TROYANOSYVIRUS
Active ThreatMEDIUM

79.117.118.49

Country of Origin🇪🇸 Spain
First Detection3/21/2026
Last Activity3/21/2026
ISPDigi Spain Telecom S.A
🎯
225
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
15
Malware

Geolocation

Country
🇪🇸 Spain
City
Unknown
ASN
AS57269
ISP
Digi Spain Telecom S.A

Attack Types

ssh_telnet_honeypot

Attacked Ports

22

Associated Malware

14dfaefa27e57b9f827f...56f66f9afa0784660c0f...6b086a706ee5b4b8741a...7e82cd865a117fee2cb0...81ae8c15c36df1858efe...

Executed Commands

$echo 'debian:22:ZnK OK - checking sudo'; echo 'ZnK26KyeZnK26Kye' | sudo -S id 2>/dev/null || echo 'no sudo'4x
$echo "=== HOSTNAME ==="; hostname 2>/dev/null || cat /etc/hostname; echo "=== IP ==="; ip -4 addr show | grep inet | grep -v 127.0.0.1 | head -5; echo "=== TPOT STATUS ==="; sudo systemctl status tpot --no-pager 2>&1 | head -5 || echo "no tpot service"; echo "=== DOCKER ==="; sudo docker ps --format "{{.Names}}\t{{.Status}}" 2>/dev/null | head -40 || echo "no docker"; echo "=== TPOT TYPE ==="; cat ~/tpotce/.env 2>/dev/null | grep -E "TPOT_TYPE|TPOT_HIVE_IP|TPOT_HIVE_USER" || echo "no .env"; echo4x
$echo "=== USERS ==="; cat /etc/passwd | grep -E "tsec|tpot|root" | cut -d: -f1,6; ; echo "=== TPOT HOME ==="; ls -la /home/tsec/tpotce/.env 2>/dev/null && cat /home/tsec/tpotce/.env 2>/dev/null | grep -E "TPOT_TYPE|TPOT_HIVE|EWS|HPFEEDS" || echo "cannot read tsec .env"; ; echo "=== DOCKER CHECK ==="; ls -la /usr/bin/docker 2>/dev/null || ls -la /usr/local/bin/docker 2>/dev/null || echo "no docker binary visible"; ls -la /var/run/docker.sock 2>/dev/null || echo "no docker socket visible"; ; echo 4x
$hostname; cat /etc/os-release 2>/dev/null | head -2; echo "---"; ls -la /home/tsec/tpotce/ 2>/dev/null || echo "NO ~/tpotce"; ls -la /opt/tpot/ 2>/dev/null | head -3 || echo "NO /opt/tpot"; which docker 2>/dev/null || echo "NO docker"; ls /var/run/docker.sock 2>/dev/null || echo "NO docker socket"; echo "---"; cat /etc/passwd | grep -E "tsec|tpot" || echo "no tsec/tpot user"; echo "---"; ss -tpn 2>/dev/null | head -10 || netstat -tpn 2>/dev/null | head -10 || echo "cannot check connections"; ech4x
$cat /etc/passwd | grep -E tsec|tpot|root | cut -d: -f1,64x
$hostname -f4x
$ss -tpn 2 > /dev/null | head -103x
$cat /proc/net/tcp 2 > /dev/null | awk {print \$2} | cut -d: -f2 | sort -u | while read hex3x
$cat /etc/os-release | head -2; echo "---DISK---"; df -h / 2>/dev/null | tail -1; echo "---PROC---"; ps aux 2>/dev/null | wc -l; echo "---LISTEN---"; cat /proc/net/tcp 2>/dev/null | head -5 || echo "cannot read"; echo "---UPTIME---"; uptime3x
$done | sort -n | uniq | head -203x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Risk Assessment

55
/100
LowMediumHighCritical