Daily Threat Report
Top Attacker IPs
- π 45.153.34.114 BGPβ
- π 87.251.64.176 BGPβ
- π 87.251.64.145 BGPβ
- π 87.251.64.144 BGPβ
- π 195.178.110.26 BGPβ
Top Passwords Tried
- admin
- 123456
- 123
- password
- 1234
# Automatic multi-platform threat intel reporting $ honeypot-report.sh --since 24h β 16 IPs β AbuseIPDB (community confidence scores updated) β 16 IPs β AlienVault OTX (pulse indicators added) β 16 IPs β Blocklist.de (auto-ban list updated) β 16 IPs β DShield/SANS (global threat feed updated)
π€£ ATTACKER COMEDY CORNER
Real attempts. No actors were harmed in the making of this honeypot.
π Hall of Shame β Passwords
admin password abc123 qwertyuiop qwerty π» Commands They Tried
uname -a uname -s -m uname -s -v -n -r -m These are real credentials and commands attempted by automated scanners and script kiddies. Logged, reported, and immortalized.
Automated report for 17 de May de 2026. Recorded 1067 SSH connections on the Cowrie honeypot and 11401 multi-protocol events on OpenCanary, from 81 unique IPs. 16 IPs were automatically reported to the AbuseIPDB community database.
SSH Activity (Cowrie)
The SSH honeypot received 1501 login attempts from 66 unique IPs. Attackers executed 194 commands after gaining simulated system access.
Multi-Protocol Activity (OpenCanary)
Detected 11401 events across services including FTP, Telnet, MySQL, Redis, VNC and Git from 15 distinct IPs. All events are access attempts against simulated production services.
HTTP Web Honeypot (Galah LLM)
The web honeypot received 0 HTTP requests from real scanners across 0 unique IPs.
Each attacker received a fake response generated in real time by the local AI model qwen2.5:0.5b (Ollama, no internet connection required).
Network IDS (Suricata)
The network intrusion detection system generated 10180 alerts from 375 unique source IPs. Suricata monitors all traffic on the primary network interface using Emerging Threats + AlienVault OTX rulesets.