Skip to main content

SYS.CORE // SECURE UPLINK ESTABLISHED

STATUS: ONLINE

> w33t.terminal

HONEYPOT_ARRAY

What happens when you leave a server on the internet

A T-Pot honeypot sits on my home network and pretends to be a vulnerable server. Bots and attackers find it within minutes, try default passwords, drop malware, and probe for web exploits. This page visualizes that traffic as it happens.

Cowrie

Emulates SSH and Telnet services. Captures every username, password, and shell command attackers try.

Dionaea

Mimics services like SMB, FTP, and HTTP to lure in malware droppers. Saves every binary that lands.

Tanner / Snare

A fake web application that classifies incoming requests — SQL injection, XSS, path traversal, and more.

Total attacks

10,000

No change since last update

Unique source IPs

250

Distinct attacker addresses seen in the current window.

Top targeted service

SMB (80%)

Port 445 via DIONAEA

Malware captures

0

Malware binaries caught by Dionaea in the current window.

Credential attempts

2,139

Login attempts caught across SSH, Telnet, FTP, and other exposed services.

Web attack events

392

Hostile web requests classified by Tanner in the current window.

Attack timeline

Hourly event counts over the past week.

LAST_168_HOURS

Attack timelineArea chart showing total honeypot events per hour over the retained timeline.547241042736136803-10 13:0003-12 08:0003-14 03:00

Sensor status

Latest snapshot2026-03-14 03:48
Window size24h
Source labeltpot-proxmox
Observed countries20

Attacker origins

Where the attacks are coming from, based on source IP geolocation.

GEO_DENSITY

Attacker origins world mapWorld map shading countries by observed honeypot attack count in the latest snapshot.Afghanistan: 0 attacksAlbania: 0 attacksAlgeria: 0 attacksAngola: 0 attacksArgentina: 0 attacksArmenia: 0 attacksAustralia: 2,135 attacksAustria: 0 attacksAzerbaijan: 0 attacksBangladesh: 0 attacksBelarus: 0 attacksBelgium: 20 attacksBelize: 0 attacksBenin: 0 attacksBermuda: 0 attacksBhutan: 0 attacksBolivia: 4,329 attacksBosnia and Herzegovina: 0 attacksBotswana: 0 attacksBrazil: 0 attacksBrunei: 0 attacksBulgaria: 0 attacksBurkina Faso: 0 attacksBurundi: 0 attacksCambodia: 0 attacksCameroon: 0 attacksCanada: 357 attacksCentral African Republic: 0 attacksChad: 0 attacksChile: 0 attacksChina: 63 attacksColombia: 0 attacksCosta Rica: 0 attacksCroatia: 0 attacksCuba: 0 attacksCyprus: 0 attacksCzech Republic: 0 attacksDemocratic Republic of the Congo: 0 attacksDenmark: 0 attacksDjibouti: 0 attacksDominican Republic: 0 attacksEast Timor: 0 attacksEcuador: 0 attacksEgypt: 0 attacksEl Salvador: 0 attacksEquatorial Guinea: 0 attacksEritrea: 0 attacksEstonia: 0 attacksEthiopia: 0 attacksFalkland Islands: 0 attacksFiji: 0 attacksFinland: 0 attacksFrance: 0 attacksFrench Guiana: 0 attacksFrench Southern and Antarctic Lands: 0 attacksGabon: 0 attacksGambia: 0 attacksGeorgia: 0 attacksGermany: 249 attacksGhana: 0 attacksGreece: 0 attacksGreenland: 0 attacksGuatemala: 0 attacksGuinea: 0 attacksGuinea Bissau: 0 attacksGuyana: 0 attacksHaiti: 0 attacksHonduras: 0 attacksHungary: 0 attacksIceland: 0 attacksIndia: 4,528 attacksIndonesia: 0 attacksIran: 74 attacksIraq: 0 attacksIreland: 0 attacksIsrael: 0 attacksItaly: 0 attacksIvory Coast: 0 attacksJamaica: 0 attacksJapan: 0 attacksJordan: 0 attacksKazakhstan: 26 attacksKenya: 0 attacksKosovo: 0 attacksKuwait: 0 attacksKyrgyzstan: 0 attacksLaos: 0 attacksLatvia: 0 attacksLebanon: 0 attacksLesotho: 0 attacksLiberia: 0 attacksLibya: 0 attacksLithuania: 0 attacksLuxembourg: 0 attacksMacedonia: 0 attacksMadagascar: 0 attacksMalawi: 0 attacksMalaysia: 0 attacksMali: 0 attacksMalta: 0 attacksMauritania: 0 attacksMexico: 0 attacksMoldova: 0 attacksMongolia: 0 attacksMontenegro: 0 attacksMorocco: 0 attacksMozambique: 0 attacksMyanmar: 0 attacksNamibia: 0 attacksNepal: 0 attacksNetherlands: 3,044 attacksNew Caledonia: 0 attacksNew Zealand: 0 attacksNicaragua: 0 attacksNiger: 0 attacksNigeria: 0 attacksNorth Korea: 0 attacksNorthern Cyprus: 0 attacksNorway: 0 attacksOman: 0 attacksPakistan: 0 attacksPanama: 0 attacksPapua New Guinea: 0 attacksParaguay: 0 attacksPeru: 0 attacksPhilippines: 0 attacksPoland: 0 attacksPortugal: 49 attacksPuerto Rico: 0 attacksQatar: 0 attacksRepublic of Serbia: 0 attacksRepublic of the Congo: 0 attacksRomania: 504 attacksRussia: 176 attacksRwanda: 0 attacksSaudi Arabia: 0 attacksSenegal: 0 attacksSierra Leone: 0 attacksSlovakia: 0 attacksSlovenia: 0 attacksSolomon Islands: 0 attacksSomalia: 0 attacksSomaliland: 0 attacksSouth Africa: 0 attacksSouth Korea: 0 attacksSouth Sudan: 0 attacksSpain: 0 attacksSri Lanka: 0 attacksSudan: 0 attacksSuriname: 0 attacksSwaziland: 0 attacksSweden: 0 attacksSwitzerland: 0 attacksSyria: 0 attacksTaiwan: 58 attacksTajikistan: 0 attacksThailand: 0 attacksThe Bahamas: 0 attacksTogo: 0 attacksTrinidad and Tobago: 0 attacksTunisia: 0 attacksTurkey: 0 attacksTurkmenistan: 0 attacksUganda: 0 attacksUkraine: 31 attacksUnited Arab Emirates: 0 attacksUnited Kingdom: 2,633 attacksUnited Republic of Tanzania: 0 attacksUnited States of America: 2,593 attacksUruguay: 0 attacksUzbekistan: 0 attacksVanuatu: 0 attacksVenezuela: 0 attacksVietnam: 3,154 attacksWest Bank: 0 attacksWestern Sahara: 0 attacksYemen: 0 attacksZambia: 0 attacksZimbabwe: 0 attacks

Top source countries

#CountryAttacksIPs
1India4,5287
2Bolivia4,3291
3Vietnam3,1542
4The Netherlands3,04417
5United Kingdom2,6339
6United States2,59398
7Australia2,1356
8Romania5047
9Singapore43510
10Canada3574

Protocol and service breakdown

Which services attackers are going after the most.

SERVICE_MIX

Protocol and service breakdown: Horizontal bar chart showing the most targeted services and ports in the current honeypot snapshot.

SMB :445
10,787 events
SSH :22
2,142 events
HTTP :80
392 events
DNS :53
46 events
HTTPS :443
42 events
PORT-3478 :3478
12 events

Web attack categories

Types of web exploits attempted against the fake application.

WEB_SIGS

Web attack categories: Horizontal bar chart showing the most common classified web attack categories in the current snapshot.

Unclassified
392 requests

Credential attempts

The most common username and password combinations attackers try across all exposed services.

AUTH_PRESSURE

#UsernamePasswordAttempts
1rootadmin42
2root12345618
3rootpassword18
4ubuntuubuntu16
5adminadmin15
6admin12345611
7adminpassword11
8useruser7
9guestguest6
10centos1234565
11centosP@ssw0rd5
12centoscentos5
13guest1234565
14guestP@ssw0rd5
15oracle1234565
16oracleoracle5
17oraclepassword5
18testtest5
19ubuntu1234565
20ubuntu123456784

Malware captures

Binaries that attackers dropped onto the honeypot. Each hash links to VirusTotal for analysis.

PAYLOAD_INDEX

SHA-256TypeCapturesFirst seen
No malware samples captured yet.

What's happening

AI-generated summary of the latest 24-hour window of honeypot activity.

AI_SUMMARY

Over the last 24 hours, 10,000 attacks were recorded from 250 unique source IPs, with top source countries being India, Bolivia, Vietnam, The Netherlands, and the United Kingdom. The most targeted services were SMB on port 445 with 10,787 events, SSH on port 22 with 2,142 events, and HTTP on port 80 with 392 events. The top credential attempts involved 5 unique username/password pairs, with the highest having 42 attempts, and no malware captures were recorded.

Generated by Llama 4 Scout via Cloudflare Workers AI