From 130e81ad64c7740798ca59db256ccb48018b7fd2 Mon Sep 17 00:00:00 2001
From: Lorenzo Venerandi <68255980+Lore09@users.noreply.github.com>
Date: Sun, 25 Jan 2026 22:50:27 +0100
Subject: [PATCH] Feat/dashboard improvements (#55)

* fixed external ip resoultion

* added dashboard logic division, filtering capabilities, geoip map, attacker stats

* refactor: replace print statements with applogger for error logging in DatabaseManager

* feat: add click listeners for IP cells in dashboard tables to fetch and display stats

---------

Co-authored-by: BlessedRebuS <patrick.difa@gmail.com>
---
 exports/.gitkeep                    |    0
 helm/Chart.yaml                     |    2 +-
 src/config.py                       |    2 -
 src/database.py                     |  538 ++++++++--
 src/exports/malicious_ips.txt       |    2 +
 src/handler.py                      |  294 ++++++
 src/templates/dashboard_template.py | 1520 ++++++++++++++++++++++++---
 tests/test_insert_fake_ips.py       |    2 +-
 8 files changed, 2101 insertions(+), 259 deletions(-)
 delete mode 100644 exports/.gitkeep
 create mode 100644 src/exports/malicious_ips.txt

diff --git a/exports/.gitkeep b/exports/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/helm/Chart.yaml b/helm/Chart.yaml
index 928d0f8..938bfa3 100644
--- a/helm/Chart.yaml
+++ b/helm/Chart.yaml
@@ -3,7 +3,7 @@ name: krawl-chart
 description: A Helm chart for Krawl honeypot server
 type: application
 version: 0.1.5
-appVersion: 0.1.7
+appVersion: 0.1.8
 keywords:
   - honeypot
   - security
diff --git a/src/config.py b/src/config.py
index 1f1d122..1e96e09 100644
--- a/src/config.py
+++ b/src/config.py
@@ -100,8 +100,6 @@ class Config:
 
             self._server_ip = ip
             self._server_ip_cache_time = current_time
-
-            get_app_logger().info(f"Server external IP detected: {ip}")
             return ip
 
         except Exception as e:
diff --git a/src/database.py b/src/database.py
index 88d72d7..80eb194 100644
--- a/src/database.py
+++ b/src/database.py
@@ -293,7 +293,7 @@ class DatabaseManager:
             session.commit()
         except Exception as e:
             session.rollback()
-            print(f"Error updating IP stats analysis: {e}")
+            applogger.error(f"Error updating IP stats analysis: {e}")
 
     def manual_update_category(self, ip: str, category: str) -> None:
         """
@@ -322,7 +322,7 @@ class DatabaseManager:
             session.commit()
         except Exception as e:
             session.rollback()
-            print(f"Error updating manual category: {e}")
+            applogger.error(f"Error updating manual category: {e}")
 
     def _record_category_change(
         self,
@@ -514,56 +514,6 @@ class DatabaseManager:
         finally:
             self.close_session()
 
-    # def persist_ip(
-    #     self,
-    #     ip: str
-    # ) -> Optional[int]:
-    #     """
-    #     Persist an ip entry to the database.
-
-    #     Args:
-    #         ip: Client IP address
-
-    #     Returns:
-    #         The ID of the created IpLog record, or None on error
-    #     """
-    #     session = self.session
-    #     try:
-    #         # Create access log with sanitized fields
-    #         ip_log = AccessLog(
-    #             ip=sanitize_ip(ip),
-    #             manual_category = False
-    #         )
-    #         session.add(access_log)
-    #         session.flush()  # Get the ID before committing
-
-    #         # Add attack detections if any
-    #         if attack_types:
-    #             matched_patterns = matched_patterns or {}
-    #             for attack_type in attack_types:
-    #                 detection = AttackDetection(
-    #                     access_log_id=access_log.id,
-    #                     attack_type=attack_type[:50],
-    #                     matched_pattern=sanitize_attack_pattern(
-    #                         matched_patterns.get(attack_type, "")
-    #                     )
-    #                 )
-    #                 session.add(detection)
-
-    #         # Update IP stats
-    #         self._update_ip_stats(session, ip)
-
-    #         session.commit()
-    #         return access_log.id
-
-    #     except Exception as e:
-    #         session.rollback()
-    #         # Log error but don't crash - database persistence is secondary to honeypot function
-    #         print(f"Database error persisting access: {e}")
-    #         return None
-    #     finally:
-    #         self.close_session()
-
     def get_credential_attempts(
         self, limit: int = 100, offset: int = 0, ip_filter: Optional[str] = None
     ) -> List[Dict[str, Any]]:
@@ -626,8 +576,8 @@ class DatabaseManager:
                 {
                     "ip": s.ip,
                     "total_requests": s.total_requests,
-                    "first_seen": s.first_seen.isoformat(),
-                    "last_seen": s.last_seen.isoformat(),
+                    "first_seen": s.first_seen.isoformat() if s.first_seen else None,
+                    "last_seen": s.last_seen.isoformat() if s.last_seen else None,
                     "country_code": s.country_code,
                     "city": s.city,
                     "asn": s.asn,
@@ -637,7 +587,7 @@ class DatabaseManager:
                     "analyzed_metrics": s.analyzed_metrics,
                     "category": s.category,
                     "manual_category": s.manual_category,
-                    "last_analysis": s.last_analysis,
+                    "last_analysis": s.last_analysis.isoformat() if s.last_analysis else None,
                 }
                 for s in stats
             ]
@@ -688,6 +638,84 @@ class DatabaseManager:
         finally:
             self.close_session()
 
+    def get_attackers_paginated(self, page: int = 1, page_size: int = 25, sort_by: str = "total_requests", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of attacker IPs ordered by specified field.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (total_requests, first_seen, last_seen)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with attackers list and pagination info
+        """
+        session = self.session
+        try:
+            offset = (page - 1) * page_size
+
+            # Validate sort parameters
+            valid_sort_fields = {"total_requests", "first_seen", "last_seen"}
+            sort_by = sort_by if sort_by in valid_sort_fields else "total_requests"
+            sort_order = sort_order.lower() if sort_order.lower() in {"asc", "desc"} else "desc"
+
+            # Get total count of attackers
+            total_attackers = (
+                session.query(IpStats)
+                .filter(IpStats.category == "attacker")
+                .count()
+            )
+
+            # Build query with sorting
+            query = session.query(IpStats).filter(IpStats.category == "attacker")
+            
+            if sort_by == "total_requests":
+                query = query.order_by(
+                    IpStats.total_requests.desc() if sort_order == "desc" else IpStats.total_requests.asc()
+                )
+            elif sort_by == "first_seen":
+                query = query.order_by(
+                    IpStats.first_seen.desc() if sort_order == "desc" else IpStats.first_seen.asc()
+                )
+            elif sort_by == "last_seen":
+                query = query.order_by(
+                    IpStats.last_seen.desc() if sort_order == "desc" else IpStats.last_seen.asc()
+                )
+
+            # Get paginated attackers
+            attackers = query.offset(offset).limit(page_size).all()
+
+            total_pages = (total_attackers + page_size - 1) // page_size
+
+            return {
+                "attackers": [
+                    {
+                        "ip": a.ip,
+                        "total_requests": a.total_requests,
+                        "first_seen": a.first_seen.isoformat() if a.first_seen else None,
+                        "last_seen": a.last_seen.isoformat() if a.last_seen else None,
+                        "country_code": a.country_code,
+                        "city": a.city,
+                        "asn": a.asn,
+                        "asn_org": a.asn_org,
+                        "reputation_score": a.reputation_score,
+                        "reputation_source": a.reputation_source,
+                        "category": a.category,
+                        "category_scores": a.category_scores or {},
+                    }
+                    for a in attackers
+                ],
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total_attackers": total_attackers,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
     def get_dashboard_counts(self) -> Dict[str, int]:
         """
         Get aggregate statistics for the dashboard (excludes local/private IPs and server IP).
@@ -719,6 +747,9 @@ class DatabaseManager:
             suspicious_accesses = sum(1 for log in public_accesses if log.is_suspicious)
             honeypot_triggered = sum(1 for log in public_accesses if log.is_honeypot_trigger)
             honeypot_ips = len(set(log.ip for log in public_accesses if log.is_honeypot_trigger))
+            
+            # Count unique attackers from IpStats (matching the "Attackers by Total Requests" table)
+            unique_attackers = session.query(IpStats).filter(IpStats.category == "attacker").count()
 
             return {
                 "total_accesses": total_accesses,
@@ -727,6 +758,7 @@ class DatabaseManager:
                 "suspicious_accesses": suspicious_accesses,
                 "honeypot_triggered": honeypot_triggered,
                 "honeypot_ips": honeypot_ips,
+                "unique_attackers": unique_attackers,
             }
         finally:
             self.close_session()
@@ -772,7 +804,7 @@ class DatabaseManager:
         Args:
             limit: Maximum number of results
 
-        Returns:data
+        Returns:
             List of (path, count) tuples ordered by count descending
         """
         session = self.session
@@ -929,46 +961,370 @@ class DatabaseManager:
         finally:
             self.close_session()
 
-    # def get_ip_logs(
-    #     self,
-    #     limit: int = 100,
-    #     offset: int = 0,
-    #     ip_filter: Optional[str] = None
-    # ) -> List[Dict[str, Any]]:
-    #     """
-    #     Retrieve ip logs with optional filtering.
+    def get_honeypot_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "count", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of honeypot-triggered IPs with their paths.
 
-    #     Args:
-    #         limit: Maximum number of records to return
-    #         offset: Number of records to skip
-    #         ip_filter: Filter by IP address
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (count or ip)
+            sort_order: Sort order (asc or desc)
 
-    #     Returns:
-    #         List of ip log dictionaries
-    #     """
-    #     session = self.session
-    #     try:
-    #         query = session.query(IpLog).order_by(IpLog.last_access.desc())
+        Returns:
+            Dictionary with honeypots list and pagination info
+        """
+        session = self.session
+        try:
+            from config import get_config
+            config = get_config()
+            server_ip = config.get_server_ip()
 
-    #         if ip_filter:
-    #             query = query.filter(IpLog.ip == sanitize_ip(ip_filter))
+            offset = (page - 1) * page_size
 
-    #         logs = query.offset(offset).limit(limit).all()
+            # Get honeypot triggers grouped by IP
+            results = (
+                session.query(AccessLog.ip, AccessLog.path)
+                .filter(AccessLog.is_honeypot_trigger == True)
+                .all()
+            )
 
-    #         return [
-    #             {
-    #                 'id': log.id,
-    #                 'ip': log.ip,
-    #                 'stats': log.stats,
-    #                 'category': log.category,
-    #                 'manual_category': log.manual_category,
-    #                 'last_evaluation': log.last_evaluation,
-    #                 'last_access': log.last_access
-    #             }
-    #             for log in logs
-    #         ]
-    #     finally:
-    #         self.close_session()
+            # Group paths by IP, filtering out invalid IPs
+            ip_paths: Dict[str, List[str]] = {}
+            for row in results:
+                if not is_valid_public_ip(row.ip, server_ip):
+                    continue
+                if row.ip not in ip_paths:
+                    ip_paths[row.ip] = []
+                if row.path not in ip_paths[row.ip]:
+                    ip_paths[row.ip].append(row.path)
+
+            # Create list and sort
+            honeypot_list = [
+                {"ip": ip, "paths": paths, "count": len(paths)}
+                for ip, paths in ip_paths.items()
+            ]
+
+            if sort_by == "count":
+                honeypot_list.sort(
+                    key=lambda x: x["count"],
+                    reverse=(sort_order == "desc")
+                )
+            else:  # sort by ip
+                honeypot_list.sort(
+                    key=lambda x: x["ip"],
+                    reverse=(sort_order == "desc")
+                )
+
+            total_honeypots = len(honeypot_list)
+            paginated = honeypot_list[offset:offset + page_size]
+            total_pages = (total_honeypots + page_size - 1) // page_size
+
+            return {
+                "honeypots": paginated,
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_honeypots,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
+    def get_credentials_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "timestamp", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of credential attempts.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (timestamp, ip, username)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with credentials list and pagination info
+        """
+        session = self.session
+        try:
+            offset = (page - 1) * page_size
+
+            # Validate sort parameters
+            valid_sort_fields = {"timestamp", "ip", "username"}
+            sort_by = sort_by if sort_by in valid_sort_fields else "timestamp"
+            sort_order = sort_order.lower() if sort_order.lower() in {"asc", "desc"} else "desc"
+
+            total_credentials = session.query(CredentialAttempt).count()
+
+            # Build query with sorting
+            query = session.query(CredentialAttempt)
+
+            if sort_by == "timestamp":
+                query = query.order_by(
+                    CredentialAttempt.timestamp.desc() if sort_order == "desc" else CredentialAttempt.timestamp.asc()
+                )
+            elif sort_by == "ip":
+                query = query.order_by(
+                    CredentialAttempt.ip.desc() if sort_order == "desc" else CredentialAttempt.ip.asc()
+                )
+            elif sort_by == "username":
+                query = query.order_by(
+                    CredentialAttempt.username.desc() if sort_order == "desc" else CredentialAttempt.username.asc()
+                )
+
+            credentials = query.offset(offset).limit(page_size).all()
+            total_pages = (total_credentials + page_size - 1) // page_size
+
+            return {
+                "credentials": [
+                    {
+                        "ip": c.ip,
+                        "username": c.username,
+                        "password": c.password,
+                        "path": c.path,
+                        "timestamp": c.timestamp.isoformat() if c.timestamp else None,
+                    }
+                    for c in credentials
+                ],
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_credentials,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
+    def get_top_ips_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "count", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of top IP addresses by access count.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (count or ip)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with IPs list and pagination info
+        """
+        session = self.session
+        try:
+            from config import get_config
+            config = get_config()
+            server_ip = config.get_server_ip()
+
+            offset = (page - 1) * page_size
+
+            results = (
+                session.query(AccessLog.ip, func.count(AccessLog.id).label("count"))
+                .group_by(AccessLog.ip)
+                .all()
+            )
+
+            # Filter out local/private IPs and server IP, then sort
+            filtered = [
+                {"ip": row.ip, "count": row.count}
+                for row in results
+                if is_valid_public_ip(row.ip, server_ip)
+            ]
+
+            if sort_by == "count":
+                filtered.sort(key=lambda x: x["count"], reverse=(sort_order == "desc"))
+            else:  # sort by ip
+                filtered.sort(key=lambda x: x["ip"], reverse=(sort_order == "desc"))
+
+            total_ips = len(filtered)
+            paginated = filtered[offset:offset + page_size]
+            total_pages = (total_ips + page_size - 1) // page_size
+
+            return {
+                "ips": paginated,
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_ips,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
+    def get_top_paths_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "count", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of top paths by access count.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (count or path)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with paths list and pagination info
+        """
+        session = self.session
+        try:
+            offset = (page - 1) * page_size
+
+            results = (
+                session.query(AccessLog.path, func.count(AccessLog.id).label("count"))
+                .group_by(AccessLog.path)
+                .all()
+            )
+
+            # Create list and sort
+            paths_list = [
+                {"path": row.path, "count": row.count}
+                for row in results
+            ]
+
+            if sort_by == "count":
+                paths_list.sort(key=lambda x: x["count"], reverse=(sort_order == "desc"))
+            else:  # sort by path
+                paths_list.sort(key=lambda x: x["path"], reverse=(sort_order == "desc"))
+
+            total_paths = len(paths_list)
+            paginated = paths_list[offset:offset + page_size]
+            total_pages = (total_paths + page_size - 1) // page_size
+
+            return {
+                "paths": paginated,
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_paths,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
+    def get_top_user_agents_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "count", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of top user agents by access count.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (count or user_agent)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with user agents list and pagination info
+        """
+        session = self.session
+        try:
+            offset = (page - 1) * page_size
+
+            results = (
+                session.query(AccessLog.user_agent, func.count(AccessLog.id).label("count"))
+                .filter(AccessLog.user_agent.isnot(None), AccessLog.user_agent != "")
+                .group_by(AccessLog.user_agent)
+                .all()
+            )
+
+            # Create list and sort
+            ua_list = [
+                {"user_agent": row.user_agent, "count": row.count}
+                for row in results
+            ]
+
+            if sort_by == "count":
+                ua_list.sort(key=lambda x: x["count"], reverse=(sort_order == "desc"))
+            else:  # sort by user_agent
+                ua_list.sort(key=lambda x: x["user_agent"], reverse=(sort_order == "desc"))
+
+            total_uas = len(ua_list)
+            paginated = ua_list[offset:offset + page_size]
+            total_pages = (total_uas + page_size - 1) // page_size
+
+            return {
+                "user_agents": paginated,
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_uas,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
+
+    def get_attack_types_paginated(self, page: int = 1, page_size: int = 5, sort_by: str = "timestamp", sort_order: str = "desc") -> Dict[str, Any]:
+        """
+        Retrieve paginated list of detected attack types with access logs.
+
+        Args:
+            page: Page number (1-indexed)
+            page_size: Number of results per page
+            sort_by: Field to sort by (timestamp, ip, attack_type)
+            sort_order: Sort order (asc or desc)
+
+        Returns:
+            Dictionary with attacks list and pagination info
+        """
+        session = self.session
+        try:
+            offset = (page - 1) * page_size
+
+            # Validate sort parameters
+            valid_sort_fields = {"timestamp", "ip", "attack_type"}
+            sort_by = sort_by if sort_by in valid_sort_fields else "timestamp"
+            sort_order = sort_order.lower() if sort_order.lower() in {"asc", "desc"} else "desc"
+
+            # Get all access logs with attack detections
+            query = (
+                session.query(AccessLog)
+                .join(AttackDetection)
+            )
+
+            if sort_by == "timestamp":
+                query = query.order_by(
+                    AccessLog.timestamp.desc() if sort_order == "desc" else AccessLog.timestamp.asc()
+                )
+            elif sort_by == "ip":
+                query = query.order_by(
+                    AccessLog.ip.desc() if sort_order == "desc" else AccessLog.ip.asc()
+                )
+
+            logs = query.all()
+
+            # Convert to attack list
+            attack_list = [
+                {
+                    "ip": log.ip,
+                    "path": log.path,
+                    "user_agent": log.user_agent,
+                    "timestamp": log.timestamp.isoformat() if log.timestamp else None,
+                    "attack_types": [d.attack_type for d in log.attack_detections],
+                }
+                for log in logs
+            ]
+
+            # Sort by attack_type if needed (this must be done post-fetch since it's in a related table)
+            if sort_by == "attack_type":
+                attack_list.sort(
+                    key=lambda x: x["attack_types"][0] if x["attack_types"] else "",
+                    reverse=(sort_order == "desc")
+                )
+
+            total_attacks = len(attack_list)
+            paginated = attack_list[offset:offset + page_size]
+            total_pages = (total_attacks + page_size - 1) // page_size
+
+            return {
+                "attacks": paginated,
+                "pagination": {
+                    "page": page,
+                    "page_size": page_size,
+                    "total": total_attacks,
+                    "total_pages": total_pages,
+                },
+            }
+        finally:
+            self.close_session()
 
 
 # Module-level singleton instance
diff --git a/src/exports/malicious_ips.txt b/src/exports/malicious_ips.txt
new file mode 100644
index 0000000..2541a21
--- /dev/null
+++ b/src/exports/malicious_ips.txt
@@ -0,0 +1,2 @@
+175.23.45.67
+210.45.67.89
diff --git a/src/handler.py b/src/handler.py
index 1be7c2c..df04465 100644
--- a/src/handler.py
+++ b/src/handler.py
@@ -510,6 +510,72 @@ class Handler(BaseHTTPRequestHandler):
                 self.app_logger.error(f"Error generating dashboard: {e}")
             return
 
+        # API endpoint for fetching all IP statistics
+        if self.config.dashboard_secret_path and self.path == f"{self.config.dashboard_secret_path}/api/all-ip-stats":
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+
+                db = get_database()
+                ip_stats_list = db.get_ip_stats(limit=500)
+                self.wfile.write(json.dumps({"ips": ip_stats_list}).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching all IP stats: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for fetching paginated attackers
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/attackers"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                
+                # Parse query parameters
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["25"])[0])
+                sort_by = query_params.get("sort_by", ["total_requests"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                # Ensure valid parameters
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)  # Max 100 per page
+
+                result = db.get_attackers_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching attackers: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
         # API endpoint for fetching IP stats
         if self.config.dashboard_secret_path and self.path.startswith(
             f"{self.config.dashboard_secret_path}/api/ip-stats/"
@@ -544,6 +610,234 @@ class Handler(BaseHTTPRequestHandler):
                 self.wfile.write(json.dumps({"error": str(e)}).encode())
             return
 
+        # API endpoint for paginated honeypot triggers
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/honeypot"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["count"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_honeypot_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching honeypot data: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for paginated credentials
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/credentials"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["timestamp"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_credentials_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching credentials: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for paginated top IPs
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/top-ips"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["count"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_top_ips_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching top IPs: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for paginated top paths
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/top-paths"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["count"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_top_paths_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching top paths: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for paginated top user agents
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/top-user-agents"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["count"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_top_user_agents_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching top user agents: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
+        # API endpoint for paginated attack types
+        if self.config.dashboard_secret_path and self.path.startswith(
+            f"{self.config.dashboard_secret_path}/api/attack-types"
+        ):
+            self.send_response(200)
+            self.send_header("Content-type", "application/json")
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header(
+                "Cache-Control", "no-store, no-cache, must-revalidate, max-age=0"
+            )
+            self.send_header("Pragma", "no-cache")
+            self.send_header("Expires", "0")
+            self.end_headers()
+            try:
+                from database import get_database
+                import json
+                from urllib.parse import urlparse, parse_qs
+
+                db = get_database()
+                parsed_url = urlparse(self.path)
+                query_params = parse_qs(parsed_url.query)
+                page = int(query_params.get("page", ["1"])[0])
+                page_size = int(query_params.get("page_size", ["5"])[0])
+                sort_by = query_params.get("sort_by", ["timestamp"])[0]
+                sort_order = query_params.get("sort_order", ["desc"])[0]
+
+                page = max(1, page)
+                page_size = min(max(1, page_size), 100)
+
+                result = db.get_attack_types_paginated(page=page, page_size=page_size, sort_by=sort_by, sort_order=sort_order)
+                self.wfile.write(json.dumps(result).encode())
+            except BrokenPipeError:
+                pass
+            except Exception as e:
+                self.app_logger.error(f"Error fetching attack types: {e}")
+                self.wfile.write(json.dumps({"error": str(e)}).encode())
+            return
+
         # API endpoint for downloading malicious IPs file
         if (
             self.config.dashboard_secret_path
diff --git a/src/templates/dashboard_template.py b/src/templates/dashboard_template.py
index 5d31bb8..8babb4d 100644
--- a/src/templates/dashboard_template.py
+++ b/src/templates/dashboard_template.py
@@ -45,45 +45,6 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
         dashboard_path: The secret dashboard path for generating API URLs
     """
 
-    # Generate IP rows with clickable functionality for dropdown stats
-    top_ips_rows = (
-        "\n".join([f"""<tr class="ip-row" data-ip="{_escape(ip)}">
-            <td class="rank">{i+1}</td>
-            <td class="ip-clickable">{_escape(ip)}</td>
-            <td>{count}</td>
-        </tr>
-        <tr class="ip-stats-row" id="stats-row-{_escape(ip).replace(".", "-")}" style="display: none;">
-            <td colspan="3" class="ip-stats-cell">
-                <div class="ip-stats-dropdown">
-                    <div class="loading">Loading stats...</div>
-                </div>
-            </td>
-        </tr>""" for i, (ip, count) in enumerate(stats["top_ips"])])
-        or '<tr><td colspan="3" style="text-align:center;">No data</td></tr>'
-    )
-
-    # Generate paths rows (CRITICAL: paths can contain XSS payloads)
-    top_paths_rows = (
-        "\n".join(
-            [
-                f'<tr><td class="rank">{i+1}</td><td>{_escape(path)}</td><td>{count}</td></tr>'
-                for i, (path, count) in enumerate(stats["top_paths"])
-            ]
-        )
-        or '<tr><td colspan="3" style="text-align:center;">No data</td></tr>'
-    )
-
-    # Generate User-Agent rows (CRITICAL: user agents can contain XSS payloads)
-    top_ua_rows = (
-        "\n".join(
-            [
-                f'<tr><td class="rank">{i+1}</td><td style="word-break: break-all;">{_escape(ua[:80])}</td><td>{count}</td></tr>'
-                for i, (ua, count) in enumerate(stats["top_user_agents"])
-            ]
-        )
-        or '<tr><td colspan="3" style="text-align:center;">No data</td></tr>'
-    )
-
     # Generate suspicious accesses rows with clickable IPs
     suspicious_rows = (
         "\n".join([f"""<tr class="ip-row" data-ip="{_escape(log["ip"])}">
@@ -102,66 +63,14 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
         or '<tr><td colspan="4" style="text-align:center;">No suspicious activity detected</td></tr>'
     )
 
-    # Generate honeypot triggered IPs rows with clickable IPs
-    honeypot_rows = (
-        "\n".join([f"""<tr class="ip-row" data-ip="{_escape(ip)}">
-            <td class="ip-clickable">{_escape(ip)}</td>
-            <td style="word-break: break-all;">{_escape(", ".join(paths))}</td>
-            <td>{len(paths)}</td>
-        </tr>
-        <tr class="ip-stats-row" id="stats-row-honeypot-{_escape(ip).replace(".", "-")}" style="display: none;">
-            <td colspan="3" class="ip-stats-cell">
-                <div class="ip-stats-dropdown">
-                    <div class="loading">Loading stats...</div>
-                </div>
-            </td>
-        </tr>""" for ip, paths in stats.get("honeypot_triggered_ips", [])])
-        or '<tr><td colspan="3" style="text-align:center;">No honeypot triggers yet</td></tr>'
-    )
-
-    # Generate attack types rows with clickable IPs
-    attack_type_rows = (
-        "\n".join([f"""<tr class="ip-row" data-ip="{_escape(log["ip"])}">
-            <td class="ip-clickable">{_escape(log["ip"])}</td>
-            <td>{_escape(log["path"])}</td>
-            <td>{_escape(", ".join(log["attack_types"]))}</td>
-            <td style="word-break: break-all;">{_escape(log["user_agent"][:60])}</td>
-            <td>{format_timestamp(log["timestamp"],time_only=True)}</td>
-        </tr>
-        <tr class="ip-stats-row" id="stats-row-attack-{_escape(log["ip"]).replace(".", "-")}" style="display: none;">
-            <td colspan="5" class="ip-stats-cell">
-                <div class="ip-stats-dropdown">
-                    <div class="loading">Loading stats...</div>
-                </div>
-            </td>
-        </tr>""" for log in stats.get("attack_types", [])[-10:]])
-        or '<tr><td colspan="4" style="text-align:center;">No attacks detected</td></tr>'
-    )
-
-    # Generate credential attempts rows with clickable IPs
-    credential_rows = (
-        "\n".join([f"""<tr class="ip-row" data-ip="{_escape(log["ip"])}">
-            <td class="ip-clickable">{_escape(log["ip"])}</td>
-            <td>{_escape(log["username"])}</td>
-            <td>{_escape(log["password"])}</td>
-            <td>{_escape(log["path"])}</td>
-            <td>{format_timestamp(log["timestamp"], time_only=True)}</td>
-        </tr>
-        <tr class="ip-stats-row" id="stats-row-cred-{_escape(log["ip"]).replace(".", "-")}" style="display: none;">
-            <td colspan="5" class="ip-stats-cell">
-                <div class="ip-stats-dropdown">
-                    <div class="loading">Loading stats...</div>
-                </div>
-            </td>
-        </tr>""" for log in stats.get("credential_attempts", [])[-20:]])
-        or '<tr><td colspan="5" style="text-align:center;">No credentials captured yet</td></tr>'
-    )
-
     return f"""<!DOCTYPE html>
 <html>
 <head>
     <meta charset="UTF-8">
     <title>Krawl Dashboard</title>
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.min.css" />
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/3.9.1/chart.min.js"></script>
     <style>
         body {{
             font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
@@ -205,7 +114,7 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
         }}
         .stats-grid {{
             display: grid;
-            grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
+            grid-template-columns: repeat(auto-fit, minmax(150px, 1fr));
             gap: 20px;
             margin-bottom: 40px;
         }}
@@ -292,6 +201,12 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
             content: '▼';
             opacity: 1;
         }}
+        tbody {{
+            transition: opacity 0.1s ease;
+        }}
+        tbody {{
+            animation: fadeIn 0.3s ease-in;
+        }}
         .ip-row {{
             transition: background-color 0.2s;
         }}
@@ -512,6 +427,160 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
         .timeline-marker.bad-crawler {{ background: #f0883e; }}
         .timeline-marker.regular-user {{ background: #58a6ff; }}
         .timeline-marker.unknown {{ background: #8b949e; }}
+        .tabs-container {{
+            border-bottom: 1px solid #30363d;
+            margin-bottom: 30px;
+            display: flex;
+            gap: 2px;
+            background: #161b22;
+            border-radius: 6px 6px 0 0;
+            overflow-x: auto;
+            overflow-y: hidden;
+        }}
+        .tab-button {{
+            padding: 12px 20px;
+            background: transparent;
+            border: none;
+            color: #8b949e;
+            font-size: 14px;
+            font-weight: 500;
+            cursor: pointer;
+            white-space: nowrap;
+            transition: all 0.2s;
+            border-bottom: 3px solid transparent;
+            position: relative;
+            bottom: -1px;
+        }}
+        .tab-button:hover {{
+            color: #c9d1d9;
+            background: #1c2128;
+        }}
+        .tab-button.active {{
+            color: #58a6ff;
+            border-bottom-color: #58a6ff;
+        }}
+        .tab-content {{
+            display: none;
+        }}
+        .tab-content.active {{
+            display: block;
+        }}
+        .ip-stats-table {{
+            width: 100%;
+            border-collapse: collapse;
+        }}
+        .ip-stats-table th, .ip-stats-table td {{
+            padding: 12px;
+            text-align: left;
+            border-bottom: 1px solid #30363d;
+        }}
+        .ip-stats-table th {{
+            background: #0d1117;
+            color: #58a6ff;
+            font-weight: 600;
+        }}
+        .ip-stats-table tr:hover {{
+            background: #1c2128;
+        }}
+        .ip-detail-modal {{
+            display: none;
+            position: fixed;
+            top: 0;
+            left: 0;
+            width: 100%;
+            height: 100%;
+            background: rgba(0, 0, 0, 0.7);
+            z-index: 1000;
+            align-items: center;
+            justify-content: center;
+        }}
+        .ip-detail-modal.show {{
+            display: flex;
+        }}
+        .ip-detail-content {{
+            background: #161b22;
+            border: 1px solid #30363d;
+            border-radius: 8px;
+            padding: 30px;
+            max-width: 900px;
+            max-height: 90vh;
+            overflow-y: auto;
+            position: relative;
+        }}
+        .ip-detail-close {{
+            position: absolute;
+            top: 15px;
+            right: 15px;
+            background: none;
+            border: none;
+            color: #8b949e;
+            font-size: 24px;
+            cursor: pointer;
+            padding: 0;
+            width: 30px;
+            height: 30px;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }}
+        .ip-detail-close:hover {{
+            color: #c9d1d9;
+        }}
+        #attacker-map {{
+            background: #0d1117 !important;
+        }}
+        .leaflet-container {{
+            background: #0d1117 !important;
+        }}
+        .leaflet-tile {{
+            filter: none;
+        }}
+        .leaflet-popup-content-wrapper {{
+            background-color: #161b22;
+            color: #c9d1d9;
+            border: 1px solid #30363d;
+            border-radius: 4px;
+        }}
+        .leaflet-popup-content-wrapper a {{
+            color: #58a6ff;
+        }}
+        .leaflet-popup-tip {{
+            background: #161b22;
+            border-top: 6px solid #30363d;
+        }}
+        .attacker-marker {{
+            width: 20px;
+            height: 20px;
+            background: #f85149;
+            border: 2px solid #fff;
+            border-radius: 50%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            font-size: 10px;
+            font-weight: bold;
+            color: white;
+            box-shadow: 0 0 8px rgba(248, 81, 73, 0.8), inset 0 0 4px rgba(248, 81, 73, 0.5);
+            cursor: pointer;
+        }}
+        .attacker-marker-cluster {{
+            background: #f85149 !important;
+            border: 2px solid #fff !important;
+            background-clip: padding-box !important;
+        }}
+        .attacker-marker-cluster div {{
+            background: #f85149 !important;
+        }}
+        .attacker-marker-cluster span {{
+            color: white !important;
+            font-weight: bold !important;
+        }}
+        .leaflet-bottom.leaflet-right {{
+            display: none !important;
+        }}
+        #attack-types-chart {{
+            max-height: 400px;
+        }}
 
     </style>
 </head>
@@ -549,25 +618,19 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
                 <div class="stat-value alert">{len(stats.get('credential_attempts', []))}</div>
                 <div class="stat-label">Credentials Captured</div>
             </div>
+            <div class="stat-card alert">
+                <div class="stat-value alert">{stats.get('unique_attackers', 0)}</div>
+                <div class="stat-label">Unique Attackers</div>
+            </div>
         </div>
 
-        <div class="table-container alert-section">
-            <h2>Honeypot Triggers by IP</h2>
-            <table id="honeypot-table">
-                <thead>
-                    <tr>
-                        <th class="sortable" data-sort="ip">IP Address</th>
-                        <th>Accessed Paths</th>
-                        <th class="sortable" data-sort="count">Count</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {honeypot_rows}
-                </tbody>
-            </table>
+        <div class="tabs-container">
+            <a class="tab-button active" href="#overview">Overview</a>
+            <a class="tab-button" href="#ip-stats">Attacks</a>
         </div>
 
-        <div class="table-container alert-section">
+        <div id="overview" class="tab-content active">
+            <div class="table-container alert-section">
             <h2>Recent Suspicious Activity</h2>
             <table>
                 <thead>
@@ -585,87 +648,204 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
         </div>
 
         <div class="table-container alert-section">
-            <h2>Captured Credentials</h2>
-            <table>
+            <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                <h2 style="margin: 0;">Honeypot Triggers by IP</h2>
+                <div class="pagination-controls" id="honeypot-pagination" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                    <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                        <span>Page <span class="current-page">1</span>/<span class="total-pages">1</span></span>
+                        <span style="color: #6e7681;">•</span>
+                        <span><span class="total-records">0</span> total</span>
+                    </div>
+                    <button class="pagination-btn" onclick="previousPage('honeypot')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                    <button class="pagination-btn" onclick="nextPage('honeypot')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                </div>
+            </div>
+            <table id="honeypot-table" class="overview-table">
                 <thead>
                     <tr>
+                        <th>#</th>
+                        <th>IP Address</th>
+                        <th>Accessed Paths</th>
+                        <th class="sortable" data-sort="count" data-table="honeypot">Count</th>
+                    </tr>
+                </thead>
+                <tbody id="honeypot-tbody">
+                    <tr><td colspan="4" style="text-align: center;">Loading...</td></tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div style="display: flex; gap: 20px; margin-bottom: 20px;">
+        <div class="table-container" style="flex: 1;">
+            <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                <h2 style="margin: 0;">Top IP Addresses</h2>
+                <div class="pagination-controls" id="top-ips-pagination" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                    <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                        <span>Page <span class="current-page">1</span>/<span class="total-pages">1</span></span>
+                        <span style="color: #6e7681;">•</span>
+                        <span><span class="total-records">0</span> total</span>
+                    </div>
+                    <button class="pagination-btn" onclick="previousPage('top-ips')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                    <button class="pagination-btn" onclick="nextPage('top-ips')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                </div>
+            </div>
+            <table id="top-ips-table" class="overview-table">
+                <thead>
+                    <tr>
+                        <th>#</th>
+                        <th>IP Address</th>
+                        <th class="sortable" data-sort="count" data-table="top-ips">Access Count</th>
+                    </tr>
+                </thead>
+                <tbody id="top-ips-tbody">
+                    <tr><td colspan="3" style="text-align: center;">Loading...</td></tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div class="table-container" style="flex: 1;">
+            <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                <h2 style="margin: 0;">Top User-Agents</h2>
+                <div class="pagination-controls" id="top-ua-pagination" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                    <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                        <span>Page <span class="current-page">1</span>/<span class="total-pages">1</span></span>
+                        <span style="color: #6e7681;">•</span>
+                        <span><span class="total-records">0</span> total</span>
+                    </div>
+                    <button class="pagination-btn" onclick="previousPage('top-ua')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                    <button class="pagination-btn" onclick="nextPage('top-ua')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                </div>
+            </div>
+            <table id="top-ua-table" class="overview-table">
+                <thead>
+                    <tr>
+                        <th>#</th>
+                        <th>User-Agent</th>
+                        <th class="sortable" data-sort="count" data-table="top-ua">Count</th>
+                    </tr>
+                </thead>
+                <tbody id="top-ua-tbody">
+                    <tr><td colspan="3" style="text-align: center;">Loading...</td></tr>
+                </tbody>
+            </table>
+        </div>
+        </div>
+        </div>
+
+        <div id="ip-stats" class="tab-content">
+            <div class="table-container" style="margin-bottom: 30px;">
+                <h2>Attacker Origins Map</h2>
+                <div id="attacker-map" style="height: 500px; border-radius: 6px; overflow: hidden; border: 1px solid #30363d; background: #161b22;">
+                    <div style="display: flex; align-items: center; justify-content: center; height: 100%; color: #8b949e;">Loading map...</div>
+                </div>
+            </div>
+
+            <div class="table-container alert-section" style="position: relative;">
+                <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                    <h2 style="margin: 0;">Attackers by Total Requests</h2>
+                    <div class="pagination-controls" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                        <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                            <span>Page <span id="current-page">1</span>/<span id="total-pages">1</span></span>
+                            <span style="color: #6e7681;">•</span>
+                            <span><span id="total-attackers">0</span> total</span>
+                        </div>
+                        <button id="prev-page-btn" class="pagination-btn" onclick="previousPageIpStats()" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                        <button id="next-page-btn" class="pagination-btn" onclick="nextPageIpStats()" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                    </div>
+                </div>
+
+                <table class="ip-stats-table">
+                    <thead>
+                        <tr>
+                            <th>#</th>
+                            <th>IP Address</th>
+                            <th class="sortable" data-sort="total_requests">Total Requests</th>
+                            <th>First Seen</th>
+                            <th>Last Seen</th>
+                            <th>Location</th>
+                        </tr>
+                    </thead>
+                    <tbody id="ip-stats-tbody">
+                        <!-- Dynamically populated -->
+                    </tbody>
+                </table>
+            </div>
+
+            <div class="table-container alert-section">
+            <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                <h2 style="margin: 0;">Captured Credentials</h2>
+                <div class="pagination-controls" id="credentials-pagination" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                    <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                        <span>Page <span class="current-page">1</span>/<span class="total-pages">1</span></span>
+                        <span style="color: #6e7681;">•</span>
+                        <span><span class="total-records">0</span> total</span>
+                    </div>
+                    <button class="pagination-btn" onclick="previousPage('credentials')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                    <button class="pagination-btn" onclick="nextPage('credentials')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                </div>
+            </div>
+            <table id="credentials-table" class="overview-table">
+                <thead>
+                    <tr>
+                        <th>#</th>
                         <th>IP Address</th>
                         <th>Username</th>
                         <th>Password</th>
                         <th>Path</th>
-                        <th>Time</th>
+                        <th class="sortable" data-sort="timestamp" data-table="credentials">Time</th>
                     </tr>
                 </thead>
-                <tbody>
-                    {credential_rows}
+                <tbody id="credentials-tbody">
+                    <tr><td colspan="6" style="text-align: center;">Loading...</td></tr>
                 </tbody>
             </table>
         </div>
 
         <div class="table-container alert-section">
-            <h2>Detected Attack Types</h2>
-            <table>
+            <div style="display: flex; align-items: center; justify-content: space-between; margin-bottom: 20px;">
+                <h2 style="margin: 0;">Detected Attack Types</h2>
+                <div class="pagination-controls" id="attacks-pagination" style="display: flex; align-items: center; gap: 12px; padding: 0; background: transparent;">
+                    <div style="display: flex; align-items: center; gap: 6px; color: #6e7681; font-weight: 400; font-size: 12px;">
+                        <span>Page <span class="current-page">1</span>/<span class="total-pages">1</span></span>
+                        <span style="color: #6e7681;">•</span>
+                        <span><span class="total-records">0</span> total</span>
+                    </div>
+                    <button class="pagination-btn" onclick="previousPage('attacks')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">← Prev</button>
+                    <button class="pagination-btn" onclick="nextPage('attacks')" style="padding: 6px 12px; background: #0969da; color: white; border: none; border-radius: 4px; cursor: pointer; font-weight: 500; font-size: 12px; transition: background 0.2s;">Next →</button>
+                </div>
+            </div>
+            <table id="attacks-table" class="overview-table">
                 <thead>
                     <tr>
+                        <th>#</th>
                         <th>IP Address</th>
                         <th>Path</th>
                         <th>Attack Types</th>
                         <th>User-Agent</th>
-                        <th>Time</th>
+                        <th class="sortable" data-sort="timestamp" data-table="attacks">Time</th>
                     </tr>
                 </thead>
-                <tbody>
-                    {attack_type_rows}
+                <tbody id="attacks-tbody">
+                    <tr><td colspan="6" style="text-align: center;">Loading...</td></tr>
                 </tbody>
             </table>
         </div>
 
-        <div class="table-container">
-            <h2>Top IP Addresses</h2>
-            <table>
-                <thead>
-                    <tr>
-                        <th>#</th>
-                        <th>IP Address</th>
-                        <th>Access Count</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {top_ips_rows}
-                </tbody>
-            </table>
+        <div class="table-container alert-section" style="margin-top: 20px;">
+            <h2>Most Recurring Attack Types</h2>
+            <div style="position: relative; height: 400px; margin-top: 20px;">
+                <canvas id="attack-types-chart"></canvas>
+            </div>
+        </div>
         </div>
 
-        <div class="table-container">
-            <h2>Top Paths</h2>
-            <table>
-                <thead>
-                    <tr>
-                        <th>#</th>
-                        <th>Path</th>
-                        <th>Access Count</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {top_paths_rows}
-                </tbody>
-            </table>
-        </div>
-
-        <div class="table-container">
-            <h2>Top User-Agents</h2>
-            <table>
-                <thead>
-                    <tr>
-                        <th>#</th>
-                        <th>User-Agent</th>
-                        <th>Count</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {top_ua_rows}
-                </tbody>
-            </table>
+        <div id="ip-detail-modal" class="ip-detail-modal">
+            <div class="ip-detail-content">
+                <button class="ip-detail-close" onclick="closeIpDetailModal()">×</button>
+                <div id="ip-detail-body">
+                    <!-- Dynamically populated -->
+                </div>
+            </div>
         </div>
     </div>
     <script>
@@ -988,6 +1168,1018 @@ def generate_dashboard(stats: dict, dashboard_path: str = "") -> str:
 
             return html;
         }}
+
+        // Tab functionality with hash-based routing
+        function switchTab(tabName) {{
+            // Hide all tabs
+            document.querySelectorAll('.tab-content').forEach(tab => {{
+                tab.classList.remove('active');
+            }});
+            
+            // Remove active class from all buttons
+            document.querySelectorAll('.tab-button').forEach(btn => {{
+                btn.classList.remove('active');
+            }});
+            
+            // Show selected tab
+            const selectedTab = document.getElementById(tabName);
+            const selectedButton = document.querySelector(`.tab-button[href="#${{tabName}}"]`);
+            
+            if (selectedTab) {{
+                selectedTab.classList.add('active');
+            }}
+            if (selectedButton) {{
+                selectedButton.classList.add('active');
+            }}
+            
+            // Load data for this tab
+            if (tabName === 'ip-stats') {{
+                loadIpStatistics(1);
+                // Load attack and credentials tables if not already loaded
+                if (!overviewState.attacks.loaded) {{
+                    loadOverviewTable('attacks');
+                    overviewState.attacks.loaded = true;
+                }}
+                if (!overviewState.credentials.loaded) {{
+                    loadOverviewTable('credentials');
+                    overviewState.credentials.loaded = true;
+                }}
+            }}
+        }}
+
+        // Handle hash changes
+        window.addEventListener('hashchange', function() {{
+            const hash = window.location.hash.slice(1) || 'overview';
+            switchTab(hash);
+        }});
+
+        // Initialize tabs on page load
+        document.addEventListener('DOMContentLoaded', function() {{
+            const hash = window.location.hash.slice(1) || 'overview';
+            switchTab(hash);
+        }});
+
+        // Prevent default anchor behavior and use hash navigation
+        document.querySelectorAll('.tab-button').forEach(button => {{
+            button.addEventListener('click', function(e) {{
+                e.preventDefault();
+                const href = this.getAttribute('href');
+                window.location.hash = href;
+            }});
+        }});
+
+        // Handle sorting for IP stats table
+        document.addEventListener('click', function(e) {{
+            if (e.target.classList.contains('sortable') && e.target.closest('#ip-stats-tbody')) {{
+                return; // Don't sort when inside tbody
+            }}
+            
+            const sortHeader = e.target.closest('th.sortable');
+            if (!sortHeader) return;
+
+            const table = sortHeader.closest('table');
+            if (!table || !table.classList.contains('ip-stats-table')) return;
+
+            const sortField = sortHeader.getAttribute('data-sort');
+            
+            // Toggle sort order if clicking the same field
+            if (currentSortBy === sortField) {{
+                currentSortOrder = currentSortOrder === 'desc' ? 'asc' : 'desc';
+            }} else {{
+                currentSortBy = sortField;
+                currentSortOrder = 'desc';
+            }}
+
+            // Update UI indicators
+            table.querySelectorAll('th.sortable').forEach(th => {{
+                th.classList.remove('asc', 'desc');
+            }});
+            sortHeader.classList.add(currentSortOrder);
+
+            // Reload with new sort
+            loadIpStatistics(1);
+        }});
+
+        let currentPage = 1;
+        let totalPages = 1;
+        let currentSortBy = "total_requests";
+        let currentSortOrder = "desc";
+        const PAGE_SIZE = 5;
+
+        async function loadIpStatistics(page = 1) {{
+            const tbody = document.getElementById('ip-stats-tbody');
+            if (!tbody) {{
+                console.error('IP stats tbody not found');
+                return;
+            }}
+            
+            tbody.innerHTML = '<tr><td colspan="6" style="text-align: center;">Loading...</td></tr>';
+            
+            try {{
+                console.log('Fetching attackers from page:', page, 'sort:', currentSortBy, currentSortOrder);
+                const response = await fetch(DASHBOARD_PATH + '/api/attackers?page=' + page + '&page_size=' + PAGE_SIZE + '&sort_by=' + currentSortBy + '&sort_order=' + currentSortOrder, {{
+                    cache: 'no-store',
+                    headers: {{
+                        'Cache-Control': 'no-cache',
+                        'Pragma': 'no-cache'
+                    }}
+                }});
+                
+                console.log('Response status:', response.status);
+                
+                if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+                
+                const data = await response.json();
+                console.log('Received data:', data);
+                
+                if (!data.attackers || data.attackers.length === 0) {{
+                    tbody.innerHTML = '<tr><td colspan="6" style="text-align: center;">No attackers on this page.</td></tr>';
+                    currentPage = page;
+                    totalPages = data.pagination?.total_pages || 1;
+                    updatePaginationControls();
+                    return;
+                }}
+                
+                // Update pagination info
+                currentPage = data.pagination.page;
+                totalPages = data.pagination.total_pages;
+                document.getElementById('current-page').textContent = currentPage;
+                document.getElementById('total-pages').textContent = totalPages;
+                document.getElementById('total-attackers').textContent = data.pagination.total_attackers;
+                updatePaginationControls();
+                
+                let html = '';
+                data.attackers.forEach((attacker, index) => {{
+                    const rank = (currentPage - 1) * PAGE_SIZE + index + 1;
+                    html += `<tr class="ip-row" data-ip="${{attacker.ip}}">
+                        <td class="rank">${{rank}}</td>
+                        <td class="ip-clickable">${{attacker.ip}}</td>
+                        <td>${{attacker.total_requests}}</td>
+                        <td>${{formatTimestamp(attacker.first_seen)}}</td>
+                        <td>${{formatTimestamp(attacker.last_seen)}}</td>
+                        <td>${{attacker.city || 'Unknown'}}${{attacker.city && attacker.country_code ? ', ' : ''}}${{attacker.country_code || ''}}</td>
+                    </tr>
+                    <tr class="ip-stats-row" id="stats-row-${{attacker.ip.replace('.', '-')}}" style="display: none;">
+                        <td colspan="6" class="ip-stats-cell">
+                            <div class="ip-stats-dropdown">
+                                <div class="loading">Loading stats...</div>
+                            </div>
+                        </td>
+                    </tr>`;
+                }});
+                
+                tbody.innerHTML = html;
+                console.log('Populated', data.attackers.length, 'attacker records');
+                
+                // Re-attach click listeners for expandable rows
+                attachAttackerClickListeners();
+            }} catch (err) {{
+                console.error('Error loading attackers:', err);
+                tbody.innerHTML = `<tr><td colspan="6" style="text-align: center; color: #f85149;">Failed to load: ${{err.message}}</td></tr>`;
+            }}
+        }}
+
+        function updatePaginationControls() {{
+            const prevBtn = document.getElementById('prev-page-btn');
+            const nextBtn = document.getElementById('next-page-btn');
+            
+            if (prevBtn) prevBtn.disabled = currentPage <= 1;
+            if (nextBtn) nextBtn.disabled = currentPage >= totalPages;
+        }}
+
+        function previousPageIpStats() {{
+            if (currentPage > 1) {{
+                loadIpStatistics(currentPage - 1);
+            }}
+        }}
+
+        function nextPageIpStats() {{
+            if (currentPage < totalPages) {{
+                loadIpStatistics(currentPage + 1);
+            }}
+        }}
+
+        function attachAttackerClickListeners() {{
+            document.querySelectorAll('#ip-stats-tbody .ip-clickable').forEach(cell => {{
+                cell.addEventListener('click', async function(e) {{
+                    const row = e.currentTarget.closest('.ip-row');
+                    if (!row) return;
+
+                    const ip = row.getAttribute('data-ip');
+                    const statsRow = row.nextElementSibling;
+                    if (!statsRow || !statsRow.classList.contains('ip-stats-row')) return;
+
+                    const isVisible = getComputedStyle(statsRow).display !== 'none';
+
+                    // Close other open rows
+                    document.querySelectorAll('#ip-stats-tbody .ip-stats-row').forEach(r => {{
+                        r.style.display = 'none';
+                    }});
+
+                    if (isVisible) return;
+
+                    statsRow.style.display = 'table-row';
+
+                    const dropdown = statsRow.querySelector('.ip-stats-dropdown');
+
+                    if (dropdown) {{
+                        dropdown.innerHTML = '<div class="loading">Loading stats...</div>';
+                        try {{
+                            const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                                cache: 'no-store',
+                                headers: {{
+                                    'Cache-Control': 'no-cache',
+                                    'Pragma': 'no-cache'
+                                }}
+                            }});
+                            if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                            const data = await response.json();
+                            dropdown.innerHTML = data.error
+                                ? `<div style="color:#f85149;">Error: ${{data.error}}</div>`
+                                : formatIpStats(data);
+                        }} catch (err) {{
+                            dropdown.innerHTML = `<div style="color:#f85149;">Failed to load stats: ${{err.message}}</div>`;
+                        }}
+                    }}
+                }});
+            }});
+        }}
+
+        function attachTopIpsClickListeners() {{
+            document.querySelectorAll('#top-ips-tbody .ip-clickable').forEach(cell => {{
+                cell.addEventListener('click', async function(e) {{
+                    const row = e.currentTarget.closest('.ip-row');
+                    if (!row) return;
+
+                    const ip = row.getAttribute('data-ip');
+                    const statsRow = row.nextElementSibling;
+                    if (!statsRow || !statsRow.classList.contains('ip-stats-row')) return;
+
+                    const isVisible = getComputedStyle(statsRow).display !== 'none';
+
+                    // Close other open rows in this table
+                    document.querySelectorAll('#top-ips-tbody .ip-stats-row').forEach(r => {{
+                        r.style.display = 'none';
+                    }});
+
+                    if (isVisible) return;
+
+                    statsRow.style.display = 'table-row';
+
+                    const dropdown = statsRow.querySelector('.ip-stats-dropdown');
+
+                    if (dropdown) {{
+                        dropdown.innerHTML = '<div class="loading">Loading stats...</div>';
+                        try {{
+                            const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                                cache: 'no-store',
+                                headers: {{
+                                    'Cache-Control': 'no-cache',
+                                    'Pragma': 'no-cache'
+                                }}
+                            }});
+                            if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                            const data = await response.json();
+                            dropdown.innerHTML = data.error
+                                ? `<div style="color:#f85149;">Error: ${{data.error}}</div>`
+                                : formatIpStats(data);
+                        }} catch (err) {{
+                            dropdown.innerHTML = `<div style="color:#f85149;">Failed to load stats: ${{err.message}}</div>`;
+                        }}
+                    }}
+                }});
+            }});
+        }}
+
+        function attachHoneypotClickListeners() {{
+            document.querySelectorAll('#honeypot-tbody .ip-clickable').forEach(cell => {{
+                cell.addEventListener('click', async function(e) {{
+                    const row = e.currentTarget.closest('.ip-row');
+                    if (!row) return;
+
+                    const ip = row.getAttribute('data-ip');
+                    const statsRow = row.nextElementSibling;
+                    if (!statsRow || !statsRow.classList.contains('ip-stats-row')) return;
+
+                    const isVisible = getComputedStyle(statsRow).display !== 'none';
+
+                    document.querySelectorAll('#honeypot-tbody .ip-stats-row').forEach(r => {{
+                        r.style.display = 'none';
+                    }});
+
+                    if (isVisible) return;
+
+                    statsRow.style.display = 'table-row';
+
+                    const dropdown = statsRow.querySelector('.ip-stats-dropdown');
+
+                    if (dropdown) {{
+                        dropdown.innerHTML = '<div class="loading">Loading stats...</div>';
+                        try {{
+                            const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                                cache: 'no-store',
+                                headers: {{
+                                    'Cache-Control': 'no-cache',
+                                    'Pragma': 'no-cache'
+                                }}
+                            }});
+                            if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                            const data = await response.json();
+                            dropdown.innerHTML = data.error
+                                ? `<div style="color:#f85149;">Error: ${{data.error}}</div>`
+                                : formatIpStats(data);
+                        }} catch (err) {{
+                            dropdown.innerHTML = `<div style="color:#f85149;">Failed to load stats: ${{err.message}}</div>`;
+                        }}
+                    }}
+                }});
+            }});
+        }}
+
+        function attachCredentialsClickListeners() {{
+            document.querySelectorAll('#credentials-tbody .ip-clickable').forEach(cell => {{
+                cell.addEventListener('click', async function(e) {{
+                    const row = e.currentTarget.closest('.ip-row');
+                    if (!row) return;
+
+                    const ip = row.getAttribute('data-ip');
+                    const statsRow = row.nextElementSibling;
+                    if (!statsRow || !statsRow.classList.contains('ip-stats-row')) return;
+
+                    const isVisible = getComputedStyle(statsRow).display !== 'none';
+
+                    document.querySelectorAll('#credentials-tbody .ip-stats-row').forEach(r => {{
+                        r.style.display = 'none';
+                    }});
+
+                    if (isVisible) return;
+
+                    statsRow.style.display = 'table-row';
+
+                    const dropdown = statsRow.querySelector('.ip-stats-dropdown');
+
+                    if (dropdown) {{
+                        dropdown.innerHTML = '<div class="loading">Loading stats...</div>';
+                        try {{
+                            const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                                cache: 'no-store',
+                                headers: {{
+                                    'Cache-Control': 'no-cache',
+                                    'Pragma': 'no-cache'
+                                }}
+                            }});
+                            if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                            const data = await response.json();
+                            dropdown.innerHTML = data.error
+                                ? `<div style="color:#f85149;">Error: ${{data.error}}</div>`
+                                : formatIpStats(data);
+                        }} catch (err) {{
+                            dropdown.innerHTML = `<div style="color:#f85149;">Failed to load stats: ${{err.message}}</div>`;
+                        }}
+                    }}
+                }});
+            }});
+        }}
+
+        function attachAttacksClickListeners() {{
+            document.querySelectorAll('#attacks-tbody .ip-clickable').forEach(cell => {{
+                cell.addEventListener('click', async function(e) {{
+                    const row = e.currentTarget.closest('.ip-row');
+                    if (!row) return;
+
+                    const ip = row.getAttribute('data-ip');
+                    const statsRow = row.nextElementSibling;
+                    if (!statsRow || !statsRow.classList.contains('ip-stats-row')) return;
+
+                    const isVisible = getComputedStyle(statsRow).display !== 'none';
+
+                    document.querySelectorAll('#attacks-tbody .ip-stats-row').forEach(r => {{
+                        r.style.display = 'none';
+                    }});
+
+                    if (isVisible) return;
+
+                    statsRow.style.display = 'table-row';
+
+                    const dropdown = statsRow.querySelector('.ip-stats-dropdown');
+
+                    if (dropdown) {{
+                        dropdown.innerHTML = '<div class="loading">Loading stats...</div>';
+                        try {{
+                            const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                                cache: 'no-store',
+                                headers: {{
+                                    'Cache-Control': 'no-cache',
+                                    'Pragma': 'no-cache'
+                                }}
+                            }});
+                            if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                            const data = await response.json();
+                            dropdown.innerHTML = data.error
+                                ? `<div style="color:#f85149;">Error: ${{data.error}}</div>`
+                                : formatIpStats(data);
+                        }} catch (err) {{
+                            dropdown.innerHTML = `<div style="color:#f85149;">Failed to load stats: ${{err.message}}</div>`;
+                        }}
+                    }}
+                }});
+            }});
+        }}
+
+        // Overview tables state management
+        const overviewState = {{
+            honeypot: {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'count', sortOrder: 'desc' }},
+            credentials: {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'timestamp', sortOrder: 'desc', loaded: false }},
+            'top-ips': {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'count', sortOrder: 'desc' }},
+            'top-paths': {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'count', sortOrder: 'desc' }},
+            'top-ua': {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'count', sortOrder: 'desc' }},
+            attacks: {{ currentPage: 1, totalPages: 1, total: 0, sortBy: 'timestamp', sortOrder: 'desc', loaded: false }}
+        }};
+
+        const tableConfig = {{
+            honeypot: {{ endpoint: 'honeypot', dataKey: 'honeypots', cellCount: 4, columns: ['ip', 'paths', 'count'] }},
+            credentials: {{ endpoint: 'credentials', dataKey: 'credentials', cellCount: 6, columns: ['ip', 'username', 'password', 'path', 'timestamp'] }},
+            'top-ips': {{ endpoint: 'top-ips', dataKey: 'ips', cellCount: 3, columns: ['ip', 'count'] }},
+            'top-paths': {{ endpoint: 'top-paths', dataKey: 'paths', cellCount: 3, columns: ['path', 'count'] }},
+            'top-ua': {{ endpoint: 'top-user-agents', dataKey: 'user_agents', cellCount: 3, columns: ['user_agent', 'count'] }},
+            attacks: {{ endpoint: 'attack-types', dataKey: 'attacks', cellCount: 6, columns: ['ip', 'path', 'attack_types', 'user_agent', 'timestamp'] }}
+        }};
+
+        // Load overview table on page load
+        async function loadOverviewTable(tableId) {{
+            const config = tableConfig[tableId];
+            if (!config) return;
+            
+            const state = overviewState[tableId];
+            const tbody = document.getElementById(tableId + '-tbody');
+            if (!tbody) return;
+
+            // Just fade out without showing loading text
+            tbody.style.opacity = '0';
+
+            try {{
+                const url = DASHBOARD_PATH + '/api/' + config.endpoint + '?page=' + state.currentPage + '&page_size=5&sort_by=' + state.sortBy + '&sort_order=' + state.sortOrder;
+                const response = await fetch(url, {{ cache: 'no-store', headers: {{ 'Cache-Control': 'no-cache', 'Pragma': 'no-cache' }} }});
+                if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+
+                const data = await response.json();
+                const items = data[config.dataKey] || [];
+                const pagination = data.pagination || {{}};
+
+                state.currentPage = pagination.page || 1;
+                state.totalPages = pagination.total_pages || 1;
+                state.total = pagination.total || 0;
+                updateOverviewPaginationControls(tableId);
+
+                if (items.length === 0) {{
+                    tbody.style.opacity = '0';
+                    setTimeout(() => {{
+                        tbody.innerHTML = '<tr><td colspan="' + config.cellCount + '" style="text-align: center; color: #6e7681; padding: 20px; font-size: 13px;">No data</td></tr>';
+                        tbody.style.opacity = '1';
+                    }}, 50);
+                    return;
+                }}
+
+                let html = '';
+                items.forEach((item, index) => {{
+                    const rank = (state.currentPage - 1) * 5 + index + 1;
+                    
+                    if (tableId === 'honeypot') {{
+                        html += `<tr class="ip-row" data-ip="${{item.ip}}"><td class="rank">${{rank}}</td><td class="ip-clickable">${{item.ip}}</td><td>${{item.paths.join(', ')}}</td><td>${{item.count}}</td></tr>`;
+                        html += `<tr class="ip-stats-row" id="stats-row-honeypot-${{item.ip.replace(/\\./g, '-')}}" style="display: none;">
+                            <td colspan="4" class="ip-stats-cell">
+                                <div class="ip-stats-dropdown">
+                                    <div class="loading">Loading stats...</div>
+                                </div>
+                            </td>
+                        </tr>`;
+                    }} else if (tableId === 'credentials') {{
+                        html += `<tr class="ip-row" data-ip="${{item.ip}}"><td class="rank">${{rank}}</td><td class="ip-clickable">${{item.ip}}</td><td>${{item.username}}</td><td>${{item.password}}</td><td>${{item.path}}</td><td>${{formatTimestamp(item.timestamp, true)}}</td></tr>`;
+                        html += `<tr class="ip-stats-row" id="stats-row-credentials-${{item.ip.replace(/\\./g, '-')}}" style="display: none;">
+                            <td colspan="6" class="ip-stats-cell">
+                                <div class="ip-stats-dropdown">
+                                    <div class="loading">Loading stats...</div>
+                                </div>
+                            </td>
+                        </tr>`;
+                    }} else if (tableId === 'top-ips') {{
+                        html += `<tr class="ip-row" data-ip="${{item.ip}}"><td class="rank">${{rank}}</td><td class="ip-clickable">${{item.ip}}</td><td>${{item.count}}</td></tr>`;
+                        html += `<tr class="ip-stats-row" id="stats-row-top-ips-${{item.ip.replace(/\\./g, '-')}}" style="display: none;">
+                            <td colspan="3" class="ip-stats-cell">
+                                <div class="ip-stats-dropdown">
+                                    <div class="loading">Loading stats...</div>
+                                </div>
+                            </td>
+                        </tr>`;
+                    }} else if (tableId === 'top-paths') {{
+                        html += `<tr><td class="rank">${{rank}}</td><td>${{item.path}}</td><td>${{item.count}}</td></tr>`;
+                    }} else if (tableId === 'top-ua') {{
+                        html += `<tr><td class="rank">${{rank}}</td><td style="word-break: break-all;">${{item.user_agent.substring(0, 80)}}</td><td>${{item.count}}</td></tr>`;
+                    }} else if (tableId === 'attacks') {{
+                        html += `<tr class="ip-row" data-ip="${{item.ip}}"><td class="rank">${{rank}}</td><td class="ip-clickable">${{item.ip}}</td><td>${{item.path}}</td><td>${{item.attack_types.join(', ')}}</td><td style="word-break: break-all;">${{item.user_agent.substring(0, 60)}}</td><td>${{formatTimestamp(item.timestamp, true)}}</td></tr>`;
+                        html += `<tr class="ip-stats-row" id="stats-row-attacks-${{item.ip.replace(/\\./g, '-')}}" style="display: none;">
+                            <td colspan="6" class="ip-stats-cell">
+                                <div class="ip-stats-dropdown">
+                                    <div class="loading">Loading stats...</div>
+                                </div>
+                            </td>
+                        </tr>`;
+                    }}
+                }});
+
+                // Fade in new content
+                tbody.style.opacity = '0';
+                setTimeout(() => {{
+                    tbody.innerHTML = html;
+                    tbody.style.opacity = '1';
+
+                    // Attach click listeners for IP cells in tables
+                    if (tableId === 'top-ips') {{
+                        attachTopIpsClickListeners();
+                    }} else if (tableId === 'honeypot') {{
+                        attachHoneypotClickListeners();
+                    }} else if (tableId === 'credentials') {{
+                        attachCredentialsClickListeners();
+                    }} else if (tableId === 'attacks') {{
+                        attachAttacksClickListeners();
+                    }}
+                }}, 50);
+            }} catch (err) {{
+                console.error('Error loading overview table ' + tableId + ':', err);
+                tbody.style.opacity = '0';
+                setTimeout(() => {{
+                    tbody.innerHTML = '<tr><td colspan="' + config.cellCount + '" style="text-align: center; color: #f85149; padding: 20px; font-size: 13px;">Failed to load</td></tr>';
+                    tbody.style.opacity = '1';
+                }}, 50);
+            }}
+        }}
+
+        function updateOverviewPaginationControls(tableId) {{
+            const state = overviewState[tableId];
+            const pagination = document.getElementById(tableId + '-pagination');
+            if (!pagination) return;
+
+            const prevBtn = pagination.querySelector('.pagination-btn:nth-child(2)');
+            const nextBtn = pagination.querySelector('.pagination-btn:nth-child(3)');
+            const currentPageEl = pagination.querySelector('.current-page');
+            const totalPagesEl = pagination.querySelector('.total-pages');
+            const totalRecordsEl = pagination.querySelector('.total-records');
+
+            if (prevBtn) prevBtn.disabled = state.currentPage <= 1;
+            if (nextBtn) nextBtn.disabled = state.currentPage >= state.totalPages;
+            if (currentPageEl) currentPageEl.textContent = state.currentPage;
+            if (totalPagesEl) totalPagesEl.textContent = state.totalPages;
+            if (totalRecordsEl) totalRecordsEl.textContent = state.total;
+        }}
+
+        function previousPage(tableId) {{
+            if (overviewState[tableId].currentPage > 1) {{
+                overviewState[tableId].currentPage--;
+                loadOverviewTable(tableId);
+            }}
+        }}
+
+        function nextPage(tableId) {{
+            if (overviewState[tableId].currentPage < overviewState[tableId].totalPages) {{
+                overviewState[tableId].currentPage++;
+                loadOverviewTable(tableId);
+            }}
+        }}
+
+        // Handle sorting for overview tables
+        document.addEventListener('click', function(e) {{
+            const header = e.target.closest('th.sortable[data-table]');
+            if (!header) return;
+
+            const tableId = header.getAttribute('data-table');
+            const sortField = header.getAttribute('data-sort');
+            const state = overviewState[tableId];
+            if (!state) return;
+
+            // Toggle sort order if same field
+            if (state.sortBy === sortField) {{
+                state.sortOrder = state.sortOrder === 'desc' ? 'asc' : 'desc';
+            }} else {{
+                state.sortBy = sortField;
+                state.sortOrder = 'desc';
+            }}
+
+            // Update UI and reload
+            const table = header.closest('table');
+            if (table) {{
+                table.querySelectorAll('th.sortable').forEach(th => {{
+                    th.classList.remove('asc', 'desc');
+                }});
+                header.classList.add(state.sortOrder);
+            }}
+
+            state.currentPage = 1;
+            loadOverviewTable(tableId);
+        }});
+
+        // Load all overview tables when page loads
+        window.addEventListener('load', function() {{
+            // Only load tables that are in the Overview tab
+            const overviewTableIds = ['honeypot', 'top-ips', 'top-paths', 'top-ua'];
+            overviewTableIds.forEach(tableId => {{
+                loadOverviewTable(tableId);
+            }});
+        }})
+
+        async function showIpDetail(ip) {{
+            const modal = document.getElementById('ip-detail-modal');
+            const bodyDiv = document.getElementById('ip-detail-body');
+            
+            if (!modal || !bodyDiv) return;
+            
+            bodyDiv.innerHTML = '<div class="loading" style="text-align: center;">Loading IP details...</div>';
+            modal.classList.add('show');
+            
+            try {{
+                const response = await fetch(`${{DASHBOARD_PATH}}/api/ip-stats/${{ip}}`, {{
+                    cache: 'no-store',
+                    headers: {{
+                        'Cache-Control': 'no-cache',
+                        'Pragma': 'no-cache'
+                    }}
+                }});
+                
+                if (!response.ok) throw new Error(`HTTP ${{response.status}}`);
+                
+                const stats = await response.json();
+                bodyDiv.innerHTML = '<h2>' + stats.ip + ' - Detailed Statistics</h2>' + formatIpStats(stats);
+            }} catch (err) {{
+                bodyDiv.innerHTML = `<div style="color: #f85149;">Failed to load details: ${{err.message}}</div>`;
+            }}
+        }}
+
+        function closeIpDetailModal() {{
+            const modal = document.getElementById('ip-detail-modal');
+            if (modal) {{
+                modal.classList.remove('show');
+            }}
+        }}
+
+        // Close modal when clicking outside
+        document.getElementById('ip-detail-modal')?.addEventListener('click', function(e) {{
+            if (e.target === this) {{
+                closeIpDetailModal();
+            }}
+        }});
+
+        // Add CSS for view button
+        const style = document.createElement('style');
+        style.textContent = `
+            .view-btn {{
+                padding: 6px 12px;
+                background: #238636;
+                color: #ffffff;
+                border: 1px solid #2ea043;
+                border-radius: 4px;
+                cursor: pointer;
+                font-size: 12px;
+                font-weight: 500;
+                transition: background 0.2s;
+            }}
+            .view-btn:hover {{
+                background: #2ea043;
+            }}
+            .view-btn:active {{
+                background: #1f7a2f;
+            }}
+            .pagination-btn:hover:not(:disabled) {{
+                background: #1f6feb !important;
+            }}
+            .pagination-btn:disabled {{
+                opacity: 0.5;
+                cursor: not-allowed;
+            }}
+        `;
+        document.head.appendChild(style);
+
+        // Attacker Map Visualization
+        let attackerMap = null;
+        let mapMarkers = [];
+
+        async function initializeAttackerMap() {{
+            const mapContainer = document.getElementById('attacker-map');
+            if (!mapContainer || attackerMap) return;
+
+            try {{
+                // Initialize map
+                attackerMap = L.map('attacker-map', {{
+                    center: [20, 0],
+                    zoom: 2,
+                    layers: [
+                        L.tileLayer('https://{{s}}.basemaps.cartocdn.com/dark_all/{{z}}/{{x}}/{{y}}{{r}}.png', {{
+                            attribution: '© CartoDB | © OpenStreetMap contributors',
+                            maxZoom: 19,
+                            subdomains: 'abcd'
+                        }})
+                    ]
+                }});
+
+                // Fetch all attackers
+                const response = await fetch(DASHBOARD_PATH + '/api/attackers?page=1&page_size=100&sort_by=total_requests&sort_order=desc', {{
+                    cache: 'no-store',
+                    headers: {{
+                        'Cache-Control': 'no-cache',
+                        'Pragma': 'no-cache'
+                    }}
+                }});
+
+                if (!response.ok) throw new Error('Failed to fetch attackers');
+                
+                const data = await response.json();
+                const attackers = data.attackers || [];
+
+                if (attackers.length === 0) {{
+                    mapContainer.innerHTML = '<div style="display: flex; align-items: center; justify-content: center; height: 100%; color: #8b949e;\">No attacker location data available</div>';
+                    return;
+                }}
+
+                // Get max request count for scaling
+                const maxRequests = Math.max(...attackers.map(a => a.total_requests || 0));
+
+                // Create a map of country locations (approximate country centers)
+                const countryCoordinates = {{
+                    'US': [37.1, -95.7], 'GB': [55.4, -3.4], 'CN': [35.9, 104.1], 'RU': [61.5, 105.3],
+                    'JP': [36.2, 138.3], 'DE': [51.2, 10.5], 'FR': [46.6, 2.2], 'IN': [20.6, 78.96],
+                    'BR': [-14.2, -51.9], 'CA': [56.1, -106.3], 'AU': [-25.3, 133.8], 'MX': [23.6, -102.6],
+                    'ZA': [-30.6, 22.9], 'KR': [35.9, 127.8], 'IT': [41.9, 12.6], 'ES': [40.5, -3.7],
+                    'NL': [52.1, 5.3], 'SE': [60.1, 18.6], 'CH': [46.8, 8.2], 'PL': [51.9, 19.1],
+                    'SG': [1.4, 103.8], 'HK': [22.4, 114.1], 'TW': [23.7, 120.96], 'TH': [15.9, 100.9],
+                    'VN': [14.1, 108.8], 'ID': [-0.8, 113.2], 'PH': [12.9, 121.8], 'MY': [4.2, 101.7],
+                    'PK': [30.4, 69.2], 'BD': [23.7, 90.4], 'NG': [9.1, 8.7], 'EG': [26.8, 30.8],
+                    'TR': [38.9, 35.2], 'IR': [32.4, 53.7], 'AE': [23.4, 53.8], 'KZ': [48.0, 66.9],
+                    'UA': [48.4, 31.2], 'BG': [42.7, 25.5], 'RO': [45.9, 24.97], 'CZ': [49.8, 15.5],
+                    'HU': [47.2, 19.5], 'AT': [47.5, 14.6], 'BE': [50.5, 4.5], 'DK': [56.3, 9.5],
+                    'FI': [61.9, 25.8], 'NO': [60.5, 8.5], 'GR': [39.1, 21.8], 'PT': [39.4, -8.2]
+                }};
+
+                // Add markers for each attacker
+                const markerGroup = L.featureGroup();
+
+                attackers.slice(0, 50).forEach(attacker => {{
+                    if (!attacker.country_code) return;
+
+                    const coords = countryCoordinates[attacker.country_code];
+                    if (!coords) return;
+
+                    // Calculate marker size based on request count
+                    const sizeRatio = (attacker.total_requests / maxRequests) * 0.7 + 0.3;
+                    const markerSize = Math.max(15, Math.min(40, 20 * sizeRatio));
+
+                    // Create custom marker element
+                    const markerElement = document.createElement('div');
+                    markerElement.className = 'attacker-marker';
+                    markerElement.style.width = markerSize + 'px';
+                    markerElement.style.height = markerSize + 'px';
+                    markerElement.style.fontSize = (markerSize * 0.5) + 'px';
+                    markerElement.textContent = '●';
+
+                    const marker = L.marker(coords, {{
+                        icon: L.divIcon({{
+                            html: markerElement,
+                            iconSize: [markerSize, markerSize],
+                            className: 'attacker-custom-marker'
+                        }})
+                    }});
+
+                    // Create popup content
+                    const popupContent = `
+                        <div style="padding: 8px; min-width: 200px;">
+                            <strong style="color: #58a6ff;">${{attacker.ip}}</strong><br/>
+                            <span style="color: #8b949e; font-size: 12px;">
+                                ${{attacker.city || ''}}${{attacker.city && attacker.country_code ? ', ' : ''}}${{attacker.country_code || 'Unknown'}}
+                            </span><br/>
+                            <div style="margin-top: 8px; border-top: 1px solid #30363d; padding-top: 8px;">
+                                <div><span style="color: #8b949e;">Requests:</span> <span style="color: #f85149; font-weight: bold;">${{attacker.total_requests}}</span></div>
+                                <div><span style="color: #8b949e;">First Seen:</span> <span style="color: #58a6ff;">${{formatTimestamp(attacker.first_seen)}}</span></div>
+                                <div><span style="color: #8b949e;">Last Seen:</span> <span style="color: #58a6ff;">${{formatTimestamp(attacker.last_seen)}}</span></div>
+                            </div>
+                        </div>
+                    `;
+
+                    marker.bindPopup(popupContent);
+                    markerGroup.addLayer(marker);
+                    mapMarkers.push(marker);
+                }});
+
+                // Add cluster circle effect
+                const circleGroup = L.featureGroup();
+                const countryAttackerCount = {{}};
+                
+                attackers.forEach(attacker => {{
+                    if (attacker.country_code) {{
+                        countryAttackerCount[attacker.country_code] = (countryAttackerCount[attacker.country_code] || 0) + 1;
+                    }}
+                }});
+
+                Object.entries(countryAttackerCount).forEach(([country, count]) => {{
+                    const coords = countryCoordinates[country];
+                    if (coords) {{
+                        const circle = L.circle(coords, {{
+                            radius: 100000 + (count * 150000),
+                            color: '#f85149',
+                            fillColor: '#f85149',
+                            fillOpacity: 0.15,
+                            weight: 1,
+                            opacity: 0.4,
+                            dashArray: '3'
+                        }});
+                        circleGroup.addLayer(circle);
+                    }}
+                }});
+
+                attackerMap.addLayer(circleGroup);
+                markerGroup.addTo(attackerMap);
+                
+                // Fit map to markers
+                if (markerGroup.getLayers().length > 0) {{
+                    attackerMap.fitBounds(markerGroup.getBounds(), {{ padding: [50, 50] }});
+                }}
+
+            }} catch (err) {{
+                console.error('Error initializing attacker map:', err);
+                mapContainer.innerHTML = '<div style="display: flex; align-items: center; justify-content: center; height: 100%; color: #f85149;">Failed to load map: ' + err.message + '</div>';
+            }}
+        }}
+
+        // Initialize map when Attacks tab is opened
+        const originalSwitchTab = window.switchTab;
+        let attackTypesChartLoaded = false;
+        
+        window.switchTab = function(tabName) {{
+            originalSwitchTab(tabName);
+            if (tabName === 'ip-stats') {{
+                if (!attackerMap) {{
+                    setTimeout(() => {{
+                        initializeAttackerMap();
+                    }}, 100);
+                }}
+                if (!attackTypesChartLoaded) {{
+                    setTimeout(() => {{
+                        loadAttackTypesChart();
+                    }}, 100);
+                }}
+            }}
+        }};
+
+        // Load and render attack types bar chart
+        let attackTypesChart = null;
+        async function loadAttackTypesChart() {{
+            try {{
+                const canvas = document.getElementById('attack-types-chart');
+                if (!canvas) return;
+
+                const response = await fetch(DASHBOARD_PATH + '/api/attack-types?page=1&page_size=100', {{
+                    cache: 'no-store',
+                    headers: {{
+                        'Cache-Control': 'no-cache',
+                        'Pragma': 'no-cache'
+                    }}
+                }});
+
+                if (!response.ok) throw new Error('Failed to fetch attack types');
+                
+                const data = await response.json();
+                const attacks = data.attacks || [];
+
+                if (attacks.length === 0) {{
+                    canvas.style.display = 'none';
+                    return;
+                }}
+
+                // Aggregate attack types
+                const attackCounts = {{}};
+                attacks.forEach(attack => {{
+                    if (attack.attack_types && Array.isArray(attack.attack_types)) {{
+                        attack.attack_types.forEach(type => {{
+                            attackCounts[type] = (attackCounts[type] || 0) + 1;
+                        }});
+                    }}
+                }});
+
+                // Sort and get top 10
+                const sortedAttacks = Object.entries(attackCounts)
+                    .sort((a, b) => b[1] - a[1])
+                    .slice(0, 10);
+
+                if (sortedAttacks.length === 0) {{
+                    canvas.style.display = 'none';
+                    return;
+                }}
+
+                const labels = sortedAttacks.map(([type]) => type);
+                const counts = sortedAttacks.map(([, count]) => count);
+
+                // Define colors for different attack types
+                const colorMap = {{
+                    'SQL Injection': '#0969da',
+                    'XSS': '#1f6feb',
+                    'Directory Traversal': '#2f81f7',
+                    'Command Injection': '#54aeff',
+                    'Path Traversal': '#79c0ff',
+                    'Malware': '#58a6ff',
+                    'Brute Force': '#388bfd',
+                    'DDoS': '#1a7ae8',
+                    'CSRF': '#0860ca',
+                    'File Upload': '#1158d4'
+                }};
+
+                const backgroundColors = labels.map(label => colorMap[label] || '#58a6ff');
+                const borderColors = labels.map(label => colorMap[label] || '#58a6ff');
+
+                // Create or update chart
+                if (attackTypesChart) {{
+                    attackTypesChart.destroy();
+                }}
+
+                const ctx = canvas.getContext('2d');
+                attackTypesChart = new Chart(ctx, {{
+                    type: 'bar',
+                    data: {{
+                        labels: labels,
+                        datasets: [{{
+                            data: counts,
+                            backgroundColor: backgroundColors,
+                            borderColor: borderColors,
+                            borderWidth: 1.5,
+                            borderRadius: 4,
+                            hoverBackgroundColor: borderColors
+                        }}]
+                    }},
+                    options: {{
+                        responsive: true,
+                        maintainAspectRatio: false,
+                        indexAxis: 'y',
+                        plugins: {{
+                            legend: {{
+                                display: false
+                            }},
+                            tooltip: {{
+                                backgroundColor: '#161b22',
+                                titleColor: '#58a6ff',
+                                bodyColor: '#c9d1d9',
+                                borderColor: '#30363d',
+                                borderWidth: 1,
+                                padding: 10,
+                                titleFont: {{
+                                    size: 13,
+                                    weight: 'bold'
+                                }},
+                                bodyFont: {{
+                                    size: 12
+                                }},
+                                callbacks: {{
+                                    label: function(context) {{
+                                        return 'Occurrences: ' + context.parsed.x;
+                                    }}
+                                }}
+                            }}
+                        }},
+                        scales: {{
+                            x: {{
+                                beginAtZero: true,
+                                ticks: {{
+                                    color: '#8b949e',
+                                    font: {{
+                                        size: 11
+                                    }}
+                                }},
+                                grid: {{
+                                    color: '#30363d',
+                                    drawBorder: false
+                                }}
+                            }},
+                            y: {{
+                                ticks: {{
+                                    color: '#c9d1d9',
+                                    font: {{
+                                        size: 12
+                                    }},
+                                    padding: 10
+                                }},
+                                grid: {{
+                                    display: false,
+                                    drawBorder: false
+                                }}
+                            }}
+                        }}
+                    }}
+                }});
+
+                attackTypesChartLoaded = true;
+            }} catch (err) {{
+                console.error('Error loading attack types chart:', err);
+            }}
+        }}
     </script>
 </body>
 </html>
diff --git a/tests/test_insert_fake_ips.py b/tests/test_insert_fake_ips.py
index 6279b43..bdde596 100644
--- a/tests/test_insert_fake_ips.py
+++ b/tests/test_insert_fake_ips.py
@@ -109,7 +109,7 @@ def generate_analyzed_metrics():
     }
 
 
-def generate_fake_data(num_ips: int = 5, logs_per_ip: int = 15, credentials_per_ip: int = 3):
+def generate_fake_data(num_ips: int = 45, logs_per_ip: int = 15, credentials_per_ip: int = 3):
     """
     Generate and insert fake test data into the database.