SIP honeypot network
A global SIP honeypot network that sees attacks before your PBX does.
Every IP in SipRadar's threat feed was caught attacking a real-looking SIP endpoint, not inferred from unrelated abuse data. Our honeypots record REGISTER floods, INVITE scans, and toll-fraud probes around the clock.
Reactive defense is too late
Waiting for fraud on your own trunk means you are the sensor, and you pay the bill for the signal. Honeypots absorb attacks harmlessly and feed intelligence upstream to every SipRadar customer.
214 sensors, one threat graph
Honeypot events flow into a unified graph scored by behavior, geography, and history. The same stream powers the live dashboard, GET /v1/threats, and blacklist.txt.
How SipRadar helps
Live attack dashboard
Watch the ticker on /threat-feed, filter by port, country, and threat score. Click any event for full context.
38-country coverage
Attackers geo-distribute scans. Our mesh catches regional campaigns before they spread globally.
Enterprise private honeypots
Deploy containerized honeypots in your own network with private graph federation on Enterprise plans.
90-day telemetry retention
Investigate campaigns over time. Derived reputation scores persist for long-term blocking decisions.
From honeypot hit to edge block
Subscribe to the API or pull blacklist.txt. Events include timestamp, IP, port, country, user-agent, and threat score: everything your automation needs.
FAQ
Frequently asked questions
Common questions about SIP honeypot network and how SipRadar fits your VoIP security stack.
Ask a question →Passive SIP listeners that record inbound probes are standard security research practice. We operate transparently and publish scanner IP ranges for our audit product.