pipeline
What is a Hopfield Network?
A Hopfield Network is a form of recurrent neural network invented by physicist John Hopfield in 1982. It serves as content-addressable memory - it can store patterns and recall them even from partial or noisy input.
Classic Hopfield (1982)
- Binary states (+1/-1)
- Limited capacity (~0.14N patterns)
- Hard categorization
- Not differentiable
Modern Hopfield (Shield)
- Continuous states [-1, 1]
- Exponential capacity
- Soft composition ("60% A, 40% B")
- Fully differentiable
Energy Function (LogSumExp)
E(state) = -1/β × log(Σ exp(β × similarity(pattern_i, state))) + ½||state||²
Low energy = Traffic matches learned patterns (NORMAL)
High energy = Traffic doesn't match any pattern (ANOMALY)
The 20-Feature Vector
Shield extracts 20 carefully selected features from traffic across 3 layers, normalized to [-1, 1] using Z-score normalization.
Network Layer (L4)
| Feature | Description | Anomaly Indicator |
|---|---|---|
| connections_total | Total TCP connections | Sudden spike = flood |
| syn_count | SYN packets sent | High = SYN flood |
| established_count | Completed handshakes | Low ratio = scanner |
| unique_ips | Distinct source IPs | Sudden spike = botnet |
| syn_ratio | SYN / Total ratio | High = incomplete connections |
| established_ratio | Established / Total | Low = failed connections |
Application Layer (L7)
| Feature | Description | Anomaly Indicator |
|---|---|---|
| requests_per_minute | HTTP request rate | High = HTTP flood |
| error_404_rate | 404 errors / Total | High = reconnaissance |
| post_rate | POST requests / Total | High = POST flood |
| endpoint_entropy | Request distribution | Low = endpoint abuse |
| user_agent_variance | UA string diversity | Low = bot fingerprint |
Behavioral Features
| Feature | Description | Anomaly Indicator |
|---|---|---|
| geo_entropy | Geographic distribution | Low = geo-targeted attack |
| interval_variance | Time between requests | Low = automated requests |
| payload_size_avg | Average data size | Extreme = exfiltration |
Explainable AI (XAI)
Shield doesn't just make decisions - it explains WHY using gradient-based attribution.
Example Decision
AI_STATUS Tier:3(BLOCK) Score:85.2 Threshold:0.32
| Features: SYN_Ratio=0.9(HIGH,25%) UniqueIPs=892(HIGH,20%) POSTs=450(HIGH,18%)
Interpretation:
- SYN_Ratio contributed 25% to the anomaly detection
- UniqueIPs contributed 20%
- POST rate contributed 18%
- Together these explain 63% of why this traffic was flagged
🔍 Gradient Attribution
Computes ∂E/∂feature to determine each feature's contribution to the anomaly score.
📜 Decision History
Full audit trail of every decision with timestamp, score, tier, and attribution.
🔗 IP Traceability
Track which IPs were affected by each decision and their full event timeline.
4-Tier Response System
Autonomous Adaptation
Shield operates in four adaptive modes, automatically switching based on attack intensity.
| Mode | SYN Timeout | Anomaly Threshold | HTTP/min | Use Case |
|---|---|---|---|---|
| Relaxed | 30s | 0.85 | 1500 | Low traffic periods |
| Balanced | 20s | 0.75 | 800 | Normal operation |
| Aggressive | 10s | 0.60 | 400 | Active attack |
| Lockdown | 5s | 0.45 | 200 | Emergency |
⬆️ Auto-Escalation
When blocks/minute > 50, Shield escalates to the next mode (relaxed → balanced → aggressive).
⬇️ Auto-De-escalation
When blocks/minute < 10 for 15 minutes, Shield de-escalates to a calmer mode.
🌙 Night Mode
Between 22:00-06:00, Shield enforces minimum "balanced" mode to protect during off-hours.
⚡ Velocity Detection
If 3+ IPs from the same /24 are blocked within 60 seconds, subnet threshold drops from 25 to 10.
Morris Counters: HLM-Inspired Infinite Scaling
Inspired by the Hopfield network's LogSumExp energy function, Shield uses Morris Counters for botnet detection that scales to infinity.
The Problem
During a massive botnet attack with 8,359+ IPs matching the same request pattern:
- Linear counting: 33KB memory, 5.8 days to clean up
- System would freeze or crash under load
The Solution: Logarithmic Counting
Instead of storing the actual count, store log₂(count):
| Attack Size | Linear Counter | Morris Counter |
|---|---|---|
| 8,359 IPs | 33,436 bytes | 13 bytes |
| 1 Million IPs | 4 MB | 20 bytes |
| 1 Billion IPs | Would crash | 30 bytes |
| 2²⁵⁵ IPs | Impossible | 255 bytes |
Morris Counting Algorithm
Counter value 'c' represents approximately 2^c actual events
Increment rule: With probability 1/2^c, increment c by 1
c=0: Always increment (P=100%)
c=5: Increment with P=3.125%
c=13: Increment with P=0.01%
Authentication Required
Please sign in to access OpenClaw Intel.
OpenClaw Intel
v2 Threat Intelligence — Supply chain, semantic, exploit, behavioral, and credential threat feeds
Tag Distribution
No v2 threat intelligence data yet. Shields with v2 enabled will start contributing data automatically.
| Package | Registry | Malware Family | Indicators | Confidence | Reports |
|---|---|---|---|---|---|
{{ pkg.name }}{{ pkg.version ? '@' + pkg.version : '' }} |
{{ pkg.registry }} | {{ pkg.malwareFamily }} | {{ ind }} | {{ (pkg.confidence * 100).toFixed(0) }}% | {{ pkg.reportCount }} ({{ pkg.uniqueShields }} shields) |
No package threats reported yet.
| Threat Class | Description | Targeted Tool | Confidence | Reports |
|---|---|---|---|---|
| {{ sig.threatClass }} | {{ sig.patternDescription || '—' }} | {{ sig.targetedTool || '—' }} | {{ (sig.confidence * 100).toFixed(0) }}% | {{ sig.reportCount }} ({{ sig.uniqueShields }} shields) |
No semantic signatures reported yet.
| CVE | Target Service | Phase | Description | Confidence | Reports |
|---|---|---|---|---|---|
{{ exp.cve || '—' }} |
{{ exp.targetService || '—' }} | {{ exp.exploitPhase || 'unknown' }} | {{ exp.description || '—' }} | {{ (exp.confidence * 100).toFixed(0) }}% | {{ exp.reportCount }} ({{ exp.uniqueShields }} shields) |
No exploit fingerprints reported yet.
| Entity Type | Deviation Type | Severity | Confidence | Reports |
|---|---|---|---|---|
| {{ anom.entityType }} | {{ anom.deviationType }} | {{ anom.severity }} | {{ (anom.confidence * 100).toFixed(0) }}% | {{ anom.reportCount }} ({{ anom.uniqueShields }} shields) |
No behavioral anomalies reported yet.
Account Settings
Manage your account information.
Account Information
Account details cannot be changed after registration for security and audit purposes.
Danger Zone
Permanently delete your account and all associated data.
Your account will be scheduled for deletion. Per GDPR requirements, your data will be retained for 30 days for legal compliance, then permanently and irreversibly deleted.
All your Shields will be immediately revoked and will stop working.
Network Status
Live Threat Activity
Recent Threats
Top Threats
Attack Classifications
IP Threat Lookup
Classifications
Location
{{ lookupResult.geo.city || 'Unknown' }}, {{ lookupResult.geo.country }}
Network
{{ lookupResult.network.org }}
ASN: {{ lookupResult.network.asn }}
Activity
First seen: {{ formatDate(lookupResult.firstSeen) }}
Last seen: {{ formatDate(lookupResult.lastSeen) }}
Reports: {{ lookupResult.reportCount }} from {{ lookupResult.reporterCount }} shield(s)
Attack Patterns
AI Detection
Hopfield Neural Network detected this IP in {{ lookupResult.hopfield.decisionCount }} decision(s). Latest action: {{ lookupResult.hopfield.latestTierName }}
Sign in to view full AI decision trace
This IP was detected by the Hopfield Neural Network in {{ lookupResult.hopfield.decisionCount }} decision(s). Latest action: {{ lookupResult.hopfield.latestTierName }}
Sign in to view full AI decision trace
Register Your Shield
Register your Qriton Shield instance to contribute threat intelligence to the global database.
Sign In to Register
Create an account or sign in to register and manage your Shields.
How It Works
Sign In
Create an account with your email address to get started.
Register Shield
Register your Shield instance and receive API credentials.
Configure
Add the credentials to your Shield's settings.json file.
Protect
Your Shield will automatically report blocked threats to the global database.
Authentication Required
Please sign in to access Threat Feeds.
Threat Feeds
Download threat intelligence feeds to integrate with your security infrastructure.
Authentication Required
Please sign in to access API Documentation.
API Documentation
Integrate Qriton Shield threat intelligence into your applications.
Public Endpoints
No authentication required. Rate limited to 60 requests/minute.
/api/lookup/{ip}
Look up threat data for a specific IP address.
curl {{ origin }}/api/lookup/1.2.3.4/api/lookup/bulk
Look up multiple IPs at once (max 100).
curl -X POST {{ origin }}/api/lookup/bulk \
-H "Content-Type: application/json" \
-d '{"ips": ["1.2.3.4", "5.6.7.8"]}'/api/feed/blocklist
Download the threat blocklist. Parameters: format (json/txt), minConfidence, minReports.
curl {{ origin }}/api/feed/blocklist?format=txt&minConfidence=0.8/api/stats
Get global threat statistics.
curl {{ origin }}/api/statsShield Reporting
For registered Qriton Shield instances only. Requires HMAC authentication.
/api/report
Submit a threat report. Requires Shield authentication headers.
Headers:
X-Shield-Id: shield_abc123
X-Shield-Key: your-api-key
X-Shield-Timestamp: 1705756800
X-Shield-Signature: hmac-sha256-signature
Body:
{
"ip": "1.2.3.4",
"classifications": ["syn_flood", "scanner"],
"attackPatterns": {
"syn_flood": { "count": 150 }
},
"geo": { "country": "CN" }
}Integration Examples
iptables (Linux)
#!/bin/bash
# Download and apply Qriton blocklist
curl -s {{ origin }}/api/feed/blocklist?format=txt | while read ip; do
iptables -A INPUT -s $ip -j DROP
doneWindows Firewall (PowerShell)
$blocklist = (Invoke-RestMethod {{ origin }}/api/feed/blocklist).blocklist
foreach ($threat in $blocklist) {
New-NetFirewallRule -DisplayName "Qriton Block $($threat.ip)" `
-Direction Inbound -RemoteAddress $threat.ip -Action Block
}Troll Mode Activity
Monitor attacker entertainment and deception activities across the Shield network.
Event Types
Recent Events
Honeypot Captures
Credentials captured from attackers trying fake login pages
{{ capture.credentials?.username || 'N/A' }}
Password:
{{ capture.credentials?.password || 'N/A' }}
Shield Network
What is Troll Mode?
Troll Mode is a collection of attacker entertainment and deception features that waste attackers' time and resources while gathering intelligence:
Redirect attackers to Rick Astley's famous video
Slow-drip responses that waste attacker connections
Fake login pages that capture attacker credentials
Infinite redirect chains to confuse scanners
Simulated exploits that lead attackers nowhere
CAPTCHAs that can never be solved
Compression bombs for aggressive scanners
Privacy Policy
Last updated: January 2026
1. Data Controller
Qriton Technologies ("we", "us", "our") is the data controller for the personal data processed through the Qriton Shield platform. We are established in Romania and operate under the jurisdiction of Romanian law and the European Union's General Data Protection Regulation (GDPR).
2. Data We Collect
2.1 Account Information
- Email address (required for authentication)
- Name (optional)
- Account creation date
2.2 Threat Intelligence Data
- IP addresses reported as threats by Shield instances
- Attack classifications and patterns
- Geolocation data derived from IP addresses
- Network information (ASN, organization)
2.3 Technical Data
- Shield instance identifiers
- API usage logs
- Session information
3. Legal Basis for Processing
We process your data based on:
- Contract: To provide the Shield services you've registered for
- Legitimate interest: To maintain network security and prevent cyber threats
- Consent: For optional communications and marketing
4. Data Retention
We retain:
- Account data: Until account deletion
- Threat data: Up to 90 days after last report
- Session data: 30 days
- Magic link tokens: 1 hour or until used
5. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interest
- Restrict: Limit how we use your data
To exercise these rights, contact us at privacy@qriton.com
6. Data Transfers
Your data is processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place in compliance with GDPR.
7. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS)
- Secure authentication (magic links, no passwords stored)
- Access controls and audit logging
8. Cookies
We use essential cookies for session management. These are strictly necessary for the service to function and do not require consent.
9. Contact & Complaints
For privacy inquiries: privacy@qriton.com
You have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) or your local supervisory authority.
10. Changes to This Policy
We may update this policy periodically. Significant changes will be notified via email.
Terms of Use
Last updated: January 2026
1. Agreement
By accessing or using Qriton Shield ("the Service"), you agree to be bound by these Terms of Use. If you do not agree, do not use the Service.
2. Description of Service
Qriton Shield is a threat intelligence platform that:
- Collects and aggregates threat reports from registered Shield instances
- Provides threat intelligence feeds and IP lookup services
- Enables collaborative defense against cyber threats
3. User Obligations
You agree to:
- Provide accurate information during registration
- Keep your API credentials secure and confidential
- Only report genuine threat activity
- Not abuse the API or attempt to circumvent rate limits
- Not use the Service for any illegal purpose
- Not submit false or malicious threat reports
4. Acceptable Use
The threat intelligence data provided is for legitimate security purposes only. You may NOT:
- Use the data to target individuals or organizations maliciously
- Redistribute the data commercially without permission
- Attempt to identify individuals from IP addresses for harassment
- Use automated systems to overwhelm the Service
5. Data Accuracy
Threat intelligence is provided "as is". We do not guarantee:
- Complete accuracy of threat classifications
- That all malicious IPs are in our database
- That all IPs in our database are currently malicious
Users should implement their own verification before taking action on threat data.
6. Intellectual Property
The Qriton Shield platform, including its code, design, and documentation, is protected by intellectual property laws. You may not copy, modify, or distribute the platform without permission.
7. Account Termination
We reserve the right to suspend or terminate accounts that:
- Violate these Terms
- Submit false threat reports
- Abuse the API or infrastructure
- Are inactive for extended periods
8. Limitation of Liability
To the maximum extent permitted by law, Qriton Technologies shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the Service.
9. Indemnification
You agree to indemnify and hold harmless Qriton Technologies from any claims arising from your use of the Service or violation of these Terms.
10. Governing Law
These Terms are governed by the laws of Romania. Any disputes shall be resolved in the courts of Romania, subject to EU consumer protection regulations where applicable.
11. Changes to Terms
We may modify these Terms at any time. Continued use after changes constitutes acceptance of the new Terms.
12. Contact
For questions about these Terms: legal@qriton.com
Request IP Whitelist Review
If you believe an IP address has been incorrectly flagged as a threat, you can request a review. We take false positives seriously and will investigate all legitimate requests.
Submit a Review Request
Request Submitted
Thank you for your submission. We'll review your request and contact you at {{ whitelistForm.email }} within 5 business days.
Request ID: {{ whitelistRequestId }}
Review Process
Submit Request
Provide details about the IP and why it should be reviewed
Verification
We verify ownership and review the threat reports
Analysis
Our team analyzes the traffic patterns that triggered the flag
Decision
We'll notify you of the outcome and any actions taken
Common False Positive Causes
- Security Scanners: Authorized vulnerability assessments can trigger detection
- Monitoring Services: Health check probes from legitimate services
- VPN Exit Nodes: Shared IPs where one user's behavior affects others
- CDN/Proxy: Traffic aggregation can amplify patterns
- Misconfigured Services: Unintentional high-frequency requests
Before Submitting
First, check the IP's current status using our IP Lookup tool to see what triggered the flag.