Active Threat • MEDIUM

66.116.205.1

Country of Origin🇮🇳 India

First Detection1/9/2026

Last Activity5/6/2026

ISPORACLE-BMC-31898

🎯

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇮🇳 India
City: Mumbai
ASN: AS31898
ISP: ORACLE-BMC-31898

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

28ba533b0f3c4df63d6b...→94f2e4d8d4436874785c...→b0b99832969a1cb15c27...→

Attempted Credentials

🔐root/ubuntu

🔐root/debian

Executed Commands

chmod +x ./.3745114224229682595/sshd;nohup ./.3745114224229682595/sshd 50.6.228.52 218.205.37.160 123.58.212.100 43.252.230.102 139.9.213.204 122.228.86.100 180.76.168.116 103.210.22.17 112.28.209.102 103.121.91.144 120.92.105.170 0.0.0.0 116.128.243.59 91.132.142.253 42.51.49.239 183.56.198.150 120.92.10.155 116.169.58.224 183.236.48.45 172.245.43.228 221.10.21.25 101.237.38.4 177.136.246.131 46.101.107.202 43.226.36.171 50.6.231.130 42.4.63.120 114.218.57.21 59.63.188.245 141.148.140.182 106.1

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

224432222

Vulnerabilities

CVE-2007-4723CVE-2022-22719CVE-2025-23048CVE-2022-29404CVE-2022-26377CVE-2025-59775CVE-2024-47252CVE-2024-38476CVE-2022-30556CVE-2025-49812CVE-2022-23943CVE-2022-28615CVE-2011-1176CVE-2025-66200CVE-2009-2299CVE-2024-39573CVE-2012-4001CVE-2024-38474CVE-2023-25690CVE-2023-27522

Hostnames

server.internalapp.comess.greenifit.com

CPEs

cpe:/a:openbsd:openssh:8.9p1cpe:/o:canonical:ubuntu_linuxcpe:/a:apache:http_server:2.4.52

Risk Assessment

/100

LowMediumHighCritical