Skip to main content

SYS.CORE // SECURE UPLINK ESTABLISHED

STATUS: ONLINE

> w33t.terminal

HONEYPOT_ARRAY

What happens when you leave a server on the internet

A T-Pot honeypot sits on my home network and pretends to be a vulnerable server. Bots and attackers find it within minutes, try default passwords, drop malware, and probe for web exploits. This page visualizes that traffic as it happens.

Cowrie

Emulates SSH and Telnet services. Captures every username, password, and shell command attackers try.

Dionaea

Mimics services like SMB, FTP, and HTTP to lure in malware droppers. Saves every binary that lands.

Tanner / Snare

A fake web application that classifies incoming requests — SQL injection, XSS, path traversal, and more.

Total attacks

0

No change since last update

Unique source IPs

0

Distinct attacker addresses seen in the current window.

Top targeted service

--

Waiting for traffic data

Malware captures

0

Malware binaries caught by Dionaea in the current window.

Credential attempts

0

Login attempts caught across SSH, Telnet, FTP, and other exposed services.

Web attack events

0

Hostile web requests classified by Tanner in the current window.

Attack timeline

Hourly event counts over the past week.

LAST_168_HOURS

Attack timelineArea chart showing total honeypot events per hour over the retained timeline.741555613708185405-28 00:0006-09 10:0006-12 22:00

Sensor status

Latest snapshot2026-06-14 00:58
Window size24h
Source labeltpot-proxmox
Observed countries0

Attacker origins

Where the attacks are coming from, based on source IP geolocation.

GEO_DENSITY

Attacker origins world mapWorld map shading countries by observed honeypot attack count in the latest snapshot.Afghanistan: 0 attacksAlbania: 0 attacksAlgeria: 0 attacksAngola: 0 attacksArgentina: 0 attacksArmenia: 0 attacksAustralia: 0 attacksAustria: 0 attacksAzerbaijan: 0 attacksBangladesh: 0 attacksBelarus: 0 attacksBelgium: 0 attacksBelize: 0 attacksBenin: 0 attacksBermuda: 0 attacksBhutan: 0 attacksBolivia: 0 attacksBosnia and Herzegovina: 0 attacksBotswana: 0 attacksBrazil: 0 attacksBrunei: 0 attacksBulgaria: 0 attacksBurkina Faso: 0 attacksBurundi: 0 attacksCambodia: 0 attacksCameroon: 0 attacksCanada: 0 attacksCentral African Republic: 0 attacksChad: 0 attacksChile: 0 attacksChina: 0 attacksColombia: 0 attacksCosta Rica: 0 attacksCroatia: 0 attacksCuba: 0 attacksCyprus: 0 attacksCzech Republic: 0 attacksDemocratic Republic of the Congo: 0 attacksDenmark: 0 attacksDjibouti: 0 attacksDominican Republic: 0 attacksEast Timor: 0 attacksEcuador: 0 attacksEgypt: 0 attacksEl Salvador: 0 attacksEquatorial Guinea: 0 attacksEritrea: 0 attacksEstonia: 0 attacksEthiopia: 0 attacksFalkland Islands: 0 attacksFiji: 0 attacksFinland: 0 attacksFrance: 0 attacksFrench Guiana: 0 attacksFrench Southern and Antarctic Lands: 0 attacksGabon: 0 attacksGambia: 0 attacksGeorgia: 0 attacksGermany: 0 attacksGhana: 0 attacksGreece: 0 attacksGreenland: 0 attacksGuatemala: 0 attacksGuinea: 0 attacksGuinea Bissau: 0 attacksGuyana: 0 attacksHaiti: 0 attacksHonduras: 0 attacksHungary: 0 attacksIceland: 0 attacksIndia: 0 attacksIndonesia: 0 attacksIran: 0 attacksIraq: 0 attacksIreland: 0 attacksIsrael: 0 attacksItaly: 0 attacksIvory Coast: 0 attacksJamaica: 0 attacksJapan: 0 attacksJordan: 0 attacksKazakhstan: 0 attacksKenya: 0 attacksKosovo: 0 attacksKuwait: 0 attacksKyrgyzstan: 0 attacksLaos: 0 attacksLatvia: 0 attacksLebanon: 0 attacksLesotho: 0 attacksLiberia: 0 attacksLibya: 0 attacksLithuania: 0 attacksLuxembourg: 0 attacksMacedonia: 0 attacksMadagascar: 0 attacksMalawi: 0 attacksMalaysia: 0 attacksMali: 0 attacksMalta: 0 attacksMauritania: 0 attacksMexico: 0 attacksMoldova: 0 attacksMongolia: 0 attacksMontenegro: 0 attacksMorocco: 0 attacksMozambique: 0 attacksMyanmar: 0 attacksNamibia: 0 attacksNepal: 0 attacksNetherlands: 0 attacksNew Caledonia: 0 attacksNew Zealand: 0 attacksNicaragua: 0 attacksNiger: 0 attacksNigeria: 0 attacksNorth Korea: 0 attacksNorthern Cyprus: 0 attacksNorway: 0 attacksOman: 0 attacksPakistan: 0 attacksPanama: 0 attacksPapua New Guinea: 0 attacksParaguay: 0 attacksPeru: 0 attacksPhilippines: 0 attacksPoland: 0 attacksPortugal: 0 attacksPuerto Rico: 0 attacksQatar: 0 attacksRepublic of Serbia: 0 attacksRepublic of the Congo: 0 attacksRomania: 0 attacksRussia: 0 attacksRwanda: 0 attacksSaudi Arabia: 0 attacksSenegal: 0 attacksSierra Leone: 0 attacksSlovakia: 0 attacksSlovenia: 0 attacksSolomon Islands: 0 attacksSomalia: 0 attacksSomaliland: 0 attacksSouth Africa: 0 attacksSouth Korea: 0 attacksSouth Sudan: 0 attacksSpain: 0 attacksSri Lanka: 0 attacksSudan: 0 attacksSuriname: 0 attacksSwaziland: 0 attacksSweden: 0 attacksSwitzerland: 0 attacksSyria: 0 attacksTaiwan: 0 attacksTajikistan: 0 attacksThailand: 0 attacksThe Bahamas: 0 attacksTogo: 0 attacksTrinidad and Tobago: 0 attacksTunisia: 0 attacksTurkey: 0 attacksTurkmenistan: 0 attacksUganda: 0 attacksUkraine: 0 attacksUnited Arab Emirates: 0 attacksUnited Kingdom: 0 attacksUnited Republic of Tanzania: 0 attacksUnited States of America: 0 attacksUruguay: 0 attacksUzbekistan: 0 attacksVanuatu: 0 attacksVenezuela: 0 attacksVietnam: 0 attacksWest Bank: 0 attacksWestern Sahara: 0 attacksYemen: 0 attacksZambia: 0 attacksZimbabwe: 0 attacks

Top source countries

#CountryAttacksIPs
No country data yet — the map populates once traffic starts flowing.

Protocol and service breakdown

Which services attackers are going after the most.

SERVICE_MIX

Protocol and service breakdown: Horizontal bar chart showing the most targeted services and ports in the current honeypot snapshot.

No data
0

Web attack categories

Types of web exploits attempted against the fake application.

WEB_SIGS

Web attack categories: Horizontal bar chart showing the most common classified web attack categories in the current snapshot.

No data
0

Credential attempts

The most common username and password combinations attackers try across all exposed services.

AUTH_PRESSURE

#UsernamePasswordAttempts
No credential attempts recorded yet.

Malware captures

Binaries that attackers dropped onto the honeypot. Each hash links to VirusTotal for analysis.

PAYLOAD_INDEX

SHA-256TypeCapturesFirst seen
No malware samples captured yet.

What's happening

AI-generated summary of the latest 24-hour window of honeypot activity.

AI_SUMMARY

In the last 24 hours, there were 0 total attacks on the honeypot, with 0 unique source IPs detected. No credential attempts, malware captures, or web attack events were recorded. The honeypot services, including Cowrie, Dionaea, and Tanner, each logged 0 events.

Generated by Llama 4 Scout via Cloudflare Workers AI