Active Threat • HIGH

200.8.228.57

Country of Origin🇻🇪 VE

First Detection1/24/2026

Last Activity2/28/2026

ISPCorporacion Telemic C.A.

🎯

454

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇻🇪 VE
City: Puerto Ordaz and San Felix
ASN: AS21826
ISP: Corporacion Telemic C.A.

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

01ba4719c80b6fe911b0...→09a3e612f8cad1560057...→28720365c5e7476a011e...→28ba533b0f3c4df63d6b...→3f1f9a5db692d999bb3d...→

Attempted Credentials

🔐root/3245gs5662d34

🔐345gs5662d34/345gs5662d34

🔐root/hc123456!

🔐root/999999999

🔐root/abc123!@#

🔐root/123456...

🔐root/Admin123...

🔐root/zxczxczxc

🔐root/Azerty@123

🔐root/A123456.

🔐root/Sangfor@123

🔐root/1234qwer

Executed Commands

$crontab -l3x

$cat /proc/cpuinfo | grep model | grep name | wc -l3x

$uname -m3x

$ls -lh $(which ls)3x

$top3x

$uname -a3x

$lockr -ia .ssh3x

$w3x

$uname3x

$lscpu | grep Model2x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

22808111111945269528053535432543380008009801010000

Vulnerabilities

CVE-2015-3184CVE-2021-26690CVE-2016-5636CVE-2013-0942CVE-2024-39573CVE-2021-44790CVE-2011-2688CVE-2016-5699CVE-2019-9636CVE-2025-6075CVE-2023-25690CVE-2023-31122CVE-2016-8743CVE-2019-16056CVE-2023-40217CVE-2015-3185CVE-2012-4360CVE-2025-13836CVE-2016-2161CVE-2022-36760

CPEs

cpe:/a:jquery:jquery:3.2.1cpe:/o:debian:debian_linuxcpe:/a:apache:http_server:2.4.10cpe:/a:getbootstrap:bootstrapcpe:/a:perl:perlcpe:/a:webmin:webmincpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:9.6p1cpe:/a:postgresql:postgresql:9.4cpe:/a:cloudflare:cloudflarecpe:/a:python:python:2.7.9

Risk Assessment

/100

LowMediumHighCritical