Tuesday, 28 April 2026 ๐Ÿ’€ critical

Daily Threat Report

1,926 SSH Connections
2,278 Login Attempts
326 Commands Run
75 SSH Unique IPs
7,919 Protocol Events
28 Protocol IPs

Top Attacker IPs

  1. ๐ŸŒ 176.65.132.129 BGPโ†—
  2. ๐ŸŒ 45.156.87.99 BGPโ†—
  3. ๐ŸŒ 87.251.64.176 BGPโ†—
  4. ๐ŸŒ 27.79.0.43 BGPโ†—
  5. ๐ŸŒ 27.79.41.222 BGPโ†—

Top Passwords Tried

  1. 123456
  2. admin
  3. 123
  4. password
  5. 1234

Automated report for 28 de April de 2026. Recorded 1926 SSH connections on the Cowrie honeypot and 7919 multi-protocol events on OpenCanary, from 103 unique IPs. 0 IPs were automatically reported to the AbuseIPDB community database.

SSH Activity (Cowrie)

The SSH honeypot received 2278 login attempts from 75 unique IPs. Attackers executed 326 commands after gaining simulated system access.

Multi-Protocol Activity (OpenCanary)

Detected 7919 events across services including FTP, Telnet, MySQL, Redis, VNC and Git from 28 distinct IPs. All events are access attempts against simulated production services.

HTTP Web Honeypot (Galah LLM)

The web honeypot received 0 HTTP requests from real scanners across 0 unique IPs. Each attacker received a fake response generated in real time by the local AI model qwen2.5:0.5b (Ollama, no internet connection required).

โ† All Reports ๐Ÿ›ก๏ธ Subscribe to blocklists โ†’