Active Threat • HIGH

38.250.161.250

Country of Origin🇵🇪 PE

First Detection4/2/2026

Last Activity4/12/2026

ISPRed Cientifica Peruana

🎯

540

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇵🇪 PE
City: Unknown
ASN: AS3132
ISP: Red Cientifica Peruana

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

01ba4719c80b6fe911b0...→01d91e21c298e316e06d...→09a3e612f8cad1560057...→1bfa09ee11478379f347...→20709ab04f54ed0d3ccb...→

Attempted Credentials

🔐345gs5662d34/345gs5662d34

🔐root/3245gs5662d34

🔐root/P@ss2024

🔐ali/ali!2026

🔐ghost/ghost123

🔐root/admin0.

🔐root/rangers

🔐root/Root2026..

🔐ubuntu/a12345678.

🔐root/ASDzxc123

🔐root/lucky

🔐root/bbAA123123

🔐root/20250727

🔐root/Xr123456.

🔐sammy/3245gs5662d34

Executed Commands

$Enter new UNIX password:6x

$cd ~; chattr -ia .ssh; lockr -ia .ssh5x

$ls -lh $(which ls)5x

$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'5x

$w5x

$cat /proc/cpuinfo | grep name | wc -l5x

$crontab -l5x

$cat /proc/cpuinfo | grep model | grep name | wc -l5x

$which ls5x

$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'5x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

2280300050005432

CPEs

cpe:/o:canonical:ubuntu_linuxcpe:/a:postgresql:postgresqlcpe:/a:expressjs:expresscpe:/a:openbsd:openssh:9.6p1cpe:/a:nodejs:node.js

Risk Assessment

/100

LowMediumHighCritical