TROYANOSYVIRUS
Active ThreatMEDIUM

92.191.96.115

Country of Origin🇪🇸 Spain
First Detection1/6/2026
Last Activity1/7/2026
ISPOrange Espagne SA
🎯
233
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
18
Malware

Geolocation

Country
🇪🇸 Spain
City
Granada
ASN
AS12479
ISP
Orange Espagne SA

Attack Types

cowrie

Attacked Ports

22

Associated Malware

28720365c5e7476a011e...64426356ffcabc3671e5...afd0dd76c8d59e416fec...a28dd0be4d71a20d853d...c32b4937ce8564ea904a...

Attempted Credentials

🔐root/Admin12345!
1x
🔐claude/3245gs5662d34
1x
🔐r00t/r00t
1x
🔐claude/claude
1x
🔐root/Wm@123456
1x
🔐root/phuong123
1x
🔐root/Zaq@12345
1x
🔐root/Admin2025*
1x
🔐root/allinpay.sc@2025
1x
🔐es/elastic
1x
🔐postgres/changeme
1x
🔐root/renwen.net321#
1x
🔐mysql/aini130.
1x
🔐claude/1234567
1x
🔐root/einstein
1x

Executed Commands

$echo "12345678\n8r4aSgt7OgMm\n8r4aSgt7OgMm\n"|passwd1x
$crontab -l1x
$cat /proc/cpuinfo | grep model | grep name | wc -l1x
$which ls1x
$lscpu | grep Model1x
$Enter new UNIX password:1x
$uname1x
$echo -e "12345678\n8r4aSgt7OgMm\n8r4aSgt7OgMm"|passwd|bash1x
$whoami1x
$df -h | head -n 2 | awk 'FNR == 2 {print $2;}'1x

Risk Assessment

55
/100
LowMediumHighCritical
IP 92.191.96.115 - Detected Threat | TroyanosYVirus.com | TroyanosYVirus.com