Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
3145884
Initial plan
Copilot Oct 28, 2025
a7d10e9
Initial exploration - understanding current architecture
Copilot Oct 28, 2025
1b6817c
Add AI reputation check using Cloudflare Workers AI
Copilot Oct 28, 2025
47792ad
Update README with AI reputation feature documentation
Copilot Oct 28, 2025
740a3fa
Fix documentation to clarify API processing order
Copilot Oct 28, 2025
d00a888
Refactor Cloudflare Worker to use ES Module export for fetch handling…
devnomadic Oct 28, 2025
16da0b3
Add events summary to AI reputation analysis and enhance prompt struc…
devnomadic Oct 28, 2025
c76f326
Add AI reputation analysis to combined response in Cloudflare Worker
devnomadic Oct 28, 2025
0ebdf68
Enforce property order in JSON response for combined API results
devnomadic Oct 28, 2025
7789f7d
Ensure consistent property order in JSON response by manually constru…
devnomadic Oct 28, 2025
6b6fe86
Refactor JSON response handling to use combined response object and r…
devnomadic Oct 28, 2025
982ed7e
Add build timestamp and ID generation to authentication key script
devnomadic Oct 28, 2025
bb346a1
Enhance README and Home.razor to include AI-powered analysis features…
devnomadic Oct 28, 2025
ccb7f82
Replace static ASCII art with pixel-matrix renderer, add styles, and …
devnomadic Oct 31, 2025
0533b02
Make ASCII pixel-matrix responsive: replace pixel-size vars with grid…
devnomadic Oct 31, 2025
6551954
Fix ASCII pixel-matrix mapping and spacing: use core class for value …
devnomadic Oct 31, 2025
f60182b
Enhance AI analysis features: update page titles, add AI toggle in Ho…
devnomadic Nov 25, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions .github/workflows/deploy-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,21 @@ jobs:
- name: Install npm dependencies
run: npm ci

- name: Generate Version
id: version
run: |
# Generate build timestamp in the same format as the app (yyyyMMdd-HHmm)
BUILD_TIMESTAMP=$(date -u +"%Y%m%d-%H%M")
BUILD_ID=$(echo "${{ github.sha }}" | cut -c1-8)
VERSION="${BUILD_TIMESTAMP}-${BUILD_ID}"

echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "build-timestamp=${BUILD_TIMESTAMP}" >> $GITHUB_OUTPUT
echo "build-id=${BUILD_ID}" >> $GITHUB_OUTPUT
echo "Preview version: ${VERSION}"
echo "Build timestamp: ${BUILD_TIMESTAMP}"
echo "Build ID: ${BUILD_ID}"

- name: Generate Preview Name
id: preview
run: |
Expand Down Expand Up @@ -95,9 +110,11 @@ jobs:
CLOUDFLARE_RADAR_API_TOKEN: ${{ secrets.CLOUDFLARE_RADAR_API_TOKEN_DEV }}
SkipCodeGeneration: false
ALBATROSS_ENVIRONMENT: preview
BUILD_TIMESTAMP: ${{ steps.version.outputs.build-timestamp }}
BUILD_ID: ${{ steps.version.outputs.build-id }}
run: |
# Generate authentication key with environment context
./Generate-AuthKey.ps1 -OutputPath "Generated" -Environment "preview" -Verbose
# Generate authentication key with environment context and build info
./Generate-AuthKey.ps1 -OutputPath "Generated" -Environment "preview" -BuildTimestamp "$env:BUILD_TIMESTAMP" -BuildId "$env:BUILD_ID" -Verbose

# Build application (this generates both SPA and Worker files)
dotnet build --configuration Release --no-restore
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/deploy-production.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,9 +92,11 @@ jobs:
CLOUDFLARE_RADAR_API_TOKEN: ${{ secrets.CLOUDFLARE_RADAR_API_TOKEN }}
SkipCodeGeneration: false
ALBATROSS_ENVIRONMENT: production
BUILD_TIMESTAMP: ${{ steps.version.outputs.build-timestamp }}
BUILD_ID: ${{ steps.version.outputs.build-id }}
run: |
# Generate authentication key with environment context
./Generate-AuthKey.ps1 -OutputPath "Generated" -Environment "production" -Verbose
# Generate authentication key with environment context and build info
./Generate-AuthKey.ps1 -OutputPath "Generated" -Environment "production" -BuildTimestamp "$env:BUILD_TIMESTAMP" -BuildId "$env:BUILD_ID" -Verbose

# Build application (this generates both SPA and Worker files)
dotnet build --configuration Release --no-restore
Expand Down
21 changes: 18 additions & 3 deletions Generate-AuthKey.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ param(
[string]$OutputPath = ".",
[string]$KeyLength = "32",
[string]$Environment = "production",
[string]$BuildTimestamp = "",
[string]$BuildId = "",
[switch]$Verbose
)

Expand Down Expand Up @@ -64,9 +66,22 @@ try {
Write-BuildLog "Created output directory: $OutputPath"
}

# Generate build timestamp
$buildTimestamp = Get-Date -Format "yyyyMMdd-HHmm"
$buildGuid = [System.Guid]::NewGuid().ToString("N").Substring(0, 8)
# Generate build timestamp and ID (use provided values or generate new ones)
if ([string]::IsNullOrWhiteSpace($BuildTimestamp)) {
$buildTimestamp = Get-Date -Format "yyyyMMdd-HHmm"
Write-BuildLog "Generated build timestamp: $buildTimestamp"
} else {
$buildTimestamp = $BuildTimestamp
Write-BuildLog "Using provided build timestamp: $buildTimestamp"
}

if ([string]::IsNullOrWhiteSpace($BuildId)) {
$buildGuid = [System.Guid]::NewGuid().ToString("N").Substring(0, 8)
Write-BuildLog "Generated build ID: $buildGuid"
} else {
$buildGuid = $BuildId
Write-BuildLog "Using provided build ID: $buildGuid"
}

# Create the generated constants file for C#
$csharpContent = @"
Expand Down
107 changes: 100 additions & 7 deletions Pages/Home.razor

Large diffs are not rendered by default.

40 changes: 37 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
# Albatross

A modern Blazor WebAssembly application that provides comprehensive IP address analysis and abuse checking functionality. Albatross combines cloud IP range detection with AbuseIPDB reputation checking through a secure Cloudflare Worker proxy.
A modern Blazor WebAssembly application that provides comprehensive IP address analysis and abuse checking functionality. Albatross combines cloud IP range detection with AbuseIPDB reputation checking and AI-powered risk assessment through a secure Cloudflare Worker proxy.

## Features

- **IP Abuse Checking**: Query the AbuseIPDB API to check if an IP address has been reported for malicious activity
- **AI-Powered Reputation Analysis**: Advanced risk assessment using Cloudflare Workers AI with Llama 3.1 70B Instruct model
- **Cloud IP Range Detection**: Identify if an IP address belongs to major cloud providers (AWS, Azure, GCP, Oracle Cloud)
- **Flexible Input Format**: Support for IP addresses with custom report age (e.g., `8.8.8.8;60` for 60 days of history)
- **Combined Data Sources**: Integrated AbuseIPDB and Cloudflare Radar API data for comprehensive IP analysis
- **Combined Data Sources**: Integrated AbuseIPDB, Cloudflare Radar API, and Workers AI for comprehensive IP analysis
- **Secure Authentication**: Build-time generated HMAC authentication with timestamp validation for enhanced security
- **CORS Protection**: Cloudflare Worker proxy handles CORS and protects API keys from client exposure
- **SEO-Optimized**: Static HTML prerendering for improved search engine indexing and web crawler accessibility
Expand Down Expand Up @@ -317,9 +318,41 @@ Users can specify custom report age limits using a semicolon delimiter:
### Combined API Integration
- **AbuseIPDB**: IP reputation and abuse reports
- **Cloudflare Radar**: ASN information and network details
- **Parallel Processing**: Both APIs are queried simultaneously for optimal performance
- **Cloudflare Workers AI**: AI-powered risk assessment using Llama 3.1 70B Instruct model
- **Optimized Processing**: AbuseIPDB and Radar APIs are queried in parallel; AI analysis processes their results
- **Graceful Degradation**: Partial results if one API fails

### AI-Powered Reputation Analysis
The worker uses Cloudflare Workers AI with the Llama 3.1 70B Instruct model to generate intelligent risk assessments:
- **Real-time Analysis**: Analyzes data from AbuseIPDB and Cloudflare Radar APIs
- **Risk Levels**: Categorizes threats as low, medium, high, or critical
- **Trust Scores**: Provides 0-100 trust score for quick assessment
- **AI Summary**: Natural language explanation of the IP's reputation
- **Event Pattern Analysis**: Summarizes abuse event types and patterns from historical reports
- **Actionable Recommendations**: Specific steps to take based on the analysis
- **Model**: `@cf/meta/llama-3.1-70b-instruct` (70 billion parameter model)

Example AI Response:
```json
{
"aiReputation": {
"success": true,
"analysis": {
"riskLevel": "medium",
"trustScore": 65,
"summary": "This IP from US shows moderate abuse activity with 15 reports. ISP indicates datacenter usage which is common for both legitimate and malicious traffic.",
"eventsSummary": "Reported 15 times for Port Scan, Brute-Force, SSH activity over the past 30 days.",
"recommendations": [
"Review the specific abuse reports for patterns",
"Consider rate limiting if used for API access"
]
},
"model": "@cf/meta/llama-3.1-70b-instruct",
"timestamp": "2025-10-28T04:45:00.000Z"
}
}
```

## Current Status

✅ **Authentication System**: Fully implemented and working
Expand All @@ -329,6 +362,7 @@ Users can specify custom report age limits using a semicolon delimiter:
✅ **GitHub Actions**: Automated CI/CD pipeline functional
✅ **Security Scanning**: CodeQL and dependency review workflows active
✅ **Code Quality**: Automated formatting and testing in CI/CD
✅ **AI Integration**: Cloudflare Workers AI with Llama 3.1 70B for reputation analysis

## Image Credits

Expand Down
53 changes: 50 additions & 3 deletions Services/AbuseIPDBService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,13 @@
namespace Albatross.Services
{
/// <summary>
/// Complete API response model for AbuseIPDB with integrated ASN information
/// Complete API response model for AbuseIPDB with integrated ASN information and AI reputation
/// </summary>
public class AbuseIPDBApiResponse
{
[JsonPropertyName("aiReputation")]
public AIReputation? AIReputation { get; set; }

[JsonPropertyName("data")]
public AbuseIPDBData? Data { get; set; }

Expand All @@ -30,6 +33,48 @@ public class AbuseIPDBApiResponse
public WorkerInfo? WorkerInfo { get; set; }
}

/// <summary>
/// AI-generated reputation analysis from Cloudflare Workers AI
/// </summary>
public class AIReputation
{
[JsonPropertyName("success")]
public bool Success { get; set; }

[JsonPropertyName("error")]
public string? Error { get; set; }

[JsonPropertyName("analysis")]
public AIAnalysis? Analysis { get; set; }

[JsonPropertyName("model")]
public string? Model { get; set; }

[JsonPropertyName("timestamp")]
public string? Timestamp { get; set; }
}

/// <summary>
/// AI analysis details
/// </summary>
public class AIAnalysis
{
[JsonPropertyName("riskLevel")]
public string? RiskLevel { get; set; }

[JsonPropertyName("trustScore")]
public int TrustScore { get; set; }

[JsonPropertyName("summary")]
public string? Summary { get; set; }

[JsonPropertyName("eventsSummary")]
public string? EventsSummary { get; set; }

[JsonPropertyName("recommendations")]
public List<string>? Recommendations { get; set; }
}

/// <summary>
/// ASN information from Cloudflare Radar API
/// </summary>
Expand Down Expand Up @@ -385,8 +430,9 @@ private string GetTimestamp()
/// <param name="ipAddress">The IP address to check, optionally with maxAgeInDays delimited by semicolon (e.g., "8.8.8.8;60")</param>
/// <param name="maxAgeInDays">Reports older than this many days won't be included (default 30). This is overridden if specified in ipAddress parameter</param>
/// <param name="verbose">Whether to include detailed report information</param>
/// <param name="enableAI">Whether to enable AI reputation analysis (default true)</param>
/// <returns>Complete AbuseIPDB information for the specified IP address</returns>
public async Task<AbuseIPDBApiResponse> CheckIPAsync(string ipAddress, int maxAgeInDays = 30, bool verbose = true)
public async Task<AbuseIPDBApiResponse> CheckIPAsync(string ipAddress, int maxAgeInDays = 30, bool verbose = true, bool enableAI = true)
{
// Parse the input to extract IP address and optionally maxAgeInDays
string actualIpAddress;
Expand Down Expand Up @@ -417,11 +463,12 @@ public async Task<AbuseIPDBApiResponse> CheckIPAsync(string ipAddress, int maxAg
try
{
var verboseParam = verbose.ToString().ToLower();
var enableAIParam = enableAI.ToString().ToLower();
var timestamp = GetTimestamp();

// Include timestamp as a URI parameter
var requestUrl =
$"{_cloudflareWorkerUrl}?ipAddress={actualIpAddress}&maxAgeInDays={actualMaxAgeInDays}&verbose={verboseParam}&timestamp={timestamp}"
$"{_cloudflareWorkerUrl}?ipAddress={actualIpAddress}&maxAgeInDays={actualMaxAgeInDays}&verbose={verboseParam}&enableAI={enableAIParam}&timestamp={timestamp}"
.ToLower();
Console.WriteLine($"Requesting: {requestUrl}");

Expand Down
Loading
Loading