TROYANOSYVIRUS
Active Threat β€’ HIGH

52.224.105.13

First Detection2/21/2026
Last Activity4/1/2026
ISPMicrosoft Corporation
🎯
253
Total Attacks
πŸ”Œ
1
Ports
πŸ“‘
1
Attack Types
🦠
3
Malware

Geolocation

Country
πŸ‡ΊπŸ‡Έ United States
City
Washington
ASN
AS8075
ISP
Microsoft Corporation

Attack Types

ssh_telnet_honeypot

Attacked Ports

22

Associated Malware

28ba533b0f3c4df63d6b...β†’4737f702e47a5e99922e...β†’9434722c7bbc87f21fb1...β†’

Attempted Credentials

πŸ”root/minoxidil4you02020
1x
πŸ”%company%/root123%
1x
πŸ”minoxidil4you/Minoxidil4you.2015
1x
πŸ”minoxidil4you/user@12345
1x
πŸ”root/minoxidil4you2016!
1x
πŸ”root/minoxidil4you@2020
1x
πŸ”root/Minoxidil4you2022@
1x
πŸ”%company%/123456root
1x
πŸ”minoxidil4you/minoxidil4you$$$
1x
πŸ”minoxidil4you/Minoxidil4you1234
1x
πŸ”root/password1234?
1x
πŸ”minoxidil4you/Minoxidil4you2018!
1x
πŸ”minoxidil4you/Minoxidil4you2017!
1x
πŸ”minoxidil4you/Minoxidil4you2018
1x
πŸ”root/minoxidil4you12345@
1x

Executed Commands

$export HOME=/dev/null;export HISTFILE=/dev/null;chattr -isa /root/.ssh/authorized_keys;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYteFBiVVKhUucH8Jjuzlh9pNriiQJFagSbuI1FN5czogKvtyc/ayDvt2T7w5UMuo1kIYefBQRKc661934f6dd2a58NAIs7ehhoG56IVFPUdooUza00ziduX/8vgd29UmSZk8Y+7bAh0cP43C3N0/M6RlV8Qy2onqrF02RbeTu9tzhuBBJA//7ZHzoL/0dbGhwrGOrxSmqPnNO4VL/W8gOHYyDRSLPfUpTJNsP9AulmmQeaYXcQOZ4pFzMpiGZwSXJYw9xcrz7PMmMAcCOYbAWJYz9LT980nY3XgQb9QSKDoGuRlqm5HPdY2bipGgFwgwNGG0V4bQLCUMKudkq6oWL rsa-key-20250409' >>/root/2x
$uname -a1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
80443
Hostnames
support.digitalhealer.net

Risk Assessment

60
/100
LowMediumHighCritical