Active Threat • HIGH

165.154.6.34

Country of Origin🇭🇰 Hong Kong

First Detection3/18/2026

Last Activity4/3/2026

ISPUCLOUD INFORMATION TECHNOLOGY HK LIMITED

🎯

1,191

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇭🇰 Hong Kong
City: Hong Kong
ASN: AS135377
ISP: UCLOUD INFORMATION TECHNOLOGY HK LIMITED

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

01ba4719c80b6fe911b0...→044bfb560b63f2549146...→07da6cfb2cf701203b98...→083dd99112483dc41530...→09a3e612f8cad1560057...→

Attempted Credentials

🔐345gs5662d34/345gs5662d34

10x

🔐test/test26!

🔐rms/12345678

🔐xml/3245gs5662d34

🔐ahmad/12345678

🔐ubuntu/Qwe123

🔐alice/Alice123

🔐francisco/Francisco123!

🔐geo/Geo123

🔐testuser/1qaz!QAZ

🔐xml/Xml123!

🔐ankit/3245gs5662d34

🔐lekaren/lekaren123!

🔐lyt/Lyt123!

🔐toni/3245gs5662d34

Executed Commands

$Enter new UNIX password:20x

$cd ~; chattr -ia .ssh; lockr -ia .ssh11x

$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'11x

$w11x

$crontab -l11x

$cat /proc/cpuinfo | grep model | grep name | wc -l11x

$which ls11x

$uname11x

$whoami11x

$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'11x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

CPEs

cpe:/o:linux:linux_kernelcpe:/a:openbsd:openssh:9.2p1cpe:/o:debian:debian_linux

Risk Assessment

/100

LowMediumHighCritical