An AI-powered full-stack honeypot intelligence system that detects scam attempts, engages scammers in dynamic multi-turn conversations, extracts structured intelligence, and visualizes results in a modern monitoring dashboard.
Deployed backend on Render and frontend on Vercel.
POST https://honeypot-fr53.onrender.com
https://honeypot-ewzvvvf6t-ht-projects.vercel.app/
Instead of immediately blocking scammers, this system:
- Detects scam intent (Hybrid AI + Heuristics)
- Engages scammer using AI persona
- Extracts actionable intelligence
- Reports structured results via callback
- Stores full conversation in MongoDB
- Visualizes sessions in a monitoring dashboard
This simulates a real-world AI honeypot intelligence trap.
- ✅ Hybrid Scam Detection (Regex + AI scoring)
- ✅ Risk scoring model
- ✅ Timeout-protected AI calls
- ✅ Low-latency decision logic
- ✅ Multi-turn AI persona
- ✅ Context-aware responses
- ✅ Human-like dynamic behavior
- ✅ Scammer manipulation strategy
- ✅ Structured data extraction
- ✅ Background async worker
- ✅ Final callback reporting
- ✅ Persistent conversation storage
- ✅ Conversation listing with pagination
- ✅ Conversation detail view
- ✅ Extracted intelligence panel
- ✅ Risk score visualization
- ✅ Scam / Safe badges
- ✅ Dark mode support
- ✅ Mobile-responsive UI
- ✅ AI Interaction Simulator
root/
│
├── backend/
│ ├── src/
│ │ ├── config/
│ │ ├── constants/
│ │ ├── controllers/
│ │ ├── middlewares/
│ │ ├── models/
│ │ ├── prompts/
│ │ ├── routes/
│ │ ├── services/
│ │ ├── utils/
│ │ ├── app.js
│ │ └── server.js
│ ├── .env
│ └── package.json
│
├── frontend/
│ ├── src/
│ │ ├── assets/
│ │ ├── components/
│ │ ├── context/
│ │ ├── hooks/
│ │ ├── pages/
│ │ ├── routes/
│ │ ├── services/
│ │ ├── utils/
│ │ ├── app.jsx
│ │ ├── main.jsx
│ │ └── index.css
│ ├── .env
│ └── package.json
│
└── README.md
- Node.js
- Express.js
- MongoDB (Mongoose)
- Axios
- Render (Deployment)
- OpenRouter LLM API
- Prompt engineering
- AI persona modeling
- React.js
- React Router DOM
- Tailwind CSS
- Lucide Icons
- React Hot Toast
- Day.js
- Recharts
Hybrid model combining:
Detects:
-
UPI IDs
-
URLs
-
Phone numbers
-
Suspicious keywords:
verify, blocked, urgent, click, OTP, pay, immediately, transfer
AI returns:
{
"scam": true,
"confidence": 0.82
}Risk = (Heuristic × 0.7) + (AI Confidence × 0.3)
If ≥ 0.6 → conversation marked as scam.
Ensures:
- Fast response
- Controlled AI cost
- High detection reliability
When scam is detected, AI:
- Does NOT reveal detection
- Acts confused / concerned
- Asks follow-up questions
- Extracts more intelligence
- Maintains multi-turn memory
- Adapts tone dynamically
Structured data extracted:
- 🏦 Bank Accounts
- 💳 UPI IDs
- 🔗 Phishing URLs
- 📞 Phone Numbers
- ⚠ Suspicious Keywords
- 📝 Agent Notes (behavioral analysis)
Simulates scam conversation in real-time.
Features:
- Live chat UI
- Risk score visualization bar
- Scam alert indicator
- Explainability breakdown
- New Chat reset
- Paginated session list
- Created & updated timestamps
- Scam/Safe badges
- Quick intelligence preview
Displays:
- Full message history
- Extracted intelligence
- Risk score
- Agent reasoning
- Structured intelligence fields
{
"sessionId": "auto-1771154782489",
"scamDetected": true,
"totalMessagesExchanged": 2,
"extractedIntelligence": {
"bankAccounts": [],
"upiIds": ["xyz@upi"],
"phishingLinks": [],
"phoneNumbers": [],
"suspiciousKeywords": [
"blocked",
"immediately",
"pay"
]
},
"agentNotes": "Customer is being asked to transfer money to unblock account, potential phishing attempt."
}conversationId
messages[]
role
content
timestamp
scamDetected (boolean)
finalCallbackSent (boolean)
extractedData {
bankAccounts[]
upiIds[]
phishingLinks[]
phoneNumbers[]
suspiciousKeywords[]
agentNotes
}
createdAt
updatedAt
flowchart TD
Start([Incoming Message]) --> Heuristic[Heuristic Detection]
Heuristic --> AIDetection[AI Detection<br/><i>Timeout Protected</i>]
AIDetection --> IsScam{Is Scam?}
IsScam -- No --> End([End Process])
IsScam -- Yes --> Persona[AI Persona Response]
subgraph Action_Phase[Automated Response & Logging]
direction TB
Reply[Send Immediate Reply]
Extract[Background Extraction]
DB[DB Update]
end
Persona --> Action_Phase
Action_Phase --> Callback[Final Callback API]
Callback --> End
Frontend interacts only with stored conversation data. Backend detection and engagement flow remains unchanged.
| Component | Timeout |
|---|---|
| Scam Detection AI | ~1200ms |
| AI Agent Response | ~5000ms |
| Extraction | Async background |
User receives response immediately. Extraction & callback run non-blocking.
cd backend
npm install
npm run dev
PORT=4000
MONGO_URI=your_mongo_uri
OPENROUTER_API_KEY=your_key
API_KEY=test_api_key
cd frontend
npm install
npm run dev
Make sure API base URL points to backend.
- Redis job queue
- Real-time dashboard updates (WebSockets)
- Behavioral scam profiling
- RAG-based scam memory
- Threat intelligence API integration
- Analytics dashboard
- Admin authentication layer
Harsh Tripathi
GitHub: https://github.com/ImaginationGod/Honeypot