Ameaca Ativa • MEDIO

49.0.194.167

Pais de Origem🇹🇭 Tailandia

Primeira Deteccao22/03/2026

Ultima Atividade22/03/2026

ISPHUAWEI CLOUDS

🎯

212

Ataques Totais

🔌

Portas

📡

Tipos de Ataque

🦠

Malware

Geolocalizacao

Pais: 🇹🇭 Tailandia
Cidade: Bangkok
ASN: AS136907
ISP: HUAWEI CLOUDS

Tipos de Ataque

ssh_telnet_honeypot

Portas Atacadas

Malware Associado

01ba4719c80b6fe911b0...→04f1b5956f28bff25d48...→09a3e612f8cad1560057...→28720365c5e7476a011e...→28ba533b0f3c4df63d6b...→

Credenciais Tentadas

🔐345gs5662d34/345gs5662d34

🔐dietpi/Dietpi

🔐setup/Setup

🔐User/User

🔐anil/123

🔐root/3245gs5662d34

🔐lijia/Lijia123!

🔐User/3245gs5662d34

🔐stage/stagestage

🔐gast/Gast123!

🔐afa/afaafa

🔐root/zhiyu@123

🔐root/123456789aA@

🔐conectar/12345

🔐admin1234/admin1234password

Comandos Executados

$lscpu | grep Model2x

$ls -lh $(which ls)2x

$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'2x

$uname -a2x

$w2x

$cat /proc/cpuinfo | grep name | wc -l2x

$crontab -l2x

$cat /proc/cpuinfo | grep model | grep name | wc -l2x

$which ls2x

$Enter new UNIX password:2x

Exposicao Shodan InternetDBShodan

Dados InternetDB, nao em tempo real

Portas

8022228080

Vulnerabilidades

CVE-2022-2068CVE-2011-2688CVE-2018-0732CVE-2020-1934CVE-2009-3767CVE-2024-38472CVE-2025-49812CVE-2021-32791CVE-2023-2650CVE-2023-31122CVE-2014-3523CVE-2025-68160CVE-2023-0464CVE-2016-8612CVE-2013-4365CVE-2017-3736CVE-2019-17567CVE-2022-28615CVE-2022-22721CVE-2024-38476

Hostnames

ecs-49-0-194-167.compute.hwclouds-dns.com

CPEs

cpe:/a:gitlab:gitlabcpe:/o:canonical:ubuntu_linuxcpe:/o:centos:centoscpe:/a:openssl:openssl:1.0.2kcpe:/a:apache:http_server:2.4.6cpe:/a:f5:nginxcpe:/a:openbsd:openssh:9.6p1

Avaliacao de Risco

/100

BaixoMedioAltoCritico