TROYANOSYVIRUS
Active ThreatCRITICAL

165.227.161.0

Country of Origin🇩🇪 Germany
First Detection4/4/2026
Last Activity4/8/2026
ISPDigitalOcean, LLC
🎯
150
Total Attacks
🔌
20
Ports
📡
6
Attack Types
🦠
2
Malware

Geolocation

Country
🇩🇪 Germany
City
Frankfurt am Main
ASN
AS14061
ISP
DigitalOcean, LLC

Attack Types

ssh_telnet_honeypot
printer_honeypot
smtp_honeypot
malware_capture
web_honeypot
tcp_trap

Attacked Ports

212223258063112341911252548916000644380008086850090429092102501143418789

Associated Malware

6a031bec86a91a28b1f5...9d1e0e2d9459d06523ad...

Attempted Credentials

🔐GET /cgi-bin/authLogin.cgi HTTP/1.1/Host: 51.222.138.43:23
3x
🔐User-Agent: Go-http-client/1.1/Connection: close
3x
🔐User-Agent: Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)/Accept: */*
1x
🔐GET / HTTP/1.1/Host: 51.222.138.43:23
1x

Executed Commands

$Accept-Encoding: gzip2x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
2280443
Vulnerabilities
CVE-2023-44487CVE-2021-23017CVE-2025-23419CVE-2021-3618
Hostnames
www.holamundoo.comholamundoo.com
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:f5:nginx:1.18.0cpe:/o:linux:linux_kernelcpe:/a:php:php:8.4.18cpe:/a:openbsd:openssh:8.9p1

Risk Assessment

87
/100
LowMediumHighCritical