violet's honeypot
DashboardAnalysis
threat analysis · ml

Attack Intelligence

What the traffic reveals: who the attackers are, what they want, and where it's heading.

3
botnet campaigns
90%
intent model accuracy
5
anomalous actors
38
ips profiled
password length distribution
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
password makeup
01lowercase only
1093
02digits only
785
03letters+digits
588
04has symbol
341
05letters only
8
most-tried user : password
01support : support
58
02root : LeitboGi0ro
31
03admin : admin
27
04root : 123456
23
05root : 123@@@
21
06root : root321
19
07
attacks by hour (utc) · day of week
Sun
Mon
Tue
Wed
Thu
Fri
Sat
attack volume · hourly, with 24h forecast
attacker intent (from captured commands)
01malware_install
31
02recon
19
03other
11
04miner
10
botnet campaigns (clustered)
#028 ip🇯🇵root : LeitboGi0ro13.6/ip
#23 ip🇳🇱admin : admin!@763/ip
#12 ip
models: dbscan clustering · tf-idf + random forest intent · isolationforest anomalies · seasonal forecast
root : admin
11
attacker networks (asn)
01unknown
865
02AS51396 Pfcloud UG
864
03AS214472 Offshore LC
787
04AS200730 ISAEV Igor
56
05AS31898 Oracle Corporation
37
06AS4804 Microplex PTY LTD
35
07AS47890 UNMANAGED LTD
32
0
6
12
18
now
🇰🇷
root : LeitboGi0ro
6/ip