We think the internet should watch itself.
Traditional threat intelligence is brittle: static IP lists, vendor silos, and a constant loss of signal as attackers move between proxies and botnets. The BoarNet flips the problem — instead of tracking IPs, we fingerprint the tools attackers use. A JA4 hash survives VPN rotations, residential-proxy cycling, and botnet reshuffling. A command pattern outlasts the C2 address.
BoarNet
The Verified Core fleet is owned, operated, and legally owned by BoarNet. Commercial revenue funds it directly — there is no advertising, no reselling, no third-party data partners.
Strictly passive
We never hack back, probe, or read from a volunteer's machine. The only signal we take from a sensor is what attackers voluntarily send to it — plus the public IP the network already exposes to reach us, which we resolve to country only.
Record-anchored
Every public claim resolves to a queryable record ID. The live map, the detail pages, the marketing stats — all trace back to the same entries any customer can query.
Give-to-get
If you contribute telemetry, you get enterprise-grade data. If you can't contribute, you pay — and your subscription funds the Verified Core. The incentives align by design.