Real-time Threat Intelligence
Monitoring real-world SSH, Telnet, and web attacks, capturing malware samples, and documenting threat actor tactics.
| Sensor | Services | Status | Since |
|---|---|---|---|
| Sensor-01 | SSH (2222) | โ Active | Jan 2026 |
| Sensor-02 | SSH (2222), Telnet (23), HTTP/S (80/443) | โ Active | Mar 2026 |
This site documents findings from honeypots deployed to capture and analyze real-world attack traffic. Using Cowrie and other tools, I monitor attacker behavior, collect malware samples, and track emerging threat campaigns.
The infrastructure includes SSH, Telnet, and web honeypots designed to attract different types of attackers โ from SSH brute-forcers to IoT botnets to web vulnerability scanners.
All data is sanitized before publishing โ IP addresses are partially redacted and sensitive payloads are anonymized. File hashes are shared to aid threat intelligence research.