TROYANOSYVIRUS
Active Threat β€’ HIGH

138.68.58.48

First Detection3/18/2026
Last Activity3/27/2026
ISPDigitalOcean, LLC
🎯
123
Total Attacks
πŸ”Œ
3
Ports
πŸ“‘
3
Attack Types
🦠
1
Malware

Geolocation

Country
πŸ‡ΊπŸ‡Έ United States
City
Santa Clara
ASN
AS14061
ISP
DigitalOcean, LLC

Attack Types

tcp_trap
ssh_telnet_honeypot
malware_capture

Attacked Ports

23443445

Associated Malware

e3b0c44298fc1c149afb...β†’

Attempted Credentials

πŸ”<to>http://192.168.10.100/msmq/private$/queuejumper</to>/<id>uuid:1@00000000-0000-0000-0000-000000000000</id>
1x
πŸ”Content-Type: application/octet-stream/Content-Length: 7
1x
πŸ”Call-ID: 50000/CSeq: 42 OPTIONS
1x
πŸ”Content-Id: body@ff3af301-3196-497a-a918-72147c871a13/(empty)
1x
πŸ”Max-Forwards: 70/Content-Length: 0
1x
πŸ” <properties se:mustUnderstand="1">/<expiresAt>20600609T164419</expiresAt>
1x
πŸ” <action>MSMQ:poc</action>/<to>http://192.168.10.100/msmq/private$/queuejumper</to>
1x
πŸ”Content-Type: text/xml; charset=UTF-8/Content-Length: 606
1x
πŸ”Contact: <sip:nm@nm>/Accept: application/sdp
1x
πŸ”b'\x10\x00\x03\x00LIORL\t\x00\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\xaa\xbed\x01\x00\x00\x00\x01\x1c \x02`\x00h\x00t\x00t\x00p\x00:\x00/\/xmlns="http://schemas.xmlsoap.org/srmp/">
1x
πŸ”<path xmlns="http://schemas.xmlsoap.org/rp/" se:mustUnderstand="1">/<action>MSMQ:poc</action>
1x
πŸ”Content-Type: multipart/related; boundary="MSMQ - SOAP boundary, 53287"; type=text/xml/Host: 192.168.10.100
1x
πŸ”GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0/(empty)
1x
πŸ”b'0\x84\x00\x00\x00-\x02\x01\x07c\x84\x00\x00\x00$\x04\x00'/
1x
πŸ”From: <sip:nm@nm>;tag=root/To: <sip:nm2@nm2>
1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
22
Hostnames
prod-barium-sfo2-59.do.binaryedge.ninja
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1

Risk Assessment

70
/100
LowMediumHighCritical