Observed over the last 31 days.
Public Threat Snapshot
SSH attack activity observed by the Sarang honeypot project.
This public page is designed around daily JSON updates, with content organized for fast situational awareness, regional context, and accessible IoC discovery.
Distinct sources across the public reporting window.
Observed honeypot authentications that progressed beyond failed attempts.
Interactive command activity captured after attacker access.
Payload delivery events observed in the reporting window.
Distinct file hashes extracted from observed download activity.
Attack Activity
SSH Attacks Trend Yesterday
Attack Activity
SSH Attacks Trend
Global Focus
Global Countries by Unique IPs
Top 10 global countries by unique attacker IPs over the latest 31-day window.
Attack Volume by Global Countries
Top 10 global countries by total observed attack volume over the same 31-day window.
Regional Focus (South East Asia)
SEA Countries by Unique IPs
South East Asia countries ranked by unique attacker IPs across the latest 31 days.
Attack Volume by Regional Countries
South East Asia countries ranked by total observed attack volume across the same 31-day window.
Top Observables
Top 10 Attacker IPs
Event counts represent the total number of Cowrie events linked to each source IP within the latest 31-day public reporting window. Higher counts indicate more observed activity, not confirmed attribution to a single actor.
Top Observables
Top 10 Malicious Score IPs
The malicious score is a behavior-based proxy over the latest 31 days, weighted from observed failed logins, successful honeypot logins, command activity, file download events, and callback-style traffic. It is not a native threat-intel score.
Interpretation Notice
Public indicators reflect activity seen by Sarang only.
Observed IP addresses and hashes support threat awareness, but they should not be treated as identity attribution on their own. The public site summarizes events collected from a monitored honeypot environment and is meant for defensive analysis.