Loading threats
Execution of pip3 show twisted 2>/dev/null | grep 'Location.*cowrie' to retrieve metadata about the installed Twisted package and filter for installation paths containing “cowrie”. This pattern reflects targeted honeypot fingerprinting by validating whether the Twisted framework is installed within a Cowrie-associated directory, indicating deliberate detection of a Cowrie-based deception environment prior to continued attacker activity.
This attack primitive is part of the SikkerAPI detection catalog and is actively monitored across our global honeypot network. No IPs in the current retention window have triggered this detection signature.
When an attacker triggers this primitive, matched IPs will appear here with confidence scores, geolocation, and session details. Browse other SSH detections or look up a specific IP to check its threat profile.