CIRCLE WITH A DOT

[Armada/US-East] #opencanary analysis for 20260506-20260512Summary: Total Connection Attempts: 279,749 Unique Usernames: 2,059 Distinct Passwords: 1,901 ️ Distinct VNC Passwords: 121 Unique Attacker IPs: 3,930Port Popularity (Port / Count): ️ RDP: 92,780 Telnet: 66,607 ️ VNC: 55,826 SSH: 43,189 ️ MSSQL: 20,762 REDIS: 303 ️ SMB: 264 FTP: 16 HTTP: 2Top 10 Usernames (Value / Count): Usernames root: 49,740 Usernames 35: 33,530 Usernames hello: 17,339 Usernames admin: 13,364 Usernames support: 2,536 Usernames user: 1,876 Usernames guest: 1,079 Usernames ubnt: 477 Usernames ubuntu: 396 Usernames Administr: 271Top 10 Passwords (Value / Count): Passwords admin: 7,453 Passwords xc3511: 4,932 Passwords vizxv: 4,490 Passwords 123456: 3,630 Passwords password: 3,083 Passwords 888888: 2,925 Passwords 12345: 2,587 Passwords default: 2,535 Passwords support: 2,517 Passwords 1111: 2,480Top 10 ️ VNC Passwords (Value / Count): ️ VNC Passwords <Password was not in the common list>: 55,413 ️ VNC Passwords password123: 36 ️ VNC Passwords iloveyou: 30 ️ VNC Passwords 123456: 25 ️ VNC Passwords 111111: 19 ️ VNC Passwords admin: 17 ️ VNC Passwords P@ssword: 14 ️ VNC Passwords minecraft: 14 ️ VNC Passwords Password1: 11 ️ VNC Passwords alexandru: 11Top 10 Attacker IPs (IP / Count): 51.75.240.xxx: 18,814 89.163.135.xxx: 17,176 127.0.0.xxx: 9,933 54.151.176.xxx: 9,253 183.81.35.xxx: 8,606 68.168.211.xxx: 8,245 199.101.51.xxx: 4,130 8.26.21.xxx: 3,992 1.173.64.xxx: 3,980 119.8.155.xxx: 3,912The OpenCanary Experience is at https://www.toce.ch

[Sentinel/US-West] #opencanary analysis for 20260506-20260512Summary: Total Connection Attempts: 274,280 Unique Usernames: 1,791 Distinct Passwords: 1,323 ️ Distinct VNC Passwords: 209 Unique Attacker IPs: 4,557Port Popularity (Port / Count): ️ RDP: 107,464 ️ VNC: 82,437 SSH: 36,741 Telnet: 25,196 ️ MSSQL: 15,897 ️ SMB: 6,054 REDIS: 253 MySQL: 217 FTP: 18 HTTP: 3Top 10 Usernames (Value / Count): Usernames 35: 50,785 Usernames root: 18,531 Usernames admin: 5,423 Usernames hello: 2,886 Usernames support: 889 Usernames user: 829 Usernames ubuntu: 449 Usernames guest: 429 Usernames test: 317 Usernames deploy: 307Top 10 Passwords (Value / Count): Passwords admin: 2,809 Passwords xc3511: 1,735 Passwords 123456: 1,518 Passwords vizxv: 1,490 Passwords password: 1,170 Passwords 888888: 1,034 Passwords default: 1,004 Passwords 12345: 927 Passwords 1111: 910 Passwords support: 868Top 10 ️ VNC Passwords (Value / Count): ️ VNC Passwords <Password was not in the common list>: 81,854 ️ VNC Passwords password123: 58 ️ VNC Passwords iloveyou: 30 ️ VNC Passwords 123456: 20 ️ VNC Passwords admin: 16 ️ VNC Passwords 1234567890: 16 ️ VNC Passwords 111111: 15 ️ VNC Passwords P@ssword: 13 ️ VNC Passwords P@55w0rd: 12 ️ VNC Passwords football: 12Top 10 Attacker IPs (IP / Count): 127.0.0.xxx: 10,041 134.195.101.xxx: 6,606 119.8.155.xxx: 4,099 77.90.185.xxx: 4,084 8.26.21.xxx: 3,992 47.129.236.xxx: 3,687 123.146.82.xxx: 3,234 50.6.3.xxx: 2,802 135.148.33.xxx: 2,457 188.253.11.xxx: 2,276The OpenCanary Experience is at https://www.toce.ch

[Digger/CH] #opencanary analysis for 20260506-20260512Summary: Total Connection Attempts: 281,074 Unique Usernames: 1,082 Distinct Passwords: 9,482 ️ Distinct VNC Passwords: 133 Unique Attacker IPs: 2,697Port Popularity (Port / Count): ️ MSSQL: 189,895 SSH: 45,613 Telnet: 30,360 ️ RDP: 7,618 Port 33306: 5,795 Port 27017: 569 REDIS: 558 ️ VNC: 382 ️ SMB: 180 Synology DSM: 67 FTP: 37Top 10 Usernames (Value / Count): Usernames root: 27,911 Usernames admin: 8,258 Usernames 188: 2,507 Usernames user: 1,436 Usernames ubuntu: 1,368 Usernames sa: 1,329 Usernames support: 1,117 Usernames hello: 907 Usernames guest: 585 Usernames test: 385Top 10 Passwords (Value / Count): Passwords admin: 3,442 Passwords 123456: 2,273 Passwords xc3511: 2,152 Passwords vizxv: 1,937 Passwords password: 1,520 Passwords 888888: 1,359 Passwords 12345: 1,307 Passwords default: 1,187 Passwords 1111: 1,172 Passwords 54321: 1,112Top 10 ️ VNC Passwords (Value / Count): ️ VNC Passwords password123: 20 ️ VNC Passwords 1234567890: 18 ️ VNC Passwords friend: 16 ️ VNC Passwords zxcasdqwe123: 14 ️ VNC Passwords iloveyou: 14 ️ VNC Passwords P@ssword: 14 ️ VNC Passwords 123456: 14 ️ VNC Passwords P@55w0rd: 14 ️ VNC Passwords welcome@123: 12 ️ VNC Passwords 111111: 12Top 10 Attacker IPs (IP / Count): 93.152.221.xxx: 37,031 93.152.221.xxx: 36,493 93.152.221.xxx: 36,449 93.152.221.xxx: 36,348 93.152.221.xxx: 36,306 2.58.196.xxx: 11,577 80.172.227.xxx: 5,324 176.65.132.xxx: 4,040 14.20.141.xxx: 3,158 62.146.231.xxx: 2,039The OpenCanary Experience is at https://www.toce.ch

[Digger/CH] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 20323 Unique Usernames: 166 Distinct Passwords: 552 Unique Attacker IPs: 465Port Popularity (Port / Count): ️ MSSQL: 12336 SSH: 3717 ️ RDP: 2589 Telnet: 1474 ️ SMB: 94 27017: 47 MySQL: 30 REDIS: 15 ️ VNC: 9 Synology DSM: 9 FTP: 3Top 10 Usernames (Username / Count): root: 1274 188: 678 hello: 601 admin: 455 ubuntu: 198 user: 167 debian: 93 support: 52 test: 43 ftpuser: 35Top 10 Passwords (Password / Count): admin: 193 vizxv: 107 xc3511: 104 123456: 95 password: 75 default: 75 12345: 73 root: 68 888888: 60 1111: 60Top 10 Attacker IPs (IP / Count): 93.152.221.xxx: 12332 157.255.29.xxx: 1266 62.28.37.xxx: 900 198.12.251.xxx: 547 72.167.55.xxx: 360 217.154.95.xxx: 316 142.93.183.xxx: 179 122.3.49.xxx: 161 121.128.173.xxx: 124 123.30.106.xxx: 116The OpenCanary Experience is at https://www.toce.ch

[Digger/CH] #opencanary Samba Access Summary for May 11This OpenCanary received 7 file sample(s) yesterday.File hashes seen: ► 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 : 7 file(s) https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71List of Usernames: 2rh1zue0atx8: 217 occurrence(s) administrator: 23 occurrence(s) guest: 18 occurrence(s) admin: 12 occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s)List of IP Addresses: 179.43.169.xxx: 438 occurrence(s) 111.55.204.xxx: 27 occurrence(s) 58.69.174.xxx: 22 occurrence(s) 189.128.56.xxx: 22 occurrence(s) 60.187.36.xxx: 11 occurrence(s) 194.72.234.xxx: 11 occurrence(s) 120.28.212.xxx: 11 occurrence(s) 2.37.164.xxx: 10 occurrence(s) 165.154.49.xxx: 8 occurrence(s) 35.216.254.xxx: 7 occurrence(s) 185.226.197.xxx: 3 occurrence(s) 80.93.119.xxx: 2 occurrence(s) 211.112.95.xxx: 2 occurrence(s) 188.82.83.xxx: 2 occurrence(s) 188.175.245.xxx: 2 occurrence(s) 188.0.189.xxx: 2 occurrence(s) 183.82.242.xxx: 2 occurrence(s) 176.92.31.xxx: 2 occurrence(s) 169.224.6.xxx: 2 occurrence(s) 125.160.52.xxx: 2 occurrence(s) 117.6.128.xxx: 2 occurrence(s) 113.161.186.xxx: 2 occurrence(s) 35.187.71.xxx: 1 occurrence(s) 34.77.191.xxx: 1 occurrence(s) 34.22.192.xxx: 1 occurrence(s) 115.147.56.xxx: 1 occurrence(s)List of Computers: ️ win-ar7tpo6ars5: 438 occurrence(s) ️ null: 16 occurrence(s) ️ abuse_xmco_fr: 7 occurrence(s) ️ 188.63.199.224: 7 occurrence(s) ️ windows: 2 occurrence(s)

[Armada/US-East] #opencanary Samba Access Summary for May 10This OpenCanary received 0 file sample(s) yesterday.File hashes seen:List of Usernames: administrator: 718 occurrence(s) admin: 348 occurrence(s) guest: 3 occurrence(s)List of IP Addresses: 178.249.208.xxx: 1096 occurrence(s) 110.235.129.xxx: 22 occurrence(s) 66.240.192.xxx: 3 occurrence(s) 35.216.254.xxx: 3 occurrence(s) 82.194.36.xxx: 2 occurrence(s) 197.26.104.xxx: 2 occurrence(s) 193.225.62.xxx: 2 occurrence(s) 190.6.53.xxx: 2 occurrence(s) 186.95.9.xxx: 2 occurrence(s) 171.221.107.xxx: 2 occurrence(s) 14.241.75.xxx: 2 occurrence(s) 113.160.166.xxx: 2 occurrence(s) 103.251.250.xxx: 2 occurrence(s) 103.174.108.xxx: 2 occurrence(s) 103.169.225.xxx: 2 occurrence(s) 8.216.3.xxx: 1 occurrence(s) 34.78.69.xxx: 1 occurrence(s) 34.53.175.xxx: 1 occurrence(s)List of Computers: ️ shodan: 3 occurrence(s) ️ abuse_xmco_fr: 3 occurrence(s) ️ windows: 1 occurrence(s)

The OpenCanary Experience has generated 187M events from Internet-facing honeypots.Converted a talk into a live web format, updated with 30-day stats from 3 exposed hosts.The Internet is extremely noisy and opportunistic. And dangerous ️ Big thanks to @ThinkstCanary and @haroonmeer for OpenCanary.https://about.ciso.li/TOCE/index.html?u=Mastodon #InfoSec #CyberSecurity #OpenCanary #BlueTeam

[Digger/CH] #opencanary Samba Access Summary for May 10This OpenCanary received 0 file sample(s) yesterday.File hashes seen:List of Usernames: administrator: 24 occurrence(s)List of IP Addresses: 185.177.159.xxx: 22 occurrence(s) 187.134.30.xxx: 3 occurrence(s) 142.154.126.xxx: 3 occurrence(s) 42.96.144.xxx: 2 occurrence(s) 217.20.255.xxx: 2 occurrence(s) 188.76.143.xxx: 2 occurrence(s) 188.190.191.xxx: 2 occurrence(s) 188.163.172.xxx: 2 occurrence(s) 188.124.238.xxx: 2 occurrence(s) 157.66.105.xxx: 2 occurrence(s) 154.72.166.xxx: 2 occurrence(s) 146.158.59.xxx: 2 occurrence(s) 122.225.14.xxx: 2 occurrence(s) 113.176.31.xxx: 2 occurrence(s) 103.70.204.xxx: 2 occurrence(s) 35.241.157.xxx: 1 occurrence(s) 35.187.13.xxx: 1 occurrence(s) 34.79.100.xxx: 1 occurrence(s) 34.78.151.xxx: 1 occurrence(s) 34.76.96.xxx: 1 occurrence(s) 167.172.232.xxx: 1 occurrence(s) 152.32.135.xxx: 1 occurrence(s)List of Computers: ️ windows: 3 occurrence(s) ️ serverhan: 3 occurrence(s)

[Digger/CH] #opencanary Samba Access Summary for May 8This OpenCanary received 2 file sample(s) yesterday.File hashes seen: ► 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 : 2 file(s) https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71List of Usernames: administrator: 24 occurrence(s) guest: 16 occurrence(s) anon: 3 occurrence(s) message: occurrence(s)List of IP Addresses: 189.237.163.xxx: 21 occurrence(s) 35.216.195.xxx: 7 occurrence(s) 46.105.132.xxx: 6 occurrence(s) 93.174.95.xxx: 3 occurrence(s) 84.239.40.xxx: 3 occurrence(s) 185.180.143.xxx: 3 occurrence(s) 91.134.5.xxx: 2 occurrence(s) 89.250.223.xxx: 2 occurrence(s) 59.97.154.xxx: 2 occurrence(s) 5.77.197.xxx: 2 occurrence(s) 188.133.49.xxx: 2 occurrence(s) 185.151.86.xxx: 2 occurrence(s) 152.70.144.xxx: 2 occurrence(s) 14.176.232.xxx: 2 occurrence(s) 124.105.189.xxx: 2 occurrence(s) 122.117.12.xxx: 2 occurrence(s) 118.163.216.xxx: 2 occurrence(s) 34.78.6.xxx: 1 occurrence(s) 34.77.191.xxx: 1 occurrence(s) 34.140.130.xxx: 1 occurrence(s) 223.205.110.xxx: 1 occurrence(s) 206.189.2.xxx: 1 occurrence(s) 125.235.11.xxx: 1 occurrence(s) 125.234.176.xxx: 1 occurrence(s) 119.42.66.xxx: 1 occurrence(s)List of Computers: ️ abuse_xmco_fr: 7 occurrence(s) ️ 06bf6c5935aa: 6 occurrence(s) ️ shodan: 3 occurrence(s) ️ anonymus: 3 occurrence(s) ️ windows: 2 occurrence(s) ️ urlscan1fr: 2 occurrence(s)

[Digger/CH] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 55506 Unique Usernames: 516 Distinct Passwords: 1298 Unique Attacker IPs: 437Port Popularity (Port / Count): ️ MSSQL: 39161 Telnet: 8694 SSH: 7053 REDIS: 193 ️ RDP: 160 27017: 129 ️ VNC: 56 ️ SMB: 29 MySQL: 16 Synology DSM: 9 FTP: 6Top 10 Usernames (Username / Count): root: 6801 admin: 1792 support: 325 user: 286 ubuntu: 265 guest: 159 test: 97 swisscom: 83 ubnt: 60 oracle: 47Top 10 Passwords (Password / Count): admin: 997 xc3511: 667 123456: 551 vizxv: 529 888888: 424 password: 400 12345: 387 default: 338 54321: 333 juantech: 322Top 10 Attacker IPs (IP / Count): 93.152.221.xxx: 35954 80.172.227.xxx: 5318 14.20.141.xxx: 3158 192.109.200.xxx: 2035 64.176.217.xxx: 1398 20.203.42.xxx: 884 178.62.42.xxx: 776 212.78.94.xxx: 473 27.79.45.xxx: 228 27.79.44.xxx: 213The OpenCanary Experience is at https://www.toce.ch

[Armada/US-East] #opencanary Samba Access Summary for May 7This OpenCanary received 1 file sample(s) yesterday.File hashes seen: ► 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 : 1 file(s) https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71List of Usernames: admin: 132 occurrence(s) administrator: 24 occurrence(s) guest: 3 occurrence(s) message: occurrence(s)List of IP Addresses: 115.242.182.xxx: 198 occurrence(s) 36.76.123.xxx: 162 occurrence(s) 187.251.246.xxx: 44 occurrence(s) 117.207.220.xxx: 44 occurrence(s) 123.255.248.xxx: 22 occurrence(s) 115.74.237.xxx: 22 occurrence(s) 187.174.221.xxx: 21 occurrence(s) 122.52.201.xxx: 20 occurrence(s) 94.102.49.xxx: 3 occurrence(s) 35.216.195.xxx: 3 occurrence(s) 185.142.236.xxx: 3 occurrence(s) 84.108.113.xxx: 2 occurrence(s) 5.183.29.xxx: 2 occurrence(s) 36.72.95.xxx: 2 occurrence(s) 197.25.158.xxx: 2 occurrence(s) 188.119.45.xxx: 2 occurrence(s) 186.92.36.xxx: 2 occurrence(s) 183.148.100.xxx: 2 occurrence(s) 123.27.204.xxx: 2 occurrence(s) 119.235.16.xxx: 2 occurrence(s) 115.75.178.xxx: 2 occurrence(s) 113.169.86.xxx: 2 occurrence(s) 103.175.45.xxx: 2 occurrence(s) 35.240.66.xxx: 1 occurrence(s) 34.78.6.xxx: 1 occurrence(s) 146.190.63.xxx: 1 occurrence(s)List of Computers: ️ null: 32 occurrence(s) ️ shodan: 6 occurrence(s) ️ abuse_xmco_fr: 3 occurrence(s) ️ windows: 2 occurrence(s)

[Digger/CH] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 52052 Unique Usernames: 720 Distinct Passwords: 2586 Unique Attacker IPs: 531Port Popularity (Port / Count): ️ MSSQL: 32494 SSH: 10146 Telnet: 7791 MySQL: 930 ️ RDP: 316 ️ VNC: 174 27017: 93 REDIS: 64 FTP: 15 ️ SMB: 15 Synology DSM: 14Top 10 Usernames (Username / Count): root: 7453 admin: 1702 support: 299 user: 257 ubuntu: 240 guest: 152 test: 74 hello: 72 ubnt: 53 oracle: 46Top 10 Passwords (Password / Count): admin: 880 123456: 565 xc3511: 551 vizxv: 540 password: 417 888888: 353 1111: 342 12345: 327 default: 315 54321: 297Top 10 Attacker IPs (IP / Count): 93.152.221.xxx: 32442 2.58.196.xxx: 5104 45.153.34.xxx: 2021 68.178.163.xxx: 1200 192.109.200.xxx: 1042 176.65.132.xxx: 946 117.146.110.xxx: 920 164.92.244.xxx: 625 94.26.106.xxx: 531 171.231.199.xxx: 225The OpenCanary Experience is at https://www.toce.ch

[Digger/CH] #opencanary Samba Access Summary for May 5This OpenCanary received 0 file sample(s) yesterday.File hashes seen:List of Usernames: administrator: 12 occurrence(s) message: occurrence(s)List of IP Addresses: 49.48.69.xxx: 44 occurrence(s) 189.112.45.xxx: 22 occurrence(s) 187.134.30.xxx: 22 occurrence(s) 117.202.85.xxx: 22 occurrence(s) 217.219.163.xxx: 21 occurrence(s) 59.88.175.xxx: 11 occurrence(s) 34.140.108.xxx: 7 occurrence(s) 37.122.183.xxx: 2 occurrence(s) 202.160.174.xxx: 2 occurrence(s) 190.73.209.xxx: 2 occurrence(s) 190.153.59.xxx: 2 occurrence(s) 122.238.142.xxx: 2 occurrence(s) 102.66.193.xxx: 2 occurrence(s) 34.38.42.xxx: 1 occurrence(s)List of Computers: ️ windows: 8 occurrence(s)

[Digger/CH] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 26725 Unique Usernames: 372 Distinct Passwords: 801 Unique Attacker IPs: 218Port Popularity (Port / Count): Telnet: 18807 ️ MSSQL: 3831 SSH: 3166 ️ RDP: 626 MySQL: 103 REDIS: 77 27017: 51 ️ VNC: 35 ️ SMB: 25 Synology DSM: 4Top 10 Usernames (Username / Count): root: 13706 admin: 3741 support: 747 user: 436 188: 301 guest: 271 ubnt: 160 ethereum: 100 ubuntu: 66 test: 41Top 10 Passwords (Password / Count): admin: 2156 xc3511: 1404 vizxv: 1321 123456: 982 password: 915 888888: 813 support: 746 juantech: 742 default: 730 12345: 728Top 10 Attacker IPs (IP / Count): 107.182.234.xxx: 11788 82.197.69.xxx: 6440 188.113.188.xxx: 3143 176.65.139.xxx: 2021 123.138.18.xxx: 612 139.59.18.xxx: 180 45.40.143.xxx: 150 103.3.46.xxx: 120 163.47.215.xxx: 100 103.9.204.xxx: 91The OpenCanary Experience is at https://www.toce.ch

[Armada/US-East] #opencanary Samba Access Summary for May 3This OpenCanary received 4 file sample(s) yesterday.File hashes seen: ► 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 : 4 file(s) https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71List of Usernames: administrator: 21025 occurrence(s) admin: 11447 occurrence(s) hp: 8979 occurrence(s) gsd: 200 occurrence(s) thi: 152 occurrence(s) huyen: 152 occurrence(s) mukesh: 148 occurrence(s) thanh: 137 occurrence(s) cao: 100 occurrence(s) justice: 91 occurrence(s) pt: 83 occurrence(s) pt-pc_administrator: 82 occurrence(s) pc: 82 occurrence(s) user-pc_attend_user: 44 occurrence(s) user: 17 occurrence(s) guest: 15 occurrence(s) user-pc_administrator: 14 occurrence(s) 172.16.1.14_admin: 7 occurrence(s) vinnytroia: occurrence(s) for: 1 occurrence(s) __________: 1 occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s)List of IP Addresses: 202.58.95.xxx: 33321 occurrence(s) 112.135.180.xxx: 1337 occurrence(s) 103.138.4.xxx: 1316 occurrence(s) 186.10.23.xxx: 1033 occurrence(s) 182.234.146.xxx: 1015 occurrence(s) 115.84.113.xxx: 998 occurrence(s) 46.217.60.xxx: 893 occurrence(s) 113.182.89.xxx: 842 occurrence(s) 113.160.196.xxx: 699 occurrence(s) 14.181.17.xxx: 498 occurrence(s) 58.27.232.xxx: 377 occurrence(s) 114.92.61.xxx: 342 occurrence(s) 152.200.195.xxx: 274 occurrence(s) 110.5.76.xxx: 259 occurrence(s) 223.95.97.xxx: 255 occurrence(s) 202.70.66.xxx: 206 occurrence(s) 154.192.131.xxx: 183 occurrence(s) 113.182.159.xxx: 177 occurrence(s) 122.170.8.xxx: 174 occurrence(s) 186.189.204.xxx: 155 occurrence(s) 200.91.234.xxx: 154 occurrence(s) 186.10.74.xxx: 144 occurrence(s) 203.92.41.xxx: 132 occurrence(s) 113.53.91.xxx: 119 occurrence(s) 117.205.146.xxx: 101 occurrence(s) 103.158.127.xxx: 98 occurrence(s) 136.232.203.xxx: 88 occurrence(s) 113.160.206.xxx: 71 occurrence(s) 49.229.50.xxx: 66 occurrence(s) 201.187.98.xxx: 66 occurrence(s) 197.10.135.xxx: 66 occurrence(s) 103.105.224.xxx: 50 occurrence(s) 196.188.104.xxx: 45 occurrence(s) 61.5.129.xxx: 44 occurrence(s) 115.84.253.xxx: 44 occurrence(s) 115.84.224.xxx: 44 occurrence(s) 111.92.61.xxx: 44 occurrence(s) 103.206.130.xxx: 44 occurrence(s) 36.236.131.xxx: 43 occurrence(s) 190.14.237.xxx: 42 occurrence(s) 111.92.45.xxx: 38 occurrence(s) 125.16.137.xxx: 34 occurrence(s) 202.53.6.xxx: 33 occurrence(s) 67.158.52.xxx: 22 occurrence(s) 61.2.38.xxx: 22 occurrence(s) 61.169.211.xxx: 22 occurrence(s) 59.92.71.xxx: 22 occurrence(s) 49.47.196.xxx: 22 occurrence(s) 49.248.155.xxx: 22 occurrence(s) 49.231.235.xxx: 22 occurrence(s) 45.246.35.xxx: 22 occurrence(s) 45.118.157.xxx: 22 occurrence(s) 41.209.126.xxx: 22 occurrence(s) 27.107.47.xxx: 22 occurrence(s) 220.164.77.xxx: 22 occurrence(s) 210.79.132.xxx: 22 occurrence(s) 206.204.134.xxx: 22 occurrence(s) 202.88.244.xxx: 22 occurrence(s) 202.88.237.xxx: 22 occurrence(s) 201.218.180.xxx: 22 occurrence(s) 201.144.203.xxx: 22 occurrence(s) 196.205.87.xxx: 22 occurrence(s) 186.10.24.xxx: 22 occurrence(s) 183.141.34.xxx: 22 occurrence(s) 171.248.154.xxx: 22 occurrence(s) 165.225.124.xxx: 22 occurrence(s) 150.129.60.xxx: 22 occurrence(s) 14.194.49.xxx: 22 occurrence(s) 139.135.156.xxx: 22 occurrence(s) 125.24.73.xxx: 22 occurrence(s) 125.209.111.xxx: 22 occurrence(s) 124.123.120.xxx: 22 occurrence(s) 124.105.67.xxx: 22 occurrence(s) 124.105.235.xxx: 22 occurrence(s) 124.104.144.xxx: 22 occurrence(s) 122.187.35.xxx: 22 occurrence(s) 122.177.98.xxx: 22 occurrence(s) 120.61.210.xxx: 22 occurrence(s) 117.254.165.xxx: 22 occurrence(s) 117.253.132.xxx: 22 occurrence(s) 117.251.16.xxx: 22 occurrence(s) 117.242.117.xxx: 22 occurrence(s) 117.218.245.xxx: 22 occurrence(s) 117.207.56.xxx: 22 occurrence(s) 117.206.141.xxx: 22 occurrence(s) 117.204.142.xxx: 22 occurrence(s) 117.141.135.xxx: 22 occurrence(s) 103.82.191.xxx: 22 occurrence(s) 103.53.45.xxx: 22 occurrence(s) 103.178.76.xxx: 22 occurrence(s) 103.175.30.xxx: 22 occurrence(s) 111.248.38.xxx: 21 occurrence(s) 36.77.72.xxx: 19 occurrence(s) 156.209.109.xxx: 19 occurrence(s) 124.43.13.xxx: 16 occurrence(s) 123.25.108.xxx: 16 occurrence(s) 213.230.127.xxx: 12 occurrence(s) 182.65.255.xxx: 12 occurrence(s) 58.82.235.xxx: 11 occurrence(s) 58.27.226.xxx: 11 occurrence(s) 49.249.2.xxx: 11 occurrence(s) 42.96.51.xxx: 11 occurrence(s) 223.233.127.xxx: 11 occurrence(s) 196.202.71.xxx: 11 occurrence(s) 189.195.249.xxx: 11 occurrence(s) 187.237.165.xxx: 11 occurrence(s) 187.235.253.xxx: 11 occurrence(s) 187.235.252.xxx: 11 occurrence(s) 182.234.159.xxx: 11 occurrence(s) 118.213.135.xxx: 11 occurrence(s) 117.242.21.xxx: 11 occurrence(s) 103.89.233.xxx: 11 occurrence(s) 103.6.4.xxx: 11 occurrence(s) 103.155.56.xxx: 11 occurrence(s) 103.149.104.xxx: 11 occurrence(s) 197.255.224.xxx: 10 occurrence(s) 210.213.116.xxx: 8 occurrence(s) 124.109.48.xxx: 8 occurrence(s) 111.92.42.xxx: 6 occurrence(s) 95.216.11.xxx: 5 occurrence(s) 210.212.65.xxx: 5 occurrence(s) 181.174.229.xxx: 5 occurrence(s) 125.20.110.xxx: 5 occurrence(s) 98.96.193.xxx: 3 occurrence(s) 89.248.172.xxx: 3 occurrence(s) 87.122.68.xxx: 3 occurrence(s) 86.54.31.xxx: 3 occurrence(s) 35.216.197.xxx: 3 occurrence(s) 95.86.164.xxx: 2 occurrence(s) 89.43.201.xxx: 2 occurrence(s) 85.198.135.xxx: 2 occurrence(s) 80.250.58.xxx: 2 occurrence(s) 70.120.225.xxx: 2 occurrence(s) 5.20.243.xxx: 2 occurrence(s) 43.224.245.xxx: 2 occurrence(s) 39.172.79.xxx: 2 occurrence(s) 219.240.233.xxx: 2 occurrence(s) 2.63.202.xxx: 2 occurrence(s) 2.50.177.xxx: 2 occurrence(s) 197.44.42.xxx: 2 occurrence(s) 188.163.97.xxx: 2 occurrence(s) 186.123.182.xxx: 2 occurrence(s) 181.25.138.xxx: 2 occurrence(s) 177.220.176.xxx: 2 occurrence(s) 165.16.112.xxx: 2 occurrence(s) 14.191.238.xxx: 2 occurrence(s) 14.185.137.xxx: 2 occurrence(s) 14.174.120.xxx: 2 occurrence(s) 136.232.56.xxx: 2 occurrence(s) 136.232.196.xxx: 2 occurrence(s) 124.240.200.xxx: 2 occurrence(s) 117.254.176.xxx: 2 occurrence(s) 113.53.59.xxx: 2 occurrence(s) 113.28.192.xxx: 2 occurrence(s) 112.135.195.xxx: 2 occurrence(s) 109.197.230.xxx: 2 occurrence(s) 109.165.63.xxx: 2 occurrence(s) 103.96.129.xxx: 2 occurrence(s) 103.95.42.xxx: 2 occurrence(s) 102.33.155.xxx: 2 occurrence(s) 101.99.15.xxx: 2 occurrence(s) 1.1.220.xxx: 2 occurrence(s) 64.225.75.xxx: 1 occurrence(s) 35.240.50.xxx: 1 occurrence(s) 35.240.36.xxx: 1 occurrence(s) 35.187.71.xxx: 1 occurrence(s) 34.76.72.xxx: 1 occurrence(s) 34.140.249.xxx: 1 occurrence(s) 34.140.130.xxx: 1 occurrence(s) 194.187.251.xxx: 1 occurrence(s) 173.239.203.xxx: 1 occurrence(s) 164.90.228.xxx: 1 occurrence(s) 109.105.210.xxx: 1 occurrence(s) 104.199.68.xxx: 1 occurrence(s)List of Computers: ️ null: 31763 occurrence(s) ️ windows: 7 occurrence(s) ️ shodan: 6 occurrence(s) ️ fmnews-int3: 6 occurrence(s) ️ finland: 5 occurrence(s) ️ abuse_xmco_fr: 3 occurrence(s) ️ solaris-main: 1 occurrence(s) ️ scanner: 1 occurrence(s)

[Digger/CH] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 86048 Unique Usernames: 265 Distinct Passwords: 1058 Unique Attacker IPs: 427Port Popularity (Port / Count): Telnet: 77272 SSH: 5770 ️ MSSQL: 2261 ️ RDP: 481 27017: 104 ️ VNC: 68 MySQL: 35 REDIS: 33 ️ SMB: 9 FTP: 8 Synology DSM: 7Top 10 Usernames (Username / Count): root: 56065 admin: 15080 support: 3007 user: 1896 guest: 1155 ubnt: 620 ubuntu: 233 hello: 136 revoke: 120 ciso: 119Top 10 Passwords (Password / Count): admin: 8807 xc3511: 6007 vizxv: 5335 password: 3621 123456: 3563 888888: 3473 12345: 3048 juantech: 3031 default: 3011 support: 3001Top 10 Attacker IPs (IP / Count): 178.128.216.xxx: 6478 185.243.76.xxx: 4410 161.248.37.xxx: 3708 173.255.193.xxx: 3509 103.82.36.xxx: 3150 180.188.198.xxx: 2700 51.255.81.xxx: 2390 54.36.154.xxx: 2380 103.16.128.xxx: 2328 71.19.243.xxx: 2325The OpenCanary Experience is at https://www.toce.ch

[Digger/CH] #opencanary Samba Access Summary for Apr 30This OpenCanary received 0 file sample(s) yesterday.File hashes seen:List of Usernames: administrator: 369 occurrence(s) user2: 87 occurrence(s) admin: 83 occurrence(s) guest: 10 occurrence(s) null: 5 occurrence(s)List of IP Addresses: 203.147.89.xxx: 524 occurrence(s) 45.189.15.xxx: 44 occurrence(s) 81.17.87.xxx: 22 occurrence(s) 5.25.147.xxx: 22 occurrence(s) 42.96.51.xxx: 11 occurrence(s) 200.178.173.xxx: 11 occurrence(s) 103.156.218.xxx: 11 occurrence(s) 35.216.172.xxx: 7 occurrence(s) 213.134.191.xxx: 5 occurrence(s) 45.156.128.xxx: 3 occurrence(s) 83.228.122.xxx: 2 occurrence(s) 5.139.157.xxx: 2 occurrence(s) 46.217.238.xxx: 2 occurrence(s) 36.90.211.xxx: 2 occurrence(s) 188.68.12.xxx: 2 occurrence(s) 188.65.247.xxx: 2 occurrence(s) 188.3.71.xxx: 2 occurrence(s) 188.163.51.xxx: 2 occurrence(s) 188.163.101.xxx: 2 occurrence(s) 182.160.113.xxx: 2 occurrence(s) 115.75.1.xxx: 2 occurrence(s) 112.28.77.xxx: 2 occurrence(s) 1.10.219.xxx: 2 occurrence(s) 103.167.166.xxx: 2 occurrence(s) 8.211.51.xxx: 1 occurrence(s) 34.78.68.xxx: 1 occurrence(s) 34.62.134.xxx: 1 occurrence(s) 34.22.198.xxx: 1 occurrence(s) 206.81.24.xxx: 1 occurrence(s)List of Computers: ️ abuse_xmco_fr: 7 occurrence(s) ️ desktop-a5ka9du: 5 occurrence(s) ️ windows: 2 occurrence(s)

[Armada/US-East] #opencanary Samba Access Summary for Apr 29This OpenCanary received 28 file sample(s) yesterday.File hashes seen: ► 3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71 : 28 file(s) https://www.virustotal.com/gui/file/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71List of Usernames: administrator: 10633 occurrence(s) admin: 5226 occurrence(s) hp: 4789 occurrence(s) alianet: 1646 occurrence(s) thanh: 236 occurrence(s) cyberart: 226 occurrence(s) admins: 156 occurrence(s) thi: 138 occurrence(s) pc1: 124 occurrence(s) huyen: 118 occurrence(s) gsd: 107 occurrence(s) zc_domain: 87 occurrence(s) serveripark: 87 occurrence(s) amtextile_domain: 87 occurrence(s) bohadmin: 82 occurrence(s) zc_caoxf: 43 occurrence(s) cao: 16 occurrence(s) vinnytroia: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s) message: occurrence(s)List of IP Addresses: 202.58.95.xxx: 11547 occurrence(s) 103.155.168.xxx: 7569 occurrence(s) 103.182.228.xxx: 1313 occurrence(s) 113.183.240.xxx: 867 occurrence(s) 39.36.251.xxx: 436 occurrence(s) 160.120.177.xxx: 386 occurrence(s) 113.22.84.xxx: 359 occurrence(s) 1.22.230.xxx: 278 occurrence(s) 125.120.205.xxx: 259 occurrence(s) 164.77.210.xxx: 220 occurrence(s) 115.84.113.xxx: 210 occurrence(s) 218.205.64.xxx: 209 occurrence(s) 36.91.72.xxx: 174 occurrence(s) 125.164.37.xxx: 153 occurrence(s) 186.10.74.xxx: 110 occurrence(s) 115.84.224.xxx: 110 occurrence(s) 154.192.131.xxx: 108 occurrence(s) 59.92.86.xxx: 103 occurrence(s) 186.10.23.xxx: 66 occurrence(s) 152.200.195.xxx: 63 occurrence(s) 118.68.51.xxx: 56 occurrence(s) 186.67.106.xxx: 55 occurrence(s) 115.75.37.xxx: 48 occurrence(s) 222.127.97.xxx: 46 occurrence(s) 193.227.16.xxx: 45 occurrence(s) 202.53.6.xxx: 44 occurrence(s) 201.187.98.xxx: 44 occurrence(s) 139.5.157.xxx: 44 occurrence(s) 139.167.216.xxx: 44 occurrence(s) 139.135.156.xxx: 44 occurrence(s) 117.7.107.xxx: 44 occurrence(s) 111.92.62.xxx: 44 occurrence(s) 103.37.83.xxx: 44 occurrence(s) 119.95.15.xxx: 43 occurrence(s) 14.161.144.xxx: 29 occurrence(s) 62.103.64.xxx: 25 occurrence(s) 89.33.222.xxx: 22 occurrence(s) 85.95.178.xxx: 22 occurrence(s) 59.89.215.xxx: 22 occurrence(s) 58.69.149.xxx: 22 occurrence(s) 49.249.85.xxx: 22 occurrence(s) 49.249.148.xxx: 22 occurrence(s) 49.145.199.xxx: 22 occurrence(s) 39.144.59.xxx: 22 occurrence(s) 36.226.220.xxx: 22 occurrence(s) 31.163.111.xxx: 22 occurrence(s) 203.160.167.xxx: 22 occurrence(s) 202.88.244.xxx: 22 occurrence(s) 202.65.138.xxx: 22 occurrence(s) 2.135.121.xxx: 22 occurrence(s) 197.254.236.xxx: 22 occurrence(s) 196.202.71.xxx: 22 occurrence(s) 189.190.183.xxx: 22 occurrence(s) 187.18.66.xxx: 22 occurrence(s) 186.67.186.xxx: 22 occurrence(s) 186.10.24.xxx: 22 occurrence(s) 182.253.169.xxx: 22 occurrence(s) 171.235.182.xxx: 22 occurrence(s) 152.230.27.xxx: 22 occurrence(s) 124.106.67.xxx: 22 occurrence(s) 119.93.111.xxx: 22 occurrence(s) 117.244.41.xxx: 22 occurrence(s) 117.232.102.xxx: 22 occurrence(s) 117.219.17.xxx: 22 occurrence(s) 117.217.131.xxx: 22 occurrence(s) 117.216.139.xxx: 22 occurrence(s) 111.92.23.xxx: 22 occurrence(s) 103.75.84.xxx: 22 occurrence(s) 103.194.89.xxx: 22 occurrence(s) 103.179.233.xxx: 22 occurrence(s) 103.163.112.xxx: 22 occurrence(s) 201.218.180.xxx: 21 occurrence(s) 14.226.1.xxx: 19 occurrence(s) 189.154.15.xxx: 12 occurrence(s) 65.140.82.xxx: 11 occurrence(s) 59.182.234.xxx: 11 occurrence(s) 49.249.2.xxx: 11 occurrence(s) 36.156.195.xxx: 11 occurrence(s) 222.127.152.xxx: 11 occurrence(s) 202.79.29.xxx: 11 occurrence(s) 202.142.145.xxx: 11 occurrence(s) 190.181.26.xxx: 11 occurrence(s) 183.81.19.xxx: 11 occurrence(s) 120.28.148.xxx: 11 occurrence(s) 119.14.0.xxx: 11 occurrence(s) 210.212.65.xxx: 10 occurrence(s) 125.20.39.xxx: 10 occurrence(s) 110.39.189.xxx: 10 occurrence(s) 103.105.224.xxx: 10 occurrence(s) 156.201.76.xxx: 8 occurrence(s) 123.200.3.xxx: 8 occurrence(s) 117.251.18.xxx: 8 occurrence(s) 125.20.110.xxx: 5 occurrence(s) 71.6.199.xxx: 3 occurrence(s) 89.188.179.xxx: 2 occurrence(s) 70.120.225.xxx: 2 occurrence(s) 60.243.101.xxx: 2 occurrence(s) 37.203.96.xxx: 2 occurrence(s) 220.136.32.xxx: 2 occurrence(s) 202.150.141.xxx: 2 occurrence(s) 200.21.57.xxx: 2 occurrence(s) 196.189.232.xxx: 2 occurrence(s) 186.167.81.xxx: 2 occurrence(s) 183.245.54.xxx: 2 occurrence(s) 182.66.255.xxx: 2 occurrence(s) 180.171.147.xxx: 2 occurrence(s) 147.235.217.xxx: 2 occurrence(s) 143.44.162.xxx: 2 occurrence(s) 14.179.57.xxx: 2 occurrence(s) 14.176.131.xxx: 2 occurrence(s) 137.97.228.xxx: 2 occurrence(s) 125.19.139.xxx: 2 occurrence(s) 103.170.202.xxx: 2 occurrence(s) 103.101.119.xxx: 2 occurrence(s) 35.240.121.xxx: 1 occurrence(s) 34.78.6.xxx: 1 occurrence(s) 34.76.117.xxx: 1 occurrence(s) 34.34.178.xxx: 1 occurrence(s) 178.162.204.xxx: 1 occurrence(s) 165.227.173.xxx: 1 occurrence(s) 146.190.103.xxx: 1 occurrence(s)List of Computers: ️ null: 12500 occurrence(s) ️ windows: 3 occurrence(s) ️ shodan: 3 occurrence(s) ️ scanner: 1 occurrence(s)

[Sentinel/US-West] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 58242 Unique Usernames: 338 Distinct Passwords: 365 Unique Attacker IPs: 867Port Popularity (Port / Count): ️ RDP: 28099 ️ MSSQL: 10222 ️ VNC: 8757 SSH: 6021 ️ SMB: 4298 Telnet: 798 REDIS: 41 MySQL: 3 HTTP: 2 FTP: 1Top 10 Usernames (Username / Count): 35: 14461 hello: 1576 root: 758 admin: 401 ubuntu: 128 debian: 115 user: 102 default: 101 administr: 90 test: 35Top 10 Passwords (Password / Count): 123456: 73 default: 57 admin: 50 S2fGqNFs: 40 root: 39 password: 37 xc3511: 34 1111: 33 pass: 27 1234: 27Top 10 Attacker IPs (IP / Count): 104.192.6.xxx: 9948 103.155.168.xxx: 2867 47.129.236.xxx: 1666 127.0.0.xxx: 1437 45.227.254.xxx: 1330 196.64.232.xxx: 1128 103.182.228.xxx: 669 8.26.21.xxx: 578 152.53.177.xxx: 485 119.8.155.xxx: 419The OpenCanary Experience is at https://www.toce.ch

[Sentinel/US-West] #opencanary analysis for yesterdaySummary: Total Connection Attempts: 47785 Unique Usernames: 162 Distinct Passwords: 387 Unique Attacker IPs: 877Port Popularity (Port / Count): ️ MSSQL: 17936 ️ RDP: 13218 ️ VNC: 10401 SSH: 5174 ️ SMB: 502 Telnet: 501 REDIS: 40 MySQL: 12 FTP: 1Top 10 Usernames (Username / Count): 35: 6997 root: 543 hello: 390 admin: 160 ubuntu: 126 user: 102 debian: 93 test: 27 deploy: 20 guest: 19Top 10 Passwords (Password / Count): 123456: 53 admin: 46 password: 25 default: 24 root: 24 12345: 22 12345678: 19 1: 18 1234: 17 vizxv: 17Top 10 Attacker IPs (IP / Count): 104.192.6.xxx: 12968 117.30.168.xxx: 1710 127.0.0.xxx: 1436 152.32.140.xxx: 1120 221.203.90.xxx: 891 220.190.103.xxx: 890 8.26.21.xxx: 616 119.8.155.xxx: 561 47.129.236.xxx: 557 36.228.88.xxx: 467The OpenCanary Experience is at https://www.toce.ch