Active Threat • MEDIUM

115.21.72.248

Country of Origin🇰🇷 South Korea

First Detection3/29/2026

Last Activity3/29/2026

ISPKorea Telecom

🎯

173

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇰🇷 South Korea
City: Yangcheon-gu
ASN: AS4766
ISP: Korea Telecom

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

01ba4719c80b6fe911b0...→09a3e612f8cad1560057...→28720365c5e7476a011e...→28ba533b0f3c4df63d6b...→3f1f9a5db692d999bb3d...→

Attempted Credentials

🔐root/Admin123$

🔐root/thomas1234

🔐root/Sa123456.

🔐root/fjbdfdjkdsfs541544@@

🔐root/a0s9d8f7

🔐root/digital@123

🔐root/future

🔐root/Avcon@202433!

🔐root/santos

🔐root/qaz12345!

🔐root/3245gs5662d34

🔐root/12345678qq

🔐root/friday

🔐root/baby

🔐root/123!@#qwe

Executed Commands

$lscpu | grep Model1x

$echo "root:qZc60zb4VaIX"|chpasswd|bash1x

$ls -lh $(which ls)1x

$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'1x

$uname -a1x

$w1x

$cat /proc/cpuinfo | grep name | wc -l1x

$crontab -l1x

$cat /proc/cpuinfo | grep model | grep name | wc -l1x

$which ls1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

2280443500170133067989800013000168005000465000

Vulnerabilities

CVE-2024-21125CVE-2025-50086CVE-2024-21203CVE-2008-3844CVE-2024-21055CVE-2023-22110CVE-2023-22068CVE-2024-20961CVE-2024-21230CVE-2024-21129CVE-2025-50098CVE-2025-50084CVE-2023-22078CVE-2023-22032CVE-2024-21198CVE-2024-21134CVE-2024-21096CVE-2024-20963CVE-2023-22111CVE-2024-21237

Hostnames

www.farminsf.com

CPEs

cpe:/a:encode:uvicorncpe:/a:python:pythoncpe:/a:f5:nginxcpe:/a:f5:nginx:1.25.3cpe:/a:nodejs:node.jscpe:/a:openbsd:openssh:7.6p1cpe:/a:openbsd:openssh:8.9p1cpe:/a:openbsd:openssh:8.7cpe:/a:oracle:mysql:8.0.33cpe:/a:expressjs:expresscpe:/o:canonical:ubuntu_linuxcpe:/a:facebook:react

Risk Assessment

/100

LowMediumHighCritical