TROYANOSYVIRUS
Ameaca AtivaMEDIO

42.200.78.166

Pais de Origem🇭🇰 Hong Kong
Primeira Deteccao22/04/2026
Ultima Atividade22/04/2026
ISPHKT Limited
🎯
199
Ataques Totais
🔌
1
Portas
📡
1
Tipos de Ataque
🦠
19
Malware

Geolocalizacao

Pais
🇭🇰 Hong Kong
Cidade
Desconhecida
ASN
AS4760
ISP
HKT Limited

Tipos de Ataque

ssh_telnet_honeypot

Portas Atacadas

22

Malware Associado

09a3e612f8cad1560057...0b2769bc6df09bf6cc34...28720365c5e7476a011e...28ba533b0f3c4df63d6b...3499dcfafeee9be9dc67...

Credenciais Tentadas

🔐ubuntu/Aa@123456789
1x
🔐testdb/testdb123
1x
🔐root/qazwsx2019@@
1x
🔐root/passwort
1x
🔐manager/test
1x
🔐postgresql/123456
1x
🔐deploy/frappe!@
1x
🔐root/root321..
1x
🔐ubuntu/Guest2024!
1x
🔐jose/3245gs5662d34
1x
🔐front-user/front-user123
1x
🔐john/test123
1x
🔐ali/Ali8
1x
🔐mysql/mysql@2025
1x
🔐root/1234!@#$qwer
1x

Comandos Executados

$Enter new UNIX password:2x
$ls -lh $(which ls)1x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'1x
$uname -a1x
$w1x
$echo "123456\niW5RijYGKOYe\niW5RijYGKOYe\n"|passwd1x
$cat /proc/cpuinfo | grep name | wc -l1x
$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$which ls1x

Exposicao Shodan InternetDBShodan

Dados InternetDB, nao em tempo real

Portas
443119417238080808188991001222022
Hostnames
42-200-78-166.static.imsbiz.comwww.draytek.com
CPEs
cpe:/a:synology:diskstation_manager:7.1-42661cpe:/a:openbsd:openssh:6.6.1cpe:/a:f5:nginxcpe:/a:sencha:ext_js

Avaliacao de Risco

55
/100
BaixoMedioAltoCritico