Lab-sourced indicators
Indicator feed sourced from published Amnesty International Security Lab and Citizen Lab STIX2 bundles — the same attribution data used by forensic researchers investigating Pegasus-class mercenary spyware.
Apps you trust open connections in the background — to servers you didn't pick, in countries you never approved. NetInsightPro names every app, shows where it sends data, and lets you cut the connection in one click.
No card · Windows / Linux / Android · Your data stays on your device
| App | Destination | Bytes | Verdict |
|---|---|---|---|
| chrome | google.com | 4.2 MB | |
| slack | slack.com | 423 KB | |
| cursor | openai.com | 25 KB | |
| ollama | localhost | 1.8 MB | |
| unknown | 185.220.101.x | 73 KB |
Supported platforms & integrations
AI-augmented malware now queries ChatGPT and Claude during live attacks to generate recon commands and evade detection. NetInsightPro is the first per-app firewall with dedicated detection for LLM-orchestrated threats — at the network layer, without reading your prompts.
Your network data stays on your device. Insight is local. Control is yours.
— NetInsightPro design principle
AI threats need AI defense — on every endpoint, not in the cloud.
— NetInsightPro design principle
Compliance is enforced, not promised. EU/UK data residency by default.
— NetInsightPro design principle
NetInsightPro correlates your Windows and Linux desktop egress against lab-sourced indicators published by Amnesty International Security Lab and Citizen Lab — the same STIX2 feeds that power Amnesty's Mobile Verification Toolkit. When your device opens a connection to infrastructure previously attributed to Pegasus-class spyware, Spyware Shield flags it — as an indicator, not a confirmed infection.
This is desktop network-egress monitoring. It complements, and does not replace, expert forensic analysis tools such as Amnesty MVT. A finding means a connection was observed to attributed infrastructure — it does not diagnose an infection. For confirmation, contact Amnesty Security Lab.
Indicator feed sourced from published Amnesty International Security Lab and Citizen Lab STIX2 bundles — the same attribution data used by forensic researchers investigating Pegasus-class mercenary spyware.
Indicators refresh automatically from upstream lab publications. New infrastructure attributions are incorporated on a nightly cadence, so your egress is checked against current, published threat intelligence without manual updates.
Findings are surfaced with confidence tiers — not a binary infected/clean verdict. Each indicator report cites the source attribution and refers you to Amnesty Security Lab for expert forensic confirmation. Spyware Shield raises a flag and points to the right experts.
Desktop-first: Windows and Linux egress matching is available now. Mobile destination-level monitoring requires a separate VPN-layer component not yet built. Spyware Shield does not detect on-device iOS or Android infections — for mobile forensics, use Amnesty MVT.
From raw packet attribution to enterprise SSO — all without sending your flow data to anyone.
Every outbound connection tagged to the process that opened it — not just the IP or port. See exactly which app is talking to which server.
Real-time byte counts, connection timelines, and destination breakdowns per app. Nothing is aggregated away.
One-click block any app at the kernel level. Rules persist on your device — no reboot, no service restart, no cloud sync required.
Push structured OCSF events to your SIEM via webhook. Integrate with Splunk, Elastic, or any webhook-capable endpoint.
Keep raw telemetry on your own infrastructure. Cloud sees only Ed25519-signed daily digests. BYO object storage + KMS.
The only signal we receive: your licence key + a hardware fingerprint hash. No flow data, no app names, no destinations — ever.
From endpoint signal to operator alert — one unified pipeline, fully on-host or hybrid.
Smart alerts fire when outbound bytes deviate from your 7-day EWMA baseline. Per-tenant threshold tuning via policy.
The same dashboard view — web admin for fleet ops, device client for personal control.

All installers sha256-verified · account required · Download page →
Full SHA-256 manifest at releases.netinsightpro.com/latest.json · Download page
No banned dates. SOC 2 Type II report available on request for Enterprise customers.
Sample OCSF event forwarded to your SIEM
{
"metadata": {
"version": "1.3.0",
"product": { "name": "NetInsightPro", "vendor_name": "NetInsightPro Ltd" }
},
"class_uid": 4001,
"category_name": "Network Activity",
"activity_name": "Established",
"severity_id": 3,
"time": 1717862400000,
"src_endpoint": { "ip": "10.0.4.17", "hostname": "ws-eu-014" },
"dst_endpoint": { "ip": "104.18.32.7", "hostname": "api.openai.com" },
"connection_info": { "protocol_name": "tcp", "direction": "outbound" },
"observables": [{ "name": "ai_threat_subtype", "value": "llm_exfil_suspect" }]
}Wireshark shows packets but cannot block. Firewalls block ports but cannot see which app sits behind them. Only NetInsightPro gives you per-app control across Windows, Linux, Android — plus enterprise SSO.
| Product | Per-app granularity | Windows | Linux | macOS | Android | Real-time blocking | Enterprise SSO | Data stays local | Spyware-egress detection | AI-worm detection |
|---|---|---|---|---|---|---|---|---|---|---|
| NetInsightPro | Soon | |||||||||
| Wireshark | ||||||||||
| Little Snitch | ||||||||||
| PortMaster | ||||||||||
| OpenSnitch |
Scroll to compare →
macOS support is in development (notarisation pending). Enterprise SSO = SAML 2.0 / OIDC built-in. Spyware-egress detection: Pro tier, Windows/Linux desktop — flags connections to infrastructure attributed to mercenary spyware by Amnesty/Citizen Lab (network indicators, not on-device forensics). AI-worm detection: early access.
Free tier — no account needed. Install and see your app traffic in minutes.
No card required · Windows / Linux / Android · Your data stays on your device
Only strictly-necessary cookies for login. No third-party tracking. Read our Cookie Policy or Privacy Policy.