TROYANOSYVIRUS
Ameaca AtivaALTO

197.248.207.139

Pais de Origem🇰🇪 KE
Primeira Deteccao21/03/2026
Ultima Atividade27/03/2026
ISPSafaricom
🎯
776
Ataques Totais
🔌
1
Portas
📡
1
Tipos de Ataque
🦠
34
Malware

Geolocalizacao

Pais
🇰🇪 KE
Cidade
Nairobi
ASN
AS37061
ISP
Safaricom

Tipos de Ataque

ssh_telnet_honeypot

Portas Atacadas

22

Malware Associado

01ba4719c80b6fe911b0...09a3e612f8cad1560057...12a6e9a84374d201590f...134039a7d2ef09ea804a...1f3b0db7777d0bdf0c3d...

Credenciais Tentadas

🔐345gs5662d34/345gs5662d34
8x
🔐ntps/ntps@123456
1x
🔐root/avatar
1x
🔐root/wang@123
1x
🔐vhpadmin/password
1x
🔐root/Asd123..
1x
🔐otrs/otrs@123456
1x
🔐1/1@123456
1x
🔐root/1887415157
1x
🔐root/1234569
1x
🔐root/Qwerty13
1x
🔐root/cc123123
1x
🔐user03/user03pass
1x
🔐sd/3245gs5662d34
1x
🔐ossuser/3245gs5662d34
1x

Comandos Executados

$Enter new UNIX password:14x
$ls -lh $(which ls)8x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'8x
$uname -a8x
$w8x
$cd ~; chattr -ia .ssh; lockr -ia .ssh8x
$cat /proc/cpuinfo | grep name | wc -l8x
$crontab -l8x
$cat /proc/cpuinfo | grep model | grep name | wc -l8x
$which ls8x

Exposicao Shodan InternetDBShodan

Dados InternetDB, nao em tempo real

Portas
538012374438443
Vulnerabilidades
CVE-2017-6459CVE-2016-4954CVE-2016-7431CVE-2015-7850CVE-2015-5300CVE-2016-7427CVE-2016-7429CVE-2015-7974CVE-2015-3405CVE-2016-4956CVE-2015-7855CVE-2016-1550CVE-2015-7853CVE-2015-7854CVE-2020-15025CVE-2018-7182CVE-2016-7426CVE-2016-9311CVE-2015-7848CVE-2015-7977
Hostnames
197-248-207-139.safaricombusiness.co.ke
CPEs
cpe:/a:f5:nginxcpe:/a:ntp:ntp:4.2.8:p15

Avaliacao de Risco

62
/100
BaixoMedioAltoCritico