A Shodan scan for Singapore open directories surfaces a TRUMVPS server that has been quietly hosting the same .NET credential stealer — under the same filename — since 2021. The current build has zero detections.
grep -rl "credential-stealer" ./posts
#credential-stealer
1 match