Active Threat • HIGH

103.189.234.82

Country of Origin🇮🇩 Indonesia

First Detection3/14/2026

Last Activity3/25/2026

ISPCloud Host Pte Ltd

🎯

509

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇮🇩 Indonesia
City: Unknown
ASN: AS138608
ISP: Cloud Host Pte Ltd

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

01ba4719c80b6fe911b0...→09a3e612f8cad1560057...→28720365c5e7476a011e...→28ba533b0f3c4df63d6b...→2c7e72ee76e0e2fa5508...→

Attempted Credentials

🔐345gs5662d34/345gs5662d34

🔐root/teste123

🔐carlos/3245gs5662d34

🔐km/1234

🔐user10/123

🔐uftp/password

🔐carlos/carlos123!

🔐root/3245gs5662d34

🔐trans/trans123!

🔐amp/123456

🔐km/3245gs5662d34

🔐amp/3245gs5662d34

🔐zzy/password

🔐silvia/3245gs5662d34

🔐clement/password

Executed Commands

$Enter new UNIX password:8x

$ls -lh $(which ls)5x

$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'5x

$uname -a5x

$w5x

$cd ~; chattr -ia .ssh; lockr -ia .ssh5x

$which ls5x

$uname5x

$whoami5x

$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'5x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

2280443

Vulnerabilities

CVE-2023-44487CVE-2025-23419

Hostnames

mapping-stg.rekonek.comip103-189-234-82.cloudhost.web.id

CPEs

cpe:/a:vercel:next.jscpe:/o:canonical:ubuntu_linuxcpe:/a:f5:nginx:1.24.0cpe:/a:openbsd:openssh:9.6p1cpe:/a:facebook:reactcpe:/o:linux:linux_kernel

Risk Assessment

/100

LowMediumHighCritical