What's in the honeypot? Frequency of SSH Login Attempts based on Country of Origin

Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country they have come from:


Occurances
Country
511
China
149
Australia
6
Vietnam
4
Russia
3
South Korea
3
Thailand


I noticed that most of the occurrences of failed login attempts are from China, again no attribution to them or any other country listed.

I was curious which of the IP Addresses came from the country of Russia:
31.184.194.115
78.109.142.184
122.225.38.23
195.94.234.86

The only IP with a little history on virustotal.com is 195.94.234.86 but no trace to malicious files have occurred at this time.



Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

VBA - Script to Download a file from a URL

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

IoT Malware Analysis - CnC Server - Part 3