Active Threat • MEDIUM

103.199.19.57

Country of Origin🇻🇳 Vietnam

First Detection3/27/2026

Last Activity3/30/2026

ISP365 Online technology joint stock company

🎯

491

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇻🇳 Vietnam
City: Unknown
ASN: AS63734
ISP: 365 Online technology joint stock company

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

012536bddc19d9461a76...→28ba533b0f3c4df63d6b...→7063dece7cccf374d9fa...→f2b9a6bbfbd685380014...→

Attempted Credentials

🔐root/admin

🔐admin/password

🔐admin/admin

🔐root/DS920+

🔐root/root

🔐root/AS6604T

🔐root/TVS-872XT

🔐raspberry/$BLANKPASS

🔐root/RN212

🔐root/AS3202T

🔐root/TS-231

🔐root/RR4312X

🔐root/TS-451+

🔐backup/netgear

🔐debian/temppwd

Executed Commands

$hostname1x

$free -h 2>/dev/null | grep Mem | awk '{print $2}' 2>/dev/null1x

$uname -a1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

21222553801101434434655878879939954400567880458080909090911600016001

Hostnames

dev.pidpharma.commail.1102.eu.orgharichu.net1102.eu.org

CPEs

cpe:/a:minio:miniocpe:/a:gunicorn:gunicorncpe:/a:f5:nginxcpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:9.6p1cpe:/a:pureftpd:pure-ftpdcpe:/a:postfix:postfixcpe:/a:n8n:n8ncpe:/a:nodejs:nodejscpe:/a:python:pythoncpe:/a:amazon:elastic_load_balancing

Risk Assessment

/100

LowMediumHighCritical