Skip to main content

SYS.CORE // SECURE UPLINK ESTABLISHED

STATUS: ONLINE

> w33t.terminal

HONEYPOT_ARRAY

What happens when you leave a server on the internet

A T-Pot honeypot sits on my home network and pretends to be a vulnerable server. Bots and attackers find it within minutes, try default passwords, drop malware, and probe for web exploits. This page visualizes that traffic as it happens.

Cowrie

Emulates SSH and Telnet services. Captures every username, password, and shell command attackers try.

Dionaea

Mimics services like SMB, FTP, and HTTP to lure in malware droppers. Saves every binary that lands.

Tanner / Snare

A fake web application that classifies incoming requests — SQL injection, XSS, path traversal, and more.

Total attacks

10,000

No change since last update

Unique source IPs

384

Distinct attacker addresses seen in the current window.

Top targeted service

SMB (50%)

Port 445 via DIONAEA

Malware captures

0

Malware binaries caught by Dionaea in the current window.

Credential attempts

2,038

Login attempts caught across SSH, Telnet, FTP, and other exposed services.

Web attack events

410

Hostile web requests classified by Tanner in the current window.

Attack timeline

Hourly event counts over the past week.

LAST_168_HOURS

Attack timelineArea chart showing total honeypot events per hour over the retained timeline.657549313288164404-06 03:0004-09 14:0004-13 02:00

Sensor status

Latest snapshot2026-04-13 02:29
Window size24h
Source labeltpot-proxmox
Observed countries20

Attacker origins

Where the attacks are coming from, based on source IP geolocation.

GEO_DENSITY

Attacker origins world mapWorld map shading countries by observed honeypot attack count in the latest snapshot.Afghanistan: 0 attacksAlbania: 0 attacksAlgeria: 0 attacksAngola: 0 attacksArgentina: 0 attacksArmenia: 0 attacksAustralia: 0 attacksAustria: 0 attacksAzerbaijan: 0 attacksBangladesh: 306 attacksBelarus: 0 attacksBelgium: 0 attacksBelize: 0 attacksBenin: 0 attacksBermuda: 0 attacksBhutan: 0 attacksBolivia: 0 attacksBosnia and Herzegovina: 0 attacksBotswana: 0 attacksBrazil: 970 attacksBrunei: 0 attacksBulgaria: 0 attacksBurkina Faso: 0 attacksBurundi: 0 attacksCambodia: 0 attacksCameroon: 0 attacksCanada: 0 attacksCentral African Republic: 0 attacksChad: 0 attacksChile: 0 attacksChina: 1,133 attacksColombia: 329 attacksCosta Rica: 0 attacksCroatia: 0 attacksCuba: 0 attacksCyprus: 0 attacksCzech Republic: 0 attacksDemocratic Republic of the Congo: 0 attacksDenmark: 0 attacksDjibouti: 0 attacksDominican Republic: 0 attacksEast Timor: 0 attacksEcuador: 0 attacksEgypt: 0 attacksEl Salvador: 0 attacksEquatorial Guinea: 0 attacksEritrea: 0 attacksEstonia: 0 attacksEthiopia: 62 attacksFalkland Islands: 0 attacksFiji: 0 attacksFinland: 0 attacksFrance: 64 attacksFrench Guiana: 0 attacksFrench Southern and Antarctic Lands: 0 attacksGabon: 0 attacksGambia: 0 attacksGeorgia: 0 attacksGermany: 402 attacksGhana: 0 attacksGreece: 0 attacksGreenland: 0 attacksGuatemala: 0 attacksGuinea: 0 attacksGuinea Bissau: 0 attacksGuyana: 0 attacksHaiti: 0 attacksHonduras: 0 attacksHungary: 0 attacksIceland: 0 attacksIndia: 1,627 attacksIndonesia: 0 attacksIran: 0 attacksIraq: 0 attacksIreland: 0 attacksIsrael: 0 attacksItaly: 0 attacksIvory Coast: 0 attacksJamaica: 0 attacksJapan: 0 attacksJordan: 0 attacksKazakhstan: 0 attacksKenya: 0 attacksKosovo: 0 attacksKuwait: 0 attacksKyrgyzstan: 0 attacksLaos: 0 attacksLatvia: 0 attacksLebanon: 0 attacksLesotho: 0 attacksLiberia: 0 attacksLibya: 0 attacksLithuania: 0 attacksLuxembourg: 0 attacksMacedonia: 0 attacksMadagascar: 0 attacksMalawi: 0 attacksMalaysia: 377 attacksMali: 0 attacksMalta: 0 attacksMauritania: 0 attacksMexico: 359 attacksMoldova: 0 attacksMongolia: 0 attacksMontenegro: 0 attacksMorocco: 0 attacksMozambique: 0 attacksMyanmar: 0 attacksNamibia: 0 attacksNepal: 0 attacksNetherlands: 402 attacksNew Caledonia: 0 attacksNew Zealand: 0 attacksNicaragua: 0 attacksNiger: 0 attacksNigeria: 0 attacksNorth Korea: 0 attacksNorthern Cyprus: 0 attacksNorway: 0 attacksOman: 0 attacksPakistan: 0 attacksPanama: 0 attacksPapua New Guinea: 0 attacksParaguay: 0 attacksPeru: 0 attacksPhilippines: 0 attacksPoland: 0 attacksPortugal: 0 attacksPuerto Rico: 0 attacksQatar: 0 attacksRepublic of Serbia: 0 attacksRepublic of the Congo: 0 attacksRomania: 512 attacksRussia: 2,919 attacksRwanda: 0 attacksSaudi Arabia: 0 attacksSenegal: 0 attacksSierra Leone: 0 attacksSlovakia: 0 attacksSlovenia: 0 attacksSolomon Islands: 0 attacksSomalia: 0 attacksSomaliland: 0 attacksSouth Africa: 0 attacksSouth Korea: 1,357 attacksSouth Sudan: 0 attacksSpain: 382 attacksSri Lanka: 0 attacksSudan: 0 attacksSuriname: 0 attacksSwaziland: 0 attacksSweden: 0 attacksSwitzerland: 0 attacksSyria: 0 attacksTaiwan: 211 attacksTajikistan: 0 attacksThailand: 0 attacksThe Bahamas: 0 attacksTogo: 0 attacksTrinidad and Tobago: 0 attacksTunisia: 0 attacksTurkey: 0 attacksTurkmenistan: 0 attacksUganda: 0 attacksUkraine: 0 attacksUnited Arab Emirates: 0 attacksUnited Kingdom: 0 attacksUnited Republic of Tanzania: 0 attacksUnited States of America: 1,162 attacksUruguay: 0 attacksUzbekistan: 0 attacksVanuatu: 0 attacksVenezuela: 0 attacksVietnam: 3,163 attacksWest Bank: 0 attacksWestern Sahara: 0 attacksYemen: 0 attacksZambia: 0 attacksZimbabwe: 0 attacks

Top source countries

#CountryAttacksIPs
1Vietnam3,1634
2Russia2,91913
3India1,62725
4South Korea1,35720
5United States1,16297
6China1,13374
7Brazil97010
8Romania5129
9Germany40211
10Netherlands40212

Protocol and service breakdown

Which services attackers are going after the most.

SERVICE_MIX

Protocol and service breakdown: Horizontal bar chart showing the most targeted services and ports in the current honeypot snapshot.

SMB :445
3,234 events
SSH :22
2,100 events
DNS :53
713 events
HTTP :80
410 events
SMTP :25
37 events
PORT-3478 :3478
8 events
PORT-587 :587
2 events

Web attack categories

Types of web exploits attempted against the fake application.

WEB_SIGS

Web attack categories: Horizontal bar chart showing the most common classified web attack categories in the current snapshot.

Unclassified
410 requests

Credential attempts

The most common username and password combinations attackers try across all exposed services.

AUTH_PRESSURE

#UsernamePasswordAttempts
1rootadmin363
2345gs5662d34345gs5662d34264
3root3245gs5662d34245
4postgres3245gs5662d3418
5adminadmin7
6ubuntuubuntu6
7adminftpuser4
8ftpuserFtpuser28!4
9postgrespostgres64
10root1qaz2wsx@#4
11sol1234
12sol12344
13solsol4
14testtest64
15vpnVpn12344
16vpnvpn!@#4
17ftpuser1122333
18ftpuser1233
19testwebmaster3
20admin0l0ctyQh243O63uD2

Malware captures

Binaries that attackers dropped onto the honeypot. Each hash links to VirusTotal for analysis.

PAYLOAD_INDEX

SHA-256TypeCapturesFirst seen
No malware samples captured yet.

What's happening

AI-generated summary of the latest 24-hour window of honeypot activity.

AI_SUMMARY

Over the last 24 hours, 10,000 attacks were recorded from 384 unique source IPs, with the top source countries being Vietnam, Russia, India, South Korea, and the United States. The most targeted services were SMB on port 445 with 3,234 events, SSH on port 22 with 2,100 events, and HTTP on port 80 with 410 events, with attackers trying 2,038 credential combinations, primarily focusing on 5 unique username/password pairs with a top attempt count of 363. No malware captures were recorded during this period.

Generated by Llama 4 Scout via Cloudflare Workers AI