TROYANOSYVIRUS
Amenaza ActivaALTO

154.90.54.142

Pais de Origen🇦🇪 AE
Primera Deteccion20/3/2026
Ultima Actividad26/3/2026
ISPKaopu Cloud HK Limited
🎯
683
Ataques Totales
🔌
1
Puertos
📡
1
Tipos Ataque
🦠
31
Malware

Geolocalizacion

Pais
🇦🇪 AE
Ciudad
Dubai
ASN
AS138915
ISP
Kaopu Cloud HK Limited

Tipos de Ataque

ssh_telnet_honeypot

Puertos Atacados

22

Malware Asociado

091ea8f24da3e712cb86...09a3e612f8cad1560057...0c1d6f3a64e26471add5...23549132d767d928207f...264f11b0a99cd71834d5...

Credenciales Intentadas

🔐345gs5662d34/345gs5662d34
7x
🔐yasin/3245gs5662d34
1x
🔐nikita/1234
1x
🔐marek/marekpass
1x
🔐jboss/Jboss123!
1x
🔐marie/3245gs5662d34
1x
🔐shubham/password
1x
🔐a/apassword
1x
🔐sd/3245gs5662d34
1x
🔐cockpit/3245gs5662d34
1x
🔐qwerty/123456
1x
🔐lisi/1234
1x
🔐crafty/12345
1x
🔐victor/victor123
1x
🔐ubuntuuser/123
1x

Comandos Ejecutados

$Enter new UNIX password:14x
$lscpu | grep Model7x
$cd ~; chattr -ia .ssh; lockr -ia .ssh7x
$uname -a7x
$w7x
$cat /proc/cpuinfo | grep name | wc -l7x
$crontab -l7x
$cat /proc/cpuinfo | grep model | grep name | wc -l7x
$which ls7x
$uname7x

Exposicion segun Shodan InternetDBShodan

Datos de InternetDB, actualizacion no en tiempo real

Puertos
2280
Vulnerabilidades
CVE-2022-29404CVE-2022-28615CVE-2012-3526CVE-2024-43204CVE-2007-4723CVE-2024-38474CVE-2006-20001CVE-2022-30556CVE-2013-0942CVE-2013-2765CVE-2024-39573CVE-2025-53020CVE-2011-2688CVE-2025-59775CVE-2025-66200CVE-2023-25690CVE-2023-31122CVE-2022-31813CVE-2024-38477CVE-2012-4360
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1cpe:/a:apache:http_server:2.4.52

Evaluacion de Riesgo

62
/100
BajoMedioAltoCritico