Daily Threat Report
Top Attacker IPs
- ๐ 103.64.129.98 BGPโ
- ๐ 27.79.41.201 BGPโ
- ๐ 87.251.64.176 BGPโ
- ๐ 116.99.169.192 BGPโ
- ๐ 103.228.36.205 BGPโ
Top Passwords Tried
- admin
- 123456
- 1234
- password
- 12345
๐ WEB HONEYPOT โ Galah LLM
AI-generated fake HTTP responses served to 83 scanner requests from 46 unique IPs. Model: qwen2.5:0.5b (local, offline).
Top Paths Probed
- /
- /og-default.png
- api.ipify.org:443
- /wp-login.php
- /favicon.ico
Top User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46
- vercel-favicon/1.0
๐คฃ ATTACKER COMEDY CORNER
Real attempts. No actors were harmed in the making of this honeypot.
๐ Hall of Shame โ Passwords
000000000000000 111111 123321 12345678 123456789 1234567890%*() P@ssw0rd abc123 admin123 azerty147 These are real credentials and commands attempted by automated scanners and script kiddies. Logged, reported, and immortalized.
Automated report for 25 de April de 2026. Recorded 1492 SSH connections on the Cowrie honeypot and 173 multi-protocol events on OpenCanary, from 85 unique IPs. 0 IPs were automatically reported to the AbuseIPDB community database.
SSH Activity (Cowrie)
The SSH honeypot received 1358 login attempts from 74 unique IPs. Attackers executed 844 commands after gaining simulated system access.
Multi-Protocol Activity (OpenCanary)
Detected 173 events across services including FTP, Telnet, MySQL, Redis, VNC and Git from 11 distinct IPs. All events are access attempts against simulated production services.
HTTP Web Honeypot (Galah LLM)
The web honeypot received 83 HTTP requests from real scanners across 46 unique IPs.
Each attacker received a fake response generated in real time by the local AI model qwen2.5:0.5b (Ollama, no internet connection required).