TROYANOSYVIRUS
Active Threat β€’ HIGH

209.38.69.153

First Detection4/6/2026
Last Activity4/9/2026
ISPDigitalOcean, LLC
🎯
1,229
Total Attacks
πŸ”Œ
1
Ports
πŸ“‘
1
Attack Types
🦠
35
Malware

Geolocation

Country
πŸ‡ΊπŸ‡Έ United States
City
Santa Clara
ASN
AS14061
ISP
DigitalOcean, LLC

Attack Types

ssh_telnet_honeypot

Attacked Ports

22

Associated Malware

09a3e612f8cad1560057...β†’0b78cb07a697050a1a32...β†’0c34448622443f535143...β†’164d5fd0cef20d8ff61d...β†’2694199ba4b23821d538...β†’

Attempted Credentials

πŸ”345gs5662d34/345gs5662d34
9x
πŸ”ubuntu/3245gs5662d34
3x
πŸ”root/55
1x
πŸ”root/1qwe
1x
πŸ”ftpuser/hello
1x
πŸ”root/Ls123456
1x
πŸ”test/Q!W@E#R$
1x
πŸ”root/root2022@
1x
πŸ”oper/oper
1x
πŸ”svnuser/root
1x
πŸ”deploy/123
1x
πŸ”deploy/Frappe03
1x
πŸ”root/qaz@123
1x
πŸ”root/Qwe123.
1x
πŸ”root/1q2w3e4r!
1x

Executed Commands

$Enter new UNIX password:16x
$uname9x
$cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'9x
$whoami9x
$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'9x
$uname -a9x
$w9x
$lscpu | grep Model9x
$crontab -l9x
$cat /proc/cpuinfo | grep model | grep name | wc -l9x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
221111
CPEs
cpe:/o:canonical:ubuntu_linuxcpe:/a:openbsd:openssh:9.6p1

Risk Assessment

62
/100
LowMediumHighCritical