Hi folks, today I’d like to point you out another tool of mine which extract suspicious IPs from undesired connections. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners). If you like having fresh HoneyPot feeds in your OSINT collection, please feel free to download them directly HERE. The downloaded file wraps malicious (as intended by HoneyPots) IPs and the “last seen” date so which you might decide if the IP is getting too old for blocking purposes. The file is structured as an array of Json object in order to facilitate the ingestion in every feeder or database. The following image shows what I meant

Json Representation

The feed is update every 24h, so it would be useless to make multiple downloads per day. The entire system detect approximately 140k events per day.

Following a set of interesting and very selective graphic views are presented. A Geographic distribution is shown in order to have a quick overview of which country is hitting mostly my HoneyPot network, a nice event wave shows the time of the most relevant hits while selected protocols and services graph show the most interesting hit selected protocols.

HoneyPot Page

Hope you might appreciate my intent to share with cybersecurity community free data in order to improve our digital space. Have fun and if you have questions or suggestion please feel free to contact me