TROYANOSYVIRUS
Active ThreatHIGH

154.90.54.142

Country of Origin🇦🇪 AE
First Detection3/20/2026
Last Activity3/26/2026
ISPKaopu Cloud HK Limited
🎯
683
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
31
Malware

Geolocation

Country
🇦🇪 AE
City
Dubai
ASN
AS138915
ISP
Kaopu Cloud HK Limited

Attack Types

ssh_telnet_honeypot

Attacked Ports

22

Associated Malware

091ea8f24da3e712cb86...09a3e612f8cad1560057...0c1d6f3a64e26471add5...23549132d767d928207f...264f11b0a99cd71834d5...

Attempted Credentials

🔐345gs5662d34/345gs5662d34
7x
🔐yasin/3245gs5662d34
1x
🔐nikita/1234
1x
🔐marek/marekpass
1x
🔐jboss/Jboss123!
1x
🔐marie/3245gs5662d34
1x
🔐shubham/password
1x
🔐a/apassword
1x
🔐sd/3245gs5662d34
1x
🔐cockpit/3245gs5662d34
1x
🔐qwerty/123456
1x
🔐lisi/1234
1x
🔐crafty/12345
1x
🔐victor/victor123
1x
🔐ubuntuuser/123
1x

Executed Commands

$Enter new UNIX password:14x
$lscpu | grep Model7x
$cd ~; chattr -ia .ssh; lockr -ia .ssh7x
$uname -a7x
$w7x
$cat /proc/cpuinfo | grep name | wc -l7x
$crontab -l7x
$cat /proc/cpuinfo | grep model | grep name | wc -l7x
$which ls7x
$uname7x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
2280
Vulnerabilities
CVE-2022-29404CVE-2022-28615CVE-2012-3526CVE-2024-43204CVE-2007-4723CVE-2024-38474CVE-2006-20001CVE-2022-30556CVE-2013-0942CVE-2013-2765CVE-2024-39573CVE-2025-53020CVE-2011-2688CVE-2025-59775CVE-2025-66200CVE-2023-25690CVE-2023-31122CVE-2022-31813CVE-2024-38477CVE-2012-4360
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1cpe:/a:apache:http_server:2.4.52

Risk Assessment

62
/100
LowMediumHighCritical