Threat Intelligence Feed — Tag: ADB_ATTACK

Malicious activity detected from 94.26.106.30 (DE, AS48452). 273 events observed across ADB, TCP, TCP/SYN, http. AI verdict: NOISE.

Malicious activity detected from 83.168.69.197 (PL, AS202520). 12110 events observed across ADB, TCP. AI verdict: NOISE.

A suspicious IP address (130.12.180.65) from Germany has been observed conducting reconnaissance and potential exploitation attempts targeting TCP port 5555 associated with Android Debug Bridge (ADB). The threat level is assessed as MEDIUM, indicating a need for network defenders to investigate and …

An ADB (Android Debug Bridge) attack was observed originating from IP 162.240.226.121 in the US, targeting common ports and exhibiting standard payload behavior. The threat level is assessed as low to medium due to known patterns and no identified zero-day activity. ###

Malicious activity detected from 45.205.1.8 (BR, ASNone). 4652 events observed across ADB, HTTP, TCP, TCP/SYN, TLS. AI verdict: NOISE.

An IP address from Germany (45.135.194.83) has been observed conducting repeated ADB connection attempts and exploit activities over a two-month period. The threat level is assessed as low due to the lack of malicious payloads or unusual behavior, but network defenders should remain vigilant. ###

A Norwegian IP address (46.46.228.195) conducted sustained Android Debug Bridge (ADB) reconnaissance against network infrastructure over a 4-day period, generating over 4,300 malicious events targeting TCP port 5555. This represents a MEDIUM severity threat focused on identifying exposed Android dev…

IP address 65.49.1.80 conducted a sustained multi-protocol reconnaissance campaign from February 21 to April 27, 2026, targeting industrial control systems, network infrastructure, and enterprise services across 14 unique ports with 135 recorded events. The threat is assessed as HIGH severity due to…