Ameaca Ativa • MEDIO
79.117.118.49
Pais de Origem🇪🇸 Espana
Primeira Deteccao21/03/2026
Ultima Atividade21/03/2026
ISPDigi Spain Telecom S.A
🎯
225
Ataques Totais
🔌
1
Portas
📡
1
Tipos de Ataque
🦠
15
Malware
Geolocalizacao
- Pais
- 🇪🇸 Espana
- Cidade
- Desconhecida
- ASN
- AS57269
- ISP
- Digi Spain Telecom S.A
Tipos de Ataque
ssh_telnet_honeypot
Portas Atacadas
22
Malware Associado
Comandos Executados
$
echo 'debian:22:ZnK OK - checking sudo'; echo 'ZnK26KyeZnK26Kye' | sudo -S id 2>/dev/null || echo 'no sudo'4x$
echo "=== HOSTNAME ==="; hostname 2>/dev/null || cat /etc/hostname; echo "=== IP ==="; ip -4 addr show | grep inet | grep -v 127.0.0.1 | head -5; echo "=== TPOT STATUS ==="; sudo systemctl status tpot --no-pager 2>&1 | head -5 || echo "no tpot service"; echo "=== DOCKER ==="; sudo docker ps --format "{{.Names}}\t{{.Status}}" 2>/dev/null | head -40 || echo "no docker"; echo "=== TPOT TYPE ==="; cat ~/tpotce/.env 2>/dev/null | grep -E "TPOT_TYPE|TPOT_HIVE_IP|TPOT_HIVE_USER" || echo "no .env"; echo4x$
echo "=== USERS ==="; cat /etc/passwd | grep -E "tsec|tpot|root" | cut -d: -f1,6; ; echo "=== TPOT HOME ==="; ls -la /home/tsec/tpotce/.env 2>/dev/null && cat /home/tsec/tpotce/.env 2>/dev/null | grep -E "TPOT_TYPE|TPOT_HIVE|EWS|HPFEEDS" || echo "cannot read tsec .env"; ; echo "=== DOCKER CHECK ==="; ls -la /usr/bin/docker 2>/dev/null || ls -la /usr/local/bin/docker 2>/dev/null || echo "no docker binary visible"; ls -la /var/run/docker.sock 2>/dev/null || echo "no docker socket visible"; ; echo 4x$
hostname; cat /etc/os-release 2>/dev/null | head -2; echo "---"; ls -la /home/tsec/tpotce/ 2>/dev/null || echo "NO ~/tpotce"; ls -la /opt/tpot/ 2>/dev/null | head -3 || echo "NO /opt/tpot"; which docker 2>/dev/null || echo "NO docker"; ls /var/run/docker.sock 2>/dev/null || echo "NO docker socket"; echo "---"; cat /etc/passwd | grep -E "tsec|tpot" || echo "no tsec/tpot user"; echo "---"; ss -tpn 2>/dev/null | head -10 || netstat -tpn 2>/dev/null | head -10 || echo "cannot check connections"; ech4x$
cat /etc/passwd | grep -E tsec|tpot|root | cut -d: -f1,64x$
hostname -f4x$
ss -tpn 2 > /dev/null | head -103x$
cat /proc/net/tcp 2 > /dev/null | awk {print \$2} | cut -d: -f2 | sort -u | while read hex3x$
cat /etc/os-release | head -2; echo "---DISK---"; df -h / 2>/dev/null | tail -1; echo "---PROC---"; ps aux 2>/dev/null | wc -l; echo "---LISTEN---"; cat /proc/net/tcp 2>/dev/null | head -5 || echo "cannot read"; echo "---UPTIME---"; uptime3x$
done | sort -n | uniq | head -203xExposicao Shodan InternetDBShodan
Dados InternetDB, nao em tempo real
Avaliacao de Risco
55
/100
BaixoMedioAltoCritico